http://blog.gmane.org/gmane.linux.debian.user.security.announce hourly 1 1901-01-01T00:00+00:00 http://gmane.org/img/gmane-25t.png http://gmane.org http://comments.gmane.org/gmane.linux.debian.user.security.announce/1731 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1677-1 security< at >debian.org http://www.debian.org/security/ Martin Schulze December 2nd, 2008 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : cupsys Vulnerability : integer overflow Problem type : local (remote) Debian-specific: no CVE ID : CVE-2008-5286 Debian Bug : 507183 An integer overflow has been discovered in the image validation code of cupsys, the Common UNIX Printing System. An attacker could trigger this bug by supplying a malicious graphic that could lead to the execution of arbitrary code. For the stable distribution (etch) this problem has been fixed in version 1.2.7-4etch6. For testing distribution (lenny) this issue will be fixed soon. For the unstable distribution (sid) this problem has been fixed in version 1.3.8-1lenny4. We recommend that you upgrade your cupsys packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6.dsc Size/MD5 checksum: 1092 a7198b7e0d7724a972d4027e805b1387 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6.diff.gz Size/MD5 checksum: 108940 1321ea49cfa8c06d619759acb00b0b2e http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498 Architecture independent components: http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch6_all.deb Size/MD5 checksum: 917900 4abe699f9d2a8f866b1e323934c6172a http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch6_all.deb Size/MD5 checksum: 46256 9e98540d35e8a7aef76a1042cc4befe4 Alpha architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_alpha.deb Size/MD5 checksum: 1614646 18542415a7a35563aacf6baccc2c474c http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_alpha.deb Size/MD5 checksum: 39316 641f1871ea3d1e61a56dc009b2e58652 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_alpha.deb Size/MD5 checksum: 85894 99a322067e2207a67afc55dccd5d63b4 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_alpha.deb Size/MD5 checksum: 1092462 e2c0dd66dc9d52d41b7e179fa83908ab http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_alpha.deb Size/MD5 checksum: 95658 51c76b87321a3c01dfe996fabad2de88 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_alpha.deb Size/MD5 checksum: 72682 751a0c814ae40bf75b0494dafd19bd8e http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_alpha.deb Size/MD5 checksum: 175346 f8701aeb6bc3670c3f1e60cc80c4ded7 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_alpha.deb Size/MD5 checksum: 183712 42dc520b09c22f1d25b7ff1e6d7574bb AMD64 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_amd64.deb Size/MD5 checksum: 1576182 fe94635e099af684c654fb6468522f21 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_amd64.deb Size/MD5 checksum: 36342 3e5954fdc1c572e86f2eeef93c1f466f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_amd64.deb Size/MD5 checksum: 80704 9a21d4104655094da5f2ff3a4c019a08 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_amd64.deb Size/MD5 checksum: 1087506 cd83b8b030a4c972b1b3fa396114d9e9 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_amd64.deb Size/MD5 checksum: 86360 aeed41809da68dc26e7c586e87878c45 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_amd64.deb Size/MD5 checksum: 53008 9f8e3453367ef72e6ef6f00dc6baf624 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_amd64.deb Size/MD5 checksum: 162608 a768dc52659411be6fd46b38df61d69b http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_amd64.deb Size/MD5 checksum: 142546 a6caf31df81c4aea72c0abc9c0a0b1af ARM architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_arm.deb Size/MD5 checksum: 1569702 f7cd63fd8d10e8fcaea2649260b8437a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_arm.deb Size/MD5 checksum: 35934 e5a3e25422b8ded68767d8c32d9291f5 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_arm.deb Size/MD5 checksum: 78916 f9707c6c35f2c3198892a8d82eecfa8b http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_arm.deb Size/MD5 checksum: 1026248 79e9a9669d9d896d303e29ed7d2b7122 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_arm.deb Size/MD5 checksum: 85540 45e25e1887e37f029a3a8da50b309fe4 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_arm.deb Size/MD5 checksum: 48732 b90d30685f1e68a036a512cf331547e6 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_arm.deb Size/MD5 checksum: 155278 1a0b8b93532c23d26866afc163689dd6 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_arm.deb Size/MD5 checksum: 132032 5c4843fe297598ee3c618f92feaef93e HP Precision architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_hppa.deb Size/MD5 checksum: 1624116 e285d90e7861906f00f8e709cb3039ae http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_hppa.deb Size/MD5 checksum: 39544 d3015a7ef0c7c345d3940a6c9f428cf0 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_hppa.deb Size/MD5 checksum: 84804 a4fa9da96d848e7596d6e3d623fdef07 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_hppa.deb Size/MD5 checksum: 1032854 ec6badd9fcff41974f425d97a0a12165 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_hppa.deb Size/MD5 checksum: 92038 3dcbb10b949495e21fc742b9b42a3a84 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_hppa.deb Size/MD5 checksum: 57376 e64d3d7a95c80c92602e3e7548998bc2 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_hppa.deb Size/MD5 checksum: 171856 ab864167ddd2c8b4247898ed36059435 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_hppa.deb Size/MD5 checksum: 153942 4149487b7dfd72b027de9851a4adb32e Intel IA-32 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_i386.deb Size/MD5 checksum: 1556170 c0cefa71d7f58abd666c2c1459d3ede9 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_i386.deb Size/MD5 checksum: 36250 e464d81d46968426796a8182e6418691 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_i386.deb Size/MD5 checksum: 79702 77c4aef7c78be537c09bc689ad1f5139 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_i386.deb Size/MD5 checksum: 997624 ec73926b9d49c2790c6381a927ad20a2 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_i386.deb Size/MD5 checksum: 87310 86517be38ba93afd954091ad5643c65b http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_i386.deb Size/MD5 checksum: 53240 4fccf1dfd78b230033407a914760d3f5 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_i386.deb Size/MD5 checksum: 161274 41344ee4c268c095b89c8decc0e2df68 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_i386.deb Size/MD5 checksum: 137796 51b8758e0338e1ec6ec9d74ea5f960ef Intel IA-64 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_ia64.deb Size/MD5 checksum: 1771030 d4235a8ee49af176f27c8a097a696864 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_ia64.deb Size/MD5 checksum: 46326 729ebfb9347d0463f7a6f5cc10c371e7 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_ia64.deb Size/MD5 checksum: 106218 9a9142746bbca2c53644c084b45fea9c http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_ia64.deb Size/MD5 checksum: 1108324 ea4f9d4d44e6b964c3793fd3a2862671 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_ia64.deb Size/MD5 checksum: 107068 bab641470a0bf7034b9ebc7ae072d6fa http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_ia64.deb Size/MD5 checksum: 74214 770441377ccf9ad422da6e9d3ba612eb http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_ia64.deb Size/MD5 checksum: 204316 7df30a0f5661ea79cdcc537d4012b217 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_ia64.deb Size/MD5 checksum: 192364 41d3bab218b036299f8ffae98a9008de Big endian MIPS architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_mips.deb Size/MD5 checksum: 1567974 ba75b6ff260e84dd64b939cae9262a54 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_mips.deb Size/MD5 checksum: 36112 6cae983101bdd812ff1f6f26169ab06a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_mips.deb Size/MD5 checksum: 76146 16b61a899c465fc7f142d97744dffba3 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_mips.deb Size/MD5 checksum: 1098272 daa46352b0ad47b5c3061c42a15e6ddb http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_mips.deb Size/MD5 checksum: 86920 dd75cd6ce9bd9ceaae7d39b60fda49c9 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_mips.deb Size/MD5 checksum: 57690 32cfeb2301ded386cf4ab6d0127f30a3 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_mips.deb Size/MD5 checksum: 158092 9abd9b0ce1dc1528b0ca50b5fbb7b78b http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_mips.deb Size/MD5 checksum: 150986 149531690113d5333beaf1622f915037 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_mipsel.deb Size/MD5 checksum: 1553596 a42820cf5bd8d46c4a5cab2a6bd0929a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_mipsel.deb Size/MD5 checksum: 36076 f7239a53b24df0813b16aac1efc850b7 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_mipsel.deb Size/MD5 checksum: 77462 a60a8f2d6ab7958026585952890fc751 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_mipsel.deb Size/MD5 checksum: 1085502 a18f21c9c0eff69d326bf42596d3ed32 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_mipsel.deb Size/MD5 checksum: 87080 1b5618e9841ec899e63ee14cb36116d1 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_mipsel.deb Size/MD5 checksum: 57848 def6826bc2876abfcf1b9ad01eea3546 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_mipsel.deb Size/MD5 checksum: 158634 bc4151665423bb6acc3225d1f8017b50 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_mipsel.deb Size/MD5 checksum: 150888 f27527d8e7d3b892f5e2dc7aa0776434 PowerPC architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_powerpc.deb Size/MD5 checksum: 1576684 9c91771aea9ad144c56967ac8caf1fd5 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_powerpc.deb Size/MD5 checksum: 41290 69d7ba1506a7415dc74621aa833edf59 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_powerpc.deb Size/MD5 checksum: 89994 12245002a3f5e437921979cd8362d346 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_powerpc.deb Size/MD5 checksum: 1143404 c79dd5b219961ded9d9dfebf2361fed0 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_powerpc.deb Size/MD5 checksum: 88542 988f4b258fbdf870d51aacd1dd26b116 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_powerpc.deb Size/MD5 checksum: 51880 650b5a80af7485308b6fca8a0453c9c0 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_powerpc.deb Size/MD5 checksum: 163284 4fc43ad526d97ad3823524988c892851 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_powerpc.deb Size/MD5 checksum: 136868 2e1cdfaf184170342520895e26ee84b1 IBM S/390 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_s390.deb Size/MD5 checksum: 1587456 5522fd1afaaa1105a51c91354783fd6f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_s390.deb Size/MD5 checksum: 37422 38b8fd3823381f4384f8758139f3d418 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_s390.deb Size/MD5 checksum: 82336 55c8f39b3d04e0a127426f2daf89941f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_s390.deb Size/MD5 checksum: 1037274 02149d41988647e7f4de8e626801c588 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_s390.deb Size/MD5 checksum: 88040 8c844af7aeb9c0e1ec9a093a537d5f91 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_s390.deb Size/MD5 checksum: 52508 c3695c0157c8bba7eb2bc614173bcd0f http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_s390.deb Size/MD5 checksum: 166802 1893c39f92d371c7b474d57f4d8c105e http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_s390.deb Size/MD5 checksum: 144928 0eb6cdbc1deceb32bbf2c145a99f7d98 Sun Sparc architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_sparc.deb Size/MD5 checksum: 1562538 0757006ce0c52845673d2cbe9fae0b38 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_sparc.deb Size/MD5 checksum: 36020 27636d7df41cfef4c9e41ee236a9b308 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_sparc.deb Size/MD5 checksum: 78518 174e3b09d2d667e01d0b47ecb06a2925 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_sparc.deb Size/MD5 checksum: 992164 79a9729f9280b70aa7e8573636cfeb8c http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_sparc.deb Size/MD5 checksum: 85368 4c3b851a551b47fed4229f55b8a0a4fe http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_sparc.deb Size/MD5 checksum: 51756 d4406a58edf127974a79b0df75eab757 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_sparc.deb Size/MD5 checksum: 159176 29057219279ea090cf47b35b1da416af http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_sparc.deb Size/MD5 checksum: 139560 ca580a13d486d24f74c9a230efee6bde These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce< at >lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJNaPhW5ql+IAeqTIRAiX7AJwJd3Szo5tvpYyBrqggsDuPSulvKACfVJsa EwALyW+6s+Lgp2d1GI2ong4= =R0SH -----END PGP SIGNATURE----- Martin Schulze 2008-12-02T21:09:10 http://comments.gmane.org/gmane.linux.debian.user.security.announce/1730 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1676-1 security< at >debian.org http://www.debian.org/security/ dann frazier December 01, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : flamethrower (0.1.8-1+etch1) Vulnerability : insecure temp file generation Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-5141 Debian Bug : 506350 Dmitry E. Oboukhov discovered that flamethrower creates predictable temporary filenames, which may lead to a local denial of service through a symlink attack. For the stable distribution (etch), this problem has been fixed in version 0.1.8-1+etch1. For the unstable distribution (sid), this problem has been fixed in version 0.1.8-2. We recommend that you upgrade your flamethrower package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/f/flamethrower/flamethrower_0.1.8-1+etch1.diff.gz Size/MD5 checksum: 3138 f6263743cb41f4f75ab9f4dbc76a71a5 http://security.debian.org/pool/updates/main/f/flamethrower/flamethrower_0.1.8.orig.tar.gz Size/MD5 checksum: 23485 04e1b6c5b4e72879e8aa69fcccb0491f http://security.debian.org/pool/updates/main/f/flamethrower/flamethrower_0.1.8-1+etch1.dsc Size/MD5 checksum: 598 4a880e477706f57bcfb806eb46a81922 Architecture independent packages: http://security.debian.org/pool/updates/main/f/flamethrower/flamethrower_0.1.8-1+etch1_all.deb Size/MD5 checksum: 16880 fbc0c1b237503a9d88521b444e4319e0 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce< at >lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJNGi7huANDBmkLRkRAtmHAJ46ID1fo23mpT0LaR+58dF75sgdaACgk1R2 I73MleBHGf32hPSwMhRRQbY= =qNZs -----END PGP SIGNATURE----- dann frazier 2008-12-01T22:49:35 http://comments.gmane.org/gmane.linux.debian.user.security.announce/1729 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1675-1 security< at >debian.org http://www.debian.org/security/ Thijs Kinkhorst November 30, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : phpmyadmin Vulnerability : insufficient input sanitising Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-4326 Masako Oono discovered that phpMyAdmin, a web-based administration interface for MySQL, insufficiently sanitises input allowing a remote attacker to gather sensitive data through cross site scripting, provided that the user uses the Internet Explorer web browser. This update also fixes a regression introduced in DSA 1641, that broke changing of the language and encoding in the login screen. For the stable distribution (etch), these problems have been fixed in version 4:2.9.1.1-9. For the unstable distribution (sid), these problems have been fixed in version 4:2.11.8.1-3. We recommend that you upgrade your phpmyadmin package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-9.dsc Size/MD5 checksum: 1019 b751c9769e198e656e7b982ec8bc4fc9 http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1.orig.tar.gz Size/MD5 checksum: 3500563 f598509b308bf96aee836eb2338f523c http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-9.diff.gz Size/MD5 checksum: 54647 fee9d9989bd7e53fbe5f5308078cc68d Architecture independent packages: http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-9_all.deb Size/MD5 checksum: 3602510 4148b6e9d9ee79457a9696cec5816259 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce< at >lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJJMotXAAoJEGz0hbPcukPf0mEH/jFSWA+wBtZ70qv7ptNaMr5p Ra6c4VK89qj4IO/ZLOj2+0ATFbsP8UAmaYr4SIuMAN5jSdz/1hysQheTx6nShAX9 gWBJy4nA43iijC0ASvgUeoyCqLMutxm6EenzJ3U4aZ+qmkOcbL/cXR89IG0+yPcq fdShAjk8nj8ifm9RZAOZBswIsC+FvTL6qgiyNoSKUDVoidv0/UDl8zR4p2BzNpaj gGeg9CFetBpGl3iyJlv6G4sFapul3txtWgPIefaPHDuevqwZTkCidQeRqC8/GG4J xvDUEoE7YFuFOL6bWJYos84nALFtDeD8oj20vUMsrlf1jS2oJh6VRbAxdMzgAy8= =UEZ6 -----END PGP SIGNATURE----- Thijs Kinkhorst 2008-11-30T12:53:28 http://comments.gmane.org/gmane.linux.debian.user.security.announce/1728 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1674-1 security< at >debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 30, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : jailer Vulnerability : insecure temp file generation Debian-specific: no CVE Id(s) : CVE-2008-5139 Debian Bug : 410548 Javier Fernandez-Sanguino Pena discovered that updatejail, a component of the chroot maintenance tool Jailer, creates a predictable temporary file name, which may lead to local denial of service through a symlink attack. For the stable distribution (etch), this problem has been fixed in version 0.4-9+etch1. For the upcoming stable distribution (lenny) and the unstable distribution (sid), this problem has been fixed in version 0.4-10. We recommend that you upgrade your jailer package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/j/jailer/jailer_0.4-9+etch1.diff.gz Size/MD5 checksum: 27372 403ad34e153f4dbc14621b2bca464487 http://security.debian.org/pool/updates/main/j/jailer/jailer_0.4.orig.tar.gz Size/MD5 checksum: 27920 a6bead6286022c54e73bfe1f51e5e5f3 http://security.debian.org/pool/updates/main/j/jailer/jailer_0.4-9+etch1.dsc Size/MD5 checksum: 599 2a59c032c5da19b3443c0bd5c573a6e6 Architecture independent packages: http://security.debian.org/pool/updates/main/j/jailer/jailer_0.4-9+etch1_all.deb Size/MD5 checksum: 11688 8e042e660665df9b8657399ec3845cc8 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce< at >lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkyT30ACgkQXm3vHE4uylpr8gCg3xNNK/xK960IRO7sOmlfM3gt s0EAoNpyEWbqDGg6ZvOvreDt2xIXqMQJ =BKjD -----END PGP SIGNATURE----- Moritz Muehlenhoff 2008-11-30T08:33:23 http://comments.gmane.org/gmane.linux.debian.user.security.announce/1727 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1673-1 security< at >debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 29, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : wireshark Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2008-3137 CVE-2008-3138 CVE-2008-3141 CVE-2008-3145 CVE-2008-3933 CVE-2008-4683 CVE-2008-4684 CVE-2008-4685 Several remote vulnerabilities have been discovered network traffic analyzer Wireshark. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-3137 The GSM SMS dissector is vulnerable to denial of service. CVE-2008-3138 The PANA and KISMET dissectors are vulnerable to denial of service. CVE-2008-3141 The RMI dissector could disclose system memory. CVE-2008-3145 The packet reassembling module is vulnerable to denial of service. CVE-2008-3933 The zlib uncompression module is vulnerable to denial of service. CVE-2008-4683 The Bluetooth ACL dissector is vulnerable to denial of service. CVE-2008-4684 The PRP and MATE dissectors are vulnerable to denial of service. CVE-2008-4685 The Q931 dissector is vulnerable to denial of service. For the stable distribution (etch), these problems have been fixed in version 0.99.4-5.etch.3. For the upcoming stable distribution (lenny), these problems have been fixed in version 1.0.2-3+lenny2. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your wireshark packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4.orig.tar.gz Size/MD5 checksum: 13306790 2556a31d0d770dd1990bd67b98bd2f9b http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3.dsc Size/MD5 checksum: 1066 ece7cc5dd8e70c0b5c13bfbf6e8c6eee http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3.diff.gz Size/MD5 checksum: 48388 2918d72a79fafde4759afe72db727d6f alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_alpha.deb Size/MD5 checksum: 22872 2ac3fe313364295340483294f1e9fb91 http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_alpha.deb Size/MD5 checksum: 22504 e67991e3aa09ce8bd8a44833fe7e3883 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_alpha.deb Size/MD5 checksum: 9318436 d88e91f579849725048a4f5d9155871d http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_alpha.deb Size/MD5 checksum: 181432 bd619bdb6fdc69e10dd31241268fac22 http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_alpha.deb Size/MD5 checksum: 22498 b6e13d7c505bceb09cd278c5f07c7c40 http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_alpha.deb Size/MD5 checksum: 674820 b6a532ff5292b77773e1aa4cfc2fd577 http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_alpha.deb Size/MD5 checksum: 22510 eafc125f4a6f9084880fdd2a557b9814 http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_alpha.deb Size/MD5 checksum: 117502 d829953f80e3402ea53f96b5a60010a4 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_amd64.deb Size/MD5 checksum: 181784 be30e7ac952ecec26ed7cf9d73cf07ca http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_amd64.deb Size/MD5 checksum: 619708 b97e43ebf7fb339df7210c0fed2de92b http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_amd64.deb Size/MD5 checksum: 22502 24d2101cd90f05f7206ed1b222cf2655 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_amd64.deb Size/MD5 checksum: 9119506 67bc221048a9a1909e0780547e267956 http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_amd64.deb Size/MD5 checksum: 112146 24dad3e9789181bc32c555174ebc6331 http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_amd64.deb Size/MD5 checksum: 22516 fd918d886d3f43e85efc336267f8d3b1 http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_amd64.deb Size/MD5 checksum: 22504 e427825910c10ca825d6263d72f3231d http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_amd64.deb Size/MD5 checksum: 22862 8b219977905e0ca92c11669b819a4d62 arm architecture (ARM) http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_arm.deb Size/MD5 checksum: 7739012 2393f419581304f9d1bc96b2e80a87b9 http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_arm.deb Size/MD5 checksum: 22520 91159635ccf35f1d0fc51d80eb5af43d http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_arm.deb Size/MD5 checksum: 600564 6c9dc2dfc018156969644378f856521a http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_arm.deb Size/MD5 checksum: 22870 64f1146af6c9759d7fce864dc5f0d7d3 http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_arm.deb Size/MD5 checksum: 22528 44b24f50cf31c9c8e734fbf5cb32603f http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_arm.deb Size/MD5 checksum: 22514 073d8b3cf84d186a28f1923b77825651 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_arm.deb Size/MD5 checksum: 182074 21f420a957afb36f416b743ea928344c http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_arm.deb Size/MD5 checksum: 107352 a57d347239ea877d9dc7944f025a357f hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_hppa.deb Size/MD5 checksum: 22872 2ccd34d4f66efe4103e8bd6abefa9522 http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_hppa.deb Size/MD5 checksum: 22512 5969e22027936a31221f293be3ee9a07 http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_hppa.deb Size/MD5 checksum: 22506 c624bb7b41ceb11e497c09c231388f17 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_hppa.deb Size/MD5 checksum: 9856512 1dc01e880f2cbc9ed221775bada95006 http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_hppa.deb Size/MD5 checksum: 109670 d4eea1ac706ac762a8ed8327438f4642 http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_hppa.deb Size/MD5 checksum: 22504 a738cb866d71bd90d6221655993db604 http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_hppa.deb Size/MD5 checksum: 634968 a399926534b08d75dc0858bebd83c9b5 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_hppa.deb Size/MD5 checksum: 182054 cef379511143780007c649c3089ea1b2 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_i386.deb Size/MD5 checksum: 182668 a1c8033946069020bf3c985ac15f3262 http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_i386.deb Size/MD5 checksum: 564704 810e62b84fec47703eb3a123059b576b http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_i386.deb Size/MD5 checksum: 22492 e0730ad8b28f63b46e57dda4577009f2 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_i386.deb Size/MD5 checksum: 7502356 84707ff563a36e6dbdcafb47657b4260 http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_i386.deb Size/MD5 checksum: 22860 34cc7a26d0416a35b9cbcd5dce2f875c http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_i386.deb Size/MD5 checksum: 102308 882325dfde6476fa6fef27435af1c9c7 http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_i386.deb Size/MD5 checksum: 22498 a03f9bc9d8ce5f23bbab2280ab49798b http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_i386.deb Size/MD5 checksum: 22504 f2b77a28c0675c396652fcdc9c2c3803 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_ia64.deb Size/MD5 checksum: 22846 3c2f1b3206af0c51ad92aef628d1296c http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_ia64.deb Size/MD5 checksum: 145732 4f709746e604fd49e8500000c0c8b9fd http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_ia64.deb Size/MD5 checksum: 22498 00c321e1542af1331ca18b0df70eee08 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_ia64.deb Size/MD5 checksum: 10652434 5884462db3ab99cd180970b81bab92e1 http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_ia64.deb Size/MD5 checksum: 22484 4591898f96b98e28d183328a0e21dba4 http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_ia64.deb Size/MD5 checksum: 827582 c67bd7ddb1ab16764b7ebebbd5b1bb7c http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_ia64.deb Size/MD5 checksum: 22498 45334f3ef44ae17bb9c8d4a95f6cf4e6 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_ia64.deb Size/MD5 checksum: 182626 67cd7391e4c59b412ddc2e76c6fa6791 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_mips.deb Size/MD5 checksum: 104812 d3f86fe05592a3ac315047246c4dd26e http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_mips.deb Size/MD5 checksum: 8017676 583e585fb11a943ef5c0288016dffb43 http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_mips.deb Size/MD5 checksum: 588850 2ea0a20be951ff4e8ab6ba6525dea911 http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_mips.deb Size/MD5 checksum: 21856 8ad7420ab94abbaedd0a0283530f9bad http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_mips.deb Size/MD5 checksum: 22108 74e578c0a220a579e57830fe8031cc8b http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_mips.deb Size/MD5 checksum: 21844 7821c6a42d28f2c2833cf58b9ca033a5 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_mips.deb Size/MD5 checksum: 181530 cbdd1d6dd954ee7f1d7050ef3c9eba91 http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_mips.deb Size/MD5 checksum: 21850 42ed2c8bc444299b2f6e4987e79ab666 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_mipsel.deb Size/MD5 checksum: 104602 79217e35d38b7a65b76c40f4e3cb9be1 http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_mipsel.deb Size/MD5 checksum: 22492 f3005b052212919cdb4fcdb9b4fba65e http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_mipsel.deb Size/MD5 checksum: 7408744 4228174f1af0bf0b17f4d30de7cf7ea5 http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_mipsel.deb Size/MD5 checksum: 22506 9b8bca5a067957146d32d0b92bb09117 http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_mipsel.deb Size/MD5 checksum: 22506 250f509a57cee02c619151b65e6fd18e http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_mipsel.deb Size/MD5 checksum: 575840 750acb173d59b7936388b2a0d82dc796 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_mipsel.deb Size/MD5 checksum: 182672 766ee8b1ff019b03703ee93ebb76717f http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_mipsel.deb Size/MD5 checksum: 22856 9c5861628a2de7fd905f1924c0474332 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_powerpc.deb Size/MD5 checksum: 182652 1dfdaa74d72de475b67c3256bf14b637 http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_powerpc.deb Size/MD5 checksum: 22498 4ec636076c7587204842382f6729001d http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_powerpc.deb Size/MD5 checksum: 22850 cb065d5901a738e96c35dc534407d59e http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_powerpc.deb Size/MD5 checksum: 22504 2da403f29c784c2da2b65d34a4342517 http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_powerpc.deb Size/MD5 checksum: 104242 fd8bac6c5986e895547a8cd2bd0e047a http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_powerpc.deb Size/MD5 checksum: 8606102 2f48dcbf4864fff90668b9c9fd0b1f65 http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_powerpc.deb Size/MD5 checksum: 583590 c2d40168eec70056745aacac50a1b6cd http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_powerpc.deb Size/MD5 checksum: 22490 452169dd566fa6bbf2d2ca1c2d950a37 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_s390.deb Size/MD5 checksum: 22848 02756b25f5eb8866a1c8281f088aba85 http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_s390.deb Size/MD5 checksum: 22504 11c3d2072753d2f3a100e44c3d3fe33a http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_s390.deb Size/MD5 checksum: 115600 049e7e0f056196df2500e03c4d32a300 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_s390.deb Size/MD5 checksum: 9756694 e39b358505fa9cb7c7a8d0d6d898fd79 http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_s390.deb Size/MD5 checksum: 22498 39c467d08525f96ce4900c9a26643477 http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_s390.deb Size/MD5 checksum: 22488 23d2f294343796f2a7d44c3b5d93651e http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_s390.deb Size/MD5 checksum: 640960 539d3faeb8bebf6f945803a88f48f927 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_s390.deb Size/MD5 checksum: 182622 e0e7919335705d8062378606615675b7 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_sparc.deb Size/MD5 checksum: 22520 fcded97d018614d9c009b7381af86c0c http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_sparc.deb Size/MD5 checksum: 22508 08b5ee4324e7bf9c70e3dc64790c0b3a http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_sparc.deb Size/MD5 checksum: 104122 5389c35fe323621a57e570eae09efa84 http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_sparc.deb Size/MD5 checksum: 586906 d32db40176c7a72e691d1015c1c399dc http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_sparc.deb Size/MD5 checksum: 183182 db42ff4d1f6cb72b3fed705d72cd9334 http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_sparc.deb Size/MD5 checksum: 22866 880b204b5182202328541153989cf082 http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_sparc.deb Size/MD5 checksum: 22522 acf3820b48c050b01da592940dee07ad http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_sparc.deb Size/MD5 checksum: 8679242 716f14e3d3ea4795e742fed07ebe2f44 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce< at >lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkxyrUACgkQXm3vHE4uylq7vwCfXYYzKUBFO8sfVaDze9OVW/c0 Z1MAn2KEsLbFlgzyFve4pH6iqq3RDf+X =7vWq -----END PGP SIGNATURE----- Moritz Muehlenhoff 2008-11-29T23:07:40 http://comments.gmane.org/gmane.linux.debian.user.security.announce/1726 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1672-1 security< at >debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 29, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : imlib2 Vulnerability : buffer overflow Problem type : local(remote) Debian-specific: no CVE Id(s) : CVE-2008-5187 Debian Bug : 505714 Julien Danjou and Peter De Wachter discovered that a buffer overflow in the XPM loader of Imlib2, a powerful image loading and rendering library, might lead to arbitrary code execution. For the stable distribution (etch), this problem has been fixed in version 1.3.0.0debian1-4+etch2. For the upcoming stable distribution (lenny) and the unstable distribution (sid), this problem has been fixed in version 1.4.0-1.2. We recommend that you upgrade your imlib2 packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Stable updates are available for alpha, amd64, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.3.0.0debian1.orig.tar.gz Size/MD5 checksum: 617750 7f389463afdb09310fa61e5036714bb3 http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.3.0.0debian1-4+etch2.dsc Size/MD5 checksum: 775 3a483642e5e60fd6f912af749817f456 http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.3.0.0debian1-4+etch2.diff.gz Size/MD5 checksum: 12968 5394cd31ea21566fef7a6782ff2548a5 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_alpha.deb Size/MD5 checksum: 437474 56f6242321a6cef8d4056334b59f54db http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_alpha.deb Size/MD5 checksum: 240248 bddc58ba8ad890c50d7cdb1dd827898b amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_amd64.deb Size/MD5 checksum: 360324 28957ea6f1202e702daa04f66a13e66b http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_amd64.deb Size/MD5 checksum: 212104 acff68d323a86eb0a09d8a34fa607c4f hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_hppa.deb Size/MD5 checksum: 386144 1439604854f5dcf30bcc73abf58a9412 http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_hppa.deb Size/MD5 checksum: 227728 7c1ffa030aad3ee783378f20da6b76f3 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_i386.deb Size/MD5 checksum: 335616 729f2498ddf0a28d69344b039aa7bf41 http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_i386.deb Size/MD5 checksum: 205896 e0d9f18bd5c2e3cfdcc27be6b6b2dfed ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_ia64.deb Size/MD5 checksum: 295004 79fd04a7fd23309b68a1e9cb01bc53b4 http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_ia64.deb Size/MD5 checksum: 462724 ece752dbd71f36cab1acc3bcf6323cd5 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_mips.deb Size/MD5 checksum: 207294 9a5e59530d7d8cd78eaba0a2fe5f5b03 http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_mips.deb Size/MD5 checksum: 370468 732ba92fef6b086a385dae15d39ae3b0 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_mipsel.deb Size/MD5 checksum: 207960 00d25bb5fe67159ef4a3853a8448dbf8 http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_mipsel.deb Size/MD5 checksum: 369292 88cf205cd158e623fded50f65a4be8a0 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_powerpc.deb Size/MD5 checksum: 218918 a77ca2842bae4cc9a810121eb5975825 http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_powerpc.deb Size/MD5 checksum: 359876 239b8ca33d380a7f4f9deed47728f50f s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_s390.deb Size/MD5 checksum: 216192 63f335de53e2ca897eab47c487e0cd4b http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_s390.deb Size/MD5 checksum: 369042 fee16daa277b04eb95df2c73039e637e sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_sparc.deb Size/MD5 checksum: 197844 285364fb7d88c0be4bf7a63358e29a9f http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_sparc.deb Size/MD5 checksum: 336396 cb7f957c2f8442d6ac0b48c07c98df89 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce< at >lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkwp/sACgkQXm3vHE4uylpSgwCggdwfO69JQLeLup1e/MwG40cq DJEAoM/b8beWpB1/UsgvjrewGIBwHh9w =4QSv -----END PGP SIGNATURE----- Moritz Muehlenhoff 2008-11-29T02:28:21 http://comments.gmane.org/gmane.linux.debian.user.security.announce/1725 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1671-1 security< at >debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 24, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : iceweasel Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2008-0017 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024 Several remote vulnerabilities have been discovered in the Iceweasel webbrowser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-0017 Justin Schuh discovered that a buffer overflow in the http-index-format parser could lead to arbitrary code execution. CVE-2008-4582 Liu Die Yu discovered an information leak through local shortcut files. CVE-2008-5012 Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. CVE-2008-5013 It was discovered that insufficient checks in the Flash plugin glue code could lead to arbitrary code execution. CVE-2008-5014 Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. CVE-2008-5017 It was discovered that crashes in the layout engine could lead to arbitrary code execution. CVE-2008-5018 It was discovered that crashes in the Javascript engine could lead to arbitrary code execution. CVE-2008-5021 It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. CVE-2008-5022 "moz_bug_r_a4" discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners() could be bypassed. CVE-2008-5023 Collin Jackson discovered that the -moz-binding property bypasses security checks on codebase principals. CVE-2008-5024 Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. For the stable distribution (etch), these problems have been fixed in version 2.0.0.18-0etch1. For the upcoming stable distribution (lenny) and the unstable distribution (sid), these problems have been fixed in version 3.0.4-1 of iceweasel and version 1.9.0.4-1 of xulrunner. Packages for arm and mips will be provided soon. We recommend that you upgrade your iceweasel package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1.diff.gz Size/MD5 checksum: 186777 18d2492164c72b846fab74bd75a69e1b http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18.orig.tar.gz Size/MD5 checksum: 47266681 ad1a208d95dedeafddbe7377de88d4d9 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1.dsc Size/MD5 checksum: 1289 84983c4e7f053c1f0eb3ea3d154bc6ad Architecture independent packages: http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.18-0etch1_all.deb Size/MD5 checksum: 54478 73ed36d6990d6b86e8fccef00a9029b1 http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.18-0etch1_all.deb Size/MD5 checksum: 54626 bcc4bd1443fe23e5311396949bac9f32 http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.18-0etch1_all.deb Size/MD5 checksum: 54596 62200645f81cd0e505fd40382333d010 http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.18-0etch1_all.deb Size/MD5 checksum: 54742 045a9714ca0a04061cee79bc16b4b940 http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.18-0etch1_all.deb Size/MD5 checksum: 55274 09fdae147e16b09ad51544ab1fd218e6 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.18-0etch1_all.deb Size/MD5 checksum: 239810 beeee1e8cab02ec9a70d89df8db4610b http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.18-0etch1_all.deb Size/MD5 checksum: 54480 15636d866284ca7caf11bd939792df97 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_alpha.deb Size/MD5 checksum: 11587524 82c7dae5efa5f21333843c5204036f9d http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_alpha.deb Size/MD5 checksum: 51194740 8a6f236c8bef5e6b0b16df05a7fd866d http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_alpha.deb Size/MD5 checksum: 90332 8791b1fcc9a3bbfcaac993d65b1b77cd amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_amd64.deb Size/MD5 checksum: 88014 4e4a404cb859067e8804b793b06b1a5a http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_amd64.deb Size/MD5 checksum: 50189682 3fe64a570e13497a49ac77972ead0ac0 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_amd64.deb Size/MD5 checksum: 10213098 a38d4ae01ab60abab641411ee7aedba1 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_hppa.deb Size/MD5 checksum: 50566700 b1c063d6d40829a2301eecef32549f5e http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_hppa.deb Size/MD5 checksum: 89800 967a00e25f5584ba2790e6f00a716c4e http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_hppa.deb Size/MD5 checksum: 11119984 683938c6cedee58201ec5d9428360f6a i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_i386.deb Size/MD5 checksum: 9126828 d2dd8a62f98c9136bbce2c52919c637a http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_i386.deb Size/MD5 checksum: 82124 2d965fe0779f11d12157babf407a25a0 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_i386.deb Size/MD5 checksum: 49579624 c543f12165ffc2034cae25d36b258c83 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_ia64.deb Size/MD5 checksum: 14163520 5d3f1430543e78579bfa7aa390ac6d80 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_ia64.deb Size/MD5 checksum: 50533560 361db4abc1d5427fad23619ba2308286 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_ia64.deb Size/MD5 checksum: 100336 64b08280ff519215f2c6c77eb20ffed7 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_mipsel.deb Size/MD5 checksum: 52534114 eb211ddd6ef9fca7daa921913772a50a http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_mipsel.deb Size/MD5 checksum: 10768188 333f49d0aaea41be09d14dc518e9a215 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_mipsel.deb Size/MD5 checksum: 83286 e95b3453554c0b62411967cd8489595b powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_powerpc.deb Size/MD5 checksum: 83850 f58384f43ff563f835c0076959ef40b8 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_powerpc.deb Size/MD5 checksum: 51988102 3b89980f834495425e20a2b6f145339e http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_powerpc.deb Size/MD5 checksum: 9942022 b7be7ce0eec7a276351f6308a1a8c2ae s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_s390.deb Size/MD5 checksum: 50865174 5142df57b35fad2b1654ff9cae873a69 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_s390.deb Size/MD5 checksum: 10369888 0aa6fbd381a6259ff95d3257199ab372 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_s390.deb Size/MD5 checksum: 88268 5a027d5880f4499e399d75e9424c8ef2 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_sparc.deb Size/MD5 checksum: 49199006 210022771108894873f4f2becf3675b9 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_sparc.deb Size/MD5 checksum: 82072 2a76c78e38d756f2261da449f8215fe4 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_sparc.deb Size/MD5 checksum: 9205774 1a6ea528bb676aaaf88ad8d44f5d76c6 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce< at >lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkrHh8ACgkQXm3vHE4uylqJuACglVp2aQGEogNf+7f9N4SiQ2WW scMAniegT014yaL2VX52gL03PFlHJWxy =83ia -----END PGP SIGNATURE----- Moritz Muehlenhoff 2008-11-24T21:36:25 http://comments.gmane.org/gmane.linux.debian.user.security.announce/1724 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1670-1 security< at >debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 24, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : enscript Vulnerability : buffer overflows Problem type : local(remote) Debian-specific: no CVE Id(s) : CVE-2008-3863 CVE-2008-4306 Several vulnerabilities have been discovered in Enscript, a converter from ASCII text to Postscript, HTML or RTF. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-3863 Ulf Harnhammer discovered that a buffer overflow may lead to the execution of arbitrary code. CVE-2008-4306 Kees Cook and Tomas Hoger discovered that several buffer overflows may lead to the execution of arbitrary code. For the stable distribution (etch), these problems have been fixed in version 1.6.4-11.1. For the upcoming stable distribution (lenny) and the unstable distribution (sid), these problems have been fixed in version 1.6.4-13. We recommend that you upgrade your enscript package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.4-11.1.diff.gz Size/MD5 checksum: 91162 87e85119b278fa214b29f84eda3944a4 http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.4.orig.tar.gz Size/MD5 checksum: 1036734 b5174b59e4a050fb462af5dbf28ebba3 http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.4-11.1.dsc Size/MD5 checksum: 631 b5e8009c5ef20c0bf2089e3c43881daf alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.4-11.1_alpha.deb Size/MD5 checksum: 538656 0de0747ee0addb4b63049fe3094075c0 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.4-11.1_amd64.deb Size/MD5 checksum: 536032 76e2edd41d8d4a9ba6e452b8e1bd9843 arm architecture (ARM) http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.4-11.1_arm.deb Size/MD5 checksum: 521436 b3caa29eb9859b77b8856a25b33693a1 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.4-11.1_hppa.deb Size/MD5 checksum: 538552 01d9da109510c141db40f1136599c70f i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.4-11.1_i386.deb Size/MD5 checksum: 487696 a2d60b314df3903c55d427f6c30aa0b4 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.4-11.1_ia64.deb Size/MD5 checksum: 549196 c072896a844917e6e60c086ed9ba71b2 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.4-11.1_mips.deb Size/MD5 checksum: 533542 bd6b349e56a67a4a41bd59caf9786d69 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.4-11.1_mipsel.deb Size/MD5 checksum: 501374 55ccfa56d3d38aabfdaad26fd2657a55 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.4-11.1_powerpc.deb Size/MD5 checksum: 495706 c3b4cd868ec170ec4a54a0bf9d3a120c s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.4-11.1_s390.deb Size/MD5 checksum: 494972 4463a8cba45134de9358e4b2895258a7 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.4-11.1_sparc.deb Size/MD5 checksum: 523362 edcacb33c1b597c5d5c61a40947c893b These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce< at >lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkrFdUACgkQXm3vHE4uylrt5QCdEMvO6YIgA3fI17NzHeiSkZL7 gFkAoIOR/HPzySmpLs/Z4ZmUBUt2hiVc =22rE -----END PGP SIGNATURE----- Moritz Muehlenhoff 2008-11-24T21:01:09 http://comments.gmane.org/gmane.linux.debian.user.security.announce/1723 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1669-1 security< at >debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 23, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : xulrunner Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CVE-2008-0016 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-0017 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024 Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-0016 Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. CVE-2008-3835 "moz_bug_r_a4" discovered that the same-origin check in nsXMLDocument::OnChannelRedirect() could by bypassed. CVE-2008-3836 "moz_bug_r_a4" discovered that several vulnerabilities in feedWriter could lead to Chrome privilege escalation. CVE-2008-3837 Paul Nickerson discovered that an attacker could move windows during a mouse click, resulting in unwanted action triggered by drag-and-drop. CVE-2008-4058 "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. CVE-2008-4059 "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. CVE-2008-4060 Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability in XSLT handling. CVE-2008-4061 Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. CVE-2008-4062 Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2008-4065 Dave Reed discovered that some Unicode byte order marks are stripped from Javascript code before execution, which can result in code being executed, which were otherwise part of a quoted string. CVE-2008-4066 Gareth Heyes discovered that some Unicode surrogate characters are ignored by the HTML parser. CVE-2008-4067 Boris Zbarsky discovered that resource: URls allow directory traversal when using URL-encoded slashes. CVE-2008-4068 Georgi Guninski discovered that resource: URLs could bypass local access restrictions. CVE-2008-4069 Billy Hoffman discovered that the XBM decoder could reveal uninitialised memory. CVE-2008-4582 Liu Die Yu discovered an information leak through local shortcut files. CVE-2008-5012 Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. CVE-2008-5013 It was discovered that insufficient checks in the Flash plugin glue code could lead to arbitrary code execution. CVE-2008-5014 Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. CVE-2008-5017 It was discovered that crashes in the layout engine could lead to arbitrary code execution. CVE-2008-5018 It was discovered that crashes in the Javascript engine could lead to arbitrary code execution. CVE-2008-0017 Justin Schuh discovered that a buffer overflow in http-index-format parser could lead to arbitrary code execution. CVE-2008-5021 It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. CVE-2008-5022 "moz_bug_r_a4" discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners() could be bypassed. CVE-2008-5023 Collin Jackson discovered that the -moz-binding property bypasses security checks on codebase principals. CVE-2008-5024 Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. For the stable distribution (etch), these problems have been fixed in version 1.8.0.15~pre080614h-0etch1. Packages for mips will be provided later. For the upcoming stable distribution (lenny) and the unstable distribution (sid), these problems have been fixed in version 1.9.0.4-1. We recommend that you upgrade your xulrunner packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h.orig.tar.gz Size/MD5 checksum: 43763318 269ce29df92d5053f6d0fc659717c18b http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1.diff.gz Size/MD5 checksum: 144529 7f517d4bd904df70b6ead61c85e5eb71 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1.dsc Size/MD5 checksum: 1984 2f56bfad80749a3af01a185cfc3a19e5 Architecture independent packages: http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs-dev_1.8.0.15~pre080614h-0etch1_all.deb Size/MD5 checksum: 37108 ac110712c554bc90e6156ddf375c20e6 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-dev_1.8.0.15~pre080614h-0etch1_all.deb Size/MD5 checksum: 231230 75b9b3c909279253b358fe73c87ae920 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.8.0.15~pre080614h-0etch1_all.deb Size/MD5 checksum: 176254 6bffe2de1c86a23ea69141da310df072 http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs1_1.8.0.15~pre080614h-0etch1_all.deb Size/MD5 checksum: 37070 a83bac43079f44db9c6a8ba23638481a http://security.debian.org/pool/updates/main/x/xulrunner/libxul-dev_1.8.0.15~pre080614h-0etch1_all.deb Size/MD5 checksum: 2637220 39ab7259a30e82173bd736ff4d26b366 http://security.debian.org/pool/updates/main/x/xulrunner/libxul-common_1.8.0.15~pre080614h-0etch1_all.deb Size/MD5 checksum: 1051896 e9a4021391f5153eaca415b5f6e93fe6 http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.8.0.15~pre080614h-0etch1_all.deb Size/MD5 checksum: 1032080 388688d0bfcb0a5c4abde96f9fb24c98 http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-dev_1.8.0.15~pre080614h-0etch1_all.deb Size/MD5 checksum: 207752 516386bf8588e6210ac121d38cc67308 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_alpha.deb Size/MD5 checksum: 292440 187aad52fc63d5fdca6521359b6a360a http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_alpha.deb Size/MD5 checksum: 386628 536f366c637868a9f27746f776d37a31 http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_alpha.deb Size/MD5 checksum: 7346254 4b946a8f3cde017ff0580a9a97687e7e http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_alpha.deb Size/MD5 checksum: 765180 673c7bd51731495926293ff92301b327 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_alpha.deb Size/MD5 checksum: 739026 d96d09c1ecbf280a77ee5f4fe4a7d1a3 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_alpha.deb Size/MD5 checksum: 3188906 5cfc3218c50b909a4e64e06d09774224 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_alpha.deb Size/MD5 checksum: 53106 20768cf8e831ad71f45cccb657eb3448 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_alpha.deb Size/MD5 checksum: 71212 0f8fe3e84b4faf38d25347f3dfdc463d http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_alpha.deb Size/MD5 checksum: 302616 01109cc8d78492dbbbcbad4756255e8b http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_alpha.deb Size/MD5 checksum: 162612 9af11053277aa8398ed4852890076b41 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_alpha.deb Size/MD5 checksum: 129930 7b03aa5bcfb76b15d860621806ffbccb http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_alpha.deb Size/MD5 checksum: 905638 3a558f50e394d109e4d306559b48283a http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_alpha.deb Size/MD5 checksum: 46017420 d5f238086f7f77270d31a3d34c4b9a35 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_amd64.deb Size/MD5 checksum: 3177838 69775ab87c4c2677faf2fbe8ed1c4617 http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_amd64.deb Size/MD5 checksum: 148946 d179d55f788e6fbaf2259446d79c342c http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_amd64.deb Size/MD5 checksum: 356028 7e6147ae3531fb175cdf637a25f4dc33 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_amd64.deb Size/MD5 checksum: 126632 7795ccbd3edeb72623450ec3b0c407f9 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_amd64.deb Size/MD5 checksum: 810296 09a7217cbe1b1180c71ae7b16a306747 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_amd64.deb Size/MD5 checksum: 69360 2e6a6559a22ce55f2b6b9331b0bfbd68 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_amd64.deb Size/MD5 checksum: 755560 ade61fc66030701ba9d62086288403bf http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_amd64.deb Size/MD5 checksum: 278728 9124a96cd6b202d076a35829b542f6f6 http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_amd64.deb Size/MD5 checksum: 6343406 7683694615827e8674c59034978b86b1 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_amd64.deb Size/MD5 checksum: 671010 7984141447417ad48f657e5752a197c5 http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_amd64.deb Size/MD5 checksum: 45217322 e18a8c41099328f6979c27614a81b83c http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_amd64.deb Size/MD5 checksum: 53340 803733e356f2f74037a6f3a7d9a4a91f http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_amd64.deb Size/MD5 checksum: 304624 36ced9e2336ccaa648a15c76707f8645 arm architecture (ARM) http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_arm.deb Size/MD5 checksum: 50992 e655c2956e96e317f0a32c4122b34d3b http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_arm.deb Size/MD5 checksum: 732278 0f2bce0bc1d0b13b36c5b45465516b04 http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_arm.deb Size/MD5 checksum: 44746676 980a58b4e66d48cb8e913a3846081001 http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_arm.deb Size/MD5 checksum: 5368942 8a6560e2302db9686218205d5c347e16 http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_arm.deb Size/MD5 checksum: 290778 305d1c3d9f893d75d6b92e7b02819bdb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_arm.deb Size/MD5 checksum: 63054 72ef44af146319f439a44197b7d4743a http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_arm.deb Size/MD5 checksum: 594214 7c6d64740f289185389b15b790d645ad http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_arm.deb Size/MD5 checksum: 2969882 9acb7cc81292692bedc12f523fb25f19 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_arm.deb Size/MD5 checksum: 119110 249f11b4d5c08aa5d1bd4d74221e0c38 http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_arm.deb Size/MD5 checksum: 136886 ce4ac4ba2050790518c8528c2a415f02 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_arm.deb Size/MD5 checksum: 326184 5c4f59cedea7db6e7dd5d9a9522c24c7 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_arm.deb Size/MD5 checksum: 260186 a9ac930957d7416cc7a160b6044f96b3 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_arm.deb Size/MD5 checksum: 705170 fbdb65410c70fa8805ce72c0c97c179b hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_hppa.deb Size/MD5 checksum: 302322 61f8282f8cd276c69d24fa6824761a4e http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_hppa.deb Size/MD5 checksum: 703692 06452f715efa7e66c5d22e3866db2c0e http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_hppa.deb Size/MD5 checksum: 46134820 cd29259ebf9caf9dca35560e806f984b http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_hppa.deb Size/MD5 checksum: 53462 27cc05a50b56afbe49b5fa3b30672e58 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_hppa.deb Size/MD5 checksum: 390962 9fed7a335de83d6333b1c2e5c9bedfea http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_hppa.deb Size/MD5 checksum: 161670 b9c1c8bfdf1db386d301dbb03d5c403c http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_hppa.deb Size/MD5 checksum: 7552110 91b773e5373158755289930d39ff7470 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_hppa.deb Size/MD5 checksum: 132130 8a5c0d6d99049ab1a499c584a602d7dc http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_hppa.deb Size/MD5 checksum: 753050 bc5f4f2723836580fbfbaed5a71272b1 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_hppa.deb Size/MD5 checksum: 287828 b0a84eacece17a811defbb7b30c757f7 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_hppa.deb Size/MD5 checksum: 3104660 47ab34d7126c8f64cbaa269f7a2afdd4 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_hppa.deb Size/MD5 checksum: 70902 67634b0f71a03fd87476396172ccffe7 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_hppa.deb Size/MD5 checksum: 874810 ae271a1ca58484ddf43ba14d66387a06 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_i386.deb Size/MD5 checksum: 5383100 25dfd28aef781b5ca352f0232aa211e9 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_i386.deb Size/MD5 checksum: 63834 2691c48af147f802e684e030d3e04701 http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_i386.deb Size/MD5 checksum: 44696504 d3f45db182ee59de39c86b5ea12ad01a http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_i386.deb Size/MD5 checksum: 714892 13951abf0a2c9030ed8ff163f6259351 http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_i386.deb Size/MD5 checksum: 296446 b8a9da32c6184afac2f6649ce8ad5847 http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_i386.deb Size/MD5 checksum: 139824 13cb243ffadc155900abb00835a6507b http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_i386.deb Size/MD5 checksum: 3033280 705838b8f872cd335ce180cbad03cdb1 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_i386.deb Size/MD5 checksum: 337086 87db12ec21885f3833560b334e1af3e4 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_i386.deb Size/MD5 checksum: 50868 707ae35a901c3e9ae1ec40c3c00f7921 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_i386.deb Size/MD5 checksum: 742916 bd2ff5be8f3a94deaf104bafe477a9d3 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_i386.deb Size/MD5 checksum: 118548 8ce74f7ef876172271c72c3c411cbd33 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_i386.deb Size/MD5 checksum: 267924 7d8bcf96f9244594b9a937b6224fa097 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_i386.deb Size/MD5 checksum: 628432 e109e6b6aa054ced99a8844df67ced17 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_ia64.deb Size/MD5 checksum: 150698 ab8c0d92e7ac8bb48b604d6ea36197e4 http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_ia64.deb Size/MD5 checksum: 287530 c9db22cd56cc17dd619cbd95b3b45075 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_ia64.deb Size/MD5 checksum: 532996 b7c0eadd7ddd85642c761e29cf7cafc3 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_ia64.deb Size/MD5 checksum: 755714 eae62df93df4e8bb5f0deda5dd4ec4e9 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_ia64.deb Size/MD5 checksum: 3051824 e516b3a4601b8350faeff14a47b298b2 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_ia64.deb Size/MD5 checksum: 334028 3a0cc332ff6b095193b7c70952d13532 http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_ia64.deb Size/MD5 checksum: 45437166 c3a164f9d48b0c96277be51a441915dd http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_ia64.deb Size/MD5 checksum: 1121458 5f97e14d0837fc02241fec88c81f706a http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_ia64.deb Size/MD5 checksum: 80872 a36655812bc3600a00ada31f7b5af8d7 http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_ia64.deb Size/MD5 checksum: 9685646 1ec5fef153646e888c1e28c306e0edae http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_ia64.deb Size/MD5 checksum: 57870 97e42348ab45451378fd360df57ee996 http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_ia64.deb Size/MD5 checksum: 198742 bbba497dfc3b9e556082c6357e3dfde5 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_ia64.deb Size/MD5 checksum: 937264 e538ce36bc43ed941394d13ee0d52a53 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_mipsel.deb Size/MD5 checksum: 274964 8cc829f5a01dabeb02357a57f26de510 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_mipsel.deb Size/MD5 checksum: 65170 7ca8f4598376b9e35cf62096cd0663aa http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_mipsel.deb Size/MD5 checksum: 785530 464969451374f49191184fdd78363633 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_mipsel.deb Size/MD5 checksum: 351424 21b9b17a786ee9e8a28bff8e2cb7b067 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_mipsel.deb Size/MD5 checksum: 3187334 da69f74749bc9d111d4a1e4597b7a075 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_mipsel.deb Size/MD5 checksum: 52554 fd3706c6cfccb0442e3b092e184adfbb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_mipsel.deb Size/MD5 checksum: 118606 3f78ef107edbf118d6da0a504b1a6c90 http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_mipsel.deb Size/MD5 checksum: 5756448 5d27b51600c5aecf30d82872ea5ef976 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_mipsel.deb Size/MD5 checksum: 670678 861a749803d3906cd21d77e8f45ecae6 http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_mipsel.deb Size/MD5 checksum: 305782 739ba0f2bcb1c8204734225044648734 http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_mipsel.deb Size/MD5 checksum: 45367986 ff5cbe1732d1dae74bb822119d86a925 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_mipsel.deb Size/MD5 checksum: 766946 438965e5962147e88570d0f0502b43fd http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_mipsel.deb Size/MD5 checksum: 146350 3cdb4a00d928cd6d222841d961edcaf8 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_powerpc.deb Size/MD5 checksum: 124684 defd7a2555c14d3a0f06c971bea7a451 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_powerpc.deb Size/MD5 checksum: 810014 20a1a9dbf4a3ad3eb8fd0d35ee64342f http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_powerpc.deb Size/MD5 checksum: 46948440 e99e9c17fe4fff09ffa231ab61344926 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_powerpc.deb Size/MD5 checksum: 3207304 106c8e04e7e69a403629a08113af60b1 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_powerpc.deb Size/MD5 checksum: 53822 06e6021788dfa6ed42f73c42dc42d4c6 http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_powerpc.deb Size/MD5 checksum: 148102 9ee04ff3dbad84bebf8536adf942da51 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_powerpc.deb Size/MD5 checksum: 279498 2a91ba4052440b688a084142034094b2 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_powerpc.deb Size/MD5 checksum: 350088 2cdf2cc81b27d7ecab9c8045f9fa3f4c http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_powerpc.deb Size/MD5 checksum: 774852 68f4364621232a4ccaf379739fe90844 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_powerpc.deb Size/MD5 checksum: 640770 caf3b284405fe5c5c630aa3079b03a98 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_powerpc.deb Size/MD5 checksum: 65030 1fb0c63b382b718542a93f6a5044c5dd http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_powerpc.deb Size/MD5 checksum: 6111652 8084da84956a7dd10fb41a748571d1ce http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_powerpc.deb Size/MD5 checksum: 311138 dd2cdb789b213198e2d07793ff6cda7d s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_s390.deb Size/MD5 checksum: 372540 2a5ba267a8fe0873efd38cd4b7901cc6 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_s390.deb Size/MD5 checksum: 282950 45ee96102546cd3721b3035fa66625d5 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_s390.deb Size/MD5 checksum: 127476 c84ebe0a16a997feec58a7e4b8cb680e http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_s390.deb Size/MD5 checksum: 6815988 904ffedb7cf2d3951fa3ba419db97bf8 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_s390.deb Size/MD5 checksum: 688656 68fe7ceca84ad73d3af368cafcc8bb8d http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_s390.deb Size/MD5 checksum: 3182688 e31c62d66bbc8c56803ad26bebdd759b http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_s390.deb Size/MD5 checksum: 54072 143164871ff9749b6b6b4430cb32041b http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_s390.deb Size/MD5 checksum: 756986 e369095cb45670013a7842c16e4b705d http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_s390.deb Size/MD5 checksum: 69980 9d100c8a6ce21bf7072068084fb0d686 http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_s390.deb Size/MD5 checksum: 306772 7d5c5de6d3b220c4ed01f0f41fdee5bc http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_s390.deb Size/MD5 checksum: 899720 3ac2e0a53da7a24c693705e38222063e http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_s390.deb Size/MD5 checksum: 160818 24d85411a0b362051bf4a01071b62fba http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_s390.deb Size/MD5 checksum: 46082350 b519a68a5f31a04f0f5e236845487bde sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_sparc.deb Size/MD5 checksum: 719922 5bc9efc37cef094718adb36d5a016179 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_sparc.deb Size/MD5 checksum: 676172 b0241dcaf3f7153dc9145a9c5babe787 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_sparc.deb Size/MD5 checksum: 63314 4e65fa183e0e12f543d0eb669c6d670d http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_sparc.deb Size/MD5 checksum: 51986 303f9de96490f0633aab95306fe30f05 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_sparc.deb Size/MD5 checksum: 586488 6236e767259e06e3d3b4c062ee6362a2 http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_sparc.deb Size/MD5 checksum: 44786670 07e5e02fced64c2303043cffa255a4ee http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_sparc.deb Size/MD5 checksum: 5691050 3f4e9e5e4feff6a386094101820c9f11 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_sparc.deb Size/MD5 checksum: 323786 ec3a7690b2e154e51132d1983a72be3b http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_sparc.deb Size/MD5 checksum: 2854664 214407a606e9b94ab300ea306d1c0e18 http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_sparc.deb Size/MD5 checksum: 136908 be6e397388eb412bcbf9ec6a014b00f5 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_sparc.deb Size/MD5 checksum: 118720 346aa123c24a426716a1576c3c285dc6 http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_sparc.deb Size/MD5 checksum: 284372 63ba1195ae71a92c6b780004c0c7e2da http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_sparc.deb Size/MD5 checksum: 261348 690d1985e4d4cd1c5b076e76af55ac84 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce< at >lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkpvOsACgkQXm3vHE4uylqk/QCfcUJ0bKTZiaUbBByKV0IMMfn0 jScAoMccp5hon5x17e34NnJzW8aJGMDb =ZybD -----END PGP SIGNATURE----- Moritz Muehlenhoff 2008-11-23T20:29:40 http://comments.gmane.org/gmane.linux.debian.user.security.announce/1722 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1668-1 security< at >debian.org http://www.debian.org/security/ Steve Kemp November 22, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : hf Vulnerability : programming error Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-2378 Debian Bug : 504182 Steve Kemp discovered that hf, an amateur-radio protocol suite using a soundcard as a modem, insecurely tried to execute an external command which could lead to the elevation of privileges for local users. For the stable distribution (etch), this problem has been fixed in version 0.7.3-4etch1. For the unstable distribution (sid), this problem has been fixed in version 0.8-8.1. We recommend that you upgrade your hf package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1.diff.gz Size/MD5 checksum: 48134 aedcfbf8d991ebee97c1b1a57f677c32 http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3.orig.tar.gz Size/MD5 checksum: 776437 78d855ea6fccdd5fd1d1ee19d2fd5ea1 http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1.dsc Size/MD5 checksum: 665 c225ea8d68cac81421a85f960c26942c alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_alpha.deb Size/MD5 checksum: 734206 5bd691c27b46f64ce98c68a48e0798ab amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_amd64.deb Size/MD5 checksum: 690954 c966ca05f946b97569b38c9dccc7a80f arm architecture (ARM) http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_arm.deb Size/MD5 checksum: 664202 aad2e7d38d7b6724f2e842e8048bf840 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_hppa.deb Size/MD5 checksum: 731050 412d07e8cf470eba24b4a63994d3bb76 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_i386.deb Size/MD5 checksum: 656534 10eaf8da9cd5deaa7fc0cc655df9e28c ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_ia64.deb Size/MD5 checksum: 898636 2caa75fb4af2f56bd5ccfbf5b0387368 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_mips.deb Size/MD5 checksum: 705444 f41f671e6fc8a5980566c261dc3a6ee9 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_mipsel.deb Size/MD5 checksum: 698476 6e9465ba686b513e22a023f31d4f8980 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_powerpc.deb Size/MD5 checksum: 689566 3a6b281bb7a0fc7ae0d9bdba1e40dff6 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_s390.deb Size/MD5 checksum: 661218 315d7ac125355a89b4a6e253a6fb0172 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_sparc.deb Size/MD5 checksum: 656572 86bb446f37a7801a26859d3db1a177c5 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce< at >lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFJJ+X2wM/Gs81MDZ0RAvDvAKC2QslfDIGoZ8Kr3KDVFByYDPkEEwCfU8zU 8CxLLsV531z7KaGZJ96QtEM= =4wBU -----END PGP SIGNATURE----- Steve Kemp 2008-11-22T10:59:48 http://comments.gmane.org/gmane.linux.debian.user.security.announce/1721 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1667-1 security< at >debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 19, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : python2.4 Vulnerability : several Problem type : local(remote) Debian-specific: no CVE Id(s) : CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 Several vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-2315 David Remahl discovered several integer overflows in the stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, and mmapmodule modules. CVE-2008-3142 Justin Ferguson discovered that incorrect memory allocation in the unicode_resize() function can lead to buffer overflows. CVE-2008-3143 Several integer overflows were discovered in various Python core modules. CVE-2008-3144 Several integer oberflows were discovered in the PyOS_vsnprintf() function. For the stable distribution (etch), these problems have been fixed in version 2.4.4-3+etch2. For the unstable distribution (sid) and the upcoming stable distribution (lenny), these problems have been fixed in version 2.4.5-5. We recommend that you upgrade your python2.4 packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4.orig.tar.gz Size/MD5 checksum: 9508940 f74ef9de91918f8927e75e8c3024263a http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2.dsc Size/MD5 checksum: 1201 0b3898b3477ae37a81d28f9539c50de6 http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2.diff.gz Size/MD5 checksum: 205713 ac023a02c39a7e70b10c268e7169cbc7 Architecture independent packages: http://security.debian.org/pool/updates/main/p/python2.4/python2.4-examples_2.4.4-3+etch2_all.deb Size/MD5 checksum: 589678 9c6aef28fb1ff9a804fa1a147ce69d9e http://security.debian.org/pool/updates/main/p/python2.4/idle-python2.4_2.4.4-3+etch2_all.deb Size/MD5 checksum: 60906 f03f5452778817758dfce037ba571001 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_alpha.deb Size/MD5 checksum: 965736 6f3adc06d80c3fdeda48e3bc0b12e5d9 http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_alpha.deb Size/MD5 checksum: 5238160 680f07c3e87cb20b05b37745cf80f39a http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_alpha.deb Size/MD5 checksum: 2970930 e9f0951b39f36de2bd288aa34ca0dbc4 http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_alpha.deb Size/MD5 checksum: 1850704 3ccfc06ca31ae9f7f6cb631e8ee3a000 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_amd64.deb Size/MD5 checksum: 967804 0b594b7a4e03004672043d5c58019f80 http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_amd64.deb Size/MD5 checksum: 1637308 bcb8e0ccd455c2487ee2721d3d84aca1 http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_amd64.deb Size/MD5 checksum: 5592228 441466ec5cbe0a3bf5b7d55a6fed7d8b http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_amd64.deb Size/MD5 checksum: 2968524 145a0af7bfaaae7d9ad2203241ec4ee8 arm architecture (ARM) http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_arm.deb Size/MD5 checksum: 5358352 bb915c2a61cdc006db13a8d0c440c56d http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_arm.deb Size/MD5 checksum: 1502304 84153862216da31338aba857c90871d4 http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_arm.deb Size/MD5 checksum: 902236 6427dc210675b5cce39ab5f928b298db http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_arm.deb Size/MD5 checksum: 2882452 b6bf0e5f6b4ea813a5bccc567b6e408e hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_hppa.deb Size/MD5 checksum: 3076702 001c94d6dba8fb9ba08d29ca5ceca65f http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_hppa.deb Size/MD5 checksum: 1799642 95b811cadf540cc3b3f31a0134d18661 http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_hppa.deb Size/MD5 checksum: 1020124 9c8431097766633b45cfa35bf71761f5 http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_hppa.deb Size/MD5 checksum: 5529414 67fb9036f49688d82b6ee93addc3c3fe i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_i386.deb Size/MD5 checksum: 901636 b198116fc5425e7fd48dba6d992a0c06 http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_i386.deb Size/MD5 checksum: 2850824 4c7b173a4ebb3444201fe3f45f9e9fd2 http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_i386.deb Size/MD5 checksum: 1511532 4fd6d3f340893f233f674a73642330b0 http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_i386.deb Size/MD5 checksum: 5185158 da92623d224f45bd929b778864f98991 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_ia64.deb Size/MD5 checksum: 3373186 bf8c76edf3d0c95deaa7bdf81a178a83 http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_ia64.deb Size/MD5 checksum: 6069872 e4dfd4adc2e602334f0896f7424f0575 http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_ia64.deb Size/MD5 checksum: 2271712 46e48abc5e37875a427752c82d8a0f7b http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_ia64.deb Size/MD5 checksum: 1290446 9c85ea026775b8a4789a3e46816d0d5e mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_mips.deb Size/MD5 checksum: 957252 d38814f00e5f99329484248c184b24b3 http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_mips.deb Size/MD5 checksum: 5660920 84bacdccb5955980efe7a6b59e5238fa http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_mips.deb Size/MD5 checksum: 1726146 c4312205f75f0bf6393ff2c7bd70fd2f http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_mips.deb Size/MD5 checksum: 2907332 db94b5cd8acca9f475f5f6965a66761a mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_mipsel.deb Size/MD5 checksum: 2864392 a17779986991285abab3391244d9c1e3 http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_mipsel.deb Size/MD5 checksum: 5511232 b92e2004fb01967d4f7014970171e9a9 http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_mipsel.deb Size/MD5 checksum: 1717876 a98897dc330a1a6effa05ff29af9bfab http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_mipsel.deb Size/MD5 checksum: 939778 6aeb1ef0ed1589b20009b0f7428a2dda powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_powerpc.deb Size/MD5 checksum: 1642534 468c97ebc8403c556c36da596e31d20f http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_powerpc.deb Size/MD5 checksum: 2958248 bc7f2d52549e520a9843945dd282bfad http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_powerpc.deb Size/MD5 checksum: 5786768 370c7b6f933f98308416924f13da6f94 http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_powerpc.deb Size/MD5 checksum: 979280 a25aeb78de7b33b8b2cfe316f3f0a834 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_s390.deb Size/MD5 checksum: 2977268 a4dcf614e277d8c0f70b4737e53aaf5c http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_s390.deb Size/MD5 checksum: 974928 a3bd80007cd56a79472b42db039ece4f http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_s390.deb Size/MD5 checksum: 5674618 cb969a4cc4fda848ebee50528d3c570d http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_s390.deb Size/MD5 checksum: 1648202 72ebac2aefa5ca8c8e2ef9675e0c6052 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_sparc.deb Size/MD5 checksum: 2902784 21032174db6897e8828e34ce01fa017d http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_sparc.deb Size/MD5 checksum: 918976 694c6c564222cff16c9069c6ee8c24bf http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_sparc.deb Size/MD5 checksum: 1586720 bf9d1414434a21b314535fc6df13103b http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_sparc.deb Size/MD5 checksum: 5199576 c5bb7eb8ecc15a633d7045d284d3d93d These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce< at >lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkkWV0ACgkQXm3vHE4uyloD4ACg4wZplFaYb8wMXtR+cJGEMv3/ ElgAoOQNvTliC+c5EvAqNoXldGpUvwmX =23CL -----END PGP SIGNATURE----- Moritz Muehlenhoff 2008-11-19T18:23:36 http://comments.gmane.org/gmane.linux.debian.user.security.announce/1720 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1666-1 security< at >debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 17, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : libxml2 Vulnerability : several Problem type : local(remote) Debian-specific: no CVE Id(s) : CVE-2008-4225 CVE-2008-4226 Several vulnerabilities have been discovered in the GNOME XML library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-4225 Drew Yao discovered that missing input sanitising in the xmlBufferResize() function may lead to an infinite loop, resulting in denial of service. CVE-2008-4226 Drew Yao discovered that an integer overflow in the xmlSAX2Characters() function may lead to denial of service or the execution of arbitrary code. For the stable distribution (etch), these problems have been fixed in version 2.6.27.dfsg-6. For the upcoming stable distribution (lenny) and the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your libxml2 packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6.dsc Size/MD5 checksum: 893 b6b2006ffadfb999e72974d574814b7c http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz Size/MD5 checksum: 3416175 5ff71b22f6253a6dd9afc1c34778dec3 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6.diff.gz Size/MD5 checksum: 147867 d6a3bbbe39bffe96867de82b11c7c5be Architecture independent packages: http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-6_all.deb Size/MD5 checksum: 1328280 c2990030601040775b909c8ace076100 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_alpha.deb Size/MD5 checksum: 881946 38629543e71a18f6007b8d61d0500e36 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_alpha.deb Size/MD5 checksum: 821150 f14ee677bb7eac20cd65adef90af0f3c http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_alpha.deb Size/MD5 checksum: 37972 d7757b07f8b0c69f9fd0a07a1598a3e3 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_alpha.deb Size/MD5 checksum: 184750 020e5ca7663ee88695e1502c8e8af77c http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_alpha.deb Size/MD5 checksum: 917020 f837c687d428d94559bf68e012bc0e02 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_amd64.deb Size/MD5 checksum: 745790 94edf60cc7d02dd31a70376baf740958 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_amd64.deb Size/MD5 checksum: 892010 a648a6d69a73593739035d78ed3c8436 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_amd64.deb Size/MD5 checksum: 796410 9f38a5028c33f32cf1701535c1c37984 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_amd64.deb Size/MD5 checksum: 36682 4de1bfa28b9361e462075451befbe66c http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_amd64.deb Size/MD5 checksum: 184126 1aae3163d718d0c378203b7ea1a53a9b arm architecture (ARM) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_arm.deb Size/MD5 checksum: 673236 cda6995615db6e74610d8a51607e85e4 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_arm.deb Size/MD5 checksum: 817602 c5f81e370d055ba14a40a64d3fbb6e9e http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_arm.deb Size/MD5 checksum: 34682 4b01403ce80c2949f31559e0eacc044b http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_arm.deb Size/MD5 checksum: 165284 f84251cc53fa6b67b7fb55f58dd47d5b http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_arm.deb Size/MD5 checksum: 742176 2e9e6cbbc777d49a99d8a6d98c5dc799 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_hppa.deb Size/MD5 checksum: 858220 0f8cf389ab60a7639fac0f6499325995 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_hppa.deb Size/MD5 checksum: 863998 2332655d5ec188cf038cf9fcab862d9f http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_hppa.deb Size/MD5 checksum: 850370 6c600a26f96c3a3eea898821b0a63937 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_hppa.deb Size/MD5 checksum: 36852 75d6a8790e01eacb3183e6f295542215 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_hppa.deb Size/MD5 checksum: 192850 f635c62c33d9a2ea17015b08370dfd8f i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_i386.deb Size/MD5 checksum: 857246 6cebb1b5f8e5e87c00319eb59df9c497 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_i386.deb Size/MD5 checksum: 169026 31acf12efa0a8f37045f3f0869b894f8 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_i386.deb Size/MD5 checksum: 681544 f0f383f2ea6ae309bfbcd13f2a2e8efa http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_i386.deb Size/MD5 checksum: 756128 f776e4a0c28389602bb6b26965fc70ce http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_i386.deb Size/MD5 checksum: 34496 0cf1427860bb36162af23351285ff091 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_ia64.deb Size/MD5 checksum: 196528 3eaa55301a20961852f3a3c5b64bde8c http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_ia64.deb Size/MD5 checksum: 48494 280c616ff34b4aa41a48173828b6e66c http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_ia64.deb Size/MD5 checksum: 1106616 e7b32b8f711337ca52a041af581a05b6 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_ia64.deb Size/MD5 checksum: 1080448 a7334ed64dba73272b2001e09d18493f http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_ia64.deb Size/MD5 checksum: 874194 1410e29414572197b6f82dd5a8be061f mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_mips.deb Size/MD5 checksum: 840690 ad2ce083ff5c14656ea3ae28b0fa783d http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_mips.deb Size/MD5 checksum: 770540 d1faeaa723c3de301fb4c8a44ece376a http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_mips.deb Size/MD5 checksum: 34424 c7c9469462957365ab26e7f06e1f0521 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_mips.deb Size/MD