Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > May 2006 > Nine Debian Security Advisories: DSA 1075-1 to 1083-1

May 2006

Nine Debian Security Advisories: DSA 1075-1 to 1083-1

ID: 00380
Ref: 372/06
Date: 31 May 2006:14:25:40
Version: 1
Title: Nine Debian Security Advisories: DSA 1075-1 to 1083-1
Abstract: Nine Debian Security Advisories: DSA 1075-1; DSA 1076-1; DSA 1077-1; DSA 1078-1; DSA 1079-1; DSA 1080-1; DSA 1081-1; DSA 1082-1; 1083-1
Vendors affected: Debian
Operating systems affected: Debian
Applications affected: Debian

1.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1075-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
May 26th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : awstats
Vulnerability : programming error
Problem type : remote
Debian-specific: no
Debian Bug : 365910

Hendrik Weimer discovered that awstats can execute arbitrary commands
under the user id the web-server runs when users are allowed to supply
arbitrary configuration files. Even though, this bug was referenced
in DSA 1058 accidently, it was not fixed yet.

The new default behaviour is not ao accept arbitrary configuration
directories from the user. This can be overwritten by the
AWSTATS_ENABLE_CONFIG_DIR environment variable when users are to be
trusted.

The old stable distribution (woody) does not seem to be affected by
this problem.

For the stable distribution (sarge) this problem has been fixed in
version 6.4-1sarge3.

For the unstable distribution (sid) this problem has been fixed in
version 6.5-2.

We recommend that you upgrade your awstats package.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/a/awstats/awstats_6.4-1sarge3.dsc
Size/MD5 checksum: 589 c89ec8be4c06c290950e1da615b4e215
http://security.debian.org/pool/updates/main/a/awstats/awstats_6.4-1sarge3.diff.gz
Size/MD5 checksum: 19145 fb59598c0a1ddd970c48bed857c0b364
http://security.debian.org/pool/updates/main/a/awstats/awstats_6.4.orig.tar.gz
Size/MD5 checksum: 918435 056e6fb0c7351b17fe5bbbe0aa1297b1

Architecture independent components:

http://security.debian.org/pool/updates/main/a/awstats/awstats_6.4-1sarge3_all.deb
Size/MD5 checksum: 728706 395a9e5acb69dcc50da9cf88ed9a89da


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEdr68W5ql+IAeqTIRAsirAKC8AhDQD/wLtBFt8crQ9gKryFmAlgCgmL37
BNdO6srzkyTcLgvNPoreoig=
=Hbqh
-----END PGP SIGNATURE-----


2.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1076-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
May 26th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : lynx
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2004-1617
BugTraq ID : 11443
Debian Bug : 296340

Michal Zalewski discovered that lynx, the popular text-mode WWW
Browser, is not able to grok invalid HTML including a TEXTAREA tag
with a large COLS value and a large tag name in an element that is not
terminated, and loops forever trying to render the broken HTML.

For the old stable distribution (woody) this problem has been fixed in
version 2.8.4.1b-3.4.

For the stable distribution (sarge) this problem has been fixed in
version 2.8.5-2sarge2.

For the unstable distribution (sid) this problem has been fixed in
version 2.8.5-2sarge2.

We recommend that you upgrade your lynx package.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4.dsc
Size/MD5 checksum: 581 a9853909c61c5ef2fcc8868599f9b875
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4.diff.gz
Size/MD5 checksum: 16334 74bce8912c28f979c33055a012cf29d6
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b.orig.tar.gz
Size/MD5 checksum: 2557510 053a10f76b871e3944c11c7776da7f7a

Alpha architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_alpha.deb
Size/MD5 checksum: 1610344 3e1ec04a0c6532506519e8051a0067b6

ARM architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_arm.deb
Size/MD5 checksum: 1487906 a06ad20f4d8a0ce1cc0d59a0dfa24e9b

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_i386.deb
Size/MD5 checksum: 1444914 cb6449afd1e3029d06606bf823e0f064

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_ia64.deb
Size/MD5 checksum: 1762966 cb0b05d5cb148372fd2cd3d2e99843cc

HP Precision architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_hppa.deb
Size/MD5 checksum: 1555454 79392b2914654a7d4519247d9584e816

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_m68k.deb
Size/MD5 checksum: 1405980 1df4dff2fc4191ee512811e0ac42c361

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_mips.deb
Size/MD5 checksum: 1508022 d5b58fc5611b1ea1d37bc5a1034478f1

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_mipsel.deb
Size/MD5 checksum: 1504120 1078ef11583d9664fecd2d9d5712ecad

PowerPC architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_powerpc.deb
Size/MD5 checksum: 1491256 2967d2f0c3a722b4b42a2b06510aabcc

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_s390.deb
Size/MD5 checksum: 1463536 5a5692d6d572ef301d052e7e8c62d004

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_sparc.deb
Size/MD5 checksum: 1492926 6bb21df62a773736a1f694cedacea3de


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2.dsc
Size/MD5 checksum: 616 241c00a777c333b7270d8dbdaa4ad210
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2.diff.gz
Size/MD5 checksum: 17357 22b394977569bbeda207bfb5bcb42175
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5.orig.tar.gz
Size/MD5 checksum: 2984352 5f516a10596bd52c677f9bfd9579bc28

Alpha architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_alpha.deb
Size/MD5 checksum: 1994618 4a23d6234470f59a47100bcd13d18a51

AMD64 architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_amd64.deb
Size/MD5 checksum: 1881876 046312043fffdbcf5ad218074e21e119

ARM architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_arm.deb
Size/MD5 checksum: 1853176 0d33e5835a479accab8c3282cdc19c14

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_i386.deb
Size/MD5 checksum: 1854894 1e525c61aac1e0fac0ddad4d9e15d8f6

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_ia64.deb
Size/MD5 checksum: 2128572 78bfa4c383e41d352b67595da80904c9

HP Precision architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_hppa.deb
Size/MD5 checksum: 1909746 371fb69c98ff2e510861ba210ec11bda

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_m68k.deb
Size/MD5 checksum: 1780836 bdf8b0d6a711cf21202ef86189cfb8bf

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_mips.deb
Size/MD5 checksum: 1894118 9be5baba4f5e3f99b618553c4252b289

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_mipsel.deb
Size/MD5 checksum: 1889604 11840739365387bb4741099f9310c77c

PowerPC architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_powerpc.deb
Size/MD5 checksum: 1878302 4885a52c8ad1992335f5c9f87ef522cf

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_s390.deb
Size/MD5 checksum: 1866982 8125a8d85817c29d3984fdb2d2ac4df6

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_sparc.deb
Size/MD5 checksum: 1861484 407b283a4c8656a0ef1a5935780c8204


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEdwhJW5ql+IAeqTIRAr+IAJ9Qn7H5oFJJYyZuN8oaxgUXsZAy+ACgjRn7
aWMRPJtnJ5Xf2D5V0OuRTic=
=n7+V
-----END PGP SIGNATURE-----

3.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1077-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
May 26th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : lynx-ssl
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2004-1617
BugTraq ID : 11443
Debian Bug : 296340

Michal Zalewski discovered that lynx, the popular text-mode WWW
Browser, is not able to grok invalid HTML including a TEXTAREA tag
with a large COLS value and a large tag name in an element that is not
terminated, and loops forever trying to render the broken HTML. The
same code is present in lynx-ssl.

For the old stable distribution (woody) this problem has been fixed in
version 2.8.4.1b-3.3.

The stable distribution (sarge) does not contain lynx-ssl packages
anymore.

The unstable distribution (sid) does not contain lynx-ssl packages
anymore.

We recommend that you upgrade your lynx-ssl package.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3.dsc
Size/MD5 checksum: 611 7ee1218eb5536e5a79b644dd7b56af53
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3.diff.gz
Size/MD5 checksum: 89483 c46454ac050fff129e77eb0f4b151517
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b.orig.tar.gz
Size/MD5 checksum: 2557510 053a10f76b871e3944c11c7776da7f7a

Alpha architecture:

http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_alpha.deb
Size/MD5 checksum: 1617522 9dd7997b45df6331c660e2afca324840

ARM architecture:

http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_arm.deb
Size/MD5 checksum: 1491938 de3a7656d192e5bca1cb9d3bd1ff84ff

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_i386.deb
Size/MD5 checksum: 1450298 ef8c2a423c1530b21a79a834776abba7

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_ia64.deb
Size/MD5 checksum: 1769276 ad79ec138883ce575cb528346fb7b074

HP Precision architecture:

http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_hppa.deb
Size/MD5 checksum: 1559678 4e725d8701a1721784d490f000da3199

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_m68k.deb
Size/MD5 checksum: 1410804 f8a1018bc195fc4972cff586e9694163

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_mips.deb
Size/MD5 checksum: 1512074 5c395f3cbda76895a061e79913633853

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_mipsel.deb
Size/MD5 checksum: 1508018 ead159d28f1fb4a60f25e077e4c122f0

PowerPC architecture:

http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_powerpc.deb
Size/MD5 checksum: 1497258 512c921d1ef663439d51b4ba7cc203ef

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_s390.deb
Size/MD5 checksum: 1468830 7ccab81df77cd4ffd0553707adf820a6

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_sparc.deb
Size/MD5 checksum: 1497292 40f28922fce6ad486d5c46c56fa822f1


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEdwppW5ql+IAeqTIRAnH0AJ9itUR08kT/AxhdIrAA39hLvg2KWwCfcttV
Vfnx+Xb2zTHFV+lSuan0vzw=
=MxOG
-----END PGP SIGNATURE-----

4.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1078-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
May 27th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : tiff
Vulnerability : out-of-bounds read
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2006-2120
BugTraq ID : 17809
Debian Bug : 366588

Andrey Kiselev discovered a problem in the TIFF library that may allow
an attacker with a specially crafted TIFF image with Yr/Yg/Yb values
that exceed the YCR/YCG/YCB values to crash the library and hence the
surrounding application.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 3.7.2-4.

The unstable distribution (sid) is not affected by this problem.

We recommend that you upgrade your tiff packages and restart the
programs using it.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-4.dsc
Size/MD5 checksum: 736 e0021d24806e337d1fbb1f07de784ba2
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-4.diff.gz
Size/MD5 checksum: 11234 cca061e95cccee07e8536d0c019e466c
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2.orig.tar.gz
Size/MD5 checksum: 1252995 221679f6d5c15670b3c242cbfff79a00

Alpha architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_alpha.deb
Size/MD5 checksum: 46854 d9bfc8b23ef18313f418a6428a997ab3
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_alpha.deb
Size/MD5 checksum: 243572 cfc1c2e69fd26f6fd00e80fc2060e214
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_alpha.deb
Size/MD5 checksum: 478314 f169fa8a48b6e88fc0caea7d55fdcf04
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_alpha.deb
Size/MD5 checksum: 309820 ff5d90bfd292db105f8613d618124084
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_alpha.deb
Size/MD5 checksum: 40962 d5a3d88cb65ccde5243a576de9f32801

AMD64 architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_amd64.deb
Size/MD5 checksum: 45776 3dcbd8b4f6738375e596faf777a4f824
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_amd64.deb
Size/MD5 checksum: 217792 ed3b23887f2406380aecf5c87f0ca471
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_amd64.deb
Size/MD5 checksum: 459322 1b5e6430f73c9862a6771a5f48fe82f8
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_amd64.deb
Size/MD5 checksum: 266904 814c8a97e386f73def4ed6612e2dbbf6
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_amd64.deb
Size/MD5 checksum: 40548 8bd17da7fc319403082125b6b16d8e05

ARM architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_arm.deb
Size/MD5 checksum: 45296 db835b005471c02c8e70f9307f575799
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_arm.deb
Size/MD5 checksum: 208400 c257593052a9b59bf4a8ce0f002c7648
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_arm.deb
Size/MD5 checksum: 453488 32f3da61807b63176b0867b196c8e737
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_arm.deb
Size/MD5 checksum: 265160 1be7d1c3ad694b68d29fa545e901b56e
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_arm.deb
Size/MD5 checksum: 40030 7c9131c151c161977d1b7fa5976e691e

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_i386.deb
Size/MD5 checksum: 45132 1fc191c2b6c8439a5d4679790770191b
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_i386.deb
Size/MD5 checksum: 206130 7f5797ca49fe57dd94b5a1f017e40665
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_i386.deb
Size/MD5 checksum: 452520 a1d15c07bef2bc43d64e9e934e2bb156
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_i386.deb
Size/MD5 checksum: 251650 2f5aaeae03e06396d277d537b3bce2ba
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_i386.deb
Size/MD5 checksum: 40582 461d11f346fa421e48c3b5de8873a3d0

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_ia64.deb
Size/MD5 checksum: 48250 3ecaec89588a5d8d76fb870f57272d24
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_ia64.deb
Size/MD5 checksum: 268880 5ee821331c1b69fcf1ab5730292886a5
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_ia64.deb
Size/MD5 checksum: 511114 3509eed54bbd43554dd230e70f785660
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_ia64.deb
Size/MD5 checksum: 330812 fc93932aa45b25f04f215364c5bb304a
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_ia64.deb
Size/MD5 checksum: 42172 ceb9f32b06db1abe66bb7a4d6d433dcf

HP Precision architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_hppa.deb
Size/MD5 checksum: 41814 767e8a29ea8e12fad3bd508acb0cc3ed
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_hppa.deb
Size/MD5 checksum: 230076 4b841231ed80cacd9b0c49170bf15a97
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_hppa.deb
Size/MD5 checksum: 473032 c97e959fedf65c3dc45a3b0ac20a111f
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_hppa.deb
Size/MD5 checksum: 281566 7f00d2017a1ead25083a775b9a14bf92
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_hppa.deb
Size/MD5 checksum: 41230 d66a6ec6d56eab8abd045a1af38ac41c

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_m68k.deb
Size/MD5 checksum: 45148 71ce37b7ab06f65c85d3e3df96df4629
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_m68k.deb
Size/MD5 checksum: 193400 3dddfa40c162c52a68f7bb408f120a43
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_m68k.deb
Size/MD5 checksum: 442684 f7c40c9c6ef836bf2355a127a7ee0427
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_m68k.deb
Size/MD5 checksum: 234430 97bc16b9a0c118354244195626b4c41f
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_m68k.deb
Size/MD5 checksum: 40194 7595030ca4135f7119bb3129b0932ea9

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_mips.deb
Size/MD5 checksum: 46040 107792cc52f67039d7052d45f24aac70
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_mips.deb
Size/MD5 checksum: 252122 f81805bf9f8a009a56d9527fc46b33fe
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_mips.deb
Size/MD5 checksum: 458562 70444e106a768d8833ddaa02eceff020
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_mips.deb
Size/MD5 checksum: 280456 e8610464e76cecdb9a99bb0c0c013567
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_mips.deb
Size/MD5 checksum: 40822 cb372f45ca6c88d866f757e1a4c01929

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_mipsel.deb
Size/MD5 checksum: 46002 a5300e63a5566259670cd1327c451771
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_mipsel.deb
Size/MD5 checksum: 252594 386bedb09b018f558e54b05c3525aa55
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_mipsel.deb
Size/MD5 checksum: 458910 10053a120d4c5565e844dd6e90ee238b
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_mipsel.deb
Size/MD5 checksum: 280324 ae4d54a959ce4b4c572f2403ead36c6d
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_mipsel.deb
Size/MD5 checksum: 40798 1c05b23e49ccd41db8f4d9c876e2e36c

PowerPC architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_powerpc.deb
Size/MD5 checksum: 47210 fe939778aa55beafd89336df1b3c322e
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_powerpc.deb
Size/MD5 checksum: 235362 defadd716ddb33d75ba14000cdbe0076
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_powerpc.deb
Size/MD5 checksum: 460564 566779844370fed3702c02b4416dba49
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_powerpc.deb
Size/MD5 checksum: 272002 3a34ea3b3eb8691d5e2679d0fa6247e6
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_powerpc.deb
Size/MD5 checksum: 42394 0193c740ac4c629eb3c80ce28f3cfb11

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_s390.deb
Size/MD5 checksum: 46166 ea2bda56e24b29c06d91e3bd1c63cff7
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_s390.deb
Size/MD5 checksum: 213746 211d29444ac8596b177f40a650a4bee2
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_s390.deb
Size/MD5 checksum: 465962 c465a95587ba28c39a0bc213f04a2b18
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_s390.deb
Size/MD5 checksum: 266682 bdeb0f604b6a6c6420f94defb9a0d930
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_s390.deb
Size/MD5 checksum: 40812 e5b76ee32d41a8094cfde0af0566356b

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_sparc.deb
Size/MD5 checksum: 45466 c798e777f7714a44a8c25747ee34f94c
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_sparc.deb
Size/MD5 checksum: 205304 766577556058b3a3387ae82a1139f4e5
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_sparc.deb
Size/MD5 checksum: 454738 b8b94ac00a5a78f5aad3b8c0f8c13a7d
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_sparc.deb
Size/MD5 checksum: 257860 64d54fae38c0647f0fab3b5127432a29
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_sparc.deb
Size/MD5 checksum: 40540 543e3e614f20101d54ebe9aacf6a4cbf


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEeFq/W5ql+IAeqTIRAhkYAJ9Nz/9TZbaj5vq8hrEgtCVE6EG8lQCgoU7x
U6r9qUH0vLHRbSwsDUVcFvg=
=gjYg
-----END PGP SIGNATURE-----

5.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1079-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
May 29th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : mysql-dfsg
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518
CERT advisory : VU#602457
BugTraq IDs : 16850 17780
Debian Bugs : 366044 366049 366163

Several vulnerabilities have been discovered in MySQL, a popular SQL
database. The Common Vulnerabilities and Exposures Project identifies
the following problems:

CVE-2006-0903

Improper handling of SQL queries containing the NULL character
allow local users to bypass logging mechanisms.

CVE-2006-1516

Usernames without a trailing null byte allow remote attackers to
read portions of memory.

CVE-2006-1517

A request with an incorrect packet length allows remote attackers
to obtain sensitive information.

CVE-2006-1518

Specially crafted request packets with invalid length values allow
the execution of arbitrary code.

The following vulnerability matrix shows which version of MySQL in
which distribution has this problem fixed:

woody sarge sid
mysql 3.23.49-8.15 n/a n/a
mysql-dfsg n/a 4.0.24-10sarge2 n/a
mysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a
mysql-dfsg-5.0 n/a n/a 5.0.21-3

We recommend that you upgrade your mysql packages.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10sarge2.dsc
Size/MD5 checksum: 966 42f14bb83f832f0f88bdabb317f62df8
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10sarge2.diff.gz
Size/MD5 checksum: 98938 9aaf7d794c14faa63a05d7630f683383
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24.orig.tar.gz
Size/MD5 checksum: 9923794 aed8f335795a359f32492159e3edfaa3

Architecture independent components:

http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-common_4.0.24-10sarge2_all.deb
Size/MD5 checksum: 34566 f4aa726f5f9ec79e42799a40faabcf17

Alpha architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_alpha.deb
Size/MD5 checksum: 356730 97904c2a773bc61c643e4dce283a2862
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_alpha.deb
Size/MD5 checksum: 4533478 8edafbc553d062864c4bb17cbca3211b
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_alpha.deb
Size/MD5 checksum: 520712 5883aef348e2eb1321b21051cdd604be
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_alpha.deb
Size/MD5 checksum: 4890620 824e4c4c078ef73612fccbea7e209651

AMD64 architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_amd64.deb
Size/MD5 checksum: 309490 c7943142f1f618987c87073c5893174e
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_amd64.deb
Size/MD5 checksum: 3182676 e62cc19620500c5430447978b7e645c6
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_amd64.deb
Size/MD5 checksum: 434022 55e3f43e8ac136951fc1b679df820cd1
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_amd64.deb
Size/MD5 checksum: 3878414 5ab561357abca1720b9942c9f8e78a4e

ARM architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_arm.deb
Size/MD5 checksum: 288180 6869739c00a8151a181ec8cfffe1ec70
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_arm.deb
Size/MD5 checksum: 2848430 945158edc0fba528a04f98170fe55921
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_arm.deb
Size/MD5 checksum: 414176 8ecea50cf576d50bd5ceb6424915da52
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_arm.deb
Size/MD5 checksum: 3482538 ae6cb51798ea91d7b6009dcd80a55e43

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_i386.deb
Size/MD5 checksum: 296570 7cdd0f7a094215ab98249514031ef9a0
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_i386.deb
Size/MD5 checksum: 2922132 84cffb8467493bcf0cf49ef3a21caa67
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_i386.deb
Size/MD5 checksum: 415162 7bb2bfd6b9853d51abbf958eeed5b23f
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_i386.deb
Size/MD5 checksum: 3645982 b2d2991bee2e019a45cbaa39fa7e9f6b

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_ia64.deb
Size/MD5 checksum: 395396 b03b6af8b0e21c8e80bbc8d2ef5c7817
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_ia64.deb
Size/MD5 checksum: 4472590 aa5afd6648c2034fd0d254100e2e42fc
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_ia64.deb
Size/MD5 checksum: 562984 e357eebc432a81d9f8f4c94f365528d4
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_ia64.deb
Size/MD5 checksum: 5328582 1f528438e2282f4b51c13932d70875fd

HP Precision architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_hppa.deb
Size/MD5 checksum: 329948 864b11f30e86d7d2921caeda238f22f9
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_hppa.deb
Size/MD5 checksum: 3314390 12c74247254b89c93dc5aecf74c3249f
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_hppa.deb
Size/MD5 checksum: 456078 cf903d0dcb745d67f4ad66ad3a4b66f2
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_hppa.deb
Size/MD5 checksum: 3947304 f8feb350cc9a6db2979d215ea6735bda

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_m68k.deb
Size/MD5 checksum: 279504 9a202261b9627190d15ab5bb7e98d0e2
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_m68k.deb
Size/MD5 checksum: 2665612 e49f8b011912473604c9df82047fd244
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_m68k.deb
Size/MD5 checksum: 390304 d04f65d12c590a0239408e3293c80714
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_m68k.deb
Size/MD5 checksum: 3293046 8a049030853d08742488a1e4dabc504d

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_mips.deb
Size/MD5 checksum: 314170 41c279180276fcf8effa8573fe75a158
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_mips.deb
Size/MD5 checksum: 3182296 f9fe3b82095434f04871092f1431d2d1
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_mips.deb
Size/MD5 checksum: 457290 19243ed43a65f65a3dee76657274f365
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_mips.deb
Size/MD5 checksum: 3813374 f71b04ee43e3629dd410dd72e0d1ac15

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_mipsel.deb
Size/MD5 checksum: 313862 ae441e9b7d18e9f5b16a01243f8a292b
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_mipsel.deb
Size/MD5 checksum: 3170026 7fdcb95df46e805c350d1035e5e3534e
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_mipsel.deb
Size/MD5 checksum: 457296 fe2c3473cbcf10cbacb4a9606a8b285a
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_mipsel.deb
Size/MD5 checksum: 3800380 db0f0b418fb92dd9978fe75df5356fef

PowerPC architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_powerpc.deb
Size/MD5 checksum: 315104 3f28badbf686cbff4a4905bdc507e31d
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_powerpc.deb
Size/MD5 checksum: 3184308 8c986e6f386b84f960894575e557c6b7
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_powerpc.deb
Size/MD5 checksum: 464662 d48488660fc50361bdb58dc446a67b89
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_powerpc.deb
Size/MD5 checksum: 3842406 902b6725bcbf405d723f3bdb1f86b52b

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_s390.deb
Size/MD5 checksum: 324700 5e52e1cc8b4781dd510c0c36e54cef11
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_s390.deb
Size/MD5 checksum: 2830282 e6dd53a143318bb922716105e9be4131
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_s390.deb
Size/MD5 checksum: 442420 41c28b4e3e625278b6231be2c254e75c
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_s390.deb
Size/MD5 checksum: 3665834 d8283a9161d27bec024d5f24822847ae

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_sparc.deb
Size/MD5 checksum: 304688 6e3e90483f30e8c1e002594b69bbd7f9
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_sparc.deb
Size/MD5 checksum: 3270002 eb343d64b0e0b4d0c2f6f2197148f3e9
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_sparc.deb
Size/MD5 checksum: 430014 568bcb494e04f9e47e419a9cc7a7c49b
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_sparc.deb
Size/MD5 checksum: 3821652 2714c3d57dd30d1ef31951d452660f7c


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEeo97W5ql+IAeqTIRAuTLAJwKm6rRzBaeZmQ4y9Y7wv02RQpt9QCdFMTf
FRJBNsjzYnZHLqWfE15sizQ=
=eOok
-----END PGP SIGNATURE-----

6.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1080-1 security@debian.org
http://www.debian.org/security/ Steve Kemp
May 29th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : dovecot
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-2414

A problem has been discovered in the IMAP component of Dovecot, a
secure mail server that supports mbox and maildir mailboxes, which can
lead to information disclosure via directory traversal by
authenticated users.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 0.99.14-1sarge0.

For the unstable distribution (sid) this problem has been fixed in
version 1.0beta8-1.

We recommend that you upgrade your dovecot-imapd package.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/d/dovecot/dovecot_0.99.14-1sarge0.dsc
Size/MD5 checksum: 760 5365f712ee15d1c3b825af2ef95f583e
http://security.debian.org/pool/updates/main/d/dovecot/dovecot_0.99.14-1sarge0.diff.gz
Size/MD5 checksum: 26557 e30859421db7ebe8478dacb02110f3f0
http://security.debian.org/pool/updates/main/d/dovecot/dovecot_0.99.14.orig.tar.gz
Size/MD5 checksum: 871285 a12e26fd378a46c31ec3a81ab7b55b5b

Architecture independent components:

http://security.debian.org/pool/updates/main/d/dovecot/dovecot_0.99.14-1sarge0_all.deb
Size/MD5 checksum: 7516 b6813e75e60e5094ac114fcc198d2ea2

Alpha architecture:

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_alpha.deb
Size/MD5 checksum: 283796 06751f47fe61b4f9fd410cd055288be2
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_alpha.deb
Size/MD5 checksum: 364838 e6e564cf60e92b4bd12f5209f56ed4c1
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_alpha.deb
Size/MD5 checksum: 331290 e6bf35a49d23636b53378e996ce9c1d2

AMD64 architecture:

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_amd64.deb
Size/MD5 checksum: 258846 990b811364af83c3223e6a733fb6856b
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_amd64.deb
Size/MD5 checksum: 311520 642e17490997baa93857b282c4b13f7a
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_amd64.deb
Size/MD5 checksum: 285308 6ea57ba9b419b77964812a93f959b98c

ARM architecture:

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_arm.deb
Size/MD5 checksum: 244796 64574178089a5c8ee75912adbe0aaf33
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_arm.deb
Size/MD5 checksum: 289624 5d4b172a52f4f23d9702348d03b35ff3
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_arm.deb
Size/MD5 checksum: 265496 3284fc52fd054f5545e8327cc0d39e7a

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_i386.deb
Size/MD5 checksum: 245230 ba2e1bccd3d12180c2ec50d41102dde7
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_i386.deb
Size/MD5 checksum: 292656 00c0245e231a07bc05104c2b3113951b
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_i386.deb
Size/MD5 checksum: 268158 9c061cc01ca82178530b6c47aad1120c

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_ia64.deb
Size/MD5 checksum: 308824 fab290d2d317aa96a0111129214cf05e
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_ia64.deb
Size/MD5 checksum: 429626 287f26ebef5de68a0867ef38fcba4aa0
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_ia64.deb
Size/MD5 checksum: 389276 f4cc53876bae4f3780eeb89465700c8f

HP Precision architecture:

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_hppa.deb
Size/MD5 checksum: 263982 2fefd32583dfff8410dbe14bc32c9771
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_hppa.deb
Size/MD5 checksum: 329758 1375b56509aee5b605ef3a290469d43c
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_hppa.deb
Size/MD5 checksum: 301158 504332dbc815999c61b48d3eac4fb7a3

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_m68k.deb
Size/MD5 checksum: 234130 a45c037148354769c27892781267485a
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_m68k.deb
Size/MD5 checksum: 265658 a37e2a5eaa09a604dda421fafbd26b0c
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_m68k.deb
Size/MD5 checksum: 243988 648469b9fdc01db53d142388b8cc2455

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_mips.deb
Size/MD5 checksum: 266612 709081de9bbd89abf7e604415c084336
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_mips.deb
Size/MD5 checksum: 335312 cd3c144f32e7e2f8b051c4038729d0db
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_mips.deb
Size/MD5 checksum: 306346 324926cc8cd59c1752c28a5a5e3c82f0

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_mipsel.deb
Size/MD5 checksum: 266570 cf6172ff278d730828743d8d5c225c30
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_mipsel.deb
Size/MD5 checksum: 335318 48895c1e7d38310df3438b06c0bd0255
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_mipsel.deb
Size/MD5 checksum: 306390 0ad05fa2956bf634ab4ee5cb644f6776

PowerPC architecture:

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_powerpc.deb
Size/MD5 checksum: 256774 4545dd863436ac5725b98dbfec1cd25e
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_powerpc.deb
Size/MD5 checksum: 313862 2df352eced7aff6eda4e6e516b94c402
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_powerpc.deb
Size/MD5 checksum: 286772 06b25b73ede373b9b9bda930dc4afef9

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_s390.deb
Size/MD5 checksum: 265964 9b18cdf5194db5a614e98c1a2e14f176
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_s390.deb
Size/MD5 checksum: 325310 a732511d63ed64239df43d09c0cd1afd
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_s390.deb
Size/MD5 checksum: 297864 ebcf6c73b0b94f6b9fee1c85a04f4824

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_sparc.deb
Size/MD5 checksum: 244540 87bb459d4c1eb6ed335dd57fee3fed0c
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_sparc.deb
Size/MD5 checksum: 291136 5abab794ab7a53e83190a38a7185e648
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_sparc.deb
Size/MD5 checksum: 266018 c63b900e49e4769200aef6db7b6bccf0


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEep0/W5ql+IAeqTIRArPKAJ97LqMoapV3aqi/I5v8TI6Of3Oa7wCeLfmf
uCktCQh0gxg44eK9g3IVaGA=
=LHtI
-----END PGP SIGNATURE-----

7.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1081-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
May 29th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : libextractor
Vulnerability : buffer overflow
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2006-2458
BugTraq ID : 18021

Luigi Auriemma discovered a buffer overflow in the processing of ASF
files in libextractor, a library to extract arbitrary meta-data from
files., which can lead to the execution of arbitrary code.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 0.4.2-2sarge5.

For the unstable distribution (sid) this problem has been fixed in
version 0.5.14-1.

We recommend that you upgrade your libextractor packages.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge5.dsc
Size/MD5 checksum: 778 c3215a74f69c129ed235db8b5fe178e6
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge5.diff.gz
Size/MD5 checksum: 7079 d2037e9f74bef85bf4a73f852ddfafad
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2.orig.tar.gz
Size/MD5 checksum: 5887095 d99e1b13a017d39700e376a0edbf7ba2

Alpha architecture:

http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge5_alpha.deb
Size/MD5 checksum: 19598 815bb87bcc9d5e143513c8adff67b338
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge5_alpha.deb
Size/MD5 checksum: 5804952 22c415c2aee20ed8007a2d0662bebad6
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge5_alpha.deb
Size/MD5 checksum: 19384 2f3a45d22e6a52721ed57543f199313f

AMD64 architecture:

http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge5_amd64.deb
Size/MD5 checksum: 18270 1a47010ad219b069f264a8024fd72aed
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge5_amd64.deb
Size/MD5 checksum: 5641542 efb4ac008ec794d8d17d1eb214ad3542
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge5_amd64.deb
Size/MD5 checksum: 17548 d6763b38aca5065486aa3c45f49dd2e0

ARM architecture:

http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge5_arm.deb
Size/MD5 checksum: 17648 7e52bda1ca202ea165cf305092d063f7
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge5_arm.deb
Size/MD5 checksum: 5710838 71d5589d4a0c3815a0b24474fb44af68
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge5_arm.deb
Size/MD5 checksum: 16964 0bc00d8fa937e1958c4db72f01566732

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge5_i386.deb
Size/MD5 checksum: 17788 09bb0f12aa606fb48b7574305ccd8abc
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge5_i386.deb
Size/MD5 checksum: 5713332 234c03f92ed071fdc69844e04523514c
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge5_i386.deb
Size/MD5 checksum: 16706 5c5744dc49991cf0789a33f8a43557e1

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge5_ia64.deb
Size/MD5 checksum: 20578 ade1344228270f2a2faede7e2507913c
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge5_ia64.deb
Size/MD5 checksum: 5905588 d1d4a949aecc95d5a3715a5e1bcc4b70
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge5_ia64.deb
Size/MD5 checksum: 19328 6aa6ab7c949e0dd8771b8961f97fbe4b

HP Precision architecture:

http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge5_hppa.deb
Size/MD5 checksum: 18728 fbd85db9bf81bd503cd9101d782e7610
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge5_hppa.deb
Size/MD5 checksum: 5687480 0ead195a721a06e0361b33da33e2cb6c
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge5_hppa.deb
Size/MD5 checksum: 17880 9cd7927dece9ba96f162cb4a3e94b62c

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge5_m68k.deb
Size/MD5 checksum: 17366 c5b4f3d26088cd7e20bddf43607ad460
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge5_m68k.deb
Size/MD5 checksum: 5708448 2be9420e48bda34ee4b7ca60a08007d3
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge5_m68k.deb
Size/MD5 checksum: 16574 5ef21edcb2b7be36a3e5bb13355a60bf

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge5_mips.deb
Size/MD5 checksum: 18586 d024ee53f3337ec967a0b660c2a8d781
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge5_mips.deb
Size/MD5 checksum: 5729374 80e33bbc9f3347e296d34bdfce142a90
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge5_mips.deb
Size/MD5 checksum: 17882 563942bd2a628afbc5a2475d5e9de5ec

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge5_mipsel.deb
Size/MD5 checksum: 18640 acb9a3bca9d8ded8a1a58762be94d1b6
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge5_mipsel.deb
Size/MD5 checksum: 5727126 0e0346025b7ab811d9157fe5b6742499
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge5_mipsel.deb
Size/MD5 checksum: 17918 61e23eb764acadc7af516a77451e0fb9

PowerPC architecture:

http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge5_powerpc.deb
Size/MD5 checksum: 19770 7acbd573f6316a70ae546ea67aa90d96
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge5_powerpc.deb
Size/MD5 checksum: 5678108 1837c793ee66dd1808b2fa45e97c5a5a
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge5_powerpc.deb
Size/MD5 checksum: 17740 4977aa16ee70428ed20b8bca1822c7d4

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge5_s390.deb
Size/MD5 checksum: 18154 6aa5dffe5d0e7ad9c7b0393e58317756
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge5_s390.deb
Size/MD5 checksum: 5768262 83c28645ee0719728be1436d5d61e697
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge5_s390.deb
Size/MD5 checksum: 18100 181d2897f6e9b3c058ac78c8b5ae82a1

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge5_sparc.deb
Size/MD5 checksum: 17660 3c84b9981ee26f04e2a77d9b338c78b1
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge5_sparc.deb
Size/MD5 checksum: 5752372 f24a5dcbd614ee91b7c8951586be1c7b
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge5_sparc.deb
Size/MD5 checksum: 16872 e12a3b7c42006fce3418ceafb9ea3618


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEeqNFW5ql+IAeqTIRApEEAJ41PaNaTDfIb1aNJi4/QntWJMTxsQCffy/s
lFomZMakfXbcme1r1vg664U=
=5ckF
-----END PGP SIGNATURE-----

8.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1082-1 security@debian.org
http://www.debian.org/security/ Martin Schulze, Dann Frazier
May 29th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : kernel-image-2.4.17-hppa kernel-image-2.4.17-ia64 kernel-image-2.4.17-s390 kernel-patch-2.4.17-apus kernel-patch-2.4.17-mips kernel-patch-2.4.17-s390 kernel-source-2.4.17
Vulnerability : several
Problem-Type : local/remote
Debian-specific: no
CVE IDs : CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2005-0001 CVE-2004-0883 CVE-2004-0949 CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017 CVE-2005-0124 CVE-2005-0528 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384 CVE-2005-0135

Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:


CVE-2004-0427

A local denial of service vulnerability in do_fork() has been found.

CVE-2005-0489

A local denial of service vulnerability in proc memory handling has
been found.

CVE-2004-0394

A buffer overflow in the panic handling code has been found.

CVE-2004-0447

A local denial of service vulnerability through a null pointer
dereference in the IA64 process handling code has been found.

CVE-2004-0554

A local denial of service vulnerability through an infinite loop in
the signal handler code has been found.

CVE-2004-0565

An information leak in the context switch code has been found on
the IA64 architecture.

CVE-2004-0685

Unsafe use of copy_to_user in USB drivers may disclose sensitive
information.

CVE-2005-0001

A race condition in the i386 page fault handler may allow privilege
escalation.

CVE-2004-0883

Multiple vulnerabilities in the SMB filesystem code may allow denial
of service of information disclosure.

CVE-2004-0949

An information leak discovered in the SMB filesystem code.

CVE-2004-1016

A local denial of service vulnerability has been found in the SCM layer.

CVE-2004-1333

An integer overflow in the terminal code may allow a local denial of
service vulnerability.

CVE-2004-0997

A local privilege escalation in the MIPS assembly code has been found.

CVE-2004-1335

A memory leak in the ip_options_get() function may lead to denial of
service.

CVE-2004-1017

Multiple overflows exist in the io_edgeport driver which might be usable
as a denial of service attack vector.

CVE-2005-0124

Bryan Fulton reported a bounds checking bug in the coda_pioctl function
which may allow local users to execute arbitrary code or trigger a denial
of service attack.

CVE-2005-0528

A local privilege escalation in the mremap function has been found

CVE-2003-0984

Inproper initialization of the RTC may disclose information.

CVE-2004-1070

Insufficient input sanitising in the load_elf_binary() function may
lead to privilege escalation.

CVE-2004-1071

Incorrect error handling in the binfmt_elf loader may lead to privilege
escalation.

CVE-2004-1072

A buffer overflow in the binfmt_elf loader may lead to privilege
escalation or denial of service.

CVE-2004-1073

The open_exec function may disclose information.

CVE-2004-1074

The binfmt code is vulnerable to denial of service through malformed
a.out binaries.

CVE-2004-0138

A denial of service vulnerability in the ELF loader has been found.

CVE-2004-1068

A programming error in the unix_dgram_recvmsg() function may lead to
privilege escalation.

CVE-2004-1234

The ELF loader is vulnerable to denial of service through malformed
binaries.

CVE-2005-0003

Crafted ELF binaries may lead to privilege escalation, due to
insufficient checking of overlapping memory regions.

CVE-2004-1235

A race condition in the load_elf_library() and binfmt_aout() functions
may allow privilege escalation.

CVE-2005-0504

An integer overflow in the Moxa driver may lead to privilege escalation.

CVE-2005-0384

A remote denial of service vulnerability has been found in the PPP
driver.

CVE-2005-0135

An IA64 specific local denial of service vulnerability has been found
in the unw_unwind_to_user() function.

The following matrix explains which kernel version for which architecture
fix the problems mentioned above:

Debian 3.1 (sarge)
Source 2.4.17-1woody4
HP Precision architecture 32.5
Intel IA-64 architecture 011226.18
IBM S/390 architecture/image 2.4.17-2.woody.5
IBM S/390 architecture/patch 0.0.20020816-0.woody.4
PowerPC architecture (apus) 2.4.17-6
MIPS architecture 2.4.17-0.020226.2.woody7


We recommend that you upgrade your kernel package immediately and reboot
the machine.

Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get dist-upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-hppa_32.5.dsc
Size/MD5 checksum: 713 6ff55b14d3ae957c55bbed7fabf4c047
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-hppa_32.5.tar.gz
Size/MD5 checksum: 30437486 86601103169da686167972e5e560e3d4
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-ia64_011226.18.dsc
Size/MD5 checksum: 736 f97d95c6ecc26401f8f2fc2ead6cf421
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-ia64_011226.18.tar.gz
Size/MD5 checksum: 25419305 9bc354f889edd4964840475400b088b7
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.5.dsc
Size/MD5 checksum: 800 d20db4ab99e311150734b70519cc31e9
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.5.tar.gz
Size/MD5 checksum: 12283 f51a7e01941baca7010fb8c2f0f67fe3
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-patch-2.4.17-apus_2.4.17-6.dsc
Size/MD5 checksum: 694 2d48f4cfa4917904b6c1f806ecc1bdb4
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-patch-2.4.17-apus_2.4.17-6.tar.gz
Size/MD5 checksum: 491935 94638c0c03b6b163f46319e777d4aa71
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody7.dsc
Size/MD5 checksum: 805 b48cbc9c2cd59eee3a52f54cfa5356e0
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody7.tar.gz
Size/MD5 checksum: 1150966 6748462e7bce7c917e066e0594d42571
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816-0.woody.4.dsc
Size/MD5 checksum: 664 f49e9cba55a8a4b098e5dc522f2a07fc
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816-0.woody.4.tar.gz
Size/MD5 checksum: 344642 3a488cc38ffc619bfff4bfbb75eff4cd
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody4.dsc
Size/MD5 checksum: 609 4e0f66c1811cfb9e926c21566e55b202
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody4.tar.gz
Size/MD5 checksum: 29768549 bc1f8eab880a33bfe2ebeb3ef8b6557a

Architecture independent components:

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-source-2.4.17-hppa_32.5_all.deb
Size/MD5 checksum: 24455128 ed5362b12c6327295cd89027ff8e80ab
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-source-2.4.17-ia64_011226.18_all.deb
Size/MD5 checksum: 24735538 cf9ddb702811464ac2dd2231512053f9
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody7_all.deb
Size/MD5 checksum: 1151866 6f2575f26e7800e1e7a7cafdaf02b3a6
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816-0.woody.4_all.deb
Size/MD5 checksum: 300202 0f5db53cdab20024b4a3a75bd0799b1a
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-doc-2.4.17_2.4.17-1woody4_all.deb
Size/MD5 checksum: 1708122 7d18878351662289ac0841e0ad8f10f4
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody4_all.deb
Size/MD5 checksum: 23972270 a0bf4a2796a9b49c36579166e6a72d62

HP Precision architecture:

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-headers-2.4.17-hppa_32.5_hppa.deb
Size/MD5 checksum: 3523044 63c790a70164e579c8bb3b8a08ea69b5
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-32_32.5_hppa.deb
Size/MD5 checksum: 2869994 e9e2be22d5fdf40f2e879570adc1132d
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-32-smp_32.5_hppa.deb
Size/MD5 checksum: 3006192 cf53ac718c6ed26a59802e74c5926f00
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-64_32.5_hppa.deb
Size/MD5 checksum: 3029436 d0e0fd747af9ff7a3633ee9cc6b1f1e6
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-64-smp_32.5_hppa.deb
Size/MD5 checksum: 3170356 ca408698a580463da3a547b2f87006e4
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_hppa.deb
Size/MD5 checksum: 16886 437018078d9d01e25702cf1a20c23414

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-headers-2.4.17-ia64_011226.18_ia64.deb
Size/MD5 checksum: 3638280 b6cd4e0d4129b6f4d0734253818cd828
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-itanium_011226.18_ia64.deb
Size/MD5 checksum: 7026800 55e4cd610c06297c7132ce2aeb88d029
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-itanium-smp_011226.18_ia64.deb
Size/MD5 checksum: 7172892 a66f94c18d8ee4354e9446655837c72a
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-mckinley_011226.18_ia64.deb
Size/MD5 checksum: 7014470 d99cc0f293c747a295230de934328007
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-mckinley-smp_011226.18_ia64.deb
Size/MD5 checksum: 7165570 997a9dbf17821067de6ceb65548e7c2b
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody4_ia64.deb
Size/MD5 checksum: 21616 1eab80187061fbd304b6328533d7dc33

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-headers-2.4.17_2.4.17-2.woody.5_s390.deb
Size/MD5 checksum: 3379418 74817217abf90896eb63d6c6792839fe
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.5_s390.deb
Size/MD5 checksum: 1346190 39433c757763336b6c14bf0d00652596
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_s390.deb
Size/MD5 checksum: 16404 9cfcf10a2a2ef99bbb009a650cddd227

PowerPC architecture:

http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-headers-2.4.17-apus_2.4.17-6_powerpc.deb
Size/MD5 checksum: 3409712 698750e3998ee3792db43f445a8a8d96
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-image-2.4.17-apus_2.4.17-6_powerpc.deb
Size/MD5 checksum: 2211146 103890e43508a5913a10ff8be80e9cdc
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-image-apus_2.4.17-6_powerpc.deb
Size/MD5 checksum: 4602 31ef3f45675fc13836337dee97486e20
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-patch-2.4.17-apus_2.4.17-6_powerpc.deb
Size/MD5 checksum: 490842 799441a4e49b88f780353d7aff9f29d2
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_powerpc.deb
Size/MD5 checksum: 16280 4e54c040bc83523d8122287bab6df7a5

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody7_mips.deb
Size/MD5 checksum: 3523520 45f001c255a3a66f22148d84d035abb1
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-ip22_2.4.17-0.020226.2.woody7_mips.deb
Size/MD5 checksum: 2045436 c840c6ff8c9e3ab455d38021d09a391d
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r5k-ip22_2.4.17-0.020226.2.woody7_mips.deb
Size/MD5 checksum: 2045226 709ccbc6754644fa448c93058f0df504
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_mips.deb
Size/MD5 checksum: 16556 019623b1dbc75bff84d7f056435dc6db

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody7_mipsel.deb
Size/MD5 checksum: 3522422 2118440d1658730fd93f47867848573c
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r3k-kn02_2.4.17-0.020226.2.woody7_mipsel.deb
Size/MD5 checksum: 2200968 63bc732deee6df19b83f10a50485a476
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-kn04_2.4.17-0.020226.2.woody7_mipsel.deb
Size/MD5 checksum: 2195278 697eb9b05f765c332eca175284eb24b8
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/mips-tools_2.4.17-0.020226.2.woody7_mipsel.deb
Size/MD5 checksum: 17836 61df1f292dccb4e64cb956a629f729fc
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_mipsel.deb
Size/MD5 checksum: 16558 f8382b01aca2c535988b5ab5709dae90

Alpha architecture:

http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_alpha.deb
Size/MD5 checksum: 17180 7d1cf8fb24431c01f45fadf7becb6d2e

ARM architecture:

http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_arm.deb
Size/MD5 checksum: 15878 fcf97ed103c205699fb5396c3a49e293

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_i386.deb
Size/MD5 checksum: 15518 2e7d50090a469a84ef7f3ae8aa97b85f

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_m68k.deb
Size/MD5 checksum: 15368 41a11620bf7ea34b15742ccf59ff6895

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_sparc.deb
Size/MD5 checksum: 18356 71b076d3eeff837bfb54a7f538b11b58


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEe0tRXm3vHE4uyloRApvAAKDaFRbetrDKY5EG5vPOA8VmTCxz/gCdEfrK
cJdrQoYno419ID3QGeL7XLc=
=1YKA
-----END PGP SIGNATURE-----

9.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1083-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
May 31st, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : motor
Vulnerability : buffer overflow
Problem type : local
Debian-specific: no
CVE ID : CVE-2005-3863
Debian Bug : 368400

Mehdi Oudad and Kevin Fernandez discovered a buffer overflow in the
ktools library which is used in motor, an integrated development
environment for C, C++ and Java, which may lead local attackers to
execute arbitrary code.

For the old stable distribution (woody) this problem has been fixed in
version 3.2.2-2woody1.

For the stable distribution (sarge) this problem has been fixed in
version 3.4.0-2sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 3.4.0-6.

We recommend that you upgrade your motor package.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1.dsc
Size/MD5 checksum: 636 932fa3ce87130b09e516ca4419cdd0da
http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1.diff.gz
Size/MD5 checksum: 3462 babba5e4b1c2e695836582ce15954812
http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2.orig.tar.gz
Size/MD5 checksum: 454423 2ba1c22fb3c76209be185b4cbb7a2bfb

Alpha architecture:

http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_alpha.deb
Size/MD5 checksum: 738572 19d012b605af9df5be7920c2d1c14c2b

ARM architecture:

http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_arm.deb
Size/MD5 checksum: 653042 d3d0f37780f1fdf1e9a01b0cd804829e

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_i386.deb
Size/MD5 checksum: 549282 522c5ac389fad6cc3fb6b350022b3446

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_ia64.deb
Size/MD5 checksum: 795334 5a7504789d50cdf37581d068df336955

HP Precision architecture:

http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_hppa.deb
Size/MD5 checksum: 662582 7d53430905f547c2634186a462ce415a

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_m68k.deb
Size/MD5 checksum: 517012 5c91f1cd222e656baf4310d42144feb9

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_mips.deb
Size/MD5 checksum: 529124 d9a7e82738c9ed4eab95de37e7359316

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_mipsel.deb
Size/MD5 checksum: 521888 8de2e1c0ccbf511f67b337344e9348c8

PowerPC architecture:

http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_powerpc.deb
Size/MD5 checksum: 543442 61e434e789e18e8b239fa982812e8ad1

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_s390.deb
Size/MD5 checksum: 465874 d08b495f50fb4edfdfd8ea84c3c35ee9

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_sparc.deb
Size/MD5 checksum: 527592 aaf50e919624329bc2c7f53fdb37bb30


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1.dsc
Size/MD5 checksum: 815 5d26d9fb0c432aa7ea49a22558ee41b4
http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1.diff.gz
Size/MD5 checksum: 20178 3edb3f737d0d6c9d29ff6bfc8bebf8ae
http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0.orig.tar.gz
Size/MD5 checksum: 572571 c9ff6aade7105a90df11ccfd51592bec

Architecture independent components:

http://security.debian.org/pool/updates/main/m/motor/motor-common_3.4.0-2sarge1_all.deb
Size/MD5 checksum: 180060 e10533391309045ebc5c8c6240a66390

Alpha architecture:

http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_alpha.deb
Size/MD5 checksum: 400350 1e1cb43ff88df11ab331db1ec2064da6
http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_alpha.deb
Size/MD5 checksum: 400456 f2083703d009a1c55b3de99a3a67a0cd

AMD64 architecture:

http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_amd64.deb
Size/MD5 checksum: 324104 79cf88f5d9132b2ec4d028e49781c12b
http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_amd64.deb
Size/MD5 checksum: 324110 ee02473a890ff964499e6f3a571be44b

ARM architecture:

http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_arm.deb
Size/MD5 checksum: 515546 c0077e0bf48ce9d4ace9f0b955a37bf1
http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_arm.deb
Size/MD5 checksum: 515532 f85e4041f81fd88f7c8406b59be1f7f1

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_i386.deb
Size/MD5 checksum: 329436 bba002e6bd072e2cc8bd216402a46d86
http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_i386.deb
Size/MD5 checksum: 329462 e32f51cbfb70a26c91758d3e9efaf11d

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_ia64.deb
Size/MD5 checksum: 467542 e1f4f43dc7d2bc708467c28c929d51ac
http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_ia64.deb
Size/MD5 checksum: 467576 c8aa0f65f1663d3b9cda661af9ab8003

HP Precision architecture:

http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_hppa.deb
Size/MD5 checksum: 428216 3cbafe2c74ed5f812148cddaf6afb93c
http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_hppa.deb
Size/MD5 checksum: 428292 ced41374caa59da300affe46746bba81

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_m68k.deb
Size/MD5 checksum: 341358 47547f8004245481b2cb0c77d7ac5dc0
http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_m68k.deb
Size/MD5 checksum: 341424 2b0b093297255a2617a9e67001a42320

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_mips.deb
Size/MD5 checksum: 371424 2394101cfd5b979bf76f24dd0c33ff3a
http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_mips.deb
Size/MD5 checksum: 371468 eacd6bde371442bd12a91849a2163158

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_mipsel.deb
Size/MD5 checksum: 369150 53856f0d1135e9a71e638691976fe76a
http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_mipsel.deb
Size/MD5 checksum: 369194 824398e12fae38644112d7b07f54f97a

PowerPC architecture:

http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_powerpc.deb
Size/MD5 checksum: 344178 dad299ed53a42adad6f8df1902342fe3
http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_powerpc.deb
Size/MD5 checksum: 344240 64883e84f2407aa464dfb68558cd2fb4

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_s390.deb
Size/MD5 checksum: 298896 51043d25447ba66eeb15c45f8fe8ceb0
http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_s390.deb
Size/MD5 checksum: 298904 8b1c71ba4a96d828bd7c04763f31f3a0

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_sparc.deb
Size/MD5 checksum: 324868 f38dcee356c6d8c5b7c453ca549ff1a7
http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_sparc.deb
Size/MD5 checksum: 324890 666ad1b0f33565dfbc60e9bd6ae95745


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEfTXHW5ql+IAeqTIRAkgNAKC5iWDn6hDn2Jn7zfQ0M+sTf4XkYQCgnaXi
7pIwXjDV8QqMJIHaLfjwDeg=
=XAwf
-----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |