[guru] Debian biztonsagi frissitesek
DATE: Fri, 14 Jul 2006 21:30:08 +0200
Debian is kiadta a ppp (winbind plugin setuid() függvény ellenőrzési hiba),
GnuPG (nagy ID-k okozta buffer overflow) és mutt (IMAP backend felől
crash-elhető volt) csomagok javítását.
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1106-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
July 10th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : ppp
Vulnerability : programming error
Problem type : local
Debian-specific: no
CVE ID : CVE-2006-2194
Marcus Meissner discovered that the winbind plugin in pppd does not
check whether a setuid() call has been successful when trying to drop
privileges, which may fail with some PAM configurations.
The old stable distribution (woody) is not affected by this problem.
For the stable distribution (sarge) this problem has been fixed in
version 2.4.3-20050321+2sarge1.
For the unstable distribution (sid) this problem has been fixed in
version 2.4.4rel-1.
We recommend that you upgrade your ppp package.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3-20050321+2sarge1.dsc
Size/MD5 checksum: 633 1b8f1f8da7cf7b56c2c6e13e2072167d
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3-20050321+2sarge1.diff.gz
Size/MD5 checksum: 83359 1fd6996f800c3d323b159ca5ab587712
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3.orig.tar.gz
Size/MD5 checksum: 697459 0537b03fb51cbb847290abdbb765cb93
Architecture independent components:
http://security.debian.org/pool/updates/main/p/ppp/ppp-dev_2.4.3-20050321+2sarge1_all.deb
Size/MD5 checksum: 32072 77bab82e596987e60908f19c27bceeb6
Alpha architecture:
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3-20050321+2sarge1_alpha.deb
Size/MD5 checksum: 393308 5f90be499af49912e7074c26979037db
AMD64 architecture:
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3-20050321+2sarge1_amd64.deb
Size/MD5 checksum: 346172 ae546c9f5f4f0bc2fdebab8858c93731
ARM architecture:
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3-20050321+2sarge1_arm.deb
Size/MD5 checksum: 326134 aab781148123790027eb4bf114cc8df9
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3-20050321+2sarge1_i386.deb
Size/MD5 checksum: 324274 759537119b8680ed4e27ae09a52a65aa
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3-20050321+2sarge1_ia64.deb
Size/MD5 checksum: 437432 8a0acb4779046622af9c27a6307fa305
HP Precision architecture:
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3-20050321+2sarge1_hppa.deb
Size/MD5 checksum: 357572 5c415d1e9a6e31fdb01b2eb7f8f1065f
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3-20050321+2sarge1_m68k.deb
Size/MD5 checksum: 305432 4e7f194f247899a3d20280eca53e41ba
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3-20050321+2sarge1_mips.deb
Size/MD5 checksum: 348852 aca3c70a1be8c013a48e6d939ebe036a
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3-20050321+2sarge1_mipsel.deb
Size/MD5 checksum: 351084 7cd743087a4155ff0d9e8085cbee7dbf
PowerPC architecture:
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3-20050321+2sarge1_powerpc.deb
Size/MD5 checksum: 351188 60f69689787965812f891df34371600a
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3-20050321+2sarge1_s390.deb
Size/MD5 checksum: 343302 65648a90f1ab9abb71121ceeb9bb98a5
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3-20050321+2sarge1_sparc.deb
Size/MD5 checksum: 329684 1df0e5a6621da5344bdb91a1fd4eef3e
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEsfHjW5ql+IAeqTIRAkTfAKCLnv7ChQkOQEADsnOb2DN62EYSPACfQuEe
tlTFWEenK/Md71yip8pQWEA=
=Rb17
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1107-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
July 10th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : gnupg
Vulnerability : integer overflow
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2006-3082
Evgeny Legerov discovered that gnupg, the GNU privacy guard, a free
PGP replacement contains an integer overflow that can cause a
segmentation fault and possibly overwrite memory via a large user ID
strings.
For the old stable distribution (woody) this problem has been fixed in
version 1.0.6-4woody6.
For the stable distribution (sarge) this problem has been fixed in
version 1.4.1-1.sarge4.
For the unstable distribution (sid) this problem has been fixed in
version 1.4.3-2.
We recommend that you upgrade your gnupg package.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6.dsc
Size/MD5 checksum: 577 40a60f7ff8a7c36e4ffb308caa350e70
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6.diff.gz
Size/MD5 checksum: 8597 add04b0a8c391de7134cca7c943d15d9
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6.orig.tar.gz
Size/MD5 checksum: 1941676 7c319a9e5e70ad9bc3bf0d7b5008a508
Alpha architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_alpha.deb
Size/MD5 checksum: 1151184 3c46ca0e7a42f819619ba2a021a38eb9
ARM architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_arm.deb
Size/MD5 checksum: 987554 843109424859d6a1006898419d6d642e
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_i386.deb
Size/MD5 checksum: 966904 8ffd681040a2d466389f058e25ae29ae
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_ia64.deb
Size/MD5 checksum: 1272488 5dcf85dd73bd2015438fd995a16762e5
HP Precision architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_hppa.deb
Size/MD5 checksum: 1060316 22496f4150fd2334f7504deff0c474a1
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_m68k.deb
Size/MD5 checksum: 942994 bc7eede5abdcbe721ff81a5e242ebfb6
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_mips.deb
Size/MD5 checksum: 1036510 5e5824568a6a4b50851513c27db5a139
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_mipsel.deb
Size/MD5 checksum: 1036966 792c1f9b0f61349001a789b08bf862d8
PowerPC architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_powerpc.deb
Size/MD5 checksum: 1010208 6f1b3a058b7afab16a35ccba4d6b107e
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_s390.deb
Size/MD5 checksum: 1002808 80b5ca38f239a23c8e2119b39966279b
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_sparc.deb
Size/MD5 checksum: 1003856 aa89804a111cdbede9845a8eb179f9d2
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4.dsc
Size/MD5 checksum: 680 006a79b9793ba193aa227850c11984dd
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4.diff.gz
Size/MD5 checksum: 20197 488b0289778532beb0608b8dca7982a7
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1.orig.tar.gz
Size/MD5 checksum: 4059170 1cc77c6943baaa711222e954bbd785e5
Alpha architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_alpha.deb
Size/MD5 checksum: 2155794 cb1d024d2cae8c132bafe3422a2d1b3e
AMD64 architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_amd64.deb
Size/MD5 checksum: 1963478 d0d3432b4b5968d2f837414b4202afe9
ARM architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_arm.deb
Size/MD5 checksum: 1899338 b670611700f39489ea99517eb50678a9
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_i386.deb
Size/MD5 checksum: 1908580 0f8623e8b3a59e9c8101fa2f7c23f576
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_ia64.deb
Size/MD5 checksum: 2325178 fb8ba4735f0769f7c21e974321bd7c89
HP Precision architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_hppa.deb
Size/MD5 checksum: 2003982 14149a1cee79407a1f99e5ae340dd501
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_m68k.deb
Size/MD5 checksum: 1811020 dc751374cc6f994782e7de9ed5fd77ea
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_mips.deb
Size/MD5 checksum: 2000688 0d44abe0cc416c06d63699a6c77b232d
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_mipsel.deb
Size/MD5 checksum: 2007524 e59ad95cf552d2a4cb31a11b4db50147
PowerPC architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_powerpc.deb
Size/MD5 checksum: 1957934 62443926a7a4fe049e62a8515a0ecb27
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_s390.deb
Size/MD5 checksum: 1967012 a6b8d7173799fc57e46456a305f97d78
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_sparc.deb
Size/MD5 checksum: 1897410 6f793e910bb6a793c96c875059626914
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEsk6lW5ql+IAeqTIRAtZ/AKCDGDZiFFPEC9Ur6q1Scb/NBXS6SACgj+Qb
2u+tl5LGg3pSDwiDgpZ/QpI=
=OGgG
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1108-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
Jul 11th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : mutt
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-3242
Debian Bug : 375828
It was discovered that the mutt mail reader performs insufficient
validation of values returned from an IMAP server, which might overflow
a buffer and potentially lead to the injection of arbitrary code.
For the stable distribution (sarge) this problem has been fixed in
version 1.5.9-2sarge2.
For the unstable distribution (sid) this problem has been fixed in
version 1.5.11+cvs20060403-2.
We recommend that you upgrade your mutt package.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9-2sarge2.dsc
Size/MD5 checksum: 775 6dded70d1b853282f90168f83a3da833
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9-2sarge2.diff.gz
Size/MD5 checksum: 94233 7c72a620b8772515556b986bfb93b0fb
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9.orig.tar.gz
Size/MD5 checksum: 3033253 587dd1d8f44361b73b82ef64eb30c3a0
Alpha architecture:
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9-2sarge2_alpha.deb
Size/MD5 checksum: 1530480 f93c6b6e3d599a00d8927cc67c1ce691
AMD64 architecture:
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9-2sarge2_amd64.deb
Size/MD5 checksum: 1442518 aeb593803115ca292f2112fbf44106fc
ARM architecture:
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9-2sarge2_arm.deb
Size/MD5 checksum: 1420526 569e402f7715c2116d0445dedd8a419f
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9-2sarge2_i386.deb
Size/MD5 checksum: 1416838 e38785e2498fca52d8a7bbefae26fa94
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9-2sarge2_ia64.deb
Size/MD5 checksum: 1626542 2aa9e0061439f25598ce205ef680acc1
HP Precision architecture:
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9-2sarge2_hppa.deb
Size/MD5 checksum: 1467244 5731fe300b59d268423108e5073c29ac
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9-2sarge2_m68k.deb
Size/MD5 checksum: 1370346 a9acf01e90144e69d06f5ab94984e3fa
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9-2sarge2_mips.deb
Size/MD5 checksum: 1474126 ed6c9bd33b9f3173dac03c9bc8da120a
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9-2sarge2_mipsel.deb
Size/MD5 checksum: 1472642 b1693682bf38da32054e638c37b6ab56
PowerPC architecture:
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9-2sarge2_powerpc.deb
Size/MD5 checksum: 1446202 6226966d71933436a2909dfc9a9c57a8
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9-2sarge2_s390.deb
Size/MD5 checksum: 1444064 50bcd604cf4ebe69d4bd4e11c44cdb88
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9-2sarge2_sparc.deb
Size/MD5 checksum: 1417006 056963151226667c293f13c4b8a2db88
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEstAcXm3vHE4uyloRAoyjAKDJ0AHvdlXXjNl+FUq5VFzk/ZCM8wCfZ/Tr
wOSRNhC+EzSkLuBEMiZmlXc=
=akN4
-----END PGP SIGNATURE-----
--- End Message ---