Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > November 2005 > Debian - Five Security Advisories

November 2005

Debian - Five Security Advisories

ID: 00992
Ref: 930/05
Date: 08 November 2005:16:19:38
Version: 1
Title: Debian - Five Security Advisories
Abstract:
Vendors affected: Debian
Operating systems affected: Debian
Applications affected: Debian

Title
=====

Debian - Five Security Advisories:
1. New squid packages fix regression [DSA 809-3]
2. New chmlib packages fix several vulnerabilities [DSA 886-1]
3. New ClamAV packages fix several vulnerabilities [DSA 887-1]
4. New OpenSSL packages fix cryptographic weakness [DSA 888-1]
5. New enigmail packages fix information disclosure [DSA 889-1]


Detail
======

Security advisory content follows:

1. Kosa Attila discovered that the security update DSA 809-2 contained a
regression in the packages for the old stable distribution (woody)

2. Several vulnerabilities have been discovered in chmlib, a library for
dealing with CHM format files.

3. Several vulnerabilities have been discovered in Clam AntiVirus, the
antivirus scanner for Unix, designed for integration with mail servers
to perform attachment scanning.

4. Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer
(OpenSSL) library that can allow an attacker to perform active
protocol-version rollback attacks that could lead to the use of the
weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS
1.0.

5. A bug has been discovered in enigmail, GPG support for Mozilla
MailNews and Mozilla Thunderbird, that can lead to the encryption of
mail with the wrong public key, hence, potential disclosure of
confidential data to others.


Security advisory content follows:


1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 809-3 security@debian.org
http://www.debian.org/security/ Martin Schulze
November 7th, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : squid
Vulnerability : assertion error
Problem type : remote
Debian-specific: no
CVE ID : CAN-2005-2794
Debian Bug : 320035

Kosa Attila discovered that the security update DSA 809-2 contained a
regression in the packages for the old stable distribution (woody).
The orginal advisory text follows:

Certain aborted requests that trigger an assertion in squid, the
popular WWW proxy cache, may allow remote attackers to cause a
denial of service. This update also fixes a regression caused by
DSA 751.

For the oldstable distribution (woody) this problem has been fixed in
version 2.4.6-2woody11.

We recommend that you upgrade your squid package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody11.dsc
Size/MD5 checksum: 614 341d5ba1daa6d5b4c997096a4116c782
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody11.diff.gz
Size/MD5 checksum: 257997 65e0a384bde2fdb61d215b86b421b1be
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz
Size/MD5 checksum: 1081920 59ce2c58da189626d77e27b9702ca228

Alpha architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody11_alpha.deb
Size/MD5 checksum: 817194 c9b35cf30db2598f1fe8c5a4b5d842dd
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody11_alpha.deb
Size/MD5 checksum: 76148 f9310bc22c747405959b1a548765f48e
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody11_alpha.deb
Size/MD5 checksum: 60940 a3032f47551bfc3a53623631f2fda3f1

ARM architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody11_arm.deb
Size/MD5 checksum: 727402 3cb96a5aa6b00203ea2f8ca447ff21ae
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody11_arm.deb
Size/MD5 checksum: 73928 2dc73eb6c00e423056ea6fccf7ef0855
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody11_arm.deb
Size/MD5 checksum: 59250 6d4a9adeffca56d10026dd775ea1766c

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody11_i386.deb
Size/MD5 checksum: 685502 0ac74ef690c17e054f7c1d9a0319d7de
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody11_i386.deb
Size/MD5 checksum: 74448 873b78ff72c7bf4dd6497228a50fe3f5
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody11_i386.deb
Size/MD5 checksum: 58946 fcd7e84899b7e0cc7b5290899f9b95ec

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody11_ia64.deb
Size/MD5 checksum: 955144 956ca54bbec7ee77f4e53f62f5078bd0
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody11_ia64.deb
Size/MD5 checksum: 79996 6bba69eaedc04ccacc73191750eb65bc
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody11_ia64.deb
Size/MD5 checksum: 63612 12d098851265c912a45c20fb66528bf6

HP Precision architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody11_hppa.deb
Size/MD5 checksum: 780488 8eae73112548261c5d9cb52c39468c73
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody11_hppa.deb
Size/MD5 checksum: 75376 6a9c3c90ab04d5594387c07f1086f3f6
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody11_hppa.deb
Size/MD5 checksum: 60400 7b0c999f8016a93fa2c804003e8997ba

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody11_m68k.deb
Size/MD5 checksum: 667508 37917b970bd277c5e33d44aa7193d4e1
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody11_m68k.deb
Size/MD5 checksum: 73258 9de2cd08019e7fdd6ab5ed9e4fd191b0
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody11_m68k.deb
Size/MD5 checksum: 58474 020cf4dc54f33b326c7a3b8b17b11ae5

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody11_mips.deb
Size/MD5 checksum: 766382 01a6964d987a57eb7066f8d2fc7d9f60
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody11_mips.deb
Size/MD5 checksum: 74874 1c7e8a86b012880d7995cd9f14f86815
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody11_mips.deb
Size/MD5 checksum: 59544 82025d0826276e2e439fcec45490c5d7

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody11_mipsel.deb
Size/MD5 checksum: 767106 306855c183e3b34c0d329c020c1afceb
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody11_mipsel.deb
Size/MD5 checksum: 74960 8261559dc2ac4aa803711db4ecf08657
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody11_mipsel.deb
Size/MD5 checksum: 59616 5d49f5eb3b7686d58e1cdc7f5cc783e9

PowerPC architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody11_powerpc.deb
Size/MD5 checksum: 724312 060818b003b05f21bec0411b14b8f629
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody11_powerpc.deb
Size/MD5 checksum: 73928 f2801b6161fc1709ec3198a0d68c6560
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody11_powerpc.deb
Size/MD5 checksum: 59136 3d87426bb6d775aeef02cfc0f782f4cf

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody11_s390.deb
Size/MD5 checksum: 713394 17e4f9e7c223ad452d770925643f1e8c
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody11_s390.deb
Size/MD5 checksum: 74254 290cf064e45db12f456ffc18d7de0edf
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody11_s390.deb
Size/MD5 checksum: 59680 19221bca088e9ce1d68bb4c65db9ca00

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody11_sparc.deb
Size/MD5 checksum: 725552 cde8744e9e40f33aa8b9f6b8942c314a
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody11_sparc.deb
Size/MD5 checksum: 76542 e2ed6f1f3612fbdc5c203195e060c68d
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody11_sparc.deb
Size/MD5 checksum: 61558 56204ea6db0a0342920f8381e07df3ae


- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDby01W5ql+IAeqTIRAqDJAJ9KTk3oh+jGOtQ6YBRqouXTbtXyWwCfQFsS
mBEK7j9gYbMFGYf0hZs5D50=
=ltVs
- -----END PGP SIGNATURE-----




2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 886-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
November 7th, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : chmlib
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE IDs : CVE-2005-2659 CVE-2005-2930 CVE-2005-3318
BugTraq ID : 15211

Several vulnerabilities have been discovered in chmlib, a library for
dealing with CHM format files. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2005-2659

Palasik Sandor discoverd a buffer overflow in the LZX
decompression method.

CVE-2005-2930

A buffer overflow has been discovered that could lead to the
execution of arbitrary code.

CVE-2005-3318

Sven Tantau discoverd a buffer overflow that could lead to the
execution of arbitrary code.

The old stable distribution (woody) does not contain chmlib packages.

For the stable distribution (sarge) these problems have been fixed in
version 0.35-6sarge1.

For the unstable distribution (sid) these problems have been fixed in
version 0.37-2.

We recommend that you upgrade your chmlib packages.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge1.dsc
Size/MD5 checksum: 604 022d55ea43ef4a54648b0823163c4a07
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge1.diff.gz
Size/MD5 checksum: 15698 55eeab9a32a66c5e123ab51f3d7427df
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35.orig.tar.gz
Size/MD5 checksum: 368428 8fa0e692b2606a03fb51589f66a82eec

Alpha architecture:

http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge1_alpha.deb
Size/MD5 checksum: 25688 2471920dc5214b95a44e50e2a8800ada
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge1_alpha.deb
Size/MD5 checksum: 18576 0b1d802a79cea68c00d36cd9cb7a36cd
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge1_alpha.deb
Size/MD5 checksum: 25544 23306cc3f7b0772f744707c86fa9258a

AMD64 architecture:

http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge1_amd64.deb
Size/MD5 checksum: 23748 e5a72c3311e7b00d6295a75f7bb37560
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge1_amd64.deb
Size/MD5 checksum: 16928 8a2d68579e364a284c03dcc4b9a01e37
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge1_amd64.deb
Size/MD5 checksum: 22564 50d2a8d694d1bf7251d18b4f7b02ede7

ARM architecture:

http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge1_arm.deb
Size/MD5 checksum: 25242 ec14b38be010c3f1fee93dd618124c5e
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge1_arm.deb
Size/MD5 checksum: 15962 5e1ec37635078cc29b9f2a4f91f9b20e
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge1_arm.deb
Size/MD5 checksum: 24000 bc84ed2d77918f6eb4378f35f43cd4e5

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge1_i386.deb
Size/MD5 checksum: 24872 fbea0ba2924295a9f553c346eeb164af
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge1_i386.deb
Size/MD5 checksum: 16094 de94d72e5414d1b218fd32f11cd7351b
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge1_i386.deb
Size/MD5 checksum: 22872 3e37bda96c284423f467aecb88e8dc98

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge1_ia64.deb
Size/MD5 checksum: 28504 ef19dde34158fa817781c685d2499cbb
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge1_ia64.deb
Size/MD5 checksum: 19348 e15dc8288ba0a0bee7a9490c4fe653de
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge1_ia64.deb
Size/MD5 checksum: 27268 497388fcd7e08a7558dde96082b2707a

HP Precision architecture:

http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge1_hppa.deb
Size/MD5 checksum: 27748 1be03e42641d4a3a409bf5604e1b15a8
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge1_hppa.deb
Size/MD5 checksum: 18060 290679f0522440bd4ab925fb3f883b60
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge1_hppa.deb
Size/MD5 checksum: 24192 7e4c8b5b62bb7ab2eb14f01e54b64453

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge1_m68k.deb
Size/MD5 checksum: 23124 e845c33b36a51d713fd4cf5ba24aa136
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge1_m68k.deb
Size/MD5 checksum: 16256 25a7901e4b91497528bdf582b43b5df3
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge1_m68k.deb
Size/MD5 checksum: 21626 aa4166c4ee0660cbf5ecefff086e871b

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge1_mips.deb
Size/MD5 checksum: 26552 456bd641bda1da859c9769c5dbac0212
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge1_mips.deb
Size/MD5 checksum: 23108 5f289432c7bcfb2bf5945b688aa3e80a
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge1_mips.deb
Size/MD5 checksum: 25098 589bb8b01be1943c4813afb477b1a83c

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge1_mipsel.deb
Size/MD5 checksum: 26582 36348c9aa4b47d9426481a2faf90e98a
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge1_mipsel.deb
Size/MD5 checksum: 23128 c970a6faf21ba157d72c1dd8720fe307
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge1_mipsel.deb
Size/MD5 checksum: 25082 4bb261ab9c4b19623a0e53e0063f920f

PowerPC architecture:

http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge1_powerpc.deb
Size/MD5 checksum: 27380 7e7d08b907286bf4b326a97ed0b9ad72
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge1_powerpc.deb
Size/MD5 checksum: 22032 a24a33a3eba0b35608f23159fab58a4d
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge1_powerpc.deb
Size/MD5 checksum: 23558 6a0564ea6c10034569bf0b428c372dd9

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge1_s390.deb
Size/MD5 checksum: 26606 d2b7c824f1118f3088daacd66c9e6e61
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge1_s390.deb
Size/MD5 checksum: 17486 42591c148ddfb9df1a3c1d9006e609e5
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge1_s390.deb
Size/MD5 checksum: 23454 e4a6426fe3831ebb9e2afc47565fa191

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge1_sparc.deb
Size/MD5 checksum: 24332 b41c04b1d6df50931ddfe8eafa61d19f
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge1_sparc.deb
Size/MD5 checksum: 16110 17aba1dae25700043a23aa9863a190f0
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge1_sparc.deb
Size/MD5 checksum: 22330 5e0e711c063af5b5c982224d1eeef5e5


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDb3hAW5ql+IAeqTIRAka0AJ9RPzISyqYgvN8jN2IZJYblPIOKiQCcC91Y
ddzMmEtmr75gyUfioFiKUek=
=Wy08
- -----END PGP SIGNATURE-----




3.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 887-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
November 7th, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : clamav
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2005-3239 CVE-2005-3303 CVE-2005-3500 CVE-2005-3501

Several vulnerabilities have been discovered in Clam AntiVirus, the
antivirus scanner for Unix, designed for integration with mail servers
to perform attachment scanning. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2005-3239

The OLE2 unpacker allows remote attackers to cause a segmentation
fault via a DOC file with an invalid property tree, which triggers
an infinite recursion.

CVE-2005-3303

A specially crafted executable compressed with FSG 1.33 could
cause the extractor to write beyond buffer boundaries, allowing an
attacker to execute arbitrary code.

CVE-2005-3500

A specially crafted CAB file could cause ClamAV to be locked in an
infinite loop and use all available processor resources, resulting
in a denial of service.

CVE-2005-3501

A specially crafted CAB file could cause ClamAV to be locked in an
infinite loop and use all available processor resources, resulting
in a denial of service.

The old stable distribution (woody) does not contain clamav packages.

For the stable distribution (sarge) these problems have been fixed in
version 0.84-2.sarge.6.

For the unstable distribution (sid) these problems have been fixed in
version 0.87.1-1.

We recommend that you upgrade your clamav packages.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6.dsc
Size/MD5 checksum: 872 dbecf7f7f16f69bdbad77a24106f7779
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6.diff.gz
Size/MD5 checksum: 177500 64ba2a8ad84cc961a564eaac4d65a642
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
Size/MD5 checksum: 4006624 c43213da01d510faf117daa9a4d5326c

Architecture independent components:

http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.6_all.deb
Size/MD5 checksum: 154598 3a979fedbb1102fbe4c710621513ec4f
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.6_all.deb
Size/MD5 checksum: 690218 4143f2f7719c3a359e9c2c7079a9674f
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.6_all.deb
Size/MD5 checksum: 123568 2ac5e526c3063a704f68233a56b1d9a3

Alpha architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_alpha.deb
Size/MD5 checksum: 74682 a8a3aa80c3030c5541d5444f7dfb5e39
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_alpha.deb
Size/MD5 checksum: 48774 64a2bfb8d0578085b4e64853a2c4686f
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_alpha.deb
Size/MD5 checksum: 2176366 88cce725133f000ca90f2db1cf05561f
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_alpha.deb
Size/MD5 checksum: 42114 b8c7c0ca88544cdaaba1b8a397cd8d83
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_alpha.deb
Size/MD5 checksum: 255164 b245e6b7b72e215738a9ebabd5bf81f2
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_alpha.deb
Size/MD5 checksum: 284690 377a0ba8c870ab5bfab6fe41cf8fb123

AMD64 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_amd64.deb
Size/MD5 checksum: 68874 f5d18144c18d86fbf2151d365e55da1c
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_amd64.deb
Size/MD5 checksum: 44190 58d96c1544570a9e54be0d24a66f8aa5
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_amd64.deb
Size/MD5 checksum: 2173202 5d0ed5492f4e7545d7dcb1a78bcfbfa1
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_amd64.deb
Size/MD5 checksum: 39986 356fffda8f5fd222e511a38f2ac41a9b
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_amd64.deb
Size/MD5 checksum: 175858 10a6af108612a49dd2017bd1cc1f4f6b
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_amd64.deb
Size/MD5 checksum: 258818 acef782c52d15b33be57f7d8fed22cdf

ARM architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_arm.deb
Size/MD5 checksum: 63840 35a9525030ef7d747905c6d4e81b0173
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_arm.deb
Size/MD5 checksum: 39518 a78e7ed137fe14172a1f6c6c3cf25d4e
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_arm.deb
Size/MD5 checksum: 2171210 d76f65b800ecedf17ba487f89b358453
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_arm.deb
Size/MD5 checksum: 37304 118c5156e7b6bce4c52d764ac1a4fd25
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_arm.deb
Size/MD5 checksum: 174032 0e29d572a3e3ecc5969d87ed156782bd
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_arm.deb
Size/MD5 checksum: 248932 0c7f9cb5b78c4b64786b12dfb6d67e33

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_i386.deb
Size/MD5 checksum: 65156 39cdd2f9a41dea19683d5b18ea13b052
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_i386.deb
Size/MD5 checksum: 40212 768cff8dc82ac48caa234fefa17810fb
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_i386.deb
Size/MD5 checksum: 2171510 1bb8efa16e2da68a69feaf005da43daf
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_i386.deb
Size/MD5 checksum: 38024 63dfe7c832a43b5cb4c95a5d3c15b296
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_i386.deb
Size/MD5 checksum: 158950 084d2af0dd69a20c9d822b7495bb1c48
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_i386.deb
Size/MD5 checksum: 253384 9b340ea98aa2b5fe63d854d421a8d547

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_ia64.deb
Size/MD5 checksum: 81708 e98c7c19177bd2338e9f8345a67943d9
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_ia64.deb
Size/MD5 checksum: 55092 4b67143870b597da701652a16a891bdd
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_ia64.deb
Size/MD5 checksum: 2180086 bd0fb7f407ffdb505fe5c8fdc71788f6
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_ia64.deb
Size/MD5 checksum: 49194 25f2909f8d4dda708b16aae5a43fc07b
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_ia64.deb
Size/MD5 checksum: 251078 67d6352d8d21572a95699e1968cca1f1
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_ia64.deb
Size/MD5 checksum: 316668 a2752630e4ea263c7e0e2b000d6c07ad

HP Precision architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_hppa.deb
Size/MD5 checksum: 68172 0e153f8fcadd9dce7e179fe303368428
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_hppa.deb
Size/MD5 checksum: 43238 99751465b47eff1e2056d63b7d6b7adc
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_hppa.deb
Size/MD5 checksum: 2173618 4dc8f0a603d02ba9551da4e3e5da8b53
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_hppa.deb
Size/MD5 checksum: 39450 7c7b9399856f59dd797ea5d72dc581a7
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_hppa.deb
Size/MD5 checksum: 201894 1ddec9057be15b5478c3141128dc710f
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_hppa.deb
Size/MD5 checksum: 282564 5b9fe2004960c51d85d4a5fc1c95076d

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_m68k.deb
Size/MD5 checksum: 62458 d60ff7b83bd40ffa90777eb9f8dc5804
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_m68k.deb
Size/MD5 checksum: 38092 359f1de5b5683ca493313083c213b5ba
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_m68k.deb
Size/MD5 checksum: 2170446 efeb66c6c3196a646c1d9730c700e8b3
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_m68k.deb
Size/MD5 checksum: 35074 5e0c25c92fe49c3b763ac4e29afa2d05
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_m68k.deb
Size/MD5 checksum: 145850 c2b3fe912909a70dd0f34fc97dfd8859
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_m68k.deb
Size/MD5 checksum: 249624 65e0f477086902569fba919f93e60ac2

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_mips.deb
Size/MD5 checksum: 67854 2fbfee6855dfcf176d2c597e28d192f3
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_mips.deb
Size/MD5 checksum: 43674 a2d1fefc687031fddb3ef316f0ef5e6f
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_mips.deb
Size/MD5 checksum: 2172976 e98effb47219f1ef0e9c93ecb264ff6e
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_mips.deb
Size/MD5 checksum: 37666 13e039151e67b7a426d0c408f488765b
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_mips.deb
Size/MD5 checksum: 194868 718cb7205eb187dd5c1094486c4f6944
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_mips.deb
Size/MD5 checksum: 256726 9df477f6f225912ab79b60b904a2c969

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_mipsel.deb
Size/MD5 checksum: 67486 50ecc3a0b4a9615e12b2d0970a7d4bf2
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_mipsel.deb
Size/MD5 checksum: 43500 03d76b290417cf2485da3c05335c0f23
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_mipsel.deb
Size/MD5 checksum: 2172918 1fb7cc15ff3148cfaa9b5f6a31c4da0e
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_mipsel.deb
Size/MD5 checksum: 37954 fd7aeaf932e955edcc5458c8d4ce1ced
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_mipsel.deb
Size/MD5 checksum: 191144 935057c7cf3a879179b009833cf9d256
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_mipsel.deb
Size/MD5 checksum: 254270 806fdfdf35fb3ad77c2212c93f244502

PowerPC architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_powerpc.deb
Size/MD5 checksum: 69246 3bd6270011341bb71acab16c564c7510
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_powerpc.deb
Size/MD5 checksum: 44606 9a95ee4c1f44e3cf6e01f51b45c13ef9
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_powerpc.deb
Size/MD5 checksum: 2173582 c1fbeccbf7d5b9edb5fefef2c9b56d07
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_powerpc.deb
Size/MD5 checksum: 38896 f5182a4b59a71aef47798511a7c6207e
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_powerpc.deb
Size/MD5 checksum: 187062 dd3887d23e68b5ea9c07c461fbad25d8
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_powerpc.deb
Size/MD5 checksum: 263932 de1915d7be9617f31865ea365d4b4fb3

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_s390.deb
Size/MD5 checksum: 67788 62ebbbd7ee24ed35453302724519a643
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_s390.deb
Size/MD5 checksum: 43430 cece7b99db1d38b7148546af3def9cb4
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_s390.deb
Size/MD5 checksum: 2172866 48faee149dbaae1a1d85a661a825492e
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_s390.deb
Size/MD5 checksum: 38938 485d907f498854e3bd85534196dc1b8f
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_s390.deb
Size/MD5 checksum: 182184 744d54adafa399cd199603e744adda9f
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_s390.deb
Size/MD5 checksum: 268750 92ba1e3b3bb26cfb7dbf1dd5b05af81a

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_sparc.deb
Size/MD5 checksum: 64326 0e18c3ec2b79c481b7022291db62e783
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_sparc.deb
Size/MD5 checksum: 39390 35c05a770994ead441702f284c3c49f4
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_sparc.deb
Size/MD5 checksum: 2171066 0b5d93a20422101929c1f8cccbd796b9
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_sparc.deb
Size/MD5 checksum: 36848 9f8b1bdd483acbd1c6f4b501f318854b
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_sparc.deb
Size/MD5 checksum: 175268 8fa22ccba8fc0c515867aa77ec0d88ce
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_sparc.deb
Size/MD5 checksum: 264088 901bf68a7cf92b942844c4174c06971c


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDb5bZW5ql+IAeqTIRAoTuAKCi3R5rPIPMqSBACKTZbtza4KnVgQCfc23u
VSumQEo2geROC9vdWcCrolg=
=S4Ku
- -----END PGP SIGNATURE-----




4.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 888-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
November 7th, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : openssl
Vulnerability : cryptographic weakness
Problem type : remote
Debian-specific: no
CVE ID : CVE-2005-2969

Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer
(OpenSSL) library that can allow an attacker to perform active
protocol-version rollback attacks that could lead to the use of the
weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS
1.0.

The following matrix explains which version in which distribution has
this problem corrected.

oldstable (woody) stable (sarge) unstable (sid)
openssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3
openssl 094 0.9.4-6.woody.4 n/a n/a
openssl 095 0.9.5a-6.woody.6 n/a n/a
openssl 096 n/a 0.9.6m-1sarge1 n/a
openssl 097 n/a n/a 0.9.7g-5

We recommend that you upgrade your libssl packages.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8.dsc
Size/MD5 checksum: 632 0f3990f71f6773a516a413c393fc6604
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8.diff.gz
Size/MD5 checksum: 45527 30aa51e1f88c95e086f7918a47fe8f5c
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c.orig.tar.gz
Size/MD5 checksum: 2153980 c8261d93317635d56df55650c6aeb3dc

Architecture independent components:

http://security.debian.org/pool/updates/main/o/openssl/ssleay_0.9.6c-2.woody.8_all.deb
Size/MD5 checksum: 982 71fd036f7135cd3e68c4cf33ed7e2976

Alpha architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_alpha.deb
Size/MD5 checksum: 1551638 2f5d722aa4b7c7bd6c9908a3998b6420
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_alpha.deb
Size/MD5 checksum: 571552 5e94a096f7569a2e18f82a697908d230
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_alpha.deb
Size/MD5 checksum: 736780 2f964e236883e2c8ed7ad2d28ed2bc6b

ARM architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_arm.deb
Size/MD5 checksum: 1358314 c2f4acf9994dd42ae0373c34163b6a96
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_arm.deb
Size/MD5 checksum: 474348 bc3950a119bd05ab4602fc1aae42f6c0
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_arm.deb
Size/MD5 checksum: 730164 c5cc5638fb9ca1583cc23602b61a6dc7

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_i386.deb
Size/MD5 checksum: 1289480 0d32fea022a7896b321d673a9138c90f
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_i386.deb
Size/MD5 checksum: 461972 970aa086b6758741b4cbbf32e94572a1
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_i386.deb
Size/MD5 checksum: 717322 88a3bcb5d1b4330fb25c95b5c7f95bd3

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_ia64.deb
Size/MD5 checksum: 1615580 e66ad48cf480c87a965cad2dadde3074
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_ia64.deb
Size/MD5 checksum: 711412 a7ff065df8383c36ee0e265d889df450
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_ia64.deb
Size/MD5 checksum: 763808 a62f8d33db6e9bc3e770dfd3f23fe70f

HP Precision architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_hppa.deb
Size/MD5 checksum: 1435394 5d5be2d74a8035fdee039237f93ad267
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_hppa.deb
Size/MD5 checksum: 565228 aa3bfa3d333195f59b637d434cc0e4d7
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_hppa.deb
Size/MD5 checksum: 742192 51644d86e15c7bac4d005e57881c6627

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_m68k.deb
Size/MD5 checksum: 1266800 9973441879b98558d95904e0f2798f7c
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_m68k.deb
Size/MD5 checksum: 450948 7f7199530678b922e3b9499a9e3c9107
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_m68k.deb
Size/MD5 checksum: 720758 87053610447971c8923160df9ae48304

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_mips.deb
Size/MD5 checksum: 1415426 5a9625c92cdf9f54f532806278cf7b71
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_mips.deb
Size/MD5 checksum: 483940 4c322f1697e1cd5c701b8870417d5604
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_mips.deb
Size/MD5 checksum: 717966 8ce534b83ec7fc69878fbb032562db7f

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_mipsel.deb
Size/MD5 checksum: 1409820 335f3bfc4afadc7099dd81ca655f43ab
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_mipsel.deb
Size/MD5 checksum: 476994 4e51fa71c3feb9871eae6d3620d97a88
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_mipsel.deb
Size/MD5 checksum: 717282 74f673dc3d93ab31316c266647e236f8

PowerPC architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_powerpc.deb
Size/MD5 checksum: 1387860 8c150c04059434d276d9be72e60a33d5
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_powerpc.deb
Size/MD5 checksum: 502762 bc0b6913643d3a49410b2e8b991a2612
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_powerpc.deb
Size/MD5 checksum: 727200 942fccc855f790681ff55792595a0e9e

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_s390.deb
Size/MD5 checksum: 1326764 f0e3604fd60501387dd64d147ed2b399
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_s390.deb
Size/MD5 checksum: 510774 4720d8b0c5b4a4989941af6af448f1c8
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_s390.deb
Size/MD5 checksum: 731906 e087d1292d906a027bd18f8ba64bcaa7

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_sparc.deb
Size/MD5 checksum: 1344478 462215d04cdc46df9d3c30ca9809ad0c
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_sparc.deb
Size/MD5 checksum: 485082 d5bf47809f860074a30d1925ec260471
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_sparc.deb
Size/MD5 checksum: 737538 bd16a927946e42e9388c10c6caab2471


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1.dsc
Size/MD5 checksum: 639 1d4fe852d85c23ee4befe3b69ad11f42
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1.diff.gz
Size/MD5 checksum: 27134 40b781ed5e9b5da015d3d17621378c75
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e.orig.tar.gz
Size/MD5 checksum: 3043231 a8777164bca38d84e5eb2b1535223474

Alpha architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_alpha.deb
Size/MD5 checksum: 3339042 08256d8f24f46888c8d851e7a7717d03
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_alpha.deb
Size/MD5 checksum: 2445184 1c9cfeaa0af4cfe1e412342afb315028
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_alpha.deb
Size/MD5 checksum: 929866 89c795ae3258886e24dc3c05b0317c0d

AMD64 architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_amd64.deb
Size/MD5 checksum: 2693256 1c9d25d3ca61d64cc55cefbd53543984
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_amd64.deb
Size/MD5 checksum: 769270 444bbc7046101472d4a0d918e258c15c
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_amd64.deb
Size/MD5 checksum: 903332 901d18551ad23f7c95489589aecc9394

ARM architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_arm.deb
Size/MD5 checksum: 2554838 9da71c016a4c19c4766022b75b6c9b1c
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_arm.deb
Size/MD5 checksum: 689386 9d607bbe307f6b050865cdccee0e8b2b
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_arm.deb
Size/MD5 checksum: 893800 fb067120630f9638363b8ee7fd133110

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_i386.deb
Size/MD5 checksum: 2551894 c9a047ff0bb105d5dbf150370746044a
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_i386.deb
Size/MD5 checksum: 2262314 ecd5cfaa6085cdd73f15ffff1e2780a9
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_i386.deb
Size/MD5 checksum: 902214 eb49dbdd0b9bc19342000833eafc422a

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_ia64.deb
Size/MD5 checksum: 3394806 d165b3284eab212f0a90c3d7aa9d274c
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_ia64.deb
Size/MD5 checksum: 1037634 6901a41b294cc7446a5d8b36037fb09c
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_ia64.deb
Size/MD5 checksum: 974704 3bd5964f5a7543e3ed589584362ab5b5

HP Precision architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_hppa.deb
Size/MD5 checksum: 2695182 889bafc3edbc895e4abeb548e16a2218
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_hppa.deb
Size/MD5 checksum: 790356 cda81a66041c3948d0b04a811fd5e78f
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_hppa.deb
Size/MD5 checksum: 914154 e06f637b72ad3ef60f9bd1dcafd28b1f

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_m68k.deb
Size/MD5 checksum: 2316264 22c140d007c3ae174925621468a39cb1
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_m68k.deb
Size/MD5 checksum: 661018 7f67414f0791fc985541378bb55dc7bb
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_m68k.deb
Size/MD5 checksum: 889428 22cb29e59ffcbae25cea4db0d27115ad

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_mips.deb
Size/MD5 checksum: 2778266 f467fff7ed6cbefbc672dd7751473596
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_mips.deb
Size/MD5 checksum: 705794 9a63ff8605fd3f2759e78a9a8081d478
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_mips.deb
Size/MD5 checksum: 896400 f1e1f16d6b5857a4bce14ca8bd5bc736

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_mipsel.deb
Size/MD5 checksum: 2765942 34c72af7ae700c9583a11c3044f942d4
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_mipsel.deb
Size/MD5 checksum: 693754 0052d22ab3dafb44b5fbd7978d83a814
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_mipsel.deb
Size/MD5 checksum: 895542 0901349aab6ab6231b530475b4669ea6

PowerPC architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_powerpc.deb
Size/MD5 checksum: 2775598 1f2e461d360e3cc8e33d5cd866f9e1d0
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_powerpc.deb
Size/MD5 checksum: 778892 ddd9238eafb70e31b4fb991909a5bdb8
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_powerpc.deb
Size/MD5 checksum: 908056 5f601e19f91dcdc08541277a42592d5a

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_s390.deb
Size/MD5 checksum: 2716890 7aa32958f3d1631ac8774ce26ed718f0
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_s390.deb
Size/MD5 checksum: 813422 bc2cffe3bcac2ac971d3cbaf7f3e02ea
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_s390.deb
Size/MD5 checksum: 918200 a2d0be567be281c9e6af34fd49c89ec8

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_sparc.deb
Size/MD5 checksum: 2629110 35c2e695c12fd379bfa100347f0641b2
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_sparc.deb
Size/MD5 checksum: 1883990 b432d0bfa5408215a68fc3260e5c3f4a
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_sparc.deb
Size/MD5 checksum: 924138 203d2f9a8068fb193a72d610df41f045


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDb6WYW5ql+IAeqTIRAndKAKCY/Z75nPw5qoUyYOxpZJ+ZIDILGgCdG7Ax
lDSy3Jp+mIrO7gTkO6Tu9os=
=GJdK
- -----END PGP SIGNATURE-----




5.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 889-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
November 8th, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : enigmail
Vulnerability : programming error
Problem type : local (remote)
Debian-specific: no
CVE ID : CAN-2005-3256
CERT advisory : VU#805121
Debian Bug : 335731

A bug has been discovered in enigmail, GPG support for Mozilla
MailNews and Mozilla Thunderbird, that can lead to the encryption of
mail with the wrong public key, hence, potential disclosure of
confidential data to others.

The old stable distribution (woody) does not contain enigmail packages.

For the stable distribution (sarge) this problem has been fixed in
version 0.91-4sarge2.

For the unstable distribution (sid) this problem has been fixed in
version 0.93-1.

We recommend that you upgrade your enigmail packages.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/e/enigmail/enigmail_0.91-4sarge2.dsc
Size/MD5 checksum: 876 75a0758ff71b8651e26cb3d16320cb04
http://security.debian.org/pool/updates/main/e/enigmail/enigmail_0.91-4sarge2.diff.gz
Size/MD5 checksum: 17190 9d19e21a4feaf5177216646635949398
http://security.debian.org/pool/updates/main/e/enigmail/enigmail_0.91.orig.tar.gz
Size/MD5 checksum: 2027147 b802d62ea602d82d8d0c69cc807bf83a

Alpha architecture:

http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_alpha.deb
Size/MD5 checksum: 345752 818ab632bcb4ea7e8b4105086aa2b904
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_alpha.deb
Size/MD5 checksum: 350004 5087cf1624f2d70c5f0a543604556596

AMD64 architecture:

http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_amd64.deb
Size/MD5 checksum: 314392 f9f5d14e6e0d000cfc3394ecdd6115d7
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_amd64.deb
Size/MD5 checksum: 318672 d9fe5cf1c8c747e2c750f4687115f735

ARM architecture:

http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_arm.deb
Size/MD5 checksum: 301182 0f7100552d152f8018726349de1bade3
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_arm.deb
Size/MD5 checksum: 306332 cd5027429531a8c3b87d9a2c5e8aaaab

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_i386.deb
Size/MD5 checksum: 298752 1ab5eee62ddb846a74441bc50d0120cf
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_i386.deb
Size/MD5 checksum: 304076 eb8586436db24bf342f69b1d3996c37e

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_ia64.deb
Size/MD5 checksum: 360432 cff589e212e6852048c65121be50e06c
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_ia64.deb
Size/MD5 checksum: 365434 f5571495756e2b8a72bf609bf2e73824

HP Precision architecture:

http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_hppa.deb
Size/MD5 checksum: 321090 c2038c3d7274addf7387790275d668a1
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_hppa.deb
Size/MD5 checksum: 325354 c285ed213fc3a9cc62bbe2c0ac84ca2e

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_m68k.deb
Size/MD5 checksum: 299930 6f45c5101ae36faa4bef8f4bfb5dedaa
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_m68k.deb
Size/MD5 checksum: 305212 aade8a0d36c5205034c845fa803c230f

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_mips.deb
Size/MD5 checksum: 308046 11eec39a832de3fe90794a5958044678
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_mips.deb
Size/MD5 checksum: 313148 358aa614e2b4fb330a162b6bdd8a19b7

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_mipsel.deb
Size/MD5 checksum: 307274 5fa7f930926d0fdf8e60d86eda6c6579
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_mipsel.deb
Size/MD5 checksum: 312344 98db4ceb10b7848d8e58c83a8a02e968

PowerPC architecture:

http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_powerpc.deb
Size/MD5 checksum: 300700 ee25b159b35a02b6d1e5f45212d6dae7
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_powerpc.deb
Size/MD5 checksum: 305824 6fbe747eb1eb09f56e634c6f9f21cef8

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_s390.deb
Size/MD5 checksum: 322512 1dbfe3be09e79091a5f01ae7f0b251a2
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_s390.deb
Size/MD5 checksum: 327176 a3a75f4c3782ed0e6e7fdb881e753661

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_sparc.deb
Size/MD5 checksum: 299788 009c91ff056a4b6a3bf9adc5a3425335
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_sparc.deb
Size/MD5 checksum: 304074 a6fb00b36e7d52d91a136327928338c9


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDcElDW5ql+IAeqTIRAvhiAKCWBcDVjwjI7fsMUdGWzR+v7r4R+wCfVbr1
62hrrDtJEhQT9SzSOaGVuJo=
=Q5yZ
- -----END PGP SIGNATURE-----



  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |