Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > January 2006 > Four Debian Security Advisories

January 2006

Four Debian Security Advisories

ID: 00053
Ref: 52/2006
Date: 16 January 2006:14:43:00
Version: 1
Title: Four Debian Security Advisories
Abstract:
Vendors affected: Debian
Operating systems affected: Debian
Applications affected: Debian
Title
=====

Four Debian Security Advisories:

1. DSA 939-1 - New fetchmail packages fix denial of service

2. DSA 940-1 - New gpdf packages fix arbitrary code execution

3. DSA 941-1 - New tuxpaint packages fix insecure temporary file creation

4. DSA 942-1 - New albatross packages fix arbitrary code execution

Detail
======

1. Daniel Drake discovered a problem in fetchmail, an SSL enabled POP3,
APOP, IMAP mail gatherer/forwarder, that can cause a crash when the
program is running in multidrop mode and receives messages without
headers.

2. "infamous41md" and Chris Evans discovered several heap based buffer
overflows in xpdf, the Portable Document Format (PDF) suite, which is
also present in gpdf, the GNOME version of the Portable Document
Format viewer, and which can lead to a denial of service by crashing
the application or possibly to the execution of arbitrary code.

3. Javier Fernández-Sanguino Peña from the Debian Security Audit project
discovered that a script in tuxpaint, a paint program for young
children, creates a temporary file in an insecure fashion.

4. A design error has been discovered in the Albatross web application
toolkit that causes user supplied data to be used as part of template
execution and hence arbitrary code execution.



1.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 939-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 13th, 2006 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : fetchmail
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2005-4348

Daniel Drake discovered a problem in fetchmail, an SSL enabled POP3,
APOP, IMAP mail gatherer/forwarder, that can cause a crash when the
program is running in multidrop mode and receives messages without
headers.

The old stable distribution (woody) does not seem to be affected by
this problem.

For the stable distribution (sarge) this problem has been fixed in
version 6.2.5-12sarge4.

For the unstable distribution (sid) this problem has been fixed in
version 6.3.1-1.

We recommend that you upgrade your fetchmail package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4.dsc
Size/MD5 checksum: 650 da6a5aa9e110932fb67071233c390fa2
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4.diff.gz
Size/MD5 checksum: 150807 6ccb7da887a4b42997e08ef27fbebf55
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5.orig.tar.gz
Size/MD5 checksum: 1257376 9956b30139edaa4f5f77c4d0dbd80225

Architecture independent components:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail-ssl_6.2.5-12sarge4_all.deb
Size/MD5 checksum: 42234 7f4fae48064a57eae406d72676ab0e54
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_6.2.5-12sarge4_all.deb
Size/MD5 checksum: 101308 1d2a6d40b517a3fc447e2f2d30319fbf

Alpha architecture:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_alpha.deb
Size/MD5 checksum: 572964 d87d2f1dd059d0aa4854253405c7fdc3

AMD64 architecture:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_amd64.deb
Size/MD5 checksum: 555706 9b819cf25859874a1a37585eed8664d6

ARM architecture:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_arm.deb
Size/MD5 checksum: 549176 ae3b2abd6c4408c8be07a8a8065cd2ab

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_i386.deb
Size/MD5 checksum: 547692 3bc3343f756f1fea4bc7b731cc6e2fed

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_ia64.deb
Size/MD5 checksum: 597004 c1f497a0ac9ba4f04ab31e1ad66ff729

HP Precision architecture:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_hppa.deb
Size/MD5 checksum: 561572 cbc31b2ececa0e02ec1a2fa6bc02c019

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_m68k.deb
Size/MD5 checksum: 537914 1ac30118a80e1b516fbdcaf9e53f3264

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_mips.deb
Size/MD5 checksum: 556594 6704277ba1a9b9706e6e921ee76e0931

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_mipsel.deb
Size/MD5 checksum: 556424 f82021920ac82e2126580a3f594953a1

PowerPC architecture:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_powerpc.deb
Size/MD5 checksum: 556180 b72003c6bbec3bfeeeade4bc94b2f7ff

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_s390.deb
Size/MD5 checksum: 554496 90790158afe5fb2f5da3eafdfb6d5874

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_sparc.deb
Size/MD5 checksum: 549094 d1533c572fe845b7e49e88fb40acf0fb


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDx2eMW5ql+IAeqTIRAvaQAJ42FSGgy4UKbIEHYuGc/AHi0c0WXQCfQL4r
j4/jMdvhlbB+Bo4nAhny02A=
=qIRF
- -----END PGP SIGNATURE-----



2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 940-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 13th, 2006 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : gpdf
Vulnerability : buffer overflows
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2005-3191 CVE-2005-3192 CVE-2005-3624 CVE-2005-3625
CVE-2005-3626 CVE-2005-3627 CVE-2005-3628

"infamous41md" and Chris Evans discovered several heap based buffer
overflows in xpdf, the Portable Document Format (PDF) suite, which is
also present in gpdf, the GNOME version of the Portable Document
Format viewer, and which can lead to a denial of service by crashing
the application or possibly to the execution of arbitrary code.

The old stable distribution (woody) does not contain gpdf packages.

For the stable distribution (sarge) these problems have been fixed in
version 2.8.2-1.2sarge2

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your gpdf package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge2.dsc
Size/MD5 checksum: 1663 9e806f6e5ea32832199a8c5bf779266b
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge2.diff.gz
Size/MD5 checksum: 35176 0e59e244b5e3a574dbba224b7e5e1ed0
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2.orig.tar.gz
Size/MD5 checksum: 1245535 5ceb66aa95e51c4e1d6e10cb29560ff9

Alpha architecture:

http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge2_alpha.deb
Size/MD5 checksum: 867712 45327b4e841190f1dab26a4e9dace7c0

AMD64 architecture:

http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge2_amd64.deb
Size/MD5 checksum: 795140 33092f6e73e3056896e0a5af95f4c2b8

ARM architecture:

http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge2_arm.deb
Size/MD5 checksum: 781120 be1749c2f690fd09e40eeba5bf73048c

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge2_i386.deb
Size/MD5 checksum: 781584 aec07b37f0194b7e7893110a5f3b918e

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge2_ia64.deb
Size/MD5 checksum: 957948 2f0c7287a291f6cc868ce42e50ff0115

HP Precision architecture:

http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge2_hppa.deb
Size/MD5 checksum: 859552 37496bf703c8740fac26efbad4ec18b3

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge2_m68k.deb
Size/MD5 checksum: 745444 1dd485e125aba53e6b2db3022a3af6f4

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge2_mips.deb
Size/MD5 checksum: 818276 1f5e2bdac04517fb9b3f7256c6737402

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge2_mipsel.deb
Size/MD5 checksum: 810922 3f2493da946064a82707e27231819af8

PowerPC architecture:

http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge2_powerpc.deb
Size/MD5 checksum: 799428 2f70be4773f1456a68f3eb1857bdc9fd

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge2_s390.deb
Size/MD5 checksum: 775768 cb5ac7d4105b5e8584ad839d70a7e482

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge2_sparc.deb
Size/MD5 checksum: 763556 d44d1d73c018018a5cd7e587636ae8d6


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDx28MW5ql+IAeqTIRAtoaAJ9l7fJyR/9aIx0KXd/u9CLde0c+6wCgti0o
Yy6PpfmfpPcLdMTGGs0qYmk=
=EXwI
- -----END PGP SIGNATURE-----



3.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 941-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 16th, 2006 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : tuxpaint
Vulnerability : insecure temporary file
Problem type : local
Debian-specific: no
CVE ID : CVE-2005-3340

Javier Fernández-Sanguino Peña from the Debian Security Audit project
discovered that a script in tuxpaint, a paint program for young
children, creates a temporary file in an insecure fashion.

The old stable distribution (woody) does not contain tuxpaint packages.

For the stable distribution (sarge) this problem has been fixed in
version 0.9.14-2sarge0.

For the unstable distribution (sid) this problem has been fixed in
version 0.9.15b-1.

We recommend that you upgrade your tuxpaint package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14-2sarge0.dsc
Size/MD5 checksum: 749 33447b64d21e124dfbcab3626f0a2c09
http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14-2sarge0.diff.gz
Size/MD5 checksum: 6178 fe6d69b9df65fcb6c0f1015a39e6d715
http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14.orig.tar.gz
Size/MD5 checksum: 3208894 0b7522c1b3672d5c233f7bbc772c8dec

Architecture independent components:

http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint-data_0.9.14-2sarge0_all.deb
Size/MD5 checksum: 1093764 416ffee20dca7ba7926e30a71ae95ff3

Alpha architecture:

http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14-2sarge0_alpha.deb
Size/MD5 checksum: 112732 9b588312a0b5936ea5bbe096aa726e9e

AMD64 architecture:

http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14-2sarge0_amd64.deb
Size/MD5 checksum: 96402 286c9839a2636dc2beb6df05d89cb290

ARM architecture:

http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14-2sarge0_arm.deb
Size/MD5 checksum: 98002 d68f2fff833108084d9d67b254dea638

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14-2sarge0_i386.deb
Size/MD5 checksum: 94188 f27e07c2e34ead61b24f71dd3df2de51

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14-2sarge0_ia64.deb
Size/MD5 checksum: 126116 217e59f14aad0e5acb6e139fc347d64c

HP Precision architecture:

http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14-2sarge0_hppa.deb
Size/MD5 checksum: 103696 8b61b78194383314d49d465033f5ceed

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14-2sarge0_m68k.deb
Size/MD5 checksum: 86260 9734a7337a228519ea31b956ffd7e5f6

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14-2sarge0_mips.deb
Size/MD5 checksum: 101286 c9d58ae06ad9d860df0af6987a4672ef

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14-2sarge0_mipsel.deb
Size/MD5 checksum: 100346 464c3aa6e843687bdf425c9e8af9be19

PowerPC architecture:

http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14-2sarge0_powerpc.deb
Size/MD5 checksum: 99138 d6ce366eab028cf324155560d6705518

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14-2sarge0_s390.deb
Size/MD5 checksum: 97318 5472aa0a7989222c510a7f68292d976f

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14-2sarge0_sparc.deb
Size/MD5 checksum: 94720 cc8cdaba526506d75f63f5e86a722cee


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDy08cW5ql+IAeqTIRAiubAKCPy8fxdrcOHkqxLLhekRlzyB6shwCfSY2H
RPd9nwf2NeGicFaBL7z7INA=
=mbGm
- -----END PGP SIGNATURE-----


4.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 942-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 16th, 2006 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : albatross
Vulnerability : design error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-0044

A design error has been discovered in the Albatross web application
toolkit that causes user supplied data to be used as part of template
execution and hence arbitrary code execution.

The old stable distribution (woody) does not contain albatross packages.

For the stable distribution (sarge) this problem has been fixed in
version 1.20-2.

For the unstable distribution (sid) this problem has been fixed in
version 1.33-1.

We recommend that you upgrade your albatross package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/a/albatross/albatross_1.20-2.dsc
Size/MD5 checksum: 811 bdc42f9d146375eae49563994ffa00da
http://security.debian.org/pool/updates/main/a/albatross/albatross_1.20-2.diff.gz
Size/MD5 checksum: 9513 4e09703a232782c11e98fd5685a3b182
http://security.debian.org/pool/updates/main/a/albatross/albatross_1.20.orig.tar.gz
Size/MD5 checksum: 256090 64c9e7357e51f85d228f17b2ea7ef9c9

Architecture independent components:

http://security.debian.org/pool/updates/main/a/albatross/python-albatross-common_1.20-2_all.deb
Size/MD5 checksum: 43444 0ccf06411a6e62cb82d3f3ff40eaee02
http://security.debian.org/pool/updates/main/a/albatross/python-albatross-doc_1.20-2_all.deb
Size/MD5 checksum: 500358 3ec346e1aba3a6d94db2ab653b61d397
http://security.debian.org/pool/updates/main/a/albatross/python-albatross_1.20-2_all.deb
Size/MD5 checksum: 36530 f2cb88df2c0dfab3dc2b406cf502d021
http://security.debian.org/pool/updates/main/a/albatross/python2.2-albatross_1.20-2_all.deb
Size/MD5 checksum: 67432 8d16e01aea38756d0c3182b455b15d8c
http://security.debian.org/pool/updates/main/a/albatross/python2.3-albatross_1.20-2_all.deb
Size/MD5 checksum: 67440 f0dcff96941c1171d78bab7d172e74d7


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDy10dW5ql+IAeqTIRAmHsAJ94Pb9NP3y5LLggfzK9UV54ZVm9BACgsCNB
cOM5S4gifMlPLdWNjsVQThU=
=KxE8
- -----END PGP SIGNATURE-----

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |