Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > January 2006 > Three Debian Security Advisories: 1. DSA 950-1 - cupsys 2. DSA 957-1 - imagemagick 3. DSA 956-1 - lsh-utils

January 2006

Three Debian Security Advisories: 1. DSA 950-1 - cupsys 2. DSA 957-1 - imagemagick 3. DSA 956-1 - lsh-utils

ID: 00091
Ref: 90/2006
Date: 27 January 2006:14:11:00
Version: 1
Title: Three Debian Security Advisories: 1. DSA 950-1 - cupsys 2. DSA 957-1 - imagemagick 3. DSA 956-1 - lsh-utils
Abstract:
Vendors affected: Debian
Operating systems affected: Debian
Applications affected: Debian
Title
=====


-----BEGIN PGP SIGNED MESSAGE-----

Three Debian Security Advisories:

1. DSA 950-1 - cupsys

2. DSA 957-1 - imagemagick

3. DSA 956-1 - lsh-utils

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQCVAwUBQ9onW4pao72zK539AQFcHwP+OAt3tLw85a1R7VqEYb7r4wZqqxyiMlh6
KDY97rN97Bse4WPlkmJVXN9XgJBAH2jQ4PduXQCUVIE0/V/p75E/UV4VEUpzKsGf
ctuwYcCNh/qCinBP8M0eazlCSvIjlvxF4DL+Yjqe46SwnER0StHmu5EcGSofD9me
dXBnarAmSws=
=3WAu
-----END PGP SIGNATURE-----

Detail
======

1. "infamous41md" and Chris Evans discovered several heap based buffer
overflows in xpdf which are also present in CUPS, the Common UNIX
Printing System, and which can lead to a denial of service by crashing
the application or possibly to the execution of arbitrary code.

2. Florian Weimer discovered that delegate code in ImageMagick is
vulnerable to shell command injection using specially crafted file
names. This allows attackers to encode commands inside of graphic
commands. With some user interaction, this is exploitable through
Gnus and Thunderbird.

3. Stefan Pfetzing discovered that lshd, a Secure Shell v2 (SSH2)
protocol server, leaks a couple of file descriptors, related to the
randomness generator, to user shells which are started by lshd. A
local attacker can truncate the server's seed file, which may prevent
the server from starting, and with some more effort, maybe also crack
session keys.



1.



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 950-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 23rd, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : cupsys
Vulnerability : buffer overflows
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624
CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628

"infamous41md" and Chris Evans discovered several heap based buffer
overflows in xpdf which are also present in CUPS, the Common UNIX
Printing System, and which can lead to a denial of service by crashing
the application or possibly to the execution of arbitrary code.

For the old stable distribution (woody) these problems have been fixed in
version 1.1.14-5woody14.

For the stable distribution (sarge) these problems have been fixed in
version 1.1.23-10sarge1.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your CUPS packages.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14.dsc
Size/MD5 checksum: 712 87055bd9647d440b8ce56afc1c53c062
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14.diff.gz
Size/MD5 checksum: 41961 2d996ab8926c30dda9b4b1da5db2dcf5
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14.orig.tar.gz
Size/MD5 checksum: 6150756 0dfa41f29fa73e7744903b2471d2ca2f

Alpha architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_alpha.deb
Size/MD5 checksum: 1901460 d9c2716ed4e3eb17551e93bd09ef3cb1
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_alpha.deb
Size/MD5 checksum: 74640 ecc0016c60f37d7b99c4d8848588a4d1
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_alpha.deb
Size/MD5 checksum: 93286 9f018be9b70c2dc86ee7d022b92ff102
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_alpha.deb
Size/MD5 checksum: 2446114 c097158954ffc328f578dea763337440
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_alpha.deb
Size/MD5 checksum: 138306 3d938cc09f9b17c65c79a4b7c4c7474a
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_alpha.deb
Size/MD5 checksum: 181258 db9cc1c0273d516386ccf2be873166a0

ARM architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_arm.deb
Size/MD5 checksum: 1822154 a6c2a7bc9ed9a2daf492474dfbfee387
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_arm.deb
Size/MD5 checksum: 68790 a6504ee333ddb3bea747835678a025f3
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_arm.deb
Size/MD5 checksum: 85976 20b1bc34eee904186892e47522024266
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_arm.deb
Size/MD5 checksum: 2346140 ed23313e05032089bb5cee70cd914711
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_arm.deb
Size/MD5 checksum: 113304 9ffcce59eb3f9b306dbd661fe9b28760
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_arm.deb
Size/MD5 checksum: 150704 be20a14dfa2fb2251d9a046159a4ac9e

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_i386.deb
Size/MD5 checksum: 1788452 f920699db4f6756a27ef73c00d41cb1c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_i386.deb
Size/MD5 checksum: 68280 728e5ab852df891dbb094c877d5d26f2
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_i386.deb
Size/MD5 checksum: 84416 352934f7cabf8e8835cbe685e136ab69
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_i386.deb
Size/MD5 checksum: 2312294 656e02e4f86107449f528789393bf3d4
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_i386.deb
Size/MD5 checksum: 111268 cdd8f173a676c42e1e6f800757777e44
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_i386.deb
Size/MD5 checksum: 136824 3762ca0a2e9f04e82c69de42bee5c6d1

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_ia64.deb
Size/MD5 checksum: 2009046 515a82e65816d7306a0eed23eb81eca7
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_ia64.deb
Size/MD5 checksum: 77740 1934f438e856d54966bd86d1e575185c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_ia64.deb
Size/MD5 checksum: 97452 b74539e18af4838477d91c604d8a92ed
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_ia64.deb
Size/MD5 checksum: 2657094 64e4f7fef054d690c03ca3753742a762
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_ia64.deb
Size/MD5 checksum: 156328 82d9922dc92754c43bf39e8f4cc77928
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_ia64.deb
Size/MD5 checksum: 183270 6a90afecd9464585d98e294ff73929c7

HP Precision architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_hppa.deb
Size/MD5 checksum: 1882286 4ec8f0298dc7249fa9ca70017b324de2
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_hppa.deb
Size/MD5 checksum: 71102 4fe9e3556038e7ad2a5f98b93293a37a
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_hppa.deb
Size/MD5 checksum: 90130 eeb463655e9c4d920e9bd9bf6f59fc2e
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_hppa.deb
Size/MD5 checksum: 2456368 06cd1008318bbb3508f78208360c25dd
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_hppa.deb
Size/MD5 checksum: 126830 9438fad24f29a082acf3af12f1b78ba2
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_hppa.deb
Size/MD5 checksum: 159848 992335895e6d5f9507cd5f261bab3083

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_m68k.deb
Size/MD5 checksum: 1756060 ab11910eddafa259de3bd745b44bf3da
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_m68k.deb
Size/MD5 checksum: 66570 e2c198da29470435c7728c04ec1dddcd
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_m68k.deb
Size/MD5 checksum: 81710 aba951dcf7e9b48289d66d28b52a8fe1
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_m68k.deb
Size/MD5 checksum: 2261686 aba414903aed1f525daddefc42d9cb0f
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_m68k.deb
Size/MD5 checksum: 106548 52dd393183f425b3cfd7dfb424a83df8
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_m68k.deb
Size/MD5 checksum: 129094 4348111e8d1be636745d7871e8891948

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_mips.deb
Size/MD5 checksum: 1812104 dd3a152cc6f60aee92caf1b1d48be116
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_mips.deb
Size/MD5 checksum: 68192 471231e45b6758318b09593584561492
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_mips.deb
Size/MD5 checksum: 81620 20a54b310accf0c618ae17b1939928d6
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_mips.deb
Size/MD5 checksum: 2404894 e5448e7a68d1b9b2faffe6250e293504
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_mips.deb
Size/MD5 checksum: 113064 bef1f42d86e8f491fc3c01eab9d1978d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_mips.deb
Size/MD5 checksum: 151504 bea406cc6863a488054206378e8fb04c

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_mipsel.deb
Size/MD5 checksum: 1812764 83e4dac89074dcb5adeeadc94e1b77fc
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_mipsel.deb
Size/MD5 checksum: 68190 8a5f9228fd00e1f2010b4ecc3192043f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_mipsel.deb
Size/MD5 checksum: 81664 c7329620731adcafa54c76956c7570fa
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_mipsel.deb
Size/MD5 checksum: 2407286 597914ee83c1d95f071f3f9cc2a712c4
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_mipsel.deb
Size/MD5 checksum: 112850 b0ba6a07c9ae3dd1265428e591c46e97
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_mipsel.deb
Size/MD5 checksum: 151320 08f9b0bd3e63b83e4486a736f4183c80

PowerPC architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_powerpc.deb
Size/MD5 checksum: 1801230 7ae9ff1ad1a2b39bcac9caf0a1ea84bf
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_powerpc.deb
Size/MD5 checksum: 68216 c4a5278ee7b0decab415799498ec4c0e
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_powerpc.deb
Size/MD5 checksum: 83804 1f0e2917e7bbfa3c41b42a8706aa4dbc
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_powerpc.deb
Size/MD5 checksum: 2360122 0205d9a7e7294b1c5df64b7b5aeef414
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_powerpc.deb
Size/MD5 checksum: 117102 75a66b72bc9f3de5db50bab7c0fd877d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_powerpc.deb
Size/MD5 checksum: 145562 d77e1f716df37e1e1f4fa0408adaa2d7

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_s390.deb
Size/MD5 checksum: 1796146 6fa046122e3b7f1c3d8d4b5d74ab4f44
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_s390.deb
Size/MD5 checksum: 69592 f2f9bf8682b4cb7fc45daddff2643bf2
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_s390.deb
Size/MD5 checksum: 86316 b48887446a27a55d25ac400c1aac22ce
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_s390.deb
Size/MD5 checksum: 2337954 7a17b6c38961912f5c8ac1d3a93df115
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_s390.deb
Size/MD5 checksum: 115630 c441bc67529c0ca9d65b2ecf7ae77a22
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_s390.deb
Size/MD5 checksum: 141154 6c1045dab37cd0c2de8ea9521fb15ce5

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_sparc.deb
Size/MD5 checksum: 1845976 02c8158a514550f09e71440b57bbe091
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_sparc.deb
Size/MD5 checksum: 71162 e80f373008dae5e4c53f573cb8211742
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_sparc.deb
Size/MD5 checksum: 84582 9a972b8f43a72a85b83deaca3fd33dd9
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_sparc.deb
Size/MD5 checksum: 2354982 984c7d23e08833f26d1cd63e54292a41
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_sparc.deb
Size/MD5 checksum: 120776 704f789385683f359cc6ed1328892516
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_sparc.deb
Size/MD5 checksum: 147072 e9aabfc1246767e35667aeed061f0184


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1.dsc
Size/MD5 checksum: 843 149c91767477b75a0cf7db28c6129b30
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1.diff.gz
Size/MD5 checksum: 1273227 8e6fbc6b8ca8d4588d90312a3a7c2199
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23.orig.tar.gz
Size/MD5 checksum: 10071818 d6995f493129e9637581f3a717c8345e

Architecture independent components:

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.23-10sarge1_all.deb
Size/MD5 checksum: 972 0f85b73fa4d13914cf8f50dc2dc1910f

Alpha architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_alpha.deb
Size/MD5 checksum: 8998558 547b44162becac3729e55a1efa9bf526
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_alpha.deb
Size/MD5 checksum: 51964 4961aed776b96ad6201d56a9d2405a2f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_alpha.deb
Size/MD5 checksum: 116824 732753a8cfbd0eeb5f52b8686948f6b6
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_alpha.deb
Size/MD5 checksum: 61186 e6dab465c327d8b5769a406130e47216
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_alpha.deb
Size/MD5 checksum: 61054 d6261652e2a0cbb4d396411f224a0322
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_alpha.deb
Size/MD5 checksum: 112100 28f6458e3a69ee997b3dee07b7c2b616
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_alpha.deb
Size/MD5 checksum: 83694 433ccca31f21ee3d1b726acc36fe3350

AMD64 architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_amd64.deb
Size/MD5 checksum: 8965490 0ed3172129be9fac870f3c27c16d9b6b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_amd64.deb
Size/MD5 checksum: 48912 481fb3ff53dcea0ab7675e2935d0c4b5
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_amd64.deb
Size/MD5 checksum: 111480 0d29c73380d005759e830a560765115b
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_amd64.deb
Size/MD5 checksum: 54140 7aa240c5363d73169f72ced83b9418f9
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_amd64.deb
Size/MD5 checksum: 45302 4bf1056c7dbfb8f8ca5418b2bd0da446
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_amd64.deb
Size/MD5 checksum: 88114 31b7feb9363003f66f67f957e4933e9a
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_amd64.deb
Size/MD5 checksum: 76420 b550d92e77c52790bf5a58031f605c8d

ARM architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_arm.deb
Size/MD5 checksum: 8957012 915fdb81401cd63d854e5cf40605a797
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_arm.deb
Size/MD5 checksum: 47944 7464b760910c7eec6450fb3608a54845
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_arm.deb
Size/MD5 checksum: 108064 f6f2d9a1dbefa5bb4adfeec4592df8af
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_arm.deb
Size/MD5 checksum: 52704 67a5ae9c5dcdf9a5a86f7d64292bf967
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_arm.deb
Size/MD5 checksum: 47096 9fa5503ff99ecfb041243039362b3a2a
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_arm.deb
Size/MD5 checksum: 88946 ecdf555d38255fd39a08ee1387013f1b
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_arm.deb
Size/MD5 checksum: 70916 10e8a947858a4707236de9e2006e3907

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_i386.deb
Size/MD5 checksum: 8956128 da71b0801cba48f1cb692d93297abc2b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_i386.deb
Size/MD5 checksum: 48344 41ebb63f63a0f2dae4312cb0618114fa
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_i386.deb
Size/MD5 checksum: 109956 fbc4c77291e86a1ef4cbba36cfa54b7d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_i386.deb
Size/MD5 checksum: 54588 140f3a9b6f693b7d5cfc5666b1ca9811
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_i386.deb
Size/MD5 checksum: 45896 45916eeaf110d91dfffd39ce25f0b36a
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_i386.deb
Size/MD5 checksum: 86752 04ef904ec3d610eca55a8c4c27126dc5
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_i386.deb
Size/MD5 checksum: 75220 f5dcffc2f6f71ccc85c939001d84a3b7

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_ia64.deb
Size/MD5 checksum: 9097650 7833e9cdda700ca59e4ca74c68c8c94f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_ia64.deb
Size/MD5 checksum: 57190 05e645e5af8ea79fffe60985668f4d1a
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_ia64.deb
Size/MD5 checksum: 131422 72e92715d0f7c044313dce896e32327d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_ia64.deb
Size/MD5 checksum: 68416 744165acbbe1ab96f53d8e4d91346367
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_ia64.deb
Size/MD5 checksum: 59894 1d3e91c509a4e0f790b7abbbf379d623
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_ia64.deb
Size/MD5 checksum: 112768 96f6ecd302463e5a401f52c3e060b498
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_ia64.deb
Size/MD5 checksum: 97514 612eb7ff11d4f89e9c03224917586fa3

HP Precision architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_hppa.deb
Size/MD5 checksum: 9010754 0c11b272d05a6f65c3665ac8b15b8947
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_hppa.deb
Size/MD5 checksum: 52902 84620c8436668790219d44c1cf7373b4
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_hppa.deb
Size/MD5 checksum: 117598 4c4500d88ed256ef352e59849cf8a286
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_hppa.deb
Size/MD5 checksum: 59694 7917b68267148a9f0c82e55e4a759783
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_hppa.deb
Size/MD5 checksum: 51240 2c078aa79136b3ace1c2d28b94da9256
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_hppa.deb
Size/MD5 checksum: 95354 203442791f4f1d2ecd1e70e3279dbfd5
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_hppa.deb
Size/MD5 checksum: 82904 bd10a9918c341f9614f68a3ee81683db

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_m68k.deb
Size/MD5 checksum: 8925186 a926ab8492abf60434ffdadfb307b9e8
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_m68k.deb
Size/MD5 checksum: 46966 6562751ea50409726f36af2016408821
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_m68k.deb
Size/MD5 checksum: 104484 0318d6db604c936380a4fdfb3482eac8
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_m68k.deb
Size/MD5 checksum: 49714 272c0080ae763db015e2199c39c72220
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_m68k.deb
Size/MD5 checksum: 37408 3179193900762362145cd7b45e91cbf2
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_m68k.deb
Size/MD5 checksum: 75744 f898ee020d7f540eafdabf95decc768f
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_m68k.deb
Size/MD5 checksum: 70676 8882d7075c9cb16ee51ba2051c6e801c

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_mips.deb
Size/MD5 checksum: 8994246 e0b394ae2fe5dd1bd72750cfad52de53
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_mips.deb
Size/MD5 checksum: 54694 a3a93dad227e79d81be0f9db867afc6d
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_mips.deb
Size/MD5 checksum: 121500 e41d68c6950a41cf7ce208a6ac0bc3de
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_mips.deb
Size/MD5 checksum: 53986 b511a7cb6c46058ea49a621dcc3c4988
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_mips.deb
Size/MD5 checksum: 48646 e54608c8ff507c59f73d6bf47f4f5b7e
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_mips.deb
Size/MD5 checksum: 88824 3f494a70d277f0f7340860d9e9898fe6
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_mips.deb
Size/MD5 checksum: 72820 67af0adb3c1e2ce71c4f3810c80c6338

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_mipsel.deb
Size/MD5 checksum: 8995140 195358c1b1afbde4fc6c8335efaa4181
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_mipsel.deb
Size/MD5 checksum: 54840 959fc8269f565b6a60b90ac6216da171
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_mipsel.deb
Size/MD5 checksum: 121638 8102c77355666f900144bbbf06a6e737
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_mipsel.deb
Size/MD5 checksum: 54148 31231eb300e28dd7b27acd92b6118e81
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_mipsel.deb
Size/MD5 checksum: 48762 45222e32a7a0ae9de9882a73d6008342
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_mipsel.deb
Size/MD5 checksum: 88954 41584ce383f4282195d63c627eaa724a
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_mipsel.deb
Size/MD5 checksum: 72696 5d14ee7a81b0a0e083210b82ddca20c7

PowerPC architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_powerpc.deb
Size/MD5 checksum: 8969934 4e344b217f6ef0a9c8e60358023b31ee
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_powerpc.deb
Size/MD5 checksum: 53294 d37e799234391a7d8a7aea39feb77e17
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_powerpc.deb
Size/MD5 checksum: 119228 77809235fdf58d3f061514fc0cd8a6d1
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_powerpc.deb
Size/MD5 checksum: 56414 27ca9a1284d4d61c61d1f3cd8ec8ac2b
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_powerpc.deb
Size/MD5 checksum: 44490 28e399b1d223a87154c0121b7d03d611
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_powerpc.deb
Size/MD5 checksum: 87470 2568624e044d49e0941b8ad30871eb3b
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_powerpc.deb
Size/MD5 checksum: 76432 56bf5eca39b58eaf2ed3979b30a327f0

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_s390.deb
Size/MD5 checksum: 8970048 9cc28b376bc998fcb677d07560578af5
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_s390.deb
Size/MD5 checksum: 49436 551d0048566181bac7df0649d07d5612
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_s390.deb
Size/MD5 checksum: 110080 2e8273c064ed8274fcbefb76ba7e658d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_s390.deb
Size/MD5 checksum: 55788 92ca368281195401f5df2b49e739804d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_s390.deb
Size/MD5 checksum: 44886 5391354597b49101acd2c6a30dd3ab4b
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_s390.deb
Size/MD5 checksum: 90062 222e90ed6137450d20d2cdd6b22987a4
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_s390.deb
Size/MD5 checksum: 78542 c6da804896bc9fb88c39b0bb1c53ce26

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_sparc.deb
Size/MD5 checksum: 8972432 c4ecce3bcfadaeda1503afe260d84b7f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_sparc.deb
Size/MD5 checksum: 47664 6d5c126bdc8ba8581b8e197468577934
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_sparc.deb
Size/MD5 checksum: 108100 c0b006f4a79340275585150450e91f0b
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_sparc.deb
Size/MD5 checksum: 54544 4e81501aee3e095dc6c0dcb44c1d15ce
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_sparc.deb
Size/MD5 checksum: 46028 5ceccb76a01d1a1b0fba31d4d80539aa
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_sparc.deb
Size/MD5 checksum: 86606 7444f4cf093195c09db2e53fe8f45636
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_sparc.deb
Size/MD5 checksum: 74404 d30b3e52cb5948f869332d91eb89c850


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD1I+XW5ql+IAeqTIRAu+tAKCn6zP6GLx6yBNHo0v6lQLJ1MVzjwCfbdlw
H5tTNJAKyaZCWlnJ7PvH+9I=
=ZBTX
-----END PGP SIGNATURE-----


2.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 957-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 26th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : imagemagick
Vulnerability : missing shell meta sanitising
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2005-4601
BugTraq ID : 16093
Debian Bug : 345238

Florian Weimer discovered that delegate code in ImageMagick is
vulnerable to shell command injection using specially crafted file
names. This allows attackers to encode commands inside of graphic
commands. With some user interaction, this is exploitable through
Gnus and Thunderbird.

For the old stable distribution (woody) this problem has been fixed in
version 5.4.4.5-1woody7.

For the stable distribution (sarge) this problem has been fixed in
version 6.0.6.2-2.5.

For the unstable distribution (sid) this problem has been fixed in
version 6.2.4.5-0.6.

We recommend that you upgrade your imagemagick packages.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody7.dsc
Size/MD5 checksum: 852 67e4d582bb44d45f7ba1437a4644a6ad
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody7.diff.gz
Size/MD5 checksum: 17261 d62b1651a8d967f978b52505fe0a1cc2
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5.orig.tar.gz
Size/MD5 checksum: 3901237 f35e356b4ac1ebc58e3cffa7ea7abc07

Alpha architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody7_alpha.deb
Size/MD5 checksum: 1309986 c20701797664f6b083fde1a645ea906d
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody7_alpha.deb
Size/MD5 checksum: 154356 093ab8e50691fdde7e716b3a8215bd8b
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody7_alpha.deb
Size/MD5 checksum: 56552 2bb6f0bbce04a10b3e60d99345099973
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody7_alpha.deb
Size/MD5 checksum: 833736 15c7381269282060e60425ce85cb7666
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody7_alpha.deb
Size/MD5 checksum: 67556 33657ab7469547e6efd756ecac00c2e9
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody7_alpha.deb
Size/MD5 checksum: 114066 6b0c71972aedbce8e18387f994bffa3e

ARM architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody7_arm.deb
Size/MD5 checksum: 1297384 bd5e539db8d231e4e7516a842b7e68ab
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody7_arm.deb
Size/MD5 checksum: 119056 82b28c549519508f32744e5552d2cc08
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody7_arm.deb
Size/MD5 checksum: 56596 ded087a7743793c861c964f357fc4c56
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody7_arm.deb
Size/MD5 checksum: 899224 697607c3237a70ea9addad062bbaa8af
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody7_arm.deb
Size/MD5 checksum: 67606 e3817334c08f1ce4729a9ebc8586fc27
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody7_arm.deb
Size/MD5 checksum: 110204 2dd9c0650fab74a674627aff9923781c

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody7_i386.deb
Size/MD5 checksum: 1295022 3cec1d11934049b3ad3fc1ae420f316e
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody7_i386.deb
Size/MD5 checksum: 122996 e1720817b909f6a5c7aeb8ef8829903c
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody7_i386.deb
Size/MD5 checksum: 56560 8e007fe9ee07ad6cd2a3479e09cb3e3d
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody7_i386.deb
Size/MD5 checksum: 773012 8014bd80f914c57f5e60606bb50ee86f
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody7_i386.deb
Size/MD5 checksum: 67570 9cf180261abb9acfdf5d16987745f85a
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody7_i386.deb
Size/MD5 checksum: 107154 647876d04cc845951fb637bad3161d8c

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody7_ia64.deb
Size/MD5 checksum: 1336476 ba8cf28509c62f4a8f2ea53c15ad356a
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody7_ia64.deb
Size/MD5 checksum: 137276 98c97f42688a123c16e5fd0cdb820c3d
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody7_ia64.deb
Size/MD5 checksum: 56560 79e3c0563410d6899bf9d291bc905978
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody7_ia64.deb
Size/MD5 checksum: 1360952 08078311f79b773b23949569a5ed809b
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody7_ia64.deb
Size/MD5 checksum: 67558 f280109e81a64cd8ebb0f6c7fea6c05d
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody7_ia64.deb
Size/MD5 checksum: 133174 abda6e2f4092ae9dc348c4322d5de77f

HP Precision architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody7_hppa.deb
Size/MD5 checksum: 1297640 7bb4d9d340b4838669ac10880ae14e6d
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody7_hppa.deb
Size/MD5 checksum: 133128 f9bd6f503cd09f852b634b438d0a45f0
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody7_hppa.deb
Size/MD5 checksum: 56594 ae49fc60d3d594ce65b840ab09b9d037
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody7_hppa.deb
Size/MD5 checksum: 860204 72fa7b7f13c1f14fe8aa23316a2417eb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody7_hppa.deb
Size/MD5 checksum: 67592 2d1fad508f4fe1ca0cb6b9f31c887bce
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody7_hppa.deb
Size/MD5 checksum: 117440 45fd18b988d65f0fe5b9555d24dce649

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody7_m68k.deb
Size/MD5 checksum: 1292846 c619742bf86ed7148888e5c1b811e772
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody7_m68k.deb
Size/MD5 checksum: 134298 05b1d1022c7ae57d5471a3e668fd62bf
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody7_m68k.deb
Size/MD5 checksum: 56632 c7b75c5f1509c7bab52a2b7146f29fe7
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody7_m68k.deb
Size/MD5 checksum: 752312 683eff2a87e142fb40a3afb0abe8b451
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody7_m68k.deb
Size/MD5 checksum: 67628 8652b6591847e419b40318f0d6d05abd
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody7_m68k.deb
Size/MD5 checksum: 107692 8bd11f4196e669f08c2a9f55f8a2bb06

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody7_mips.deb
Size/MD5 checksum: 1295044 745c5ea8646189c37831b2d2b4e51e00
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody7_mips.deb
Size/MD5 checksum: 120570 90601dfe53e21a924e22007eb3afe2e6
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody7_mips.deb
Size/MD5 checksum: 56580 6cc14c9b076a3bbf221e9c9b35e07ebe
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody7_mips.deb
Size/MD5 checksum: 733318 d04a9c824acba3a78a4c3ff6b13b6477
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody7_mips.deb
Size/MD5 checksum: 67592 cd843ac90e29e8b81beadf654f2f857c
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody7_mips.deb
Size/MD5 checksum: 103592 4d4d236b3c9140af125af137f542b1f2

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody7_mipsel.deb
Size/MD5 checksum: 1294980 917f0b68ac7c173c1091ae7144066b3c
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody7_mipsel.deb
Size/MD5 checksum: 114286 a0e67c91aa8ec9f836e192e9f0c8b69d
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody7_mipsel.deb
Size/MD5 checksum: 56590 722c9ef218758cff0c641cc4111f926a
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody7_mipsel.deb
Size/MD5 checksum: 721314 265a6eacfe344286cb0121e80c399837
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody7_mipsel.deb
Size/MD5 checksum: 67586 6198d64a70cbd72e9fb29fd1cd5f6557
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody7_mipsel.deb
Size/MD5 checksum: 103122 a2f3af2fe3fb8453dc3b7c3c1302895a

PowerPC architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody7_powerpc.deb
Size/MD5 checksum: 1291762 698f98c29bba25115e2fa7fd05bcbb9a
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody7_powerpc.deb
Size/MD5 checksum: 136206 45721da51aae57cb62e0d4dd5dda4504
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody7_powerpc.deb
Size/MD5 checksum: 56588 901178cf61c125aa0f421e3704a129e4
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody7_powerpc.deb
Size/MD5 checksum: 786786 d2ced90686a961348b36b0bdc780f40b
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody7_powerpc.deb
Size/MD5 checksum: 67596 6771a875e3bbfffbc9bfab84f9086b9b
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody7_powerpc.deb
Size/MD5 checksum: 112210 5405f574467c2c44937e8ae15bdf05f4

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody7_s390.deb
Size/MD5 checksum: 1292442 6942ae2614a5dd1168195805cba3aecb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody7_s390.deb
Size/MD5 checksum: 132278 3030fc88dc302069813609810b4965f3
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody7_s390.deb
Size/MD5 checksum: 56574 440e4e4cf3ce0fc5e00034d817b32ce7
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody7_s390.deb
Size/MD5 checksum: 778490 a8c26cce45195f3aa4629dc097d6050e
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody7_s390.deb
Size/MD5 checksum: 67580 999d24eaef3216a708a75fe77dbf07b1
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody7_s390.deb
Size/MD5 checksum: 109248 5942da8db3b4cbf525ff149a270b3bfd

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody7_sparc.deb
Size/MD5 checksum: 1295460 856992170c304757ddf53aa6a8117a0b
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody7_sparc.deb
Size/MD5 checksum: 124098 6ea86ba8e136f2977e5449903377de57
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody7_sparc.deb
Size/MD5 checksum: 56576 b0f7b5712fddc5dd2948236fb671f362
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody7_sparc.deb
Size/MD5 checksum: 803042 18fca32c183ebe76d3f8c20732e62605
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody7_sparc.deb
Size/MD5 checksum: 67574 4eaacb3070f3ad0b3c183ad19d3080fa
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody7_sparc.deb
Size/MD5 checksum: 113146 66293b8b4f7c7f9f0c4c2d176f177351


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.5.dsc
Size/MD5 checksum: 881 9759ca89f1025366c941c8deb35959ba
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.5.diff.gz
Size/MD5 checksum: 138551 6a6d0caa658f84c8b3ca0bbe17388041
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2.orig.tar.gz
Size/MD5 checksum: 6824001 477a361ba0154cc2423726fab4a3f57c

Alpha architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.5_alpha.deb
Size/MD5 checksum: 1469362 ab37be52c2dee50c17a62fa5d8ae1db2
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.5_alpha.deb
Size/MD5 checksum: 173458 64635b7f91c466493bde8f971e57c7f1
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.5_alpha.deb
Size/MD5 checksum: 288252 2e2c644e718d2967d90116608f6f9262
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.5_alpha.deb
Size/MD5 checksum: 1283978 19c702b738c8e8b54883f4293ad71027
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.5_alpha.deb
Size/MD5 checksum: 2203004 354a1cffa24edc25ac7ca95cfc34ccb5
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.5_alpha.deb
Size/MD5 checksum: 143498 eac03b5e019b9bf179266e2b024c5aa0

AMD64 architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.5_amd64.deb
Size/MD5 checksum: 1465906 1e993aeeb7bade25dcaf8ad79b4d65fd
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.5_amd64.deb
Size/MD5 checksum: 163148 bcb7122e6ba68068153603c554d00e53
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.5_amd64.deb
Size/MD5 checksum: 228412 b6c0f40194f70f7898d0c314a373abf5
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.5_amd64.deb
Size/MD5 checksum: 1194034 c052a3faa4f0b77ddc481c217476613d
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.5_amd64.deb
Size/MD5 checksum: 1549128 51aebc394f9f38c66c779733d7e2f6e6
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.5_amd64.deb
Size/MD5 checksum: 231406 c37cbf924893ea087974df5b30899332

ARM architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.5_arm.deb
Size/MD5 checksum: 1465756 d2d5a01ee5636c38c3036da280323fe3
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.5_arm.deb
Size/MD5 checksum: 148892 d77d781eb6ba92297e3234c82b3c4dd5
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.5_arm.deb
Size/MD5 checksum: 234230 6bd3564e5206a7dd6ed0186e9586bb41
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.5_arm.deb
Size/MD5 checksum: 1203674 46f5032c88eac7fd11d660dd426ed60d
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.5_arm.deb
Size/MD5 checksum: 1646492 976a474dcbb51685367df41035510a5c
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.5_arm.deb
Size/MD5 checksum: 230108 b03950d14b3276a7e257af6b29740a10

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.5_i386.deb
Size/MD5 checksum: 1464836 d232b81004543f724444ed3acf11ea9c
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.5_i386.deb
Size/MD5 checksum: 164130 ff512b8777f2c8c7df0a86bae58ffc42
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.5_i386.deb
Size/MD5 checksum: 208570 f966b185ee5e1251da585cb712a7e4ca
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.5_i386.deb
Size/MD5 checksum: 1171144 74a777caa7e0dd2f4094d7da7f776318
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.5_i386.deb
Size/MD5 checksum: 1506416 58ed004c9140d1132d682c111b2b4344
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.5_i386.deb
Size/MD5 checksum: 233348 3d6ee6f23ea6451ca8007db76e3cd4f3

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.5_ia64.deb
Size/MD5 checksum: 1468104 a516e669ba1e1b7b12ce6bee386436e5
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.5_ia64.deb
Size/MD5 checksum: 187744 0975669e8be07822e2171c30b5896993
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.5_ia64.deb
Size/MD5 checksum: 295672 2f6179b66f592ee2ff88e4ef0f77280c
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.5_ia64.deb
Size/MD5 checksum: 1604424 7b7086ceb4faa7ee9c7a08fecfb9a57d
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.5_ia64.deb
Size/MD5 checksum: 2131038 6128ef3b43135379d52a68feaf6a7bff
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.5_ia64.deb
Size/MD5 checksum: 273122 499bc29eaae4d4e9ea7ed29bcba80d6b

HP Precision architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.5_hppa.deb
Size/MD5 checksum: 1467926 177d44dfadbb4d3149494cb743a64150
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.5_hppa.deb
Size/MD5 checksum: 181768 835dafa3fbaf4113df248991d3f03c4b
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.5_hppa.deb
Size/MD5 checksum: 273322 d87cbbcde9a4fc827bfc0232e0cffbd0
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.5_hppa.deb
Size/MD5 checksum: 1403026 d6fceb08074e02eba2c6d66315c6bd37
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.5_hppa.deb
Size/MD5 checksum: 1826370 2c0b463f4a195d7478eafec1d9092d97
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.5_hppa.deb
Size/MD5 checksum: 243430 54a931b018d10a4a403a1c3992c7e3bb

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.5_m68k.deb
Size/MD5 checksum: 1465708 68e57b952afe62e099f069500d6c4712
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.5_m68k.deb
Size/MD5 checksum: 159448 28e07f4a947d3ae7a4483fec0e52c8d3
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.5_m68k.deb
Size/MD5 checksum: 210310 d6d4a8f9a4e83e956cdb9c53ffc3ceac
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.5_m68k.deb
Size/MD5 checksum: 1071890 5f6be44f4ec798a024321a9c6a0af0c5
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.5_m68k.deb
Size/MD5 checksum: 1287610 b5967d8268b71ad6410fc56b5b120517
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.5_m68k.deb
Size/MD5 checksum: 226552 a42f1ad59ee3f7110725c4e5f9334c18

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.5_mips.deb
Size/MD5 checksum: 1489886 30c45db1a708743ac2a9f88d2d5041a0
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.5_mips.deb
Size/MD5 checksum: 155080 7dfabbdca5cd62adf4fa5c713bab146e
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.5_mips.deb
Size/MD5 checksum: 254286 d1e087944136efa73c162da9430376bf
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.5_mips.deb
Size/MD5 checksum: 1118270 226694551af97d6c4293449d9f5749a4
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.5_mips.deb
Size/MD5 checksum: 1703442 ce696b6712e8c9bd8df8532abe520794
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.5_mips.deb
Size/MD5 checksum: 130912 a385598cd32fc5de6ee6a04ef3ff1e2a

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.5_mipsel.deb
Size/MD5 checksum: 1489926 77e0e5f0568796ed704ea52869b59eb9
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.5_mipsel.deb
Size/MD5 checksum: 151182 1e80c2ff38b1b3fee25777eb75f66208
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.5_mipsel.deb
Size/MD5 checksum: 249586 61be7dd03f487e7b4c4e410ff02e8445
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.5_mipsel.deb
Size/MD5 checksum: 1113804 92945c8faa4ed116255002e22ae081e7
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.5_mipsel.deb
Size/MD5 checksum: 1666846 8d6a854506fb0dd2b848c26e2bc41840
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.5_mipsel.deb
Size/MD5 checksum: 130530 fa8fcca3275b7762e05f8cb7f1b25a29

PowerPC architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.5_powerpc.deb
Size/MD5 checksum: 1471486 0c5420a50d35de77e34fab5954f09fe6
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.5_powerpc.deb
Size/MD5 checksum: 156356 8f224625eda6ac2b052e4b6f94627164
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.5_powerpc.deb
Size/MD5 checksum: 227322 5fab5ee264e7bd3afd81f4d3d50d05ba
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.5_powerpc.deb
Size/MD5 checksum: 1168754 b88108944974d4d2524dbce9ea3c881d
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.5_powerpc.deb
Size/MD5 checksum: 1683766 8552688e2084e9f20b2e99aee2db408e
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.5_powerpc.deb
Size/MD5 checksum: 270098 8d2460b6c4fc5da27cd52f55518ee95a

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.5_s390.deb
Size/MD5 checksum: 1467142 706cf1e66e07c04b2ae99980461e01b8
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.5_s390.deb
Size/MD5 checksum: 180112 e51c5237820dc90de2bf2c79abf93f2f
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.5_s390.deb
Size/MD5 checksum: 229746 8e7ad7d0b79294c5a3e9b820ac4fe1e3
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.5_s390.deb
Size/MD5 checksum: 1193154 935cda3b2da81e66eeb32a571970ab14
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.5_s390.deb
Size/MD5 checksum: 1529722 adc9a68a8d05c94f2f7e271841c7fe44
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.5_s390.deb
Size/MD5 checksum: 241722 55bbb654c303488f52e7576775e507d7

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.5_sparc.deb
Size/MD5 checksum: 1465290 13cd4ec998824754859c819473a10cd2
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.5_sparc.deb
Size/MD5 checksum: 160622 6d8cc87367cabe7a19c975068b7fb73a
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.5_sparc.deb
Size/MD5 checksum: 223952 377e9752795ecdca2a48ec1a12136143
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.5_sparc.deb
Size/MD5 checksum: 1248112 ead8af74c816668f781520185a132b89
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.5_sparc.deb
Size/MD5 checksum: 1682750 f00a4850b2f8f3aabafe744c429ead27
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.5_sparc.deb
Size/MD5 checksum: 230516 f8c046b9628574545cd10c3e6946c7ac


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD2RSwW5ql+IAeqTIRAvXcAJ9ZHI4ijfHhEvPM4SSqiKHbNAKPVACeP5VD
epDrIv8Mm+9F5n7nlxRYFUs=
=kfPR
-----END PGP SIGNATURE-----


3.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 956-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 26th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : lsh-utils
Vulnerability : filedescriptor leak
Problem type : local
Debian-specific: no
CVE ID : CVE-2006-0353
Debian Bug : 349303

Stefan Pfetzing discovered that lshd, a Secure Shell v2 (SSH2)
protocol server, leaks a couple of file descriptors, related to the
randomness generator, to user shells which are started by lshd. A
local attacker can truncate the server's seed file, which may prevent
the server from starting, and with some more effort, maybe also crack
session keys.

After applying this update, you should remove the server's seed file
(/var/spool/lsh/yarrow-seed-file) and then regenerate it with
"lsh-make-seed --server" as root.

For security reasons, lsh-make-seed really needs to be run from the
console of the system you are running it on. If you run lsh-make-seed
using a remote shell, the timing information lsh-make-seed uses for
its random seed creation is likely to be screwed. If need be, you can
generate the random seed on a different system than that which it will
eventually be on, by installing the lsh-utils package and running
"lsh-make-seed -o my-other-server-seed-file". You may then transfer
the seed to the destination system as using a secure connection.

The old stable distribution (woody) may not be affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 2.0.1-3sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 2.0.1cdbs-4.

We recommend that you upgrade your lsh-server package.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_2.0.1-3sarge1.dsc
Size/MD5 checksum: 827 27a08dea0eb4d51595d12325dd2dc9b9
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_2.0.1-3sarge1.diff.gz
Size/MD5 checksum: 65643 ce143cd95c98d22be17702cfa7d00883
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_2.0.1.orig.tar.gz
Size/MD5 checksum: 1866063 25ca0b4385779de3d58d2d5757f495c3

Architecture independent components:

http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils-doc_2.0.1-3sarge1_all.deb
Size/MD5 checksum: 167108 8a72fcaeee3a9e87bb2f596790e0ed0d

Alpha architecture:

http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2.0.1-3sarge1_alpha.deb
Size/MD5 checksum: 401168 b3c017e4498e57576f75c8c6a4141bd1
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2.0.1-3sarge1_alpha.deb
Size/MD5 checksum: 338576 573bddb6eaf7a2488199c4559aae3c29
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_2.0.1-3sarge1_alpha.deb
Size/MD5 checksum: 1024694 db2d07041589921cea746b35970448c9

ARM architecture:

http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2.0.1-3sarge1_arm.deb
Size/MD5 checksum: 295730 dbbf6d2c5a9a78d8757536c0a91c12b1
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2.0.1-3sarge1_arm.deb
Size/MD5 checksum: 263990 524f432ff03e1e4e0de80868b5251dc1
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_2.0.1-3sarge1_arm.deb
Size/MD5 checksum: 751640 662e1c293a3ad6ee830e0c154899a5e3

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2.0.1-3sarge1_i386.deb
Size/MD5 checksum: 300088 5038534a8bf05c1afe3b6a02d949d19e
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2.0.1-3sarge1_i386.deb
Size/MD5 checksum: 265836 6236889e8e52a65e3302a9cde882b46d
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_2.0.1-3sarge1_i386.deb
Size/MD5 checksum: 746754 a8608dc7abfb61b37b49985d6914939d

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2.0.1-3sarge1_ia64.deb
Size/MD5 checksum: 447126 6e6ea9ed0b40b44f6a77de4bff109d15
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2.0.1-3sarge1_ia64.deb
Size/MD5 checksum: 374070 9c7aea3671804cbd9e67c621aa08ae11
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_2.0.1-3sarge1_ia64.deb
Size/MD5 checksum: 1164462 e73a3d57a099a72d436f071d8666c41f

HP Precision architecture:

http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2.0.1-3sarge1_hppa.deb
Size/MD5 checksum: 343638 de455b0e097e6702ada6deaaf8803898
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2.0.1-3sarge1_hppa.deb
Size/MD5 checksum: 295558 225a99b05fafbe38ecba5ed54ae56997
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_2.0.1-3sarge1_hppa.deb
Size/MD5 checksum: 868638 79878de6808ade34d2551aae99f9cd7b

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2.0.1-3sarge1_m68k.deb
Size/MD5 checksum: 272632 01605d69846557dfc5b2d3f802eeb9c2
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2.0.1-3sarge1_m68k.deb
Size/MD5 checksum: 244748 ae046120b9001ef2109b83ae014e7206
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_2.0.1-3sarge1_m68k.deb
Size/MD5 checksum: 669880 1ba0c5ea28762faaaffebf763666c7b9

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2.0.1-3sarge1_mips.deb
Size/MD5 checksum: 352524 b760940edecb51c6f138f92ed79e1027
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2.0.1-3sarge1_mips.deb
Size/MD5 checksum: 305572 42622131e45e23460a40a168b22f2cdf
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_2.0.1-3sarge1_mips.deb
Size/MD5 checksum: 886516 0a3a7d73e941ccb3d042a17ed91757e2

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2.0.1-3sarge1_mipsel.deb
Size/MD5 checksum: 353328 3aae28d22cd30aa12f9cc1edcc3f1800
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2.0.1-3sarge1_mipsel.deb
Size/MD5 checksum: 306144 3d47e49fa2507587cb1d92992e593081
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_2.0.1-3sarge1_mipsel.deb
Size/MD5 checksum: 888880 0afea7b20d9dc5c12ca7cce15c74643f

PowerPC architecture:

http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2.0.1-3sarge1_powerpc.deb
Size/MD5 checksum: 316982 d6bbece27b282748d90d5938a8111f21
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2.0.1-3sarge1_powerpc.deb
Size/MD5 checksum: 282628 9c7a4830a74bc90a5832e6160e1e082d
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_2.0.1-3sarge1_powerpc.deb
Size/MD5 checksum: 809622 31709a65f368f7a068dcbdce4e1aff06

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2.0.1-3sarge1_s390.deb
Size/MD5 checksum: 343902 6f3d3524ce342b6a2497940d4bc4bb40
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2.0.1-3sarge1_s390.deb
Size/MD5 checksum: 297426 50e9c6e52e3c32c6a8597d2a0475b0d4
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_2.0.1-3sarge1_s390.deb
Size/MD5 checksum: 883990 8683782431b1e5e418265972c8877f81

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2.0.1-3sarge1_sparc.deb
Size/MD5 checksum: 292410 44c4c08694ffc59077c2f1fc1112d33f
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2.0.1-3sarge1_sparc.deb
Size/MD5 checksum: 262056 05063d13ff9e2b43a4e27e915507d932
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_2.0.1-3sarge1_sparc.deb
Size/MD5 checksum: 751050 a2f59d44ed6b8c7759a240f491416b63


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD2JyEW5ql+IAeqTIRAu0fAJ0WMDlQVhbRbhrcSrAuiUj4j90O8QCfdYk1
6rqtIi+KngdWs13koD38FKg=
=N+D1
-----END PGP SIGNATURE-----

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |