Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > September 2006 > Two Debian Security Advisories: 1. DSA 1177-1 - New usermin packages fix denial of service 2. DSA 1178-1 - New freetype packages fix execution of arbitrary code

September 2006

Two Debian Security Advisories: 1. DSA 1177-1 - New usermin packages fix denial of service 2. DSA 1178-1 - New freetype packages fix execution of arbitrary code

ID: 00628
Ref: 603/2006
Date: 18 September 2006:14:59:25
Version: 1
Title: Two Debian Security Advisories: 1. DSA 1177-1 - New usermin packages fix denial of service 2. DSA 1178-1 - New freetype packages fix execution of arbitrary code
Abstract:
Vendors affected: Debian
Operating systems affected: Debian
Applications affected: Debian
Title
=====

Two Debian Security Advisories:

1. DSA 1177-1 - New usermin packages fix denial of service

2. DSA 1178-1 - New freetype packages fix execution of arbitrary code

Detail
======

1. Hendrik Weimer discovered that it is possible for a normal user to
disable the login shell of the root account via usermin, a web-based
administration tool.

2. It was discovered that an integer overflow in freetype's PCF font code
may lead to denial of service and potential execution of arbitrary code.




1.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1177-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 15th, 2006 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : usermin
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-4246
CERT advisory :
BugTraq ID :
Debian Bug : 374609

Hendrik Weimer discovered that it is possible for a normal user to
disable the login shell of the root account via usermin, a web-based
administration tool.

For the stable distribution (sarge) this problem has been fixed in
version 1.110-3.1.

In the upstream distribution this problem is fixed in version 1.220.

We recommend that you upgrade your usermin package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/u/usermin/usermin_1.110-3.1.dsc
Size/MD5 checksum: 1079 1b5ab754b82a6ff0abc0d2fc125c920a
http://security.debian.org/pool/updates/main/u/usermin/usermin_1.110-3.1.diff.gz
Size/MD5 checksum: 20131 d1582cca3bbe1a376cb16591b550a241
http://security.debian.org/pool/updates/main/u/usermin/usermin_1.110.orig.tar.gz
Size/MD5 checksum: 1791868 cf214bb9927bd230a148ea3077bd8919

Architecture independent components:

http://security.debian.org/pool/updates/main/u/usermin/usermin-at_1.110-3.1_all.deb
Size/MD5 checksum: 21654 7709317a8e5182ed0f9f76b942cc608a
http://security.debian.org/pool/updates/main/u/usermin/usermin-changepass_1.110-3.1_all.deb
Size/MD5 checksum: 18924 cbaad0cc1daf80efbdb6eacc20829e99
http://security.debian.org/pool/updates/main/u/usermin/usermin-chfn_1.110-3.1_all.deb
Size/MD5 checksum: 13858 72ae504bded25ed8b8ecfe3cb6708168
http://security.debian.org/pool/updates/main/u/usermin/usermin-commands_1.110-3.1_all.deb
Size/MD5 checksum: 27728 4b80b6d368265d43139f2a7a800a9a0b
http://security.debian.org/pool/updates/main/u/usermin/usermin-cron_1.110-3.1_all.deb
Size/MD5 checksum: 62618 864bfdf0f00b1d0585c20aa7d02ee504
http://security.debian.org/pool/updates/main/u/usermin/usermin-cshrc_1.110-3.1_all.deb
Size/MD5 checksum: 8930 4247520dc9a76a9957c08b4777e8ace9
http://security.debian.org/pool/updates/main/u/usermin/usermin-fetchmail_1.110-3.1_all.deb
Size/MD5 checksum: 36392 b2bbc376806f1a95d812bfb8da0e8106
http://security.debian.org/pool/updates/main/u/usermin/usermin-forward_1.110-3.1_all.deb
Size/MD5 checksum: 28648 011e7762a8c9fd8fb6b111b0a2e99807
http://security.debian.org/pool/updates/main/u/usermin/usermin-gnupg_1.110-3.1_all.deb
Size/MD5 checksum: 32508 cb67585370a7b1926d288abab8a19f9a
http://security.debian.org/pool/updates/main/u/usermin/usermin-htaccess_1.110-3.1_all.deb
Size/MD5 checksum: 276924 a70ac23b2e452687690098dc5e668c6c
http://security.debian.org/pool/updates/main/u/usermin/usermin-htpasswd_1.110-3.1_all.deb
Size/MD5 checksum: 20516 878b90afd7460d3123f9f0edc61fbd30
http://security.debian.org/pool/updates/main/u/usermin/usermin-mailbox_1.110-3.1_all.deb
Size/MD5 checksum: 174834 c9ca85c93dfe181bef26bb2048ad0f3d
http://security.debian.org/pool/updates/main/u/usermin/usermin-man_1.110-3.1_all.deb
Size/MD5 checksum: 36290 74f1413927a5ea8869b2690f6385b5ef
http://security.debian.org/pool/updates/main/u/usermin/usermin-mysql_1.110-3.1_all.deb
Size/MD5 checksum: 148702 2cf835a9bcf9218cf896081329441a83
http://security.debian.org/pool/updates/main/u/usermin/usermin-plan_1.110-3.1_all.deb
Size/MD5 checksum: 10648 083c5307a16e0caa709b8b717862b7c6
http://security.debian.org/pool/updates/main/u/usermin/usermin-postgresql_1.110-3.1_all.deb
Size/MD5 checksum: 121962 7c006c458d54d851e0515c55df176e97
http://security.debian.org/pool/updates/main/u/usermin/usermin-proc_1.110-3.1_all.deb
Size/MD5 checksum: 77788 ca0c4b1ec4f1c5267135a2fc136c602a
http://security.debian.org/pool/updates/main/u/usermin/usermin-procmail_1.110-3.1_all.deb
Size/MD5 checksum: 26816 cc7649ba038e6101e9b687949e8ba6b4
http://security.debian.org/pool/updates/main/u/usermin/usermin-quota_1.110-3.1_all.deb
Size/MD5 checksum: 52766 1cb1548d3545928281fdaab654b6e4e7
http://security.debian.org/pool/updates/main/u/usermin/usermin-schedule_1.110-3.1_all.deb
Size/MD5 checksum: 6216 fc2c7d9556acf545033a1c987d3a4e46
http://security.debian.org/pool/updates/main/u/usermin/usermin-shell_1.110-3.1_all.deb
Size/MD5 checksum: 61828 d1777002638418dbc5de7750bd7b1e8d
http://security.debian.org/pool/updates/main/u/usermin/usermin-spamassassin_1.110-3.1_all.deb
Size/MD5 checksum: 88912 2769e14cbe77a723a97724e6cba0ad6a
http://security.debian.org/pool/updates/main/u/usermin/usermin-ssh_1.110-3.1_all.deb
Size/MD5 checksum: 47916 752fc28d2fa8fe7e113ba45dc024ee99
http://security.debian.org/pool/updates/main/u/usermin/usermin-tunnel_1.110-3.1_all.deb
Size/MD5 checksum: 12040 f40d0a44902f808d23af4d9f0a71f953
http://security.debian.org/pool/updates/main/u/usermin/usermin-updown_1.110-3.1_all.deb
Size/MD5 checksum: 24304 b0f335885164e18c784de10e44af4f60
http://security.debian.org/pool/updates/main/u/usermin/usermin-usermount_1.110-3.1_all.deb
Size/MD5 checksum: 91100 5328bf55d1a4faed368123461ac5274c
http://security.debian.org/pool/updates/main/u/usermin/usermin_1.110-3.1_all.deb
Size/MD5 checksum: 491116 ff5204df55e4761057a487e9125c743f


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFCsdNW5ql+IAeqTIRAnhnAJwL6tZ8iEsJ8wD7A0ilQjevP8Ev+gCfVAcx
U1Ob7+Bm3dksMq5/L5iIlLw=
=Cckk
- -----END PGP SIGNATURE-----



2.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1178-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
September 16th, 2006 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : freetype
Vulnerability : integer overflow
Problem-Type : local(remote)
Debian-specific: no
CVE ID : CVE-2006-3467
Debian Bug : 379920

It was discovered that an integer overflow in freetype's PCF font code
may lead to denial of service and potential execution of arbitrary code.

For the stable distribution (sarge) this problem has been fixed in
version 2.1.7-6.

For the unstable distribution (sid) this problem has been fixed in
version 2.2.1-5.

We recommend that you upgrade your freetype package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7-6.dsc
Size/MD5 checksum: 754 76dbe18b57a53fac328a1f8e00f54bd0
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7-6.diff.gz
Size/MD5 checksum: 57568 860e9383bba7d853ce6f758c239e89ed
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7.orig.tar.gz
Size/MD5 checksum: 1245623 991ff86e88b075ba363e876f4ea58680

Alpha architecture:

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_alpha.deb
Size/MD5 checksum: 88180 697811d9160b950b3d73682701f14e3c
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_alpha.deb
Size/MD5 checksum: 422838 635b31efebdb8fb192f7ee717a5e79f1
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_alpha.deb
Size/MD5 checksum: 784368 3d90ddefa034bae14101e1f9057efda7

AMD64 architecture:

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_amd64.deb
Size/MD5 checksum: 76242 73b70a41effc140791d6b58cf8d3a103
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_amd64.deb
Size/MD5 checksum: 390236 6b1c46c525b13bf78e6aa6adfe876300
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_amd64.deb
Size/MD5 checksum: 723742 e8cfab359664bd05c9606e21b632c9d6

ARM architecture:

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_arm.deb
Size/MD5 checksum: 58734 5535bb49abfbdb3a9add023c2f21fe07
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_arm.deb
Size/MD5 checksum: 352880 7dcc3438f6e69b8956244f3946038897
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_arm.deb
Size/MD5 checksum: 714518 6cae07f317c33b3f2f5de4e6209b3154

HP Precision architecture:

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_hppa.deb
Size/MD5 checksum: 80772 94c00e9be0020ec69779bb2961dedcc2
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_hppa.deb
Size/MD5 checksum: 407420 32967b0b193f09fdbfcf1a0f55cff736
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_hppa.deb
Size/MD5 checksum: 734434 7cb208545154507cf3462af986575e35

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_i386.deb
Size/MD5 checksum: 63190 5c65822f534a53c3f88c72cc32253f37
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_i386.deb
Size/MD5 checksum: 364858 555ba61fec5d41a3759f08bc330b9dff
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_i386.deb
Size/MD5 checksum: 695074 81249aa29df653e228162b59f55da8a3

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_ia64.deb
Size/MD5 checksum: 102616 8cfcca90b20054ab717d669c1109166c
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_ia64.deb
Size/MD5 checksum: 493792 eea2110b00ae876e0621365278628865
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_ia64.deb
Size/MD5 checksum: 844018 2351fd3f7be66cea09bb68ae99407805

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_m68k.deb
Size/MD5 checksum: 43862 a0ad63b48cef0fcd6d620e9eea56dcfd
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_m68k.deb
Size/MD5 checksum: 359672 e66cdcceff0149866934d8330a10be7f
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_m68k.deb
Size/MD5 checksum: 678786 2c12367dd397823d71c58ecc4db0f4a5

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_mips.deb
Size/MD5 checksum: 91804 d14ecf530fa28216f71937d98baaaab6
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_mips.deb
Size/MD5 checksum: 384572 5dde54f093153caa592e20757e478199
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_mips.deb
Size/MD5 checksum: 742438 d0bcd379d23db5f38f7718f4337d3227

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_mipsel.deb
Size/MD5 checksum: 91522 9c36563692b17dcfc1a98c3e8d7e97ab
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_mipsel.deb
Size/MD5 checksum: 376512 ceed1298a93acb941d3c0af2c282764e
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_mipsel.deb
Size/MD5 checksum: 735774 fd948760267718e195c78dd2e24215f2

PowerPC architecture:

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_powerpc.deb
Size/MD5 checksum: 81976 8fcc45ef341f6c9eb0e62f0b33f0b00a
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_powerpc.deb
Size/MD5 checksum: 379578 eaf219ba8b48fcce91c5118188c0b418
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_powerpc.deb
Size/MD5 checksum: 730094 a6d4471fdd1f7ad1f5f625b35d1f79ed

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_s390.deb
Size/MD5 checksum: 76228 ac7a5773d28f83d09d0e0918916e8ddf
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_s390.deb
Size/MD5 checksum: 400188 d93224537dea195ad6d642d6b1bd0cfd
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_s390.deb
Size/MD5 checksum: 752482 ca8df04a75ef0a814b5cad469b9ad024

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_sparc.deb
Size/MD5 checksum: 68420 1cd0b5cc3fcb62ac0ef639467fba9ebc
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_sparc.deb
Size/MD5 checksum: 364098 95e28187528ecd25b87a6ad7475c056b
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_sparc.deb
Size/MD5 checksum: 699966 8cf12c5209c6ff1d703166a638e5775d


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFDDlMXm3vHE4uyloRAuthAJ9YZbJIK4/ruLghkkoMHynhq7b6zQCgi5Xl
mX6Ivl37xopeoCK7vEPyAk4=
=9zWQ
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |