Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > September 2005 > Debian - Seven Security Advisories

September 2005

Debian - Seven Security Advisories

ID: 00852
Ref: 795/05
Date: 30 September 2005:11:42:22
Version: 1
Title: Debian - Seven Security Advisories
Abstract: Updates for squid, loop-aes-utils, helix-player, backupninja, mysql, and ntlmaps.
Vendors affected: Debian
Operating systems affected: Debian
Applications affected: Debian

Title
=====

Debian - Seven Security Advisories:
1. New squid packages fix denial of service [DSA 809-2]
2. New loop-aes-utils packages fix privilege escalation [DSA 825-1]
3. New helix-player packages fix multiple vulnerabilities [DSA 826-1]
4. New backupninja packages fix insecure temporary file [DSA 827-1]
5. New squid packages fix denial of service [DSA 828-1]
6. New mysql packages fix arbitrary code execution [DSA 829-1]
7. New ntlmaps packages fix information leak [DSA 830-1]


Detail
======


Security advisory summaries:

1. Certain aborted requests that trigger an assertion in squid, the
popular WWW proxy cache, may allow remote attackers to cause a denial
of service. This update also fixes a regression caused by DSA 751.

2. A bug was discovered in mount as provided by util-linux and
other packages such as loop-aes-utils that allows local users to
bypass filesystem access restrictions by re-mounting it read-only.

3. Multiple security vulnerabilities have been identified in the
helix-player media player that could allow an attacker to execute code
on the victim's machine via specially crafted network resources.

4. It has been discovered that handler code for backupninja creates
a temporary file with a predictable filename, leaving it vulnerable to
a symlink attack.

5. Upstream developers of squid, the popular WWW proxy cache, have
discovered that changes in the authentication scheme are not handled
properly when given certain request sequences while NTLM
authentication is in place, which may cause the daemon to restart.

6. A stack-based buffer overflow in the init_syms function of MySQL, a
popular database, has been discovered that allows remote authenticated
users who can create user-defined functions to execute arbitrary code
via a long function_name field. The ability to create user-defined
functions is not typically granted to untrusted users.

7. It has been noticed that the post-installation script of ntlmaps, an
NTLM authorisation proxy server, changes the permissions of the
configuration file to be world-readable. It contains the user name
and password of the Windows NT system that ntlmaps connects to and,
hence, leaks them to lokal users.


Security advisory content follows:


1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 809-2 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 30th, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : squid
Vulnerability : assertion error
Problem type : remote
Debian-specific: no
CVE ID : CAN-2005-2794
Debian Bug : 320035

Certain aborted requests that trigger an assertion in squid, the
popular WWW proxy cache, may allow remote attackers to cause a denial
of service. This update also fixes a regression caused by DSA 751.

For the oldstable distribution (woody) this problem has been fixed in
version 2.4.6-2woody10.

For the stable distribution (sarge) this problem has been fixed in
version 2.5.9-10sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 2.5.10-5.

We recommend that you upgrade your squid package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10.dsc
Size/MD5 checksum: 614 72838788cad08e14db248125795fef03
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10.diff.gz
Size/MD5 checksum: 257792 036373fa29b3f0ef0f13f1ce2b7e9506
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz
Size/MD5 checksum: 1081920 59ce2c58da189626d77e27b9702ca228

Alpha architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_alpha.deb
Size/MD5 checksum: 817042 b0318ebf7e5450af40b441af0c50b229
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_alpha.deb
Size/MD5 checksum: 75990 a0b663697addfd7ddbb88720c0b9e68e
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_alpha.deb
Size/MD5 checksum: 60788 65e29fc78534c678777e894cd26eec7f

ARM architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_arm.deb
Size/MD5 checksum: 727164 d19d26c7184a23612fdc6bdb005e11b9
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_arm.deb
Size/MD5 checksum: 73770 4fa3a5c95b1afa8842b8a340ec702860
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_arm.deb
Size/MD5 checksum: 59082 2e1de11f65b713e3db221e1ea8bbef34

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_i386.deb
Size/MD5 checksum: 685324 d228802c15397d498ca395a79b6d56bc
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_i386.deb
Size/MD5 checksum: 74282 fd8888249ca4080be1ba62e9cdd5b3ba
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_i386.deb
Size/MD5 checksum: 58774 8ba44f4a2da57814f0813d21e23b5f95

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_ia64.deb
Size/MD5 checksum: 954974 feeefd11d6f446fbf70cc5954b9273df
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_ia64.deb
Size/MD5 checksum: 79824 ca19bb8416b7648195cc7b1c9768ceab
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_ia64.deb
Size/MD5 checksum: 63464 d9b3f5e4b4e690dee6bff6a720112d08

HP Precision architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_hppa.deb
Size/MD5 checksum: 780254 31bcfe48aa1774e2f29a9fc3fcb028f0
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_hppa.deb
Size/MD5 checksum: 75208 ab2f18b11bea0362cf27cab265324e10
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_hppa.deb
Size/MD5 checksum: 60236 c11448e476cc4aecc2f8fbd8f35873aa

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_m68k.deb
Size/MD5 checksum: 667886 9c1c6c63caca8e2ba13723060cb0038a
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_m68k.deb
Size/MD5 checksum: 73110 5c5bb1288209366cc195afb92ada5c88
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_m68k.deb
Size/MD5 checksum: 58332 8dd16ceb8fca5fbc29e2e051d21a1c02

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_mips.deb
Size/MD5 checksum: 766336 aa28ffd592af2bf9fd57aae55e4c4c42
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_mips.deb
Size/MD5 checksum: 74746 c037664fd063e6b938131b67290471ee
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_mips.deb
Size/MD5 checksum: 59382 dc652da2e206ca66180c2b8038a2d531

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_mipsel.deb
Size/MD5 checksum: 766916 842c270e8d8aac9c8cafd710e7a80056
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_mipsel.deb
Size/MD5 checksum: 74798 883335e9cbc0bab9dcf6f8d341ef65f4
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_mipsel.deb
Size/MD5 checksum: 59462 462a5a45363182d594099aa0c8fd9aed

PowerPC architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_powerpc.deb
Size/MD5 checksum: 724132 156c01c65ee7cf2fed18fee9efb9a041
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_powerpc.deb
Size/MD5 checksum: 73768 5b595aa01f81366cd5a8c2a0c2e910eb
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_powerpc.deb
Size/MD5 checksum: 58980 b15773fde173ecf67c0491a29b4db6d6

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_s390.deb
Size/MD5 checksum: 713198 8e578e68b934256633d79da244add1af
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_s390.deb
Size/MD5 checksum: 74096 ff166996af8bc0443447014a6b614648
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_s390.deb
Size/MD5 checksum: 59528 8bb8826cfdb59c54ffa7e14b19840795

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_sparc.deb
Size/MD5 checksum: 725476 7653876e85019972267725ec16038326
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_sparc.deb
Size/MD5 checksum: 76372 64ae6d6fe2317785a8d537bb4664106e
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_sparc.deb
Size/MD5 checksum: 61404 33d487f77d9912900e14c033b4a3a306


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDPNJ4W5ql+IAeqTIRAprcAJoC8BdcgnTVh22GF7zPlIQpm07FJwCfUd20
S7ucdnDlPIXPtAKVAesq3Io=
=DEf1
- -----END PGP SIGNATURE-----




2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 825-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 29th, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : loop-aes-utils
Vulnerability : privilege escalation
Problem type : local
Debian-specific: no
CVE ID : CAN-2005-2876

David Watson discoverd a bug in mount as provided by util-linux and
other packages such as loop-aes-utils that allows local users to
bypass filesystem access restrictions by re-mounting it read-only.

The old stable distribution (woody) does not contain loop-aes-utils
packages.

For the stable distribution (sarge) this problem has been fixed in
version 2.12p-4sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 2.12p-9.

We recommend that you upgrade your loop-aes-utils package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1.dsc
Size/MD5 checksum: 684 e708365ea3b674ef3983edda999d8070
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1.diff.gz
Size/MD5 checksum: 69614 f085322d67f1300c914910c1ca1fd95f
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p.orig.tar.gz
Size/MD5 checksum: 2001658 d47e820f6880c21c8b4c0c7e8a7376cc

Alpha architecture:

http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_alpha.deb
Size/MD5 checksum: 169938 66c4a72d906d1e55965165e3b6f49689

AMD64 architecture:

http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_amd64.deb
Size/MD5 checksum: 150498 9d6d3455ac704fa38601a2a1670d9f2a

ARM architecture:

http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_arm.deb
Size/MD5 checksum: 142030 c7c7fc0cb178d9b9878d936f0a8426e3

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_i386.deb
Size/MD5 checksum: 142250 de42b52353becd80ee61922a1b21486a

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_ia64.deb
Size/MD5 checksum: 190858 ede8efa9e792c2e8e05ddc08b1570670

HP Precision architecture:

http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_hppa.deb
Size/MD5 checksum: 156618 d326b2462c0f9abd2278e0ea4c809183

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_m68k.deb
Size/MD5 checksum: 132244 de86a9f8f29f23ea7d2b8ee896844ba6

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_mips.deb
Size/MD5 checksum: 159556 f37ed88ed75765546aba0ae13e2f80ab

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_mipsel.deb
Size/MD5 checksum: 160092 2a89a577a2edec9920050650b7e96484

PowerPC architecture:

http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_powerpc.deb
Size/MD5 checksum: 155064 64bb3aff51cdff0a0bc6851e9aed2ddd

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_s390.deb
Size/MD5 checksum: 153226 9a4bb20c30f7cf5127c0c5ec6f0862e8

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_sparc.deb
Size/MD5 checksum: 142068 15cb6e8097a22a66e77ff7fd0aebbe76


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDPBLQW5ql+IAeqTIRAocaAJ9uYRaYapfbtBZc5uVx4ww0hgXMuQCfZFaO
XZXXtv1M+fsHSHpa6WVtzKI=
=AR9C
- -----END PGP SIGNATURE-----




3.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 826-1 security@debian.org
http://www.debian.org/security/ Michael Stone
September 29th, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : helix-player
Vulnerability : multiple
Problem type : remote
Debian-specific: no
CVE Id(s) : CAN-2005-1766 CAN-2005-2710
Debian Bug : 316276 330364

Multiple security vulnerabilities have been identified in the
helix-player media player that could allow an attacker to execute code
on the victim's machine via specially crafted network resources.

CAN-2005-1766

Buffer overflow in the RealText parser could allow remote code
execution via a specially crafted RealMedia file with a long
RealText string.

CAN-2005-2710

Format string vulnerability in Real HelixPlayer and RealPlayer 10
allows remote attackers to execute arbitrary code via the image
handle attribute in a RealPix (.rp) or RealText (.rt) file.

For the stable distribution (sarge), these problems have been fixed in
version 1.0.4-1sarge1

For the unstable distribution (sid), these problems have been fixed in
version 1.0.6-1

We recommend that you upgrade your helix-player package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

helix-player was distributed only on the i386 and powerpc architecures

Source archives:

http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1.dsc
Size/MD5 checksum: 908 6ff062a280bab4db79c04e08278e28d6
http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1.diff.gz
Size/MD5 checksum: 7788 1e3280253e2d60701b28b153863b2fd0
http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4.orig.tar.gz
Size/MD5 checksum: 18044552 a277710be35426b317869503a4ad36d7

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1_i386.deb
Size/MD5 checksum: 4289094 b3d2934818a2139f309f77e4acd50e3d

PowerPC architecture:

http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1_powerpc.deb
Size/MD5 checksum: 4415404 f771482fd671da4848d6a496df128f69

These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iQCVAwUBQzx/AA0hVr09l8FJAQLkTAP+K1+4HF3DWTLnS3QX8Kd595rwXm60KYRj
6eDJtqs+2mhlLXLdsUPZS+wciEA7jirjXk5dGb+wgNAAhKpP5BxfX4jeLV0mgn1l
sWI1917bK1F/IISKdOlwLUG/c7nnCpJ3VBiqAfSAkcu6brUzI3fRMTej3DBCtcx1
h3S88TEoI/A=
=XoVE
- -----END PGP SIGNATURE-----




4.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 827-1 security@debian.org
http://www.debian.org/security/ Michael Stone
September 29th, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : backupninja
Vulnerability : insecure temporary file
Problem type : local
Debian-specific: no
CVE ID :

Moritz Muehlenhoff discovered the handler code for backupninja creates
a temporary file with a predictable filename, leaving it vulnerable to
a symlink attack.

The old stable distribution (woody) does not contain the backupninja package.

For the stable distribution (sarge) this problem has been fixed in
version 0.5-3sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 0.8-2.

We recommend that you upgrade your backupninja package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/b/backupninja/backupninja_0.5-3sarge1.dsc
Size/MD5 checksum: 702 fca2a04a7e02aebb41e0d3361706dcd7
http://security.debian.org/pool/updates/main/b/backupninja/backupninja_0.5-3sarge1.diff.gz
Size/MD5 checksum: 9620 c6e317bdcfe2e5987ae5732208cfcf86
http://security.debian.org/pool/updates/main/b/backupninja/backupninja_0.5.orig.tar.gz
Size/MD5 checksum: 24667 94ff16fbd0ccffeb252de3d303626558

Architecture independent components:

http://security.debian.org/pool/updates/main/b/backupninja/backupninja_0.5-3sarge1_all.deb
Size/MD5 checksum: 30650 68b2d618fead50ee4f9a17ba818504d4

These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iQCVAwUBQzx9DA0hVr09l8FJAQLjaQP/b/BidNNTrWkYepACQd8NUsj+Yk6O97Uy
Mt3hn2SAMJz0xOCq+DGJzDj0EQZ3L1Hexp/3ZZK1z8OEms7cwD1TC+d/QGwcDbrl
paEsmqggPXhjdH0/IUl0ido0g6bX/mVowRHi6go+KRswXjesvMOYADKoS5U2WpdF
5wzfJDUvDbI=
=RC6l
- -----END PGP SIGNATURE-----




5.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 828-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 30th, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : squid
Vulnerability : authentication handling
Problem type : remote
Debian-specific: no
CVE ID : CAN-2005-2917

Upstream developers of squid, the popular WWW proxy cache, have
discovered that changes in the authentication scheme are not handled
properly when given certain request sequences while NTLM
authentication is in place, which may cause the daemon to restart.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 2.5.9-10sarge2.

For the unstable distribution (sid) this problem has been fixed in
version 2.5.10-6.

We recommend that you upgrade your squid packages.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2.dsc
Size/MD5 checksum: 659 2392074c3f5bbafac714a0efe3f5413b
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2.diff.gz
Size/MD5 checksum: 343578 5b33f1d886a388f5b5e13adf6f8cba36
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9.orig.tar.gz
Size/MD5 checksum: 1384772 7290aa52ade1b5d5d3812e9089be13a9

Architecture independent components:

http://security.debian.org/pool/updates/main/s/squid/squid-common_2.5.9-10sarge2_all.deb
Size/MD5 checksum: 195092 380110271211412fec2a319dd55fabe5

Alpha architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_alpha.deb
Size/MD5 checksum: 943132 eb3fed6cf6e3014a3793a2c692d1a93d
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_alpha.deb
Size/MD5 checksum: 100092 c224ea4c569b7857c7b396de2216df92
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_alpha.deb
Size/MD5 checksum: 78174 7ed6d005ceef0d2d475ae3489c72ba82

AMD64 architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_amd64.deb
Size/MD5 checksum: 822522 b0c83496fdcfd0950235ee3d423b96a5
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_amd64.deb
Size/MD5 checksum: 98280 3351bd411a92695183de96d000f8b856
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_amd64.deb
Size/MD5 checksum: 76288 4452d3e5b62676aa76daf2b07a158887

ARM architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_arm.deb
Size/MD5 checksum: 783270 9a7085ed176606fdf1b46e267a3fd437
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_arm.deb
Size/MD5 checksum: 95822 7937e80db8f517e45fd5a85dc73ed205
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_arm.deb
Size/MD5 checksum: 75242 4248b0cf821444aa575d6d8650ae1c4e

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_i386.deb
Size/MD5 checksum: 767558 524c210937dd208f2dde7e400290060b
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_i386.deb
Size/MD5 checksum: 96890 e6a39d2018725412fa6142b2622f9712
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_i386.deb
Size/MD5 checksum: 75360 249ca7fb34dfefec019c7a7cc79ee8aa

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_ia64.deb
Size/MD5 checksum: 1074060 be6aff976b6e7fffcae8b701ea608583
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_ia64.deb
Size/MD5 checksum: 103614 332575bcf0a0c8137d7c3cbf9e768f76
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_ia64.deb
Size/MD5 checksum: 80686 6357f553a55dc3b27c9f69dd2840765c

HP Precision architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_hppa.deb
Size/MD5 checksum: 849592 af5a9a87759ac93cd52bddff4ad0b46f
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_hppa.deb
Size/MD5 checksum: 98076 a9509a1c205d88c5fa071a7de874c671
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_hppa.deb
Size/MD5 checksum: 77666 60e20ba927030b8713c5d057eae4d928

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_m68k.deb
Size/MD5 checksum: 705606 1742d32fc772f1dc5e765f492ef6b6c4
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_m68k.deb
Size/MD5 checksum: 95102 5b803c73e45ea2e47afe2729c573b305
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_m68k.deb
Size/MD5 checksum: 74588 74db688bbd0a2e5dc63fa7eb1bb1e84f

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_mips.deb
Size/MD5 checksum: 880286 57abb8cb6e105d6c288b65ea14f240c5
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_mips.deb
Size/MD5 checksum: 97596 079a2d1377ecc0cc72bb8258953a3de0
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_mips.deb
Size/MD5 checksum: 76784 e795094f66e38ef0852d5d12566db04e

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_mipsel.deb
Size/MD5 checksum: 883008 1e3ed4efc7ee2e02afb264b217d1e578
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_mipsel.deb
Size/MD5 checksum: 97670 9619665e833fd5579ca609cf403072cf
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_mipsel.deb
Size/MD5 checksum: 76884 a147494ae53e333ec10bcbb7bfed9fd0

PowerPC architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_powerpc.deb
Size/MD5 checksum: 817704 d723f8c63f9ece32a4e3c6ced55af7d5
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_powerpc.deb
Size/MD5 checksum: 96798 df6dfd74b399bf4f38ac7b2cfd848b75
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_powerpc.deb
Size/MD5 checksum: 75938 1ab64c11452cfc36f597f49a423377c3

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_s390.deb
Size/MD5 checksum: 816160 2a6605a8e65f4fa7035f1a9771139a9a
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_s390.deb
Size/MD5 checksum: 97178 ebbef048a05df68823ae4d614004937e
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_s390.deb
Size/MD5 checksum: 76598 ef92c29c34d0637d8c833427477cf866

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_sparc.deb
Size/MD5 checksum: 773748 9327db7709ccb329f7c83270037ea229
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_sparc.deb
Size/MD5 checksum: 95968 9ba038513e069f6e96d41cf3068daa3c
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_sparc.deb
Size/MD5 checksum: 75618 12254a07f2b7b7a461e8370743da5721


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDPMu9W5ql+IAeqTIRAoiAAJ9fxgBxsBLqNf91HLvADl8sDPn1hwCfcnUx
4UL5rjylWEZN3Af4OYM6boM=
=raQK
- -----END PGP SIGNATURE-----




6.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 829-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 30, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : mysql
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CAN-2005-2558
BugTraq ID : 14509

A stack-based buffer overflow in the init_syms function of MySQL, a
popular database, has been discovered that allows remote authenticated
users who can create user-defined functions to execute arbitrary code
via a long function_name field. The ability to create user-defined
functions is not typically granted to untrusted users.

The following vulnerability matrix shows which version of MySQL in
which distribution has this problem fixed:

woody sarge sid
mysql 3.23.49-8.14 n/a n/a
mysql-dfsg n/a 4.0.24-10sarge1 4.0.24-10sarge1
mysql-dfsg-4.1 n/a 4.1.11a-4sarge2 4.1.14-2
mysql-dfsg-5.0 n/a n/a 5.0.11beta-3

We recommend that you upgrade your mysql packages.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.14.dsc
Size/MD5 checksum: 877 6c46a2c935eb285140da38fe19a93382
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.14.diff.gz
Size/MD5 checksum: 85549 ebd8c30055708a455cb4ccd064a931f5
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz
Size/MD5 checksum: 11861035 a2820d81997779a9fdf1f4b3c321564a

Architecture independent components:

http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.14_all.deb
Size/MD5 checksum: 18490 0663194884fd4c4d066bac4a6df5f0e3
http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.5_all.deb
Size/MD5 checksum: 1962992 a4cacebaadf9d5988da0ed1a336b48e6

Alpha architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.14_alpha.deb
Size/MD5 checksum: 279812 5fc369c5e55b75b54f1f96600efc7611
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.14_alpha.deb
Size/MD5 checksum: 781182 06317a1507de6299aa2f7af79e1c47b7
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.14_alpha.deb
Size/MD5 checksum: 165206 f8f3a7c3f5b93be123648f61ef7d3e42
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.14_alpha.deb
Size/MD5 checksum: 3637322 7e0dcbe056038813b79059209109c817

ARM architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.14_arm.deb
Size/MD5 checksum: 240302 f38ae36e250a08516e84d74b5933da3c
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.14_arm.deb
Size/MD5 checksum: 636894 ee11f194944a0944ee69f282ef93a6db
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.14_arm.deb
Size/MD5 checksum: 125556 63e9a21903d558aa31872c96b5b0a9f2
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.14_arm.deb
Size/MD5 checksum: 2809136 6b7eb832b271f2e9e1bc0da437e77517

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.14_i386.deb
Size/MD5 checksum: 236462 a88ca1a9117992e7612f67ac3c5e233b
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.14_i386.deb
Size/MD5 checksum: 578470 8498436d79a3c4e0a21430c1a936f3f3
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.14_i386.deb
Size/MD5 checksum: 124152 f00a5007b19df61d50f462bbf2b16eab
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.14_i386.deb
Size/MD5 checksum: 2802684 0c7ae03086a6fb616f25d11a12f59dd3

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.14_ia64.deb
Size/MD5 checksum: 317096 8fd6cc4430b0be71e8e3e29653d1c385
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.14_ia64.deb
Size/MD5 checksum: 850834 25ee3b8c128001bc812b07106bca1919
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.14_ia64.deb
Size/MD5 checksum: 175374 33057b4bd48a10afeed341bc5326df2d
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.14_ia64.deb
Size/MD5 checksum: 4001596 c2553b10eaa03c0086cd045c6645fa21

HP Precision architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.14_hppa.deb
Size/MD5 checksum: 282714 a4beafeb9dbef09d855fbbae69593a9a
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.14_hppa.deb
Size/MD5 checksum: 746106 da172b65b2476554fda7f76d23b2ddf8
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.14_hppa.deb
Size/MD5 checksum: 142182 310f0ef1682301e22c49004db4dccaa6
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.14_hppa.deb
Size/MD5 checksum: 3516838 bdd5466d02128d767ec9e95259d0c478

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.14_m68k.deb
Size/MD5 checksum: 229626 11819aa106d97c216a58992d38741384
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.14_m68k.deb
Size/MD5 checksum: 559644 dda615853fac6ff347c2c28f34a8ad89
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.14_m68k.deb
Size/MD5 checksum: 119980 83773f99d401e676f524d31afc98cf0f
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.14_m68k.deb
Size/MD5 checksum: 2649554 812c67dd1714acc49437c3d103a58fcf

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.14_mips.deb
Size/MD5 checksum: 252912 f4a651db3d6d21e85e8a2ba1b90c71bd
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.14_mips.deb
Size/MD5 checksum: 691086 1d8b5a6120ab33e263b798fbde56cd0d
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.14_mips.deb
Size/MD5 checksum: 135446 14cf2bf322b0c4d97169a48b3c465088
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.14_mips.deb
Size/MD5 checksum: 2851490 34c1dcf229f22b27f10881e7d178eff8

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.14_mipsel.deb
Size/MD5 checksum: 252578 b30b1e6efcb6d814fc2f54ce01cbcbc2
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.14_mipsel.deb
Size/MD5 checksum: 690538 0f3486135c2a9e7e2b6d539b747337a1
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.14_mipsel.deb
Size/MD5 checksum: 135810 0a1f0808bcd847205c617f933da7ae4d
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.14_mipsel.deb
Size/MD5 checksum: 2841096 7b75481f884758f16477c86a51bb37ae

PowerPC architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.14_powerpc.deb
Size/MD5 checksum: 249676 df2ce297450c8f6e6d9d485a5ac70b66
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.14_powerpc.deb
Size/MD5 checksum: 654774 57850699654d9c713333db713e321ec1
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.14_powerpc.deb
Size/MD5 checksum: 131016 3002fb27dc21450f4f705979d34e6664
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.14_powerpc.deb
Size/MD5 checksum: 2826176 1becf085f621b056169693d408ad3f8c

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.14_s390.deb
Size/MD5 checksum: 251944 213455557dab1e21a6b8661b7fae0969
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.14_s390.deb
Size/MD5 checksum: 609592 aac39e06ea9ecb31ce0dc03805e6b47c
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.14_s390.deb
Size/MD5 checksum: 127992 69903a71808830e2b1fbc9b304810414
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.14_s390.deb
Size/MD5 checksum: 2693968 2b41561b8d7c13db5c312a55e770f8e9

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.14_sparc.deb
Size/MD5 checksum: 242884 6f2d616af8bc5830005f2991e93ef74f
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.14_sparc.deb
Size/MD5 checksum: 617996 314067541e885567bc9ba26207da7b09
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.14_sparc.deb
Size/MD5 checksum: 131984 2f8bdb7ec1d0069bca126cbccd64e858
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.14_sparc.deb
Size/MD5 checksum: 2943010 ce1e2eb8aac0dd21d1ffd5c05f8355f8


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDPN/sW5ql+IAeqTIRAnSJAJwODrDQ0LjJe2XMgVlI36p7RcjtygCdHvPd
2isxh+FfW7f3GULal++eD4A=
=Mpbh
- -----END PGP SIGNATURE-----




7.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 830-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 30th, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : ntlmaps
Vulnerability : wrong permissons
Problem type : local
Debian-specific: yes
CVE ID : CAN-2005-2962

Drew Parsons noticed that the post-installation script of ntlmaps, an
NTLM authorisation proxy server, changes the permissions of the
configuration file to be world-readable. It contains the user name
and password of the Windows NT system that ntlmaps connects to and,
hence, leaks them to lokal users.

The old stable distribution (woody) does not contain an ntlmaps package.

For the stable distribution (sarge) this problem has been fixed in
version 0.9.9-2sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 0.9.9-4.

We recommend that you upgrade your ntlmaps package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/n/ntlmaps/ntlmaps_0.9.9-2sarge1.dsc
Size/MD5 checksum: 600 4ae17d64d33187480d5933982e0cbf43
http://security.debian.org/pool/updates/main/n/ntlmaps/ntlmaps_0.9.9-2sarge1.diff.gz
Size/MD5 checksum: 14553 345a3329564f222f830cc448d1bf2992
http://security.debian.org/pool/updates/main/n/ntlmaps/ntlmaps_0.9.9.orig.tar.gz
Size/MD5 checksum: 55459 02d0f83f499eaf988de4ffab2dfd3618

Architecture independent components:

http://security.debian.org/pool/updates/main/n/ntlmaps/ntlmaps_0.9.9-2sarge1_all.deb
Size/MD5 checksum: 63806 f8af35d6fed72aaad660cabc4d0cd136


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDPOe+W5ql+IAeqTIRAhpzAKCZMFnHKerY7L0b6F+bT0D9fwn0QwCghzmt
71CrDfOi/fvJB4BsT0tBNwo=
=5BDk
- -----END PGP SIGNATURE-----



  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |