Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > January 2005 > Nine Debian Security Advisories

January 2005

Nine Debian Security Advisories

ID: 00077
Ref: 64/2005
Date: 27 January 2005:16:03:01
Version: 1
Title: Nine Debian Security Advisories
Abstract:
Vendors affected: Debian
Operating systems affected: Debian
Applications affected: Debian

Title
=====

Nine Debian Security Advisories:

1. Debian Security Advisory DSA 652-1 - unarj

2. Debian Security Advisory DSA 653-1 - ethereal

3. Debian Security Advisory DSA 654-1 - enscript

4. Debian Security Advisory DSA 655-1 - zhcon

5. Debian Security Advisory DSA 656-1 - vdr

6. Debian Security Advisory DSA 657-1 - xine-lib

7. Debian Security Advisory DSA 658-1 - libdbi-perl

8. Debian Security Advisory DSA 659-1 - libpam-radius-auth

9. Debian Security Advisory DSA 660-1 - kdebase

Detail
======

1. Several vulnerabilities have been discovered in unarj, a non-free ARJ
unarchive utility.

2. A buffer overflow has been detected in the X11 dissector of ethereal, a commonly used network traffic analyser. A remote attacker may be able to overflow a buffer using a specially crafted IP packet. More problems have been discovered which don't apply
to the version in woody but are fixed in sid as well.

3. Erik Sjölund has discovered several security relevant problems in enscript, a
program to convert ASCII text into Postscript and other formats.

4. Erik Sjölund discovered that zhcon, a fast console CJK system using the Linux
framebuffer, accesses a user-controlled configuration file with elevated privileges.
Thus, it is possible to read arbitrary files.

5. Javier Fernández-Sanguino Peña from the Debian Security Audit Team has discovered that the
vdr daemon which is used for video disk recorders for DVB cards can overwrite arbitrary files.

6. A heap overflow has been discovered in the DVD subpicture decoder of xine-lib. An attacker could cause arbitrary code to be executed on the victims host by supplying a malicious MPEG. By tricking users to view a malicious network stream, this is remotely exploitable.

7. Javier Fernández-Sanguino Peña from the Debian Security Audit Project discovered that the
DBI library, the Perl5 database interface, creates a tmporary PID file in an insecure manner.
This can be exploited by a malicious user to overwrite arbitrary files owned by the person
executing the parts of the library.

8. Two problems have been discovered in the libpam-radius-auth package, the PAM RADIUS authentication module.

9. Raphaël Enrici discovered that the KDE screensaver can crash under certain local circumstances.
This can be exploited by an attacker with physical access to the workstation to take over the
desktop session.



1.

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 652-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 21st, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : unarj
Vulnerability : several
Problem-Type : local (remote)
Debian-specific: no
CVE ID : CAN-2004-0947 CAN-2004-1027
Debian Bug : 281922

Several vulnerabilities have been discovered in unarj, a non-free ARJ unarchive utility.
The Common Vulnerabilities and Exposures Project identifies the following vulnerabilities:

CAN-2004-0947

A buffer overflow has been discovered when handling long file
names contained in an archive. An attacker could create a
specially crafted archive which could cause unarj to crash or
possibly execute arbitrary code when being extracted by a victim.

CAN-2004-1027

A directory traversal vulnerability has been found so that an
attacker could create a specially crafted archive which would
create files in the parent directory when being extracted by a
victim. When used recursively, this vulnerability could be used
to overwrite critical system files and programs.

For the stable distribution (woody) these problems have been fixed in version 2.43-3woody1.

For the unstable distribution (sid) these problems don't apply since unstable/non-free does not contain the unarj package.

We recommend that you upgrade your unarj package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1.dsc
Size/MD5 checksum: 528 e1d166f2eaf315641d1269a32ad1dc76
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1.diff.gz
Size/MD5 checksum: 12903 4ef4cfad33d05ecc048d63596ab2673c
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43.orig.tar.gz
Size/MD5 checksum: 39620 7a481dc017f1fbfa7f937a97e66eb99f

Alpha architecture:

http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_alpha.deb
Size/MD5 checksum: 29668 08dc91afd3146ccdfaa51d73f8be56e5

ARM architecture:

http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_arm.deb
Size/MD5 checksum: 22784 ed352d363cbeb34ba2268db63a632824

Intel IA-32 architecture:

http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_i386.deb
Size/MD5 checksum: 20690 aa9490bd82bc9aef4f6092d19fa83eaa

Intel IA-64 architecture:

http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_ia64.deb
Size/MD5 checksum: 31072 0b1f0403cfaaf572399fcb60b2549664

HP Precision architecture:

http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_hppa.deb
Size/MD5 checksum: 23888 15a8d6b0b7b565186398c0b8ebe3eb6a

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_m68k.deb
Size/MD5 checksum: 20384 644a6dcc9f566bad384c050bc8b8fb14

PowerPC architecture:

http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_powerpc.deb
Size/MD5 checksum: 23060 5c5a1f0157aa613337f80b439e78456f

IBM S/390 architecture:

http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_s390.deb
Size/MD5 checksum: 22668 97dc977c8217a10d4915ee32db49edd5

Sun Sparc architecture:

http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_sparc.deb
Size/MD5 checksum: 25386 bd2210a978ad30306e3db2ab112c87e8


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/



2.

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 653-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 21st, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : ethereal
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0084

A buffer overflow has been detected in the X11 dissector of ethereal, a commonly used
network traffic analyser. A remote attacker may be able to overflow a buffer using a specially crafted IP packet. More problems have been discovered which don't apply
to the version in woody but are fixed in sid as well.

For the stable distribution (woody) this problem has been fixed in version 0.9.4-1woody11.

For the unstable distribution (sid) this problem has been fixed in version 0.10.9-1.

We recommend that you upgrade your ethereal package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11.dsc
Size/MD5 checksum: 681 8e8bbe73bf65d45446fb7c03dddb41a1
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11.diff.gz
Size/MD5 checksum: 40601 a9a6e17ee6c2e1749ac3d140628c77c6
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
Size/MD5 checksum: 3278908 42e999daa659820ee93aaaa39ea1e9ea

Alpha architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_alpha.deb
Size/MD5 checksum: 1941102 aab1360769a64476ce4113068230c8ad
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_alpha.deb
Size/MD5 checksum: 334424 c3647ca04af3f48b4e24ec6ae2fa6b4d
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_alpha.deb
Size/MD5 checksum: 222460 06e7e8c5713efa6f102bb436c6251e61
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_alpha.deb
Size/MD5 checksum: 1707844 08f64c248a99394a8366ca5b512e096d

ARM architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_arm.deb
Size/MD5 checksum: 1635456 190bd5415abaf62c1cde340605079152
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_arm.deb
Size/MD5 checksum: 297770 6d5ee1df687aeee0e49d4bc27cfab0da
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_arm.deb
Size/MD5 checksum: 206356 fcba9b5be975e62bd5cf8efca338a299
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_arm.deb
Size/MD5 checksum: 1439676 d825f5c16e37f1a5c1a7aaa6ba0798b1

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_i386.deb
Size/MD5 checksum: 1513338 996070722f320a6d6d40652101480ec6
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_i386.deb
Size/MD5 checksum: 286736 69fd768db07ee2ac52b33f3188fdba97
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_i386.deb
Size/MD5 checksum: 198652 50e416b732e5d02d1f8e6bfb5269d1f9
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_i386.deb
Size/MD5 checksum: 1326536 c8415c2297b0bc30a297b3b07e0a1186

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_ia64.deb
Size/MD5 checksum: 2150414 b46cc7da4c46e2a920299cef6d6f1f1c
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_ia64.deb
Size/MD5 checksum: 373372 1b977535a20b449ea7c1b21e09f9493b
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_ia64.deb
Size/MD5 checksum: 234004 e8c69f3f1db9708ceb2e74122e81c168
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_ia64.deb
Size/MD5 checksum: 1861780 6c48358d2c8c892d24ebbc29b020931d

HP Precision architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_hppa.deb
Size/MD5 checksum: 1804712 495491720997b53f60f5b9dbfeabac27
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_hppa.deb
Size/MD5 checksum: 322696 cccbc77685f25eb8aa1a8429e0298dd7
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_hppa.deb
Size/MD5 checksum: 217116 3bcb0ff60d01b12b85d25ee6e277fbe2
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_hppa.deb
Size/MD5 checksum: 1576164 67ecb81ffa522198b999353ce6294b19

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_m68k.deb
Size/MD5 checksum: 1424704 7014155418ca6c1947e71a04ab716b03
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_m68k.deb
Size/MD5 checksum: 282996 c73d8c241771bbe5f89c1e859e436aba
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_m68k.deb
Size/MD5 checksum: 195364 21d07bf8bb05d52dfd45d91c73c656a6
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_m68k.deb
Size/MD5 checksum: 1248922 5cd077cf05e8e14f627a10e44ced739d

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_mips.deb
Size/MD5 checksum: 1617160 41dd4cd8059c472ff109bb002d9b5074
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_mips.deb
Size/MD5 checksum: 305514 855a56f8596f0bb4da7fe0024616d87a
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_mips.deb
Size/MD5 checksum: 213936 8459c58071700c436ea96af9a6fd7901
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_mips.deb
Size/MD5 checksum: 1422110 bdcdf3c021429ccaf8eb95027a48f69e

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_mipsel.deb
Size/MD5 checksum: 1598210 0c60efc6fcdea7d25359ecd88dd8aeff
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_mipsel.deb
Size/MD5 checksum: 304982 63cea39a93b19891ae0bbfaa8c5e0327
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_mipsel.deb
Size/MD5 checksum: 213596 e7d160f30cd5e9360fc90d4ef160dfb6
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_mipsel.deb
Size/MD5 checksum: 1406444 e8f3d141f724da42a16d051c12879efb

PowerPC architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_powerpc.deb
Size/MD5 checksum: 1618676 f3890280569d1b2a7e66c039c0def6b4
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_powerpc.deb
Size/MD5 checksum: 302174 d5c364dcb6039f637005c4ce259bed2c
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_powerpc.deb
Size/MD5 checksum: 209172 ae06ac9e4e976d4fd846b3b222efe911
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_powerpc.deb
Size/MD5 checksum: 1419454 2a6a56b278e0e647cbb7c41881e5aaa0

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_s390.deb
Size/MD5 checksum: 1574786 17c662f34613b6b0fb24e033dd1fc463
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_s390.deb
Size/MD5 checksum: 301014 7f0c78cce38eb8927b708146cb4b8463
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_s390.deb
Size/MD5 checksum: 204250 f85efb4e0c75da840c7b1224292f7005
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_s390.deb
Size/MD5 checksum: 1387552 c4e2e39307ca9b70793e1b8a6dc9a3ee

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_sparc.deb
Size/MD5 checksum: 1583368 199f9efbe4d98e43882bb28d054c8ff6
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_sparc.deb
Size/MD5 checksum: 318282 87d2b4c8298e3e179d89aa3827602011
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_sparc.deb
Size/MD5 checksum: 205026 0c71e4c61947bc0f198de8d66a1892b4
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_sparc.deb
Size/MD5 checksum: 1389390 8327f812bcaee04cf83fc34f8450aacc


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/





3.

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 654-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 21st, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : enscript
Vulnerability : several
Problem-Type : local (remote)
Debian-specific: no
CVE ID : CAN-2004-1184 CAN-2004-1185 CAN-2004-1186

Erik Sjölund has discovered several security relevant problems in enscript, a
program to convert ASCII text into Postscript and other formats. The Common
Vulnerabilities and Exposures project identifies the following vulnerabilities:

CAN-2004-1184

Unsanitised input can cause the execution of arbitrary commands
via EPSF pipe support. This has been disabled, also upstream.

CAN-2004-1185

Due to missing sanitising of filenames it is possible that a
specially crafted filename can cause arbitrary commands to be
executed.

CAN-2004-1186

Multiple buffer overflows can cause the program to crash.

Usually, enscript is only run locally, but since it is executed inside of viewcvs some of the
problems mentioned above can easily be turned into a remote vulnerability.

For the stable distribution (woody) these problems have been fixed in version 1.6.3-1.3.

For the unstable distribution (sid) these problems have been fixed in version 1.6.4-6.

We recommend that you upgrade your enscript package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3.dsc
Size/MD5 checksum: 598 b64a0ab822bd8e613a96cfe534f40cbc
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3.diff.gz
Size/MD5 checksum: 7312 5f39d5caad3a93f874705a10f4a4ae6d
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3.orig.tar.gz
Size/MD5 checksum: 814308 ec717f8b0de7db00a21a21f70d354610

Alpha architecture:

http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_alpha.deb
Size/MD5 checksum: 488176 ef6dc427cf55c77423da2b84c04a291e

ARM architecture:

http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_arm.deb
Size/MD5 checksum: 466220 6443058723684f0c7b7d14d659e909bf

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_i386.deb
Size/MD5 checksum: 458068 1b5dd9325b47b06f6fb0280a74753bdd

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_ia64.deb
Size/MD5 checksum: 506248 5a4bc6e9f0f771b694e65908bc302e64

HP Precision architecture:

http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_hppa.deb
Size/MD5 checksum: 477426 0f2bc8aba5c8f244d6d882c87b01946a

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_m68k.deb
Size/MD5 checksum: 447374 1054d2c3a5f249b2c7167fdd2aec2726

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_mips.deb
Size/MD5 checksum: 470862 996def7fa0ca46edac520083d5d22e39

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_mipsel.deb
Size/MD5 checksum: 470122 1f886d9ab7df6d9e3b4aafe6840676f8

PowerPC architecture:

http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_powerpc.deb
Size/MD5 checksum: 466374 a08bf7e3d47b5ed94cf436439d21922b

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_s390.deb
Size/MD5 checksum: 460778 a2f4b67a5c7af46eba735b44ccea7de1

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_sparc.deb
Size/MD5 checksum: 465822 a8da2cae1003ca40e4e8b6c81137fb63


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/




4.

ESB-2005.0085 -- Debian Security Advisory DSA 655-1
New zhcon packages fix unauthorised file access
27 January 2005


Product: zhcon
Publisher: Debian
Operating System: Debian GNU/Linux 3.0
Linux variants
Impact: Access Confidential Data
Access: Existing Account
CVE Names: CAN-2005-0072

Original Bulletin: http://www.debian.org/security/2005/dsa-655

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - --------------------------------------------------------------------------
Debian Security Advisory DSA 655-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 25th, 2005 http://www.debian.org/security/faq
- - - --------------------------------------------------------------------------

Package : zhcon
Vulnerability : missing privilege release
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0072

Erik Sjölund discovered that zhcon, a fast console CJK system using the Linux framebuffer, accesses a user-controlled configuration file with elevated privileges. Thus, it is possible to read arbitrary files.

For the stable distribution (woody) this problem has been fixed in version 0.2-4woody3.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your zhcon package.


Upgrade Instructions
- - - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3.dsc
Size/MD5 checksum: 571 cef550eb0e12c8841fb19dec63b57c18
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3.diff.gz
Size/MD5 checksum: 18162 5757142ee30a5d3e990180a44bfbf8cd
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2.orig.tar.gz
Size/MD5 checksum: 4727022 7a15d08e903c0d40f1f659b23185c4c0

Alpha architecture:

http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_alpha.deb
Size/MD5 checksum: 4577314 574567f7d5ff0c730d7c8403da284d62

ARM architecture:

http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_arm.deb
Size/MD5 checksum: 4566364 e9cc7274596bd612b85b832945d4fedc

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_i386.deb
Size/MD5 checksum: 4549436 adcaa080b69de7c3d7de5d5c58bd2ee6

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_ia64.deb
Size/MD5 checksum: 4594976 ff8e34b0df2d5548918698972ae71ac4

HP Precision architecture:

http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_hppa.deb
Size/MD5 checksum: 4590474 68576eb8887b9bda98afc3548704d491

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_m68k.deb
Size/MD5 checksum: 4545894 419dcce4d28053e9527888f064dd9a9d

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_mips.deb
Size/MD5 checksum: 4557002 70955d5fd0205214a4add453ebda3c9c

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_mipsel.deb
Size/MD5 checksum: 4555974 81e127f1ebecb1519ccc08472909a6cc

PowerPC architecture:

http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_powerpc.deb
Size/MD5 checksum: 4548730 7d99eb0b961e83cf9067355c39ba656b

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_s390.deb
Size/MD5 checksum: 4544774 172e282c5c27a5d12a2e3b709b7e89c2

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_sparc.deb
Size/MD5 checksum: 4546018 f6d5b53efb642de658498c091884ff7e


These files will probably be moved into the stable distribution on
its next update.

- - - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/




5.

ESB-2005.0086 -- Debian Security Advisory DSA 656-1
New vdr packages fix insecure file access
27 January 2005


Product: vdr
Publisher: Debian
Operating System: Debian GNU/Linux 3.0
Linux variants
Impact: Overwrite Arbitrary Files
Access: Existing Account
CVE Names: CAN-2005-0071

Original Bulletin: http://www.debian.org/security/2005/dsa-656

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - --------------------------------------------------------------------------
Debian Security Advisory DSA 656-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 25th, 2005 http://www.debian.org/security/faq
- - - --------------------------------------------------------------------------

Package : vdr
Vulnerability : insecure file access
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0071

Javier Fernández-Sanguino Peña from the Debian Security Audit Team has discovered that the
vdr daemon which is used for video disk recorders for DVB cards can overwrite arbitrary files.

For the stable distribution (woody) this problem has been fixed in version 1.0.0-1woody2.

For the unstable distribution (sid) this problem has been fixed in version 1.2.6-6.

We recommend that you upgrade your vdr package.


Upgrade Instructions
- - - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/v/vdr/vdr_1.0.0-1woody2.dsc
Size/MD5 checksum: 580 b948b3b68a18e5f909dd9479a9841f8a
http://security.debian.org/pool/updates/main/v/vdr/vdr_1.0.0-1woody2.tar.gz
Size/MD5 checksum: 431964 3e2a7e792b21258a56bfb54ff7aee702

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/v/vdr/vdr_1.0.0-1woody2_i386.deb
Size/MD5 checksum: 68802 a881e0f34fdf75cbb9444221412f29e3
http://security.debian.org/pool/updates/main/v/vdr/vdr-daemon_1.0.0-1woody2_i386.deb
Size/MD5 checksum: 151954 a43a1eba9ed48ca81f4953cc2bb17236
http://security.debian.org/pool/updates/main/v/vdr/vdr-kbd_1.0.0-1woody2_i386.deb
Size/MD5 checksum: 152562 37f7d263a57337e6a5087944e15e9f46
http://security.debian.org/pool/updates/main/v/vdr/vdr-lirc_1.0.0-1woody2_i386.deb
Size/MD5 checksum: 153020 1b08452b0cb57abe74024521fbca4c32
http://security.debian.org/pool/updates/main/v/vdr/vdr-rcu_1.0.0-1woody2_i386.deb
Size/MD5 checksum: 154642 b0f7570129a1cd8c0594258750207cba


These files will probably be moved into the stable distribution on
its next update.

- - - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/




6.
ESB-2005.0087 -- Debian Security Advisory DSA 657-1
New xine-lib packages fix arbitrary code execution
27 January 2005

Product: xine-lib
Publisher: Debian
Operating System: Debian GNU/Linux 3.0
Linux variants
UNIX variants
Impact: Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated
CVE Names: CAN-2004-1379

Original Bulletin: http://www.debian.org/security/2005/dsa-657

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - --------------------------------------------------------------------------
Debian Security Advisory DSA 657-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 25th, 2005 http://www.debian.org/security/faq
- - - --------------------------------------------------------------------------

Package : xine-lib
Vulnerability : buffer overflow
Problem-Type : local (remote)
Debian-specific: no
CVE ID : CAN-2004-1379
BugTraq ID : 11205

A heap overflow has been discovered in the DVD subpicture decoder of xine-lib. An attacker could cause arbitrary code to be executed on the victims host by supplying a malicious MPEG.
By tricking users to view a malicious network stream, this is remotely exploitable.

For the stable distribution (woody) this problem has been fixed in version 0.9.8-2woody2.

For the unstable distribution (sid) this problem has been fixed in version 1-rc6a-1.

We recommend that you upgrade your libxine packages.


Upgrade Instructions
- - - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8-2woody3.dsc
Size/MD5 checksum: 760 fdead2b906645e98cd98482da245f9fe
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8-2woody3.diff.gz
Size/MD5 checksum: 1432 d1228b2ea29024dc31d7e73716e430b8
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8.orig.tar.gz
Size/MD5 checksum: 1766178 d8fc9b30e15b50af8ab7552bbda7aeda

Alpha architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_alpha.deb
Size/MD5 checksum: 260790 35b1fcb3d630159bffba57cd03ee7198
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_alpha.deb
Size/MD5 checksum: 815898 5b969f8b91cd217a62fbe1206e0dae22

ARM architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_arm.deb
Size/MD5 checksum: 302736 503e7f984fcdc022730ae84bda3d7893
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_arm.deb
Size/MD5 checksum: 671030 3ca1bdc2e19e8547593ec227457bf934

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_i386.deb
Size/MD5 checksum: 261202 4fa616c95b299f01eb6c4d3984696a97
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_i386.deb
Size/MD5 checksum: 807774 2880560bd06ebf751184bd8cb0345974

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_ia64.deb
Size/MD5 checksum: 260670 474f66c0a7ffdd1f1728ca22a05556f3
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_ia64.deb
Size/MD5 checksum: 953146 001f5e510918a2b1cb52e2d560094224

HP Precision architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_hppa.deb
Size/MD5 checksum: 260840 af3ab8871f26ec99c2e5a4c67821415c
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_hppa.deb
Size/MD5 checksum: 846422 cf09d101cec9e33e4074e6d9e5e7868a

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_m68k.deb
Size/MD5 checksum: 292502 ba71fa3ee20e67e92e4ecfab2028f12b
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_m68k.deb
Size/MD5 checksum: 617432 68fd34079a32e9881f095c7ccc458822

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_mips.deb
Size/MD5 checksum: 299528 feca6217a5df51fe46d1e5185a36c0f4
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_mips.deb
Size/MD5 checksum: 652674 80f688f5856c786f2432619491ac5b56

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_mipsel.deb
Size/MD5 checksum: 299564 5c2165f1adad2172acfddb42b2be92d1
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_mipsel.deb
Size/MD5 checksum: 654450 4937401c8ea1d16ebfabf83b9321cc4e

PowerPC architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_powerpc.deb
Size/MD5 checksum: 261054 9345084069863c90f69d17d4cd55e31d
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_powerpc.deb
Size/MD5 checksum: 742158 7fd5ef486125947c8418ca95b803df8f

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_s390.deb
Size/MD5 checksum: 302236 c539ecfcf4a0dfd19b4637fc93f558b9
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_s390.deb
Size/MD5 checksum: 662496 2d6aede160abfc88f5cf5e7f2e19014a

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_sparc.deb
Size/MD5 checksum: 260942 db51371b3aad43f02fead312971c8150
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_sparc.deb
Size/MD5 checksum: 807478 2f4c13dab590a77d3f57aa923617bc8c


These files will probably be moved into the stable distribution on
its next update.

- - - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/




7.

ESB-2005.0088 -- Debian Security Advisory DSA 658-1
New libdbi-perl packages fix insecure temporary file
27 January 2005


Product: libdbi-perl
Publisher: Debian
Operating System: Debian GNU/Linux 3.0
Linux variants
UNIX variants
Impact: Overwrite Arbitrary Files
Access: Existing Account
CVE Names: CAN-2005-0077

Original Bulletin: http://www.debian.org/security/2005/dsa-658

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - --------------------------------------------------------------------------
Debian Security Advisory DSA 658-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 25th, 2005 http://www.debian.org/security/faq
- - - --------------------------------------------------------------------------

Package : libdbi-perl
Vulnerability : insecure temporary file
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0077

Javier Fernández-Sanguino Peña from the Debian Security Audit Project discovered that the
DBI library, the Perl5 database interface, creates a tmporary PID file in an insecure manner.
This can be exploited by a malicious user to overwrite arbitrary files owned by the person
executing the parts of the library.

For the stable distribution (woody) this problem has been fixed in version 1.21-2woody2.

For the unstable distribution (sid) this problem has been fixed in version 1.46-6.

We recommend that you upgrade your libdbi-perl package.


Upgrade Instructions
- - - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-perl_1.21-2woody2.dsc
Size/MD5 checksum: 587 778cd2081c6c996e962e5ccd6100b1e8
http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-perl_1.21-2woody2.diff.gz
Size/MD5 checksum: 12117 b96cca05e51fcab8c6ca55c00644d3fd
http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-perl_1.21.orig.tar.gz
Size/MD5 checksum: 208384 c781eee2559de5e4a72e28a8120cb1d9

Alpha architecture:

http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-perl_1.21-2woody2_alpha.deb
Size/MD5 checksum: 345058 014d047dbb24fd94d1a1437244644cd8

ARM architecture:

http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-perl_1.21-2woody2_arm.deb
Size/MD5 checksum: 342540 896f3fe01eb1702df395c8f4ea3b6877

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-perl_1.21-2woody2_i386.deb
Size/MD5 checksum: 337802 82348c4c37c6636b85b5fa18d5e00f66

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-perl_1.21-2woody2_ia64.deb
Size/MD5 checksum: 356854 b800c42bcdbd3fef74ab630f1a066682

HP Precision architecture:

http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-perl_1.21-2woody2_hppa.deb
Size/MD5 checksum: 345808 5cebb7436af6e22050de51ea895a62ed

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-perl_1.21-2woody2_m68k.deb
Size/MD5 checksum: 338592 202c8161fcdb618b6fbe236499d560af

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-perl_1.21-2woody2_mips.deb
Size/MD5 checksum: 338102 3689ef5cf728e7108206cd9140f682bc

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-perl_1.21-2woody2_mipsel.deb
Size/MD5 checksum: 338494 bd6f8206898feb05d613f06e30b78e5b

PowerPC architecture:

http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-perl_1.21-2woody2_powerpc.deb
Size/MD5 checksum: 342782 dd2b2637b3c15d472c5053c586a99e1d

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-perl_1.21-2woody2_s390.deb
Size/MD5 checksum: 340908 274999cd7e3758367fef5f39fa44e888

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-perl_1.21-2woody2_sparc.deb
Size/MD5 checksum: 344732 5bf3bb91f4a0de5af59d6a2a7d70cecf


These files will probably be moved into the stable distribution on
its next update.

- - - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/



8.

ESB-2005.0089 -- Debian Security Advisory DSA 659-1
New libpam-radius-auth packages fix several vulnerabilities
27 January 2005


Product: libpam-radius-auth
Publisher: Debian
Operating System: Debian GNU/Linux 3.0
Linux variants
Impact: Access Confidential Data
Denial of Service
Access: Existing Account
Remote/Unauthenticated
CVE Names: CAN-2005-0108 CAN-2004-1340

Original Bulletin: http://www.debian.org/security/2005/dsa-659

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - --------------------------------------------------------------------------
Debian Security Advisory DSA 659-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 26th, 2005 http://www.debian.org/security/faq
- - - --------------------------------------------------------------------------

Package : libpam-radius-auth
Vulnerability : information leak, integer underflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1340 CAN-2005-0108

Two problems have been discovered in the libpam-radius-auth package, the PAM RADIUS authentication module. The Common Vulnerabilities and Exposures Project identifies the following problems:

CAN-2004-1340

The Debian package accidently installed its configuration file
/etc/pam_radius_auth.conf world-readable. Since it may possibly
contain secrets all local users are able to read them if the
administrator hasn't adjusted file permissions. This problem is
Debian specific.

CAN-2005-0108

Leon Juranic discoverd an integer underflow in the mod_auth_radius
module for Apache which is also present in libpam-radius-auth.

For the stable distribution (woody) these problems have been fixed in version 1.3.14-1.3.

For the unstable distribution (sid) these problems have been fixed in version 1.3.16-3.

We recommend that you upgrade your libpam-radius-auth package.


Upgrade Instructions
- - - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/libpam-radius-auth_1.3.14-1.3.dsc
Size/MD5 checksum: 633 685f1323a3b5848ccb548fe383c2647d
http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/libpam-radius-auth_1.3.14-1.3.diff.gz
Size/MD5 checksum: 4339 cdbeaff45c0477e017bb2926d72e258f
http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/libpam-radius-auth_1.3.14.orig.tar.gz
Size/MD5 checksum: 24709 3952a5de3ac960d03e437951f42e67e2

Alpha architecture:

http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/libpam-radius-auth_1.3.14-1.3_alpha.deb
Size/MD5 checksum: 21606 a6ba05a3d785212a9b65720f29254988

ARM architecture:

http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/libpam-radius-auth_1.3.14-1.3_arm.deb
Size/MD5 checksum: 19220 393e12c5b12e19b4f85f9efd2daa10cb

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/libpam-radius-auth_1.3.14-1.3_i386.deb
Size/MD5 checksum: 17496 183e9f999e643aeb407898c8aac3f7d4

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/libpam-radius-auth_1.3.14-1.3_ia64.deb
Size/MD5 checksum: 24672 d595102f5f85b8b1c403bf9fa5cceab7

HP Precision architecture:

http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/libpam-radius-auth_1.3.14-1.3_hppa.deb
Size/MD5 checksum: 20238 f88620aba0ce73be9978d5e069af6391

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/libpam-radius-auth_1.3.14-1.3_m68k.deb
Size/MD5 checksum: 17140 4409cb32e00171b001a99a9c8a690679

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/libpam-radius-auth_1.3.14-1.3_mips.deb
Size/MD5 checksum: 18090 916e4b25e48fd01d6bdc2509d8089505

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/libpam-radius-auth_1.3.14-1.3_mipsel.deb
Size/MD5 checksum: 18310 1b20887306ee88f954aa159afb13889e

PowerPC architecture:

http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/libpam-radius-auth_1.3.14-1.3_powerpc.deb
Size/MD5 checksum: 18394 29467c53c34a3f8745e640969e337a51

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/libpam-radius-auth_1.3.14-1.3_s390.deb
Size/MD5 checksum: 18690 2c2ea4437da4b44b14c65fffedc11673

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/libpam-radius-auth_1.3.14-1.3_sparc.deb
Size/MD5 checksum: 18328 b39b7c1da80afa286c979e37b74c846e


These files will probably be moved into the stable distribution on
its next update.

- - - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/




9.

ESB-2005.0090 -- Debian Security Advisory DSA 660-1
New kdebase packages fix authentication bypass
27 January 2005


Product: kdebase
Publisher: Debian
Operating System: Debian GNU/Linux 3.0
Linux variants
UNIX variants
Impact: Inappropriate Access
Access: Console/Physical
CVE Names: CAN-2005-0078

Original Bulletin: http://www.debian.org/security/2005/dsa-660

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - --------------------------------------------------------------------------
Debian Security Advisory DSA 660-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 26th, 2005 http://www.debian.org/security/faq
- - - --------------------------------------------------------------------------

Package : kdebse
Vulnerability : missing return value check
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0078

Raphaël Enrici discovered that the KDE screensaver can crash under certain local circumstances.
This can be exploited by an attacker with physical access to the workstation to take over the
desktop session.

For the stable distribution (woody) this problem has been fixed in version 2.2.2-14.9.

This problem has been fixed upstream in KDE 3.0.5 and is therefore fixed in the unstable (sid)
and testing (sarge) distributions already.

We recommend that you upgrade your kscreensaver package.


Upgrade Instructions
- - - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.9.dsc
Size/MD5 checksum: 1155 dfe0d609c615fe8b7935892ccd0dab4e
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.9.diff.gz
Size/MD5 checksum: 73052 abcc2cbac602c1c557fad0816e970db5
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2.orig.tar.gz
Size/MD5 checksum: 13035693 3c17b6821bbd05c7e04682c70cb7de8a

Architecture independent components:

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-doc_2.2.2-14.9_all.deb
Size/MD5 checksum: 3140996 17745ec3c454d65516d6e19af77ba080
http://security.debian.org/pool/updates/main/k/kdebase/kdewallpapers_2.2.2-14.9_all.deb
Size/MD5 checksum: 962194 a6e045e59fb5f5d409eef6f91cafda37

Alpha architecture:

http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.9_alpha.deb
Size/MD5 checksum: 488956 cebb2cb36c834c6693cad6ff9214cf15
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.9_alpha.deb
Size/MD5 checksum: 6991454 4c054e1747b10c4465f6430c3329eb13
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.9_alpha.deb
Size/MD5 checksum: 108078 1103e988ce6817b8f7085ed7bf57f7d7
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.9_alpha.deb
Size/MD5 checksum: 49514 0a60e5d0b2ce1f848d82ef20c5167691
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.9_alpha.deb
Size/MD5 checksum: 1988950 d75b23f2b08b1611a6947c26044ce641
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.9_alpha.deb
Size/MD5 checksum: 436126 b39964dfd1a9090c8fef9265829d9e57
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.9_alpha.deb
Size/MD5 checksum: 2229054 6e57e8b0639bb780707c1a4e747d5cf6
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.9_alpha.deb
Size/MD5 checksum: 538632 39ee4795e5ab89cf52704fd4c2db06fa
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.9_alpha.deb
Size/MD5 checksum: 482956 4482d999c2981e95db3a3d47f4444f96
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.9_alpha.deb
Size/MD5 checksum: 46042 8d894c8f9f1c376f5a5300a94fe9b04b
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.9_alpha.deb
Size/MD5 checksum: 270520 1a6e146175770e64d965ffd031abd519

ARM architecture:

http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.9_arm.deb
Size/MD5 checksum: 418864 e203c7a41042168e7ec089cc08fcdce9
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.9_arm.deb
Size/MD5 checksum: 6520888 09ba2542f77611bbc392185a34b6a235
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.9_arm.deb
Size/MD5 checksum: 86506 40f71a0729f46cc49c1b014d5e5e9f35
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.9_arm.deb
Size/MD5 checksum: 48612 afe2715d9a3eee6a20a8ac5bd200172e
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.9_arm.deb
Size/MD5 checksum: 1680906 c0530300b569a5a37d722f681c0701d5
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.9_arm.deb
Size/MD5 checksum: 390882 cdef2636462f0b210de63271b4c4f771
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.9_arm.deb
Size/MD5 checksum: 1926580 76e6578bc030bd975b1a6795b3957a5d
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.9_arm.deb
Size/MD5 checksum: 457596 ec72c3fbb862b4658365f7e1a3c879a3
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.9_arm.deb
Size/MD5 checksum: 375628 72ef3fa402a0a7431df669a88d97def4
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.9_arm.deb
Size/MD5 checksum: 46046 33ce8b120a20172ebdbaf87c87592169
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.9_arm.deb
Size/MD5 checksum: 216052 e6f3a3b8241e0db05f55c8415e510ecb

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.9_i386.deb
Size/MD5 checksum: 407970 0b38c2916480159a70f4099b75053cf4
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.9_i386.deb
Size/MD5 checksum: 6486276 ad3dadbc95b46598105de11f7e740a7a
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.9_i386.deb
Size/MD5 checksum: 84028 b9aa9ee1f7f57d6e9e122a2c28192d6f
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.9_i386.deb
Size/MD5 checksum: 47816 036e86f41c43ec6f2ec65ebe77f8d758
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.9_i386.deb
Size/MD5 checksum: 1653012 5b195fdbb260cb9dd909cd7d440e65d9
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.9_i386.deb
Size/MD5 checksum: 395818 0ba48e2582510942777b42b9c961d0c0
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.9_i386.deb
Size/MD5 checksum: 1929328 b31b3b160c849141cc1bd1a78e3c6c55
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.9_i386.deb
Size/MD5 checksum: 459074 69e1a604af6da9f2a066db19024faf43
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.9_i386.deb
Size/MD5 checksum: 396370 10708fe013b78828a1a99fb3d97838db
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.9_i386.deb
Size/MD5 checksum: 46048 bbad375447a928a1a139a4904a861de8
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.9_i386.deb
Size/MD5 checksum: 221032 c78e8eae29e20bad3e41658ad78787eb

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.9_ia64.deb
Size/MD5 checksum: 611890 5a0c52e8b157dbd2e64b9389a1b03950
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.9_ia64.deb
Size/MD5 checksum: 7541710 448f5fa9121adaa13ce78c0d686fa76a
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.9_ia64.deb
Size/MD5 checksum: 120072 220e21286d13a231a678d52800c7362e
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.9_ia64.deb
Size/MD5 checksum: 52250 842516a87bc2ab2a7e4025841c8ecb3d
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.9_ia64.deb
Size/MD5 checksum: 2465710 732bd2c1c5d39d404c2a14443314e440
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.9_ia64.deb
Size/MD5 checksum: 538810 62b9975f93d1b1d749234999b315afbf
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.9_ia64.deb
Size/MD5 checksum: 2490004 1cf73d089139a55dcb25598cc947aa17
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.9_ia64.deb
Size/MD5 checksum: 598614 b600efadf0f8cb66fe826640ada3fe8b
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.9_ia64.deb
Size/MD5 checksum: 551750 8a55a06301a84473009226cb5976042e
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.9_ia64.deb
Size/MD5 checksum: 46036 f9681cb495e56a3224f8bca6d9d68b0a
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.9_ia64.deb
Size/MD5 checksum: 347646 ef3d8d7209c297c995a3f7b042d747be

HP Precision architecture:

http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.9_hppa.deb
Size/MD5 checksum: 514094 2eb07e6acd45bb7847807a69f1c2c6d6
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.9_hppa.deb
Size/MD5 checksum: 6986014 ed12ea654a6d000bce9def3696c27fb4
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.9_hppa.deb
Size/MD5 checksum: 106130 f51a4108d6101e52db2455dbc646ffba
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.9_hppa.deb
Size/MD5 checksum: 49686 887499fa02280212867459c77c80ed63
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.9_hppa.deb
Size/MD5 checksum: 2085756 548a99abdf666883f8aa9cf49061cb17
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.9_hppa.deb
Size/MD5 checksum: 445852 fded136e5ddb52ab29cafd7d69e55d7e
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.9_hppa.deb
Size/MD5 checksum: 2190354 35757070838eb023fc43f6baf9a201a9
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.9_hppa.deb
Size/MD5 checksum: 517774 eead16edc06d70e083a2e06a9a539459
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.9_hppa.deb
Size/MD5 checksum: 456948 c408303889ceda15ff248eaeb0d1e61d
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.9_hppa.deb
Size/MD5 checksum: 46040 20e7c3be70470cf60093da3b73b1067d
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.9_hppa.deb
Size/MD5 checksum: 260306 437312542ffb7486c18d97bc9f1fe48b

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.9_m68k.deb
Size/MD5 checksum: 403884 7844857493ec07c68f1a9f568d9cddb4
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.9_m68k.deb
Size/MD5 checksum: 6472796 ac6f1697ec714ab8f11ad2cbed1352a0
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.9_m68k.deb
Size/MD5 checksum: 84792 c322d9cb2ff703cde4415fc97c2b6c72
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.9_m68k.deb
Size/MD5 checksum: 47580 2f7b713e25132a6c8c0018572ee192c9
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.9_m68k.deb
Size/MD5 checksum: 1633348 fdd16124da1626012ae6b52000acf20c
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.9_m68k.deb
Size/MD5 checksum: 381482 7ffef06bb41a5c38d6a1dce88f8635b5
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.9_m68k.deb
Size/MD5 checksum: 1915896 60a42a0b6d2323c35a490534640acbd2
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.9_m68k.deb
Size/MD5 checksum: 458218 6b2ef323d7faaed0cb06cd9d13656436
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.9_m68k.deb
Size/MD5 checksum: 394510 6e442e47b60fcce94af235e51c40bdda
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.9_m68k.deb
Size/MD5 checksum: 46044 52ae57a7c907641c2b59320fb63bfc20
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.9_m68k.deb
Size/MD5 checksum: 212060 0a4be5dfc31ae0e3deeb8d110b9ce859

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.9_mips.deb
Size/MD5 checksum: 413590 9dc1fe8f2522d18766b9d24ef6545f79
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.9_mips.deb
Size/MD5 checksum: 6476868 1ccdb4b6e924c6df6c7b03d5e325ac5e
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.9_mips.deb
Size/MD5 checksum: 81234 e916912d6d4d9b67fbb30e31029e5f4a
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.9_mips.deb
Size/MD5 checksum: 49570 87614b6d2b7ea08ae1ffbfab2a4251b6
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.9_mips.deb
Size/MD5 checksum: 1531226 d399256ffcd12ab9928a83da0885fe72
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.9_mips.deb
Size/MD5 checksum: 381466 2aebf97b0c92505105dc2865dce3766f
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.9_mips.deb
Size/MD5 checksum: 1884966 9ff5812fab1142811f4f92143f4ddcbd
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.9_mips.deb
Size/MD5 checksum: 477618 376a2f114ddd58f04ae646197f045c58
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.9_mips.deb
Size/MD5 checksum: 420094 8323871f3474733b911379b5a96378bf
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.9_mips.deb
Size/MD5 checksum: 46046 3e0327aee72d00aa42dea64c358c397b
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.9_mips.deb
Size/MD5 checksum: 206052 42ab931bcf3ddd9dc4d85d167ea62438

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.9_mipsel.deb
Size/MD5 checksum: 408664 b3099a63b4094579c91b410b49d83529
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.9_mipsel.deb
Size/MD5 checksum: 6448420 e14dd39e3da6f208c981e954e5751351
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.9_mipsel.deb
Size/MD5 checksum: 80674 33fc4fb06df59e03876c8ffad32c95ae
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.9_mipsel.deb
Size/MD5 checksum: 49652 f60498f2dfc73ebb17fa09c42a1f7087
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.9_mipsel.deb
Size/MD5 checksum: 1513044 64899a5cff5d59b741dc0cf4ff7eddf4
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.9_mipsel.deb
Size/MD5 checksum: 379328 7e9192a349f3010dd507767585c0a94b
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.9_mipsel.deb
Size/MD5 checksum: 1869748 e4f2e9974392c55b860a96f0bd4a6515
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.9_mipsel.deb
Size/MD5 checksum: 474078 0e8f84272c164dd4dd9cfc70095affd7
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.9_mipsel.deb
Size/MD5 checksum: 416880 5dab7aa13a7b63a8fdcecb06c8224979
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.9_mipsel.deb
Size/MD5 checksum: 46046 862b384dd78394336a4bd90677041c65
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.9_mipsel.deb
Size/MD5 checksum: 203500 77b9625085171d0f3ffc5450e3f3fe5a

PowerPC architecture:

http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.9_powerpc.deb
Size/MD5 checksum: 424568 0e7724795fff69713e61737304b011a6
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.9_powerpc.deb
Size/MD5 checksum: 6494884 994a68ccf381bc560acb7784c7bd19d6
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.9_powerpc.deb
Size/MD5 checksum: 85654 842951482e03727551878eb312b0af67
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.9_powerpc.deb
Size/MD5 checksum: 48680 38da3b9cadde36be3c9078118e595726
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.9_powerpc.deb
Size/MD5 checksum: 1665002 79175104f5b11fc1bbf6a2e4ae22c272
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.9_powerpc.deb
Size/MD5 checksum: 388384 0118926ee6cc39f61fb4cfd38f036f48
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.9_powerpc.deb
Size/MD5 checksum: 1931522 731ffdb85e956700a562c44f3f4d3f34
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.9_powerpc.deb
Size/MD5 checksum: 459866 2fdf70f483bb56ed5b40b3993b8ce6fe
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.9_powerpc.deb
Size/MD5 checksum: 369616 e5f1c98b98b99cc2c307e3279dfd7df1
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.9_powerpc.deb
Size/MD5 checksum: 46042 90a9717d835ce257756bef07eb84bca0
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.9_powerpc.deb
Size/MD5 checksum: 220524 258f7ef196999c48f9586b60894fc27c

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.9_s390.deb
Size/MD5 checksum: 434620 2644f6e7392eaeb1e909262e9b25a50b
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.9_s390.deb
Size/MD5 checksum: 6577338 dfd793aff448e4c8a332330a9f0d5f14
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.9_s390.deb
Size/MD5 checksum: 85472 83a87d726b05c070cbdf27f439817724
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.9_s390.deb
Size/MD5 checksum: 48134 440ed2d3d0abc0c15ebad8a1099095b4
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.9_s390.deb
Size/MD5 checksum: 1699114 3d8dedbe000116f6089d4d37c1ce980e
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.9_s390.deb
Size/MD5 checksum: 392128 c4f42f7ddd5c24e48d83ff3b34a010f4
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.9_s390.deb
Size/MD5 checksum: 1977992 f7cceb9e9309bc01ae761dc4bd83f63b
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.9_s390.deb
Size/MD5 checksum: 478626 75754353588d0f2bbf7f6f8993432ef3
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.9_s390.deb
Size/MD5 checksum: 428768 e9cf91a0766f9c3aeefbe227f4f8c061
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.9_s390.deb
Size/MD5 checksum: 46040 95ab5d3a3006bd1f21c4c273f4bfddc8
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.9_s390.deb
Size/MD5 checksum: 227590 4ab5593c6f62bcaecde3b0f8275f4a72

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.9_sparc.deb
Size/MD5 checksum: 427276 c01793500f0644abee85f7bab876b4d2
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.9_sparc.deb
Size/MD5 checksum: 6528768 3c3068f375072560a5f4203980f560f5
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.9_sparc.deb
Size/MD5 checksum: 86702 ebcfd07aab1a5e98f2f21c294b9acec2
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.9_sparc.deb
Size/MD5 checksum: 48042 19d9d7d96bf6964117af204eb52dbec8
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.9_sparc.deb
Size/MD5 checksum: 1671584 e3cb6241c21ad30e34a668140d582dc4
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.9_sparc.deb
Size/MD5 checksum: 390762 f6b891cea82726586a0551bfb08688de
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.9_sparc.deb
Size/MD5 checksum: 1939998 4b66439b38ab03d4882b9651523f46ab
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.9_sparc.deb
Size/MD5 checksum: 468830 f4d49ea7fa19782987bf7ad3048e1556
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.9_sparc.deb
Size/MD5 checksum: 391342 2fbd92a134367967f5af6d74b54d67d1
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.9_sparc.deb
Size/MD5 checksum: 46038 a31928bb3ae42311d8c12a7a4d857cbc
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.9_sparc.deb
Size/MD5 checksum: 219372 cd51b55bd951624d5336fc56d0befdf8


These files will probably be moved into the stable distribution on
its next update.

- - - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

______________________________
This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email


- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by
telephone or Not Protectively Marked information may be sent via
EMail to: uniras@niscc.gov.uk

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Debian for the information
contained in this Briefing.
- ----------------------------------------------------------------------------------


  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |