[guru] Debian biztonsagi frissitesek
DATE: Wed, 04 Mar 2009 17:03:50 +0100
A shadow csomag login segédprogramja nem megfelelően kezeli a symlink-eket
a tty jogosultságainak beállításakor. Ha a támadó hozzáfér az utmp
állományhoz, akkor root jogokat szerezhet a rendszeren.
A phpPgAdmin biztonsági hibáinak javítása nem megfelelően módosította
egyes táblák mezőit, így újabb javítást adtak ki.
Stack buffer overflow hibát találtak a ganglia cluster monitoring toolkit
gmetad daemon-jában.
Több biztonsági hibát is találtak a TYPO3 web content management
keretrendszerben: túl kis entrópiájú véletlenszámból állítanak elő
titkosítási kulcsokat, nem törli a session-t azonosítás esetén, ez session
fixation támadási lehetőség, több XSS hiba, hibás shell metakarakter
védelem miatt távoli kód futtatásra nyílik lehetőség, a jumpUrl mechanizmusa
információ szivárgási hibát tartalmaz.
Integer overflow hibát találtak a Ralinktech 2400, 2500 és 2570 wireless
eszközök "Probe Request" csomagok kezelésében.
XSS hibát találtak a moin AttachFile akciójában, valamint az antispam
szűrőjében.
A netatalk csomag előző javítása nem szűrt ki minden veszélyes PostScript
escape szekvenciát, így újabb javítás kiadása vált szükségessé.
Integer overflow hibát találtak a vnc4 csomag xvnc4viewer programjában.
Buffer overflow hibát találtak a devil csomag Radiance RGBE képformátum
kezelőjében.
A BOINC csomag is rosszul ellenőrzi az OpenSSL rutinkönyvtár által
visszaadott értékeket, így tévesen helyesnek fogadhat el hibás
certificate-eket.
A gnutls13 hibásan ellenőrzi az X.509 certificate-eket, ha egy self
signed cert-et megbízhatónak minősítünk. Ezen kívül szigorítottak az
X.509v1 certificate-ek elfogadásán, most már nem fogad el mindent,
amit régen elfogadott.
Az MIT Kerberos-hoz készült PAM modul nem megfelelően inicializálja
a rutinkönyvtárat, így setuid/setgid programok tévesen elfogadnak
környezeti változókat. Ugyancsak hibás, hogy setuid kontextből
újrainicializálja a felhasználó credential cache-ét.
A Heimdal Kerberos-hoz készült PAM modul setuid kontextből
újrainicializálja a felhasználó credential cache-ét.
Több biztonsági hibát (XSS, hibás átmeneti állomány kezelést) találtak
a moodle online tanfolyam kezelő rendszerben.
Információ szivárgási hibát találtak a websvn rendszerben, a támadó
hozzáférhet a privát repository-k jelentős részéhez is.
Buffer overflow hibát találtak a python-crypto csomag ARC2
implementációjában.
SQL injection hibákat találtak a proftpd ftp szerverben.
A dkim-milter DKIM (DomainKeys Identified Mail) ellenőrzése DoS-olható
megfelelően preparált vagy lejárt DNS nyilvános kulcs adatokkal.
A gnutls13 és gnutls26 csomagok X.509v1 certificate-ek szigorítása
túl sok problémát okozott, így ezt a szigorítást most visszavonták.
Több biztonsági hibát is találtak a gst-plugins-bad0.10 GStreamer
plugin gyűjtemény quicktime stream dekóderében (buffer overflow és egyéb
index címzési hibák).
Az ndiswrapper buffer overflow hibákat tartalmazott a hosszú ESSID
kezelésében.
A squid hibaüzenettel leállt, ha a kérésben érvénytelen verzió szerepelt
(ez DoS hibát okozott).
Több biztonsági hibát (rossz paraméter ellenőrzés a külső programok
indítása esetén, hibás escaping a tar, zip és netrw külső plugin-ek
indításakor, kód futtatási lehetőség a keyword vagy tag lookup-ok
használata esetén) találtak a vim programban.
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1709-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
January 21, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : shadow
Vulnerability : race condition
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-5394
Debian Bug : 505271
Paul Szabo discovered that login, the system login tool, did not
correctly handle symlinks while setting up tty permissions. If a local
attacker were able to gain control of the system utmp file, they could
cause login to change the ownership and permissions on arbitrary files,
leading to a root privilege escalation.
For the stable distribution (etch), this problem has been fixed in
version 4.0.18.1-7+etch1.
For the unstable distribution (sid), this problem has been fixed in
version 4.1.1-6.
We recommend that you upgrade your shadow package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/s/shadow/shadow_4.0.18.1.orig.tar.gz
Size/MD5 checksum: 2354234 3f54eaa3a35e7c559f4def92e9957581
http://security.debian.org/pool/updates/main/s/shadow/shadow_4.0.18.1-7+etch1.diff.gz
Size/MD5 checksum: 297817 b78d9d738765da65a6b55dea102569c3
http://security.debian.org/pool/updates/main/s/shadow/shadow_4.0.18.1-7+etch1.dsc
Size/MD5 checksum: 1406 ec01ac54e482ea552fdae5753d6c1745
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_alpha.deb
Size/MD5 checksum: 810680 329e1cd5ad019d3984411b1a8a5c77ad
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_alpha.deb
Size/MD5 checksum: 943992 76690a44c565b4594892bab69eaf7e30
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_amd64.deb
Size/MD5 checksum: 867696 4ce4e2f7884cd883729123163930b9dc
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_amd64.deb
Size/MD5 checksum: 806412 3a6171d83a4b79846fe4831b02007a4b
arm architecture (ARM)
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_arm.deb
Size/MD5 checksum: 778766 df6126b8cd29de54831976a24d28589e
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_arm.deb
Size/MD5 checksum: 791770 a9e7b122a8f9a7944bfc91b7cec77554
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_hppa.deb
Size/MD5 checksum: 847846 8562b322610062eb31689e467d80ff7c
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_hppa.deb
Size/MD5 checksum: 804082 af4a3f06a93be5cea7dd7dfeed8eed1b
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_i386.deb
Size/MD5 checksum: 792460 82c630b2f4e18217170a73a2dab27cba
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_i386.deb
Size/MD5 checksum: 796578 439cd50477db064cdf11d9b48c0e9af0
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_ia64.deb
Size/MD5 checksum: 1048736 79434b796109c1565f0f0be3cb8d06f0
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_ia64.deb
Size/MD5 checksum: 826456 13df2a0a071f407c84b25ae3ed6077bc
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_mips.deb
Size/MD5 checksum: 804530 0523d4220e9cb7e8b2342a0a33c1e989
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_mips.deb
Size/MD5 checksum: 899612 597b58ea81e074bae374b412f28e1252
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_mipsel.deb
Size/MD5 checksum: 908860 ade3427a1b8b693a098544ac27ae17aa
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_mipsel.deb
Size/MD5 checksum: 805100 fd9d9e49cd9b7864b06865c097f0ba08
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_powerpc.deb
Size/MD5 checksum: 805442 c8f8683c70aabfbea99f27115afda81e
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_powerpc.deb
Size/MD5 checksum: 856164 16db8928aa4424f57372e32b23b7de58
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_s390.deb
Size/MD5 checksum: 820700 2cd319907d34afe08918cd5f93461f60
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_s390.deb
Size/MD5 checksum: 804200 4851f0e0fa27d5786353b6235316215a
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_sparc.deb
Size/MD5 checksum: 800196 19f9b82843f53040d2083e348d0300d4
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_sparc.deb
Size/MD5 checksum: 789552 ae637bec3b696937705a094db261e973
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSXbyFCIIoQCMVaAcAQKcrAf+JA/6guXCgfB6e8LETj+z/71HAHHxV5Ub
CXGqOD/5kCshtb4hvV5QgmDZrZRnpbgngih8/T2HKyw7BOWzmZl4TTDooeI3jq5D
czMIWeQnUW/BpjYdZ8HLt04GIu+N0DxmIMeuKvxvMCmgLTCBcxYDRZsZpCwUL0oG
2NxnimQxYjadKIfvkbRiGdatI5xA41lg9NHfswnk63niyUrH87k5vy16qpRJGuwv
wcN/O4E5xPRImjcFUYZTsOUMa8yRgEfrsxT94PWhgjhUv4TxrWH2WlSN3CHjMbaq
VEuMie74f42hZanlfz6YLxftqr4ZZSFfFENb86JqXCkPzC00uf8maw==
=4++w
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1693-2 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
January 21, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package     : phppgadmin
Vulnerability  : several
Problem type  : remote
Debian-specific: no
CVE Id(s) Â Â Â : CVE-2007-2865 CVE-2007-5728 CVE-2008-5587
Debian Bugs   : 427151 449103 508026
The security update for phpPgAdmin in DSA-1693-1 caused a regression in
modifying table fields. This updates corrects that flaw. For reference
the original advisory follows.
Several remote vulnerabilities have been discovered in phpPgAdmin, a tool
to administrate PostgreSQL database over the web. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2007-2865
  Cross-site scripting vulnerability allows remote attackers to inject
  arbitrary web script or HTML via the server parameter.
CVE-2007-5728
  Cross-site scripting vulnerability allows remote attackers to inject
  arbitrary web script or HTML via PHP_SELF.
CVE-2008-5587
  Directory traversal vulnerability allows remote attackers to read
  arbitrary files via _language parameter.
For the stable distribution (etch), these problems have been fixed in
version 4.0.1-3.1etch2.
We recommend that you upgrade your phppgadmin package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4.0.1-3.1etch2.dsc
Size/MD5 checksum: 890 a20ab5b499af2fa4393a344fd05641bb
http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4.0.1-3.1etch2.diff.gz
Size/MD5 checksum: 15892 0d10507c0d6abf870c8cb4d29515d928
http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4.0.1.orig.tar.gz
Size/MD5 checksum: 703673 eedac65ce5d73aca2f92388c9766ba1b
Architecture independent packages:
http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4.0.1-3.1etch2_all.deb
Size/MD5 checksum: 704442 3449706caa8d61016aaf3a9cb9676ffb
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSXb2JSIIoQCMVaAcAQKIgwgAhedxjMYlT53fsZ7mZvQ5y6ERp8NoKDAW
usnyegZyIK3L9+erVn0Nho+JEjunviajlq4M6y/Mg6sYdEkgnPOAGA8GSzFc+Gaz
mIGgFNdFKyq7hPzadlGv+hjD9M8Mf9ZyKfQCoX6TqKnMqLAQRwxbiCaJni4EbhhN
Vvh4mG1Ki6FVvR+mLMLBFBRLGz/pevLkdunl45gF/u1Uua9O7ZsINvsZCpIp9Azg
DXsxGlJbt8c0qJyJsGKkkoao0aX6NTQVf/0pfdDW3vhUwjuLUisG1QdnGI+KdMoy
gekHF9BLSliLFOq3H0C6EsLkdO2Dm84LnUuqzx7/9EDpxQv82Nu73g==
=kucF
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1710-1 security@debian.org
http://www.debian.org/security/ Steffen Joeris
January 25, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : ganglia-monitor-core
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE Id : CVE-2009-0241
Spike Spiegel discovered a stack-based buffer overflow in gmetad, the
meta-daemon for the ganglia cluster monitoring toolkit, which could be
triggered via a request with long path names and might enable
arbitrary code execution.
For the stable distribution (etch), this problem has been fixed in
version 2.5.7-3.1etch1.
For the unstable distribution (sid) this problem has been fixed in
version 2.5.7-5.
For the testing distribution (lenny), this problem will be fixed soon.
We recommend that you upgrade your ganglia-monitor-core packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor-core_2.5.7.orig.tar.gz
Size/MD5 checksum: 508535 7b312d76d3f2d0cfe0bafee876337040
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor-core_2.5.7-3.1etch1.diff.gz
Size/MD5 checksum: 316476 052c6ae45b1d114616ae8a4d04530cfe
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor-core_2.5.7-3.1etch1.dsc
Size/MD5 checksum: 759 cf4c7357786fd423ee1c04a936dfc389
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1-dev_2.5.7-3.1etch1_alpha.deb
Size/MD5 checksum: 150882 e0450d50127c267dbb97d3f27b41603a
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_alpha.deb
Size/MD5 checksum: 111420 5050aa958bd47ca0202f782989a3f662
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_alpha.deb
Size/MD5 checksum: 106024 204e913ca281f7698d94c28e0b53fa7d
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_alpha.deb
Size/MD5 checksum: 168450 5476515111a428a8e13c27437ef9f18c
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_amd64.deb
Size/MD5 checksum: 102418 e4f43cb6911e3b8ebcd38dd400698c70
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1-dev_2.5.7-3.1etch1_amd64.deb
Size/MD5 checksum: 132094 ea40ef93a55598d06bbebd6ca297371b
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_amd64.deb
Size/MD5 checksum: 98228 c7694aad20a0c47144fcf9ed3a8c7005
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_amd64.deb
Size/MD5 checksum: 153468 c3b2b87c5ccc506aa5294ca7fe4c5c65
arm architecture (ARM)
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_arm.deb
Size/MD5 checksum: 92476 58bbe3b2bab165d03c0b4042152b558c
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_arm.deb
Size/MD5 checksum: 88620 7eeb57376971a530a8630a31d428f63f
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1-dev_2.5.7-3.1etch1_arm.deb
Size/MD5 checksum: 119844 8b79fdc26c8d936ae851e3eae7782644
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_arm.deb
Size/MD5 checksum: 138300 60bd39e5a8c5591d2c81e450a6b410ad
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_i386.deb
Size/MD5 checksum: 93078 93bcce44d781f9b6338e563f335487a5
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_i386.deb
Size/MD5 checksum: 95864 364689bae05cead30438b1f58ed39254
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_i386.deb
Size/MD5 checksum: 141914 1e81a8e3a078e0fbf6c24ced266452d7
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1-dev_2.5.7-3.1etch1_i386.deb
Size/MD5 checksum: 121784 90d9f37ab637f28b48a6fb6f0b998e23
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_ia64.deb
Size/MD5 checksum: 204472 b1381b653dff2b87daaf4be97a45f523
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1-dev_2.5.7-3.1etch1_ia64.deb
Size/MD5 checksum: 169130 b55ac84f462f0ce2c5f7a3b69e31c24b
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_ia64.deb
Size/MD5 checksum: 132798 81d721a3aeecc8bb06cf73f48c874acd
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_ia64.deb
Size/MD5 checksum: 139732 2e54700f561f2ed7b8f1acb64686a679
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_mips.deb
Size/MD5 checksum: 157022 a4cac1b65b108a0848d884346b10ce7c
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_mips.deb
Size/MD5 checksum: 102688 6c38d2ee954774a593d39d90d85c575d
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_mips.deb
Size/MD5 checksum: 93896 c1bc5171b0f7f27590f4109e1d28d0ac
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1-dev_2.5.7-3.1etch1_mips.deb
Size/MD5 checksum: 139260 fd6f02c8c7ccb9f218f935daf71fc9af
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_mipsel.deb
Size/MD5 checksum: 102698 14d9237049c3ccd5de3d504fb65992e4
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_mipsel.deb
Size/MD5 checksum: 93616 a23da8a30c21eb50446b9d58b1f5eaab
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_mipsel.deb
Size/MD5 checksum: 156598 5b9220d4cc415af615bc4af2777baf88
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1-dev_2.5.7-3.1etch1_mipsel.deb
Size/MD5 checksum: 137144 7b3962d8709ea301700146dba7598d0d
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_powerpc.deb
Size/MD5 checksum: 147760 7f28b6ff0bda4b8f6be940426d199ed0
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1-dev_2.5.7-3.1etch1_powerpc.deb
Size/MD5 checksum: 141300 e5fb16a7d657268026cfbfcde3673c66
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_powerpc.deb
Size/MD5 checksum: 95804 d503894a79aab87327f95c52adad7245
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_powerpc.deb
Size/MD5 checksum: 99410 6509b075f37aed0ad13877e27e8172a5
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_s390.deb
Size/MD5 checksum: 152392 3d40c6548564fa0d8fc8dd33687229ae
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_s390.deb
Size/MD5 checksum: 100144 4d4658ae90101a1b6d753e85fc6683b2
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1-dev_2.5.7-3.1etch1_s390.deb
Size/MD5 checksum: 130170 6c6383515a8fd0c32dc6f6e340dc0b3b
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_s390.deb
Size/MD5 checksum: 100902 992b0c5c312736338ed828e6000ee22c
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_sparc.deb
Size/MD5 checksum: 137996 3101a44a169bf815df229213987b6a5e
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1-dev_2.5.7-3.1etch1_sparc.deb
Size/MD5 checksum: 122076 c0bf7c25aef712f8797ecb167fc0f3d0
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_sparc.deb
Size/MD5 checksum: 91710 49351379c4b365ef727d7fb3997751ca
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_sparc.deb
Size/MD5 checksum: 89236 7be347618dbbcd8b5a374f4e7d746730
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJJfMreAAoJEL97/wQC1SS+pJ0H/1ytzXfU+c8/RyKcyHrHKas8
tnuDaObCnV8jU38rwQ2mNTl2tuKcTfUZe1Zxm8uBlMud4zvVui7HTDn8fHRsf4JV
VWKeympvCUKtBmkcI92dgKpoFjgknyjFSxqPxt8FMJkn/q4hF9gyOzjuWHUNUHnt
M5oINvxQV+m9Mo5qM5HgZsp3KiYXEFl9r+ntCYnn2xjnT4hXBtaXykAeBt/GY4oW
BF6ywCtRgX9Uh2HiNoI/IrYygbW2NkKZmbTdK0TVN3CIC1qCqeakpgoStFZ6S8EZ
rORe7/WzVJuvizTUhB0bwGolSHx5zvMrvy/AQQ0nEsY0w8kJqfVedT+5HVjk//M=
=2Lll
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1711-1 security@debian.org
http://www.debian.org/security/ Nico Golde
January 26, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : typo3-src
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2009-0255 CVE-2009-0256 CVE-2009-0257 CVE-2009-0258
Debian Bug : 512608
BugTraq ID : 33376
Several remotely exploitable vulnerabilities have been discovered in the
TYPO3 web content management framework. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2009-0255
Chris John Riley discovered that the TYPO3-wide used encryption key is
generated with an insufficiently random seed resulting in low entropy
which makes it easier for attackers to crack this key.
CVE-2009-0256
Marcus Krause discovered that TYPO3 is not invalidating a supplied session
on authentication which allows an attacker to take over a victims
session via a session fixation attack.
CVE-2009-0257
Multiple cross-site scripting vulnerabilities allow remote attackers to
inject arbitrary web script or HTML via various arguments and user-
supplied strings used in the indexed search system extension, adodb
extension test scripts or the workspace module.
CVE-2009-0258
Mads Olesen discovered a remote command injection vulnerability in
the indexed search system extension which allows attackers to
execute arbitrary code via a crafted file name which is passed
unescaped to various system tools that extract file content for
the indexing.
Because of CVE-2009-0255, please make sure that besides installing
this update, you also create a new encryption key after the
installation.
For the stable distribution (etch) these problems have been fixed in
version 4.0.2+debian-7.
For the unstable distribution (sid) these problems have been fixed in
version 4.2.5-1.
We recommend that you upgrade your TYPO3 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian.orig.tar.gz
Size/MD5 checksum: 7683527 be509391b0e4d24278c14100c09dc673
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian-7.diff.gz
Size/MD5 checksum: 23596 344f6b5ada56d361e274556d6d7eaf99
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian-7.dsc
Size/MD5 checksum: 610 6b99cc9acd82ec6010a38006910169c9
Architecture independent packages:
http://security.debian.org/pool/updates/main/t/typo3-src/typo3_4.0.2+debian-7_all.deb
Size/MD5 checksum: 76924 33b4077e99038121aa5667a3a166d99e
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src-4.0_4.0.2+debian-7_all.deb
Size/MD5 checksum: 7691182 f5c8ecbf93c7af50b29b5ded8f455b75
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJJfiIoAAoJEL97/wQC1SS+Zy4IAIccGZx8Hc/kHEl907UC8sJ2
72Cs7PSQLsB4z9fRbLyYx2Hyy5Zz+4aAOeRHO3Oy+jzJyjidqvrzdrxN8zd0uhTV
UZGwRdEqPVO1fNCxVbmpY4EvcctaYpDSEajqKAcLuypyCTPmZ215AJCOx5PeT2QH
aGUK8ZTeaVWhi3P9hIavDoh7bi/MfoobBBNxmIykDIls2okww7C318Q9WTlaSULq
e0xfc+4m8J8FXjZw2nlmuyreY35gc67nga/nwA/8xCI5lnoWm72T9/54pOLLOh9g
2qee3i2UOEqMJxwpFbQJ2UlcvWcG5FeO+lE2TGXqRaPuzdOqslr3tqa0Ffb7N3Y=
=SyTo
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1712-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
January 28, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : rt2400
Vulnerability : integer overflow
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-0282
It was discovered that an integer overflow in the "Probe Request" packet
parser of the Ralinktech wireless drivers might lead to remote denial of
service or the execution of arbitrary code.
Please note that you need to rebuild your driver from the source
package in order to set this update into effect. Detailed
instructions can be found in /usr/share/doc/rt2400-source/README.Debian
For the stable distribution (etch), this problem has been fixed in
version 1.2.2+cvs20060620-4+etch1.
For the upcoming stable distribution (lenny) and the unstable
distribution (sid), this problem has been fixed in version
1.2.2+cvs20080623-3.
We recommend that you upgrade your rt2400 package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Stable updates are available for amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/r/rt2400/rt2400_1.2.2+cvs20060620-4+etch1.diff.gz
Size/MD5 checksum: 7714 8e2c4e3994e44d85fbeb2fa7008450e6
http://security.debian.org/pool/updates/main/r/rt2400/rt2400_1.2.2+cvs20060620.orig.tar.gz
Size/MD5 checksum: 222661 333bf6d7fa81a6d78c72aad6a48e9bc3
http://security.debian.org/pool/updates/main/r/rt2400/rt2400_1.2.2+cvs20060620-4+etch1.dsc
Size/MD5 checksum: 740 50541cf208cbf6ea4a1daa43fb3310e1
Architecture independent packages:
http://security.debian.org/pool/updates/main/r/rt2400/rt2400-source_1.2.2+cvs20060620-4+etch1_all.deb
Size/MD5 checksum: 173206 daa9749dbfce18e2b01dbd780d1ad72c
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/r/rt2400/rt2400_1.2.2+cvs20060620-4+etch1_amd64.deb
Size/MD5 checksum: 99638 01755d0da49a73c9fab80ac6a1578e2e
arm architecture (ARM)
http://security.debian.org/pool/updates/main/r/rt2400/rt2400_1.2.2+cvs20060620-4+etch1_arm.deb
Size/MD5 checksum: 118484 6175c5c6e0b4cd9b8debaa2a0b1c9b27
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/r/rt2400/rt2400_1.2.2+cvs20060620-4+etch1_hppa.deb
Size/MD5 checksum: 107430 7dd595c837b5da5d4a82cf0ada0e2e5c
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/r/rt2400/rt2400_1.2.2+cvs20060620-4+etch1_i386.deb
Size/MD5 checksum: 96342 4175c89f1225fa118df7e39dcf1802e4
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/r/rt2400/rt2400_1.2.2+cvs20060620-4+etch1_ia64.deb
Size/MD5 checksum: 127374 3edfc63723ea340604b7506e8b914f11
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/r/rt2400/rt2400_1.2.2+cvs20060620-4+etch1_mips.deb
Size/MD5 checksum: 98572 1d73f7d80336187bbd87640a8ad84938
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/r/rt2400/rt2400_1.2.2+cvs20060620-4+etch1_mipsel.deb
Size/MD5 checksum: 97994 4106b884f5ebf8256c1e5be167388333
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/r/rt2400/rt2400_1.2.2+cvs20060620-4+etch1_powerpc.deb
Size/MD5 checksum: 94938 f8674036f710a5614ff54bdc30b8cdb2
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/r/rt2400/rt2400_1.2.2+cvs20060620-4+etch1_s390.deb
Size/MD5 checksum: 83772 e70417720e8afd4521279964cc36ecda
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/r/rt2400/rt2400_1.2.2+cvs20060620-4+etch1_sparc.deb
Size/MD5 checksum: 91478 11d9a654f14f5385c03e874fd1f222f5
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkmA0cAACgkQXm3vHE4uylq2wgCgvoDUWKX747jmrgGu6Lxz6UNr
jyAAn33mDH3wZWGslWHWOlXQv0YEUi88
=Tpj1
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1713-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
January 28, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : rt2500
Vulnerability : integer overflow
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-0282
It was discovered that an integer overflow in the "Probe Request"
packet parser of the Ralinktech wireless drivers might lead to
remote denial of service or the execution of arbitrary code.
Please note that you need to rebuild your driver from the source
package in order to set this update into effect. Detailed
instructions can be found in /usr/share/doc/rt2500-source/README.Debian
For the stable distribution (etch), this problem has been fixed in
version 1.1.0+cvs20060620-3+etch1.
For the upcoming stable distribution (lenny) and the unstable
distribution (sid), this problem has been fixed in version
1:1.1.0-b4+cvs20080623-3.
We recommend that you upgrade your rt2500 package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Stable updates are available for amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/r/rt2500/rt2500_1.1.0+cvs20060620.orig.tar.gz
Size/MD5 checksum: 386980 83b8b9a091705c08d99268479f3b3b6a
http://security.debian.org/pool/updates/main/r/rt2500/rt2500_1.1.0+cvs20060620-3+etch1.dsc
Size/MD5 checksum: 741 a3eea1c14fa7e8f1d4782b4883a776a9
http://security.debian.org/pool/updates/main/r/rt2500/rt2500_1.1.0+cvs20060620-3+etch1.diff.gz
Size/MD5 checksum: 22084 0c2d17d34652f8ec6b6aca06ab31a8cc
Architecture independent packages:
http://security.debian.org/pool/updates/main/r/rt2500/rt2500-source_1.1.0+cvs20060620-3+etch1_all.deb
Size/MD5 checksum: 249304 919b5148aa8d66121c6426cd18f62acd
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/r/rt2500/rt2500_1.1.0+cvs20060620-3+etch1_amd64.deb
Size/MD5 checksum: 113796 e5d30f0f2b49333de0aa11b85b2631e4
arm architecture (ARM)
http://security.debian.org/pool/updates/main/r/rt2500/rt2500_1.1.0+cvs20060620-3+etch1_arm.deb
Size/MD5 checksum: 139742 0e78f96d66b7c4f441dc6e8282c3ebad
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/r/rt2500/rt2500_1.1.0+cvs20060620-3+etch1_hppa.deb
Size/MD5 checksum: 126244 4670c39b26f1fae2de0ddb897f0fcb6d
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/r/rt2500/rt2500_1.1.0+cvs20060620-3+etch1_i386.deb
Size/MD5 checksum: 111508 d6023fa941e03e1668d4f677445f9293
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/r/rt2500/rt2500_1.1.0+cvs20060620-3+etch1_ia64.deb
Size/MD5 checksum: 148124 7602e91c6fb3482b1d8e2a71cc783a67
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/r/rt2500/rt2500_1.1.0+cvs20060620-3+etch1_mips.deb
Size/MD5 checksum: 114762 e9fe9e17287d1ef1d51f03e2cfc80f8a
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/r/rt2500/rt2500_1.1.0+cvs20060620-3+etch1_mipsel.deb
Size/MD5 checksum: 113842 5194921501700ae59b038a6ed551bd97
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/r/rt2500/rt2500_1.1.0+cvs20060620-3+etch1_powerpc.deb
Size/MD5 checksum: 111836 c61737ae5a3a6337f24d8fc0c8c42c4d
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/r/rt2500/rt2500_1.1.0+cvs20060620-3+etch1_s390.deb
Size/MD5 checksum: 96484 c4a13741dd9b78672363953a94a49e71
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/r/rt2500/rt2500_1.1.0+cvs20060620-3+etch1_sparc.deb
Size/MD5 checksum: 106934 b36a8b1de80914c0026e2eeb3e17ddc1
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkmA0t4ACgkQXm3vHE4uyloYBQCgjHV9de9LHDOnXXYhz23S4lOM
QyAAoOHRnL/tWxfdBYAdPUUEaQM2ZTZ6
=TsCJ
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1714-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
January 28, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : rt2570
Vulnerability : integer overflow
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-0282
It was discovered that an integer overflow in the "Probe Request" packet
parser of the Ralinktech wireless drivers might lead to remote denial of
service or the execution of arbitrary code.
Please note that you need to rebuild your driver from the source
package in order to set this update into effect. Detailed
instructions can be found in /usr/share/doc/rt2570-source/README.Debian
For the stable distribution (etch), this problem has been fixed in
version 1.1.0+cvs20060620-3+etch1.
For the upcoming stable distribution (lenny) and the unstable
distribution (sid), this problem has been fixed in version
1.1.0+cvs20080623-2.
We recommend that you upgrade your rt2570 package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/r/rt2570/rt2570_1.1.0+cvs20060620-3+etch1.dsc
Size/MD5 checksum: 664 457b00a7cf3d60bef559e9cdc442e036
http://security.debian.org/pool/updates/main/r/rt2570/rt2570_1.1.0+cvs20060620-3+etch1.diff.gz
Size/MD5 checksum: 4958 20b48e5fb05d999bfc643a2bb0c7401f
http://security.debian.org/pool/updates/main/r/rt2570/rt2570_1.1.0+cvs20060620.orig.tar.gz
Size/MD5 checksum: 253367 f4131d670920a878b4d4a0f5d4d8b93a
Architecture independent packages:
http://security.debian.org/pool/updates/main/r/rt2570/rt2570-source_1.1.0+cvs20060620-3+etch1_all.deb
Size/MD5 checksum: 252986 58a62ca3f7d3b1b49cfbe9aa02eabe7b
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkmA1AYACgkQXm3vHE4uylqP5wCgvkyLcqYXLurUCv63n/d976yp
y4oAnR+rh2rcq3guOIIGtbincx3m71/j
=mHgg
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1715 security@debian.org
http://www.debian.org/security/ Steffen Joeris
January 29, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : moin
Vulnerability : insufficient input sanitising
Problem type : remote
Debian-specific: no
CVE ID : CVE-2009-0260 CVE-2009-0312
Debian Bug : 513158
It was discovered that the AttachFile action in moin, a python clone of
WikiWiki, is prone to cross-site scripting attacks (CVE-2009-0260).
Another cross-site scripting vulnerability was discovered in the
antispam feature (CVE-2009-0312).
For the stable distribution (etch) these problems have been fixed in
version 1.5.3-1.2etch2.
For the testing (lenny) distribution these problems have been fixed in
version 1.7.1-3+lenny1.
For the unstable (sid) distribution these problems have been fixed in
version 1.8.1-1.1.
We recommend that you upgrade your moin packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/m/moin/moin_1.5.3-1.2etch2.diff.gz
Size/MD5 checksum: 40914 139bcec334ed7fbf1ca2bef3c89a8377
http://security.debian.org/pool/updates/main/m/moin/moin_1.5.3.orig.tar.gz
Size/MD5 checksum: 4187091 e95ec46ee8de9527a39793108de22f7d
http://security.debian.org/pool/updates/main/m/moin/moin_1.5.3-1.2etch2.dsc
Size/MD5 checksum: 671 7b24d6f694511840a0a9da0c9f33f5ad
Architecture independent packages:
http://security.debian.org/pool/updates/main/m/moin/python-moinmoin_1.5.3-1.2etch2_all.deb
Size/MD5 checksum: 914904 ab6158ae7010c3701859ceb26bd61bd2
http://security.debian.org/pool/updates/main/m/moin/moinmoin-common_1.5.3-1.2etch2_all.deb
Size/MD5 checksum: 1595112 a46561072eb0ee26ee1a71275c0e64b3
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJgT3oU5XKDemr/NIRApQ9AJ4tYeY7WMIAUYHjmeryHoEo6HkecgCgmIU9
b7VcvgOvyalRLrZrejSKFQI=
=miAO
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1704-2 security@debian.org
http://www.debian.org/security/ Nico Golde
January 30th, 2009 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : netatalk
Vulnerability : arbitrary code execution
Problem type : remote
Debian-specific: no
CVE ID : CVE-2008-5718
Debian Bug : 510585
The update in DSA 1704-1 was incomplete as it missed to escape a few
important characters which enabled an attacker to overwrite arbitrary
files.
It was discovered that netatalk, an implementation of the AppleTalk
suite, is affected by a command injection vulnerability when processing
PostScript streams via papd. This is leading to arbitrary remote
code execution. Note that this only affects installations that are
configured to use a pipe command in combination with wildcard symbols
substituted with values of the printed job.
For the stable distribution (etch) this problem has been fixed in
version 2.0.3-4+etch2.
For the unstable distribution (sid) this problem has been fixed in
version 2.0.4~beta2-1.1.
We recommend that you upgrade your netatalk package.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch2.diff.gz
Size/MD5 checksum: 27721 434f6f5d9457398a673ec69bb30307ab
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch2.dsc
Size/MD5 checksum: 822 24e5e47499a0a1dfd5431e4a6155b7b3
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3.orig.tar.gz
Size/MD5 checksum: 1920570 17917abd7d255d231cc0c6188ccd27fb
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch2_alpha.deb
Size/MD5 checksum: 869730 bde96c1e64bb233907f09030707dff2a
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch2_amd64.deb
Size/MD5 checksum: 751502 b8a5955988a0d59901faf4ed0464fbd6
arm architecture (ARM)
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch2_arm.deb
Size/MD5 checksum: 729434 2037b3d25d6014b3349a7eff040eddb7
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch2_hppa.deb
Size/MD5 checksum: 800406 0d3f791475418ce8d4dcff2b4a5ac0b5
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch2_i386.deb
Size/MD5 checksum: 706692 f9d73cc2e974b8d3ad968d94def616f3
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch2_ia64.deb
Size/MD5 checksum: 1007912 d6322917392bd75b00b00ba3d50e125f
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch2_mips.deb
Size/MD5 checksum: 765606 6f09e63d5663495b21954510e56ba2eb
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch2_mipsel.deb
Size/MD5 checksum: 773460 ae5779311e770d841fd819df94a13179
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch2_powerpc.deb
Size/MD5 checksum: 757730 c6eed701024c155a9e08306d16edd6a9
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch2_s390.deb
Size/MD5 checksum: 770510 bdf58f88ed39829c7defcb0d7b623b88
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch2_sparc.deb
Size/MD5 checksum: 712126 8ea90b6e13fb5f136badaa3878a61474
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkmCJLcACgkQXm3vHE4uylp7oQCgvizyM+bvfE8Lz7+NXqXJE8sp
fcYAnRVvR2SORUMrLVNBhJrR1e2lXVcS
=fSve
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1716-1 security@debian.org
http://www.debian.org/security/ Steffen Joeris
January 31, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : vnc4
Vulnerability : integer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2008-4770
Debian Bug : 513531
It was discovered that xvnc4viewer, a virtual network computing client
software for X, is prone to an integer overflow via a malicious
encoding value that could lead to arbitrary code execution.
For the stable distribution (etch) this problem has been fixed in
version 4.1.1+X4.3.0-21+etch1.
For the unstable (sid) distribution this problem has been fixed in
version 4.1.1+X4.3.0-31.
For the testing (lenny) distribution this problem will be fixed soon.
We recommend that you upgrade your vnc4 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/v/vnc4/vnc4_4.1.1+X4.3.0-21+etch1.diff.gz
Size/MD5 checksum: 50904 55c92400d7949023c3488dcec680d613
http://security.debian.org/pool/updates/main/v/vnc4/vnc4_4.1.1+X4.3.0.orig.tar.gz
Size/MD5 checksum: 31536534 b28c43385fe574d612ddbd0b645082f7
http://security.debian.org/pool/updates/main/v/vnc4/vnc4_4.1.1+X4.3.0-21+etch1.dsc
Size/MD5 checksum: 696 0d0f0e7f58c6440481b8bfa83af8cd63
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/v/vnc4/vnc4-common_4.1.1+X4.3.0-21+etch1_alpha.deb
Size/MD5 checksum: 19868 56d083c639e24961fcbbf98cec86dd11
http://security.debian.org/pool/updates/main/v/vnc4/xvnc4viewer_4.1.1+X4.3.0-21+etch1_alpha.deb
Size/MD5 checksum: 172424 ec5afb4bf93d6988859e0dca63b922a4
http://security.debian.org/pool/updates/main/v/vnc4/vnc4server_4.1.1+X4.3.0-21+etch1_alpha.deb
Size/MD5 checksum: 2682410 e2ad2547dda085010c318900786ee935
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/v/vnc4/vnc4server_4.1.1+X4.3.0-21+etch1_amd64.deb
Size/MD5 checksum: 2169248 27b31d7391acb4b7d4e98a97a341bcf3
http://security.debian.org/pool/updates/main/v/vnc4/xvnc4viewer_4.1.1+X4.3.0-21+etch1_amd64.deb
Size/MD5 checksum: 144462 097687a2626960fcda86fa8df3831151
http://security.debian.org/pool/updates/main/v/vnc4/vnc4-common_4.1.1+X4.3.0-21+etch1_amd64.deb
Size/MD5 checksum: 18778 68843484c257b04314e141a1bc370443
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/v/vnc4/xvnc4viewer_4.1.1+X4.3.0-21+etch1_hppa.deb
Size/MD5 checksum: 181264 ca3758fa85fb049fdd8f965d3e67ed40
http://security.debian.org/pool/updates/main/v/vnc4/vnc4server_4.1.1+X4.3.0-21+etch1_hppa.deb
Size/MD5 checksum: 2294922 00482f651a2008cd66f4588ac403cba2
http://security.debian.org/pool/updates/main/v/vnc4/vnc4-common_4.1.1+X4.3.0-21+etch1_hppa.deb
Size/MD5 checksum: 19490 07ac277452d42f3f5ac8144700109c06
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/v/vnc4/vnc4server_4.1.1+X4.3.0-21+etch1_i386.deb
Size/MD5 checksum: 2015342 a1e67da97e85e0ca290e3644b551c686
http://security.debian.org/pool/updates/main/v/vnc4/vnc4-common_4.1.1+X4.3.0-21+etch1_i386.deb
Size/MD5 checksum: 18640 27cf156a68540519f9efd4b81fd51dff
http://security.debian.org/pool/updates/main/v/vnc4/xvnc4viewer_4.1.1+X4.3.0-21+etch1_i386.deb
Size/MD5 checksum: 147628 9cedf57dd52455c76332f585f6c52dc8
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/v/vnc4/vnc4-common_4.1.1+X4.3.0-21+etch1_ia64.deb
Size/MD5 checksum: 20850 1bc4cf4b52eae3f4df103ef36b13f156
http://security.debian.org/pool/updates/main/v/vnc4/xvnc4viewer_4.1.1+X4.3.0-21+etch1_ia64.deb
Size/MD5 checksum: 210896 9f611bbc3397c02056f51b7f3dc7a190
http://security.debian.org/pool/updates/main/v/vnc4/vnc4server_4.1.1+X4.3.0-21+etch1_ia64.deb
Size/MD5 checksum: 3436446 a80497194bfa083efc7abb605d63e8e5
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/v/vnc4/xvnc4viewer_4.1.1+X4.3.0-21+etch1_mips.deb
Size/MD5 checksum: 167956 a675e51fa9e97a06161aa1a39a0a40e0
http://security.debian.org/pool/updates/main/v/vnc4/vnc4-common_4.1.1+X4.3.0-21+etch1_mips.deb
Size/MD5 checksum: 19334 ba9c0e77f3127023fb804771bbc02be1
http://security.debian.org/pool/updates/main/v/vnc4/vnc4server_4.1.1+X4.3.0-21+etch1_mips.deb
Size/MD5 checksum: 2219206 26797854e72b6e37ae36b3ab25fe9f81
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/v/vnc4/xvnc4viewer_4.1.1+X4.3.0-21+etch1_mipsel.deb
Size/MD5 checksum: 166658 f65eb37aac9e5999bfe8357cc5fa6d1a
http://security.debian.org/pool/updates/main/v/vnc4/vnc4-common_4.1.1+X4.3.0-21+etch1_mipsel.deb
Size/MD5 checksum: 19364 8756098357f1d940067ba336f5fd2412
http://security.debian.org/pool/updates/main/v/vnc4/vnc4server_4.1.1+X4.3.0-21+etch1_mipsel.deb
Size/MD5 checksum: 2216976 511790cec54a6fbb4d82b7264faa828c
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/v/vnc4/vnc4-common_4.1.1+X4.3.0-21+etch1_powerpc.deb
Size/MD5 checksum: 18964 dc9aaf61e3ed3af75ec6721a34837e91
http://security.debian.org/pool/updates/main/v/vnc4/xvnc4viewer_4.1.1+X4.3.0-21+etch1_powerpc.deb
Size/MD5 checksum: 150726 72aec061f31ca36cde5de15155566267
http://security.debian.org/pool/updates/main/v/vnc4/vnc4server_4.1.1+X4.3.0-21+etch1_powerpc.deb
Size/MD5 checksum: 2175212 dd3910238f15e0b3e5217156fb7a82b1
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/v/vnc4/xvnc4viewer_4.1.1+X4.3.0-21+etch1_s390.deb
Size/MD5 checksum: 146930 3944bd5e31b674d5f61df09bf559da7a
http://security.debian.org/pool/updates/main/v/vnc4/vnc4-common_4.1.1+X4.3.0-21+etch1_s390.deb
Size/MD5 checksum: 18962 9be75dac3eb47ad7fcd3cdf2f791ef29
http://security.debian.org/pool/updates/main/v/vnc4/vnc4server_4.1.1+X4.3.0-21+etch1_s390.deb
Size/MD5 checksum: 2037162 90f5428057526f8ddd3597b68640278a
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/v/vnc4/xvnc4viewer_4.1.1+X4.3.0-21+etch1_sparc.deb
Size/MD5 checksum: 140638 8c079b90ee4f3fe80b2ce7eac796b2d0
http://security.debian.org/pool/updates/main/v/vnc4/vnc4server_4.1.1+X4.3.0-21+etch1_sparc.deb
Size/MD5 checksum: 1976152 695f3eca91cd7f4a8b15546fb9f53e97
http://security.debian.org/pool/updates/main/v/vnc4/vnc4-common_4.1.1+X4.3.0-21+etch1_sparc.deb
Size/MD5 checksum: 18334 b5aa41215f8d4d90849bd7e17e6f3720
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJJhMIiAAoJEL97/wQC1SS+BIAH/ipPRaeinnmPvVCyw3BO/Efq
hMxAIaJrm+DJL+KoaDimilf6ZQKg7KKoMJ9E8+WWuXtoQTxoipJqsoKeM3OeRglG
O31n3Q5QmA2J1V5H9pwjniyE54J3On1FeXqgc3zAlHZ6Ec6SjQAXQ4OUJXs2ZDci
jnBRcECSeLPlUujM3P6V8IOesFfSFiTb1+7di3CGrJFOCzjnZtgSUzmkWAY8soYq
fn4LXpTUCAkpRTwd/U8y7FPR5DKHtYrb15TE84yixoFRO6E5ynjfllw1az0a6BPO
/0yxdVLDioFIYoyZSmmVayyHWdCpD8KUyUrpNA5mM3467kaHA0fhMoxBgkdafzc=
=BUkF
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1717 security@debian.org
http://www.debian.org/security/ Steffen Joeris
February 05, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : devil
Vulnerability : buffer overflow
Problem type : local (remote)
Debian-specific: no
CVE Id : CVE-2008-5262
Debian Bugs : 511844 512122
Stefan Cornelius discovered a buffer overflow in devil, a cross-platform
image loading and manipulation toolkit, which could be triggered via a
crafted Radiance RGBE file. This could potentially lead to the execution
of arbitrary code.
For the stable distribution (etch), this problem has been fixed in
version 1.6.7-5+etch1.
For the testing distribution (lenny), this problem has been fixed in
version 1.6.8-rc2-3+lenny1.
For the unstable distribution (sid), this problem has been fixed in
version 1.7.5-4.
We recommend that you upgrade your devil package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/d/devil/devil_1.6.7-5+etch1.dsc
Size/MD5 checksum: 784 00a9a200619160d990ed2a2deeb4238d
http://security.debian.org/pool/updates/main/d/devil/devil_1.6.7-5+etch1.diff.gz
Size/MD5 checksum: 8379 414a516d9fef38921dbd538d78adcac0
http://security.debian.org/pool/updates/main/d/devil/devil_1.6.7.orig.tar.gz
Size/MD5 checksum: 3013312 0d0c3842196d85c4e24bedabcd84f626
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_alpha.deb
Size/MD5 checksum: 372974 ee2e6a0b9c8df07f1824762d551e042a
http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_alpha.deb
Size/MD5 checksum: 477468 51486ac6ff1b4cd5e7240f310873a7b4
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_amd64.deb
Size/MD5 checksum: 320946 7a851f7411b600951c6f933008b514c9
http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_amd64.deb
Size/MD5 checksum: 271718 0a202d4d921a1a00a82b3f6f9976e1b6
arm architecture (ARM)
http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_arm.deb
Size/MD5 checksum: 297386 fb284b115a2d299e59facbfa903130aa
http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_arm.deb
Size/MD5 checksum: 264932 39a535af14195508964c9ca1775c3132
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_hppa.deb
Size/MD5 checksum: 410562 e34d8590f7c2e05d6cf02a118c211655
http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_hppa.deb
Size/MD5 checksum: 347448 d21505b2fde524a40ee31f0efa12970a
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_i386.deb
Size/MD5 checksum: 252798 aca0fc8776489aba07f6a6a103fb52f9
http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_i386.deb
Size/MD5 checksum: 286098 1f1bfc9efdd189ea5b430a50ca281cca
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_ia64.deb
Size/MD5 checksum: 481276 ad48301776addd355e4ffa46374c84d7
http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_ia64.deb
Size/MD5 checksum: 552778 bd8f6164f68262a7cce113ca541660ef
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_mips.deb
Size/MD5 checksum: 377338 0ce969cf88ed85d64c03211eb2268794
http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_mips.deb
Size/MD5 checksum: 301428 8c80a1520fe67db9f79ebcb12570bebc
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_mipsel.deb
Size/MD5 checksum: 376332 4c9b8f756eabdd857d9a17d6a74f9b1c
http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_mipsel.deb
Size/MD5 checksum: 302362 ae2dd9e16b1ef239ce1779e16bb89d3e
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_powerpc.deb
Size/MD5 checksum: 368536 e3b1f038afadaffb44ac17a78cb57f15
http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_powerpc.deb
Size/MD5 checksum: 294498 129bc064f6920f5847a539b42e262e2f
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_s390.deb
Size/MD5 checksum: 310166 a4e8bfb5603d45fe62e678ac8b2affb8
http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_s390.deb
Size/MD5 checksum: 290248 fc76306188733c38b307662e3105cc70
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_sparc.deb
Size/MD5 checksum: 276480 1387371202c1c4d72288ba07db4dc20b
http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_sparc.deb
Size/MD5 checksum: 329950 50da6f88bfeec78c9a98173a5e254730
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJioaBU5XKDemr/NIRAsvpAJ44uPpouFwWwBEDTGoOzjJKo2Y2ZACfTbol
QkJNVTQddwN9C3M684KUrLc=
=xIc0
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1718-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
February 08, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : boinc
Vulnerability : incorrect API usage
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-0126
Debian Bug : 511521
It was discovered that the core client for the BOINC distributed
computing infrastructure performs incorrect validation of the return
values of OpenSSL's RSA functions.
For the stable distribution (etch), this problem has been fixed in
version 5.4.11-4+etch1.
For the upcoming stable distribution (lenny), this problem has been
fixed in version 6.2.14-3.
For the unstable distribution (sid), this problem has been fixed in
version 6.2.14-3.
We recommend that you upgrade your boinc packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Stable updates are available for amd64, arm, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/b/boinc/boinc_5.4.11.orig.tar.gz
Size/MD5 checksum: 5561690 268c8f6f19d5def378e7d2fbacc2d4eb
http://security.debian.org/pool/updates/main/b/boinc/boinc_5.4.11-4+etch1.dsc
Size/MD5 checksum: 1174 2d007ac10e6c4033363f8b0978ecfdfa
http://security.debian.org/pool/updates/main/b/boinc/boinc_5.4.11-4+etch1.diff.gz
Size/MD5 checksum: 42159 8bf8d8b4fd9a7bb3963f1af4b3a6f6e0
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/b/boinc/boinc-manager_5.4.11-4+etch1_amd64.deb
Size/MD5 checksum: 742302 510dc201af61610b050bc3380c9d100a
http://security.debian.org/pool/updates/main/b/boinc/boinc-client_5.4.11-4+etch1_amd64.deb
Size/MD5 checksum: 331738 3c03b02467d1295a41e228e887e35c8a
http://security.debian.org/pool/updates/main/b/boinc/boinc-dev_5.4.11-4+etch1_amd64.deb
Size/MD5 checksum: 420030 693edd73e7f6565fcecdd4d4734c9331
arm architecture (ARM)
http://security.debian.org/pool/updates/main/b/boinc/boinc-dev_5.4.11-4+etch1_arm.deb
Size/MD5 checksum: 405796 8eac0ee7ccb30f4cd5db1d98b6d6bad5
http://security.debian.org/pool/updates/main/b/boinc/boinc-client_5.4.11-4+etch1_arm.deb
Size/MD5 checksum: 355172 5624689252e7f4a17ab7ddd7b32c323e
http://security.debian.org/pool/updates/main/b/boinc/boinc-manager_5.4.11-4+etch1_arm.deb
Size/MD5 checksum: 776070 0a548d55f73c61821276aa015f4e69bb
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/b/boinc/boinc-dev_5.4.11-4+etch1_i386.deb
Size/MD5 checksum: 402674 be5f9b3f94890248963a8fdbc9471251
http://security.debian.org/pool/updates/main/b/boinc/boinc-client_5.4.11-4+etch1_i386.deb
Size/MD5 checksum: 340560 935dd3f2c5c51d66dd77c698253458af
http://security.debian.org/pool/updates/main/b/boinc/boinc-manager_5.4.11-4+etch1_i386.deb
Size/MD5 checksum: 747016 7bc3304531f57ac1e667fba68fe16cd0
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/b/boinc/boinc-dev_5.4.11-4+etch1_ia64.deb
Size/MD5 checksum: 552872 9c0053cf650774c12dedb80d6c0918c7
http://security.debian.org/pool/updates/main/b/boinc/boinc-client_5.4.11-4+etch1_ia64.deb
Size/MD5 checksum: 445946 46d0dae4d46304332138ea7ecdcc773e
http://security.debian.org/pool/updates/main/b/boinc/boinc-manager_5.4.11-4+etch1_ia64.deb
Size/MD5 checksum: 827448 adb080334dd148ca08d831a1656d8e52
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/b/boinc/boinc-manager_5.4.11-4+etch1_mips.deb
Size/MD5 checksum: 760244 640cd45d564c8428a9e301723e11bb6d
http://security.debian.org/pool/updates/main/b/boinc/boinc-client_5.4.11-4+etch1_mips.deb
Size/MD5 checksum: 364418 84aa41b3259eebd66f21811ffd693856
http://security.debian.org/pool/updates/main/b/boinc/boinc-dev_5.4.11-4+etch1_mips.deb
Size/MD5 checksum: 453980 3200f312a78a7fb1b179e88b3da12095
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/b/boinc/boinc-client_5.4.11-4+etch1_mipsel.deb
Size/MD5 checksum: 362924 a0b49bd7aa24c8b2c8ea8412413b7f8a
http://security.debian.org/pool/updates/main/b/boinc/boinc-manager_5.4.11-4+etch1_mipsel.deb
Size/MD5 checksum: 752698 cff499021e2c48bbca805f4e5ff74e07
http://security.debian.org/pool/updates/main/b/boinc/boinc-dev_5.4.11-4+etch1_mipsel.deb
Size/MD5 checksum: 452180 88876196db57020ad9cfd8fa0d9fa781
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/b/boinc/boinc-manager_5.4.11-4+etch1_powerpc.deb
Size/MD5 checksum: 746960 53a8fdb3b93f7a01951f646781939499
http://security.debian.org/pool/updates/main/b/boinc/boinc-client_5.4.11-4+etch1_powerpc.deb
Size/MD5 checksum: 357802 88bb6361dc2a34729ef49b1bcfc6f86f
http://security.debian.org/pool/updates/main/b/boinc/boinc-dev_5.4.11-4+etch1_powerpc.deb
Size/MD5 checksum: 436526 ebde4d9b7fa9357250eac6edd058fbf2
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/b/boinc/boinc-dev_5.4.11-4+etch1_s390.deb
Size/MD5 checksum: 405746 f428c0a13fae9d569e8bb4a27d8d2d30
http://security.debian.org/pool/updates/main/b/boinc/boinc-manager_5.4.11-4+etch1_s390.deb
Size/MD5 checksum: 733522 fc578aa93e65eae44b48457411f6eda3
http://security.debian.org/pool/updates/main/b/boinc/boinc-client_5.4.11-4+etch1_s390.deb
Size/MD5 checksum: 340934 f23cc5421e73e3d548b936ac3f20b40f
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/b/boinc/boinc-dev_5.4.11-4+etch1_sparc.deb
Size/MD5 checksum: 424774 773aa13cb3453920cfed95d93d8d7070
http://security.debian.org/pool/updates/main/b/boinc/boinc-client_5.4.11-4+etch1_sparc.deb
Size/MD5 checksum: 339330 082502b633ae3d84aa3b87fdb0dbee40
http://security.debian.org/pool/updates/main/b/boinc/boinc-manager_5.4.11-4+etch1_sparc.deb
Size/MD5 checksum: 775476 5fa72e818fad34c6dda5a6fa6df99f0a
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkmPTrAACgkQXm3vHE4uylrBNwCgkVXF05tMtB72Tr/8ki5aPUxO
6wgAoKKK3m2RkjTUIBbF7LJl7lJMJ9bN
=uZvI
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1719-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
February 10, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : gnutls13
Vulnerability : design flaw
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-4989
Debian Bug : 505360
Martin von Gagern discovered that GNUTLS, an implementation of the
TLS/SSL protocol, handles verification of X.509 certificate chains
incorrectly if a self-signed certificate is configured as a trusted
certificate. This could cause clients to accept forged server
certificates as genuine. (CVE-2008-4989)
In addition, this update tightens the checks for X.509v1 certificates
which causes GNUTLS to reject certain certificate chains it accepted
before. (In certificate chain processing, GNUTLS does not recognize
X.509v1 certificates as valid unless explicitly requested by the
application.)
For the stable distribution (etch), this problem has been fixed in
version 1.4.4-3+etch3.
For the unstable distribution (sid), this problem has been fixed in
version 2.4.2-3 of the gnutls26 package.
We recommend that you upgrade your gnutls13 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch2.dsc
Size/MD5 checksum: 967 97d676fb2a9de5a2706da79baf5fc53f
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch3.diff.gz
Size/MD5 checksum: 20931 d1f9a5483e2ff3b6f799f14cc90e0ba4
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4.orig.tar.gz
Size/MD5 checksum: 4752009 c06ada020e2b69caa51833175d59f8b2
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch2.diff.gz
Size/MD5 checksum: 19550 d362897a57e2bac2f059413ea29540be
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch3.dsc
Size/MD5 checksum: 967 c523874d91b1d19b0a59c6d51ada21e6
Architecture independent packages:
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-doc_1.4.4-3+etch2_all.deb
Size/MD5 checksum: 2315360 2892fedc83604472a40cb9e16b64fad2
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-doc_1.4.4-3+etch3_all.deb
Size/MD5 checksum: 2315508 9fe5532897a55d3f8b2954a7294920e1
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_alpha.deb
Size/MD5 checksum: 328102 19e0618dac4d13a9d284019365ef07f9
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_alpha.deb
Size/MD5 checksum: 547328 0fc6cb94c0a9b65067fc17e0db0e4e7c
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_alpha.deb
Size/MD5 checksum: 523950 a149137fe64abc4b7e33d66e1345b9c0
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_alpha.deb
Size/MD5 checksum: 524034 0d510406095b7f9bf9dd06b74502c94a
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_alpha.deb
Size/MD5 checksum: 327990 8b39649670392f353c183032aab1040b
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_alpha.deb
Size/MD5 checksum: 547418 fd17990e04770d7447e6fd136cb0f726
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_alpha.deb
Size/MD5 checksum: 196336 a2385c40d8118a84442449d7720d4437
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_alpha.deb
Size/MD5 checksum: 196416 9b570f6739f2071ef8e857f897b0fe73
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_amd64.deb
Size/MD5 checksum: 314678 9a2fca4364ab01e77da051e1c637cace
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_amd64.deb
Size/MD5 checksum: 538540 9bad40a6891bacf73ab92d492946439e
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_amd64.deb
Size/MD5 checksum: 183432 04c381e380452347c0b8c866cd32a0d1
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_amd64.deb
Size/MD5 checksum: 314542 bd3466107c5a3e81bae9fc6ce16b3f07
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_amd64.deb
Size/MD5 checksum: 389192 7e1f1ee9b50dbe59303ee92d06d638f9
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_amd64.deb
Size/MD5 checksum: 183526 deb90128a086f94d4213ae8d0ebb2aac
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_amd64.deb
Size/MD5 checksum: 389078 937898ee8ebfbb6c96ec327182aa66c9
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_amd64.deb
Size/MD5 checksum: 538694 30f0f5f5236de80b969ab142003facda
arm architecture (ARM)
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_arm.deb
Size/MD5 checksum: 355130 d314daec4d8653d21f5aa755b133ce44
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_arm.deb
Size/MD5 checksum: 169734 a0760138aa40ef409bebc45f21482fa6
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_arm.deb
Size/MD5 checksum: 283218 86a51ac92283cf4d41f8b80e208d3ea0
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_arm.deb
Size/MD5 checksum: 283146 490e93a8fb47792bab27befcfaba59c4
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_arm.deb
Size/MD5 checksum: 510986 734ae4e95a95858b98a9aadf3df89e27
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_arm.deb
Size/MD5 checksum: 355034 d2fad7c1fa481c311272a033a1632baa
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_arm.deb
Size/MD5 checksum: 511146 020e108874b330b04d28cbf111e1cb3c
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_arm.deb
Size/MD5 checksum: 169790 d7904cea32e23dcd2abe3c8078029f24
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_hppa.deb
Size/MD5 checksum: 435274 a50a1b0396725750c7f9b18f42ed59df
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_hppa.deb
Size/MD5 checksum: 521900 81a5514ae8b882945c9d86260a985075
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_hppa.deb
Size/MD5 checksum: 312696 9b01cc660ec19e94365cfe9485e69504
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_hppa.deb
Size/MD5 checksum: 435428 b9b85897a5fa12e6145e44f1d811faf7
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_hppa.deb
Size/MD5 checksum: 184434 3fe517f3ae76a0bb39ef2112259ee533
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_hppa.deb
Size/MD5 checksum: 312786 7bf4a07c716180831b812024f9dc2bed
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_hppa.deb
Size/MD5 checksum: 521782 ec2e351f911c06d10a906e35e87b17d8
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_hppa.deb
Size/MD5 checksum: 184514 4a4436b484d0809e458fccd777af41a9
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_i386.deb
Size/MD5 checksum: 525932 03fdffd511056bb48f00fd29a7ff0994
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_i386.deb
Size/MD5 checksum: 282696 8e5d7e93c2bcd0e5b1c11b2bb76febc1
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_i386.deb
Size/MD5 checksum: 171836 c7de8edce99f98a92597328a828306f4
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_i386.deb
Size/MD5 checksum: 359008 b2d4fb0470fb4933e9d7f7e4d365fade
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_i386.deb
Size/MD5 checksum: 358910 d3784c1606616b1053afe805e466d351
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_i386.deb
Size/MD5 checksum: 282576 089b077a2856c2eb240d8ec91e34da98
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_i386.deb
Size/MD5 checksum: 525814 236abc7e944de62b1c63ac2752df59d5
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_i386.deb
Size/MD5 checksum: 171916 2c30fca77e49ece3c874923597113e84
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_ia64.deb
Size/MD5 checksum: 229224 a8b557d93ac98d96b69e83a1ab0abe60
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_ia64.deb
Size/MD5 checksum: 550142 eca44ae7ad3a622ae835bad66076bb44
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_ia64.deb
Size/MD5 checksum: 528174 cb2e8a474b0f616ebdb4f7c70884a68b
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_ia64.deb
Size/MD5 checksum: 229130 48c1beb6eec250eb2ef18978cb7002a7
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_ia64.deb
Size/MD5 checksum: 394824 b83e917ffa852e371713c05eed6bb2ea
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_ia64.deb
Size/MD5 checksum: 528024 4911b942fdb28257ce5404e0db59bf8f
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_ia64.deb
Size/MD5 checksum: 550282 bb35e15bed0cd0a002c09c2a33f204e3
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_ia64.deb
Size/MD5 checksum: 394664 83b0fb175ce0a9228ae66a1c2c20087d
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_mips.deb
Size/MD5 checksum: 278098 839af8690670ae34de6ec1c4ecb2a11d
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_mips.deb
Size/MD5 checksum: 417930 09a97882ea70cea64f7ab518f872d0d4
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_mips.deb
Size/MD5 checksum: 181744 14f8d0bcae552215223083475fc102ff
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_mips.deb
Size/MD5 checksum: 277980 176ba4c110568718f5310ebd88c0fad2
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_mips.deb
Size/MD5 checksum: 181844 1063e31ebfce35d017cc2f52f43e7988
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_mips.deb
Size/MD5 checksum: 552678 75998b98481a61f619a59fdcb195e92a
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_mips.deb
Size/MD5 checksum: 418000 6de735e5e2f89169cff80b7c88124d7c
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_mips.deb
Size/MD5 checksum: 552848 e7a3675995e3f76753683bd56559c097
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_mipsel.deb
Size/MD5 checksum: 277818 23b61680ae1ebd6e8352efd69369a54d
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_mipsel.deb
Size/MD5 checksum: 541908 5ce5c90c1938eab0e66df230cb92b99f
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_mipsel.deb
Size/MD5 checksum: 541770 b1a12727513f82602064e9d9d0238d4e
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_mipsel.deb
Size/MD5 checksum: 182774 ebde66ae73e094da31b94a72b4214591
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_mipsel.deb
Size/MD5 checksum: 182702 5bc323ab598389c3e074f28b54d84b84
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_mipsel.deb
Size/MD5 checksum: 277736 582f2204399dfecd750f9f93a3f395d1
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_mipsel.deb
Size/MD5 checksum: 417036 d94700c36580f967644d95de26672633
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_mipsel.deb
Size/MD5 checksum: 417180 6e5c825f8843d10a312a791b7bb7e1cf
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_powerpc.deb
Size/MD5 checksum: 184590 c5a0ea676820713de26aec86ade8c61b
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_powerpc.deb
Size/MD5 checksum: 184672 f8dc6ea415ba64b863f54c83eb948f4d
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_powerpc.deb
Size/MD5 checksum: 388752 c1a798145290881a103431c0e61b89b5
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_powerpc.deb
Size/MD5 checksum: 538638 e78c7fd529dc9b84834d868d6d3abdbf
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_powerpc.deb
Size/MD5 checksum: 288958 78c75eed0f9943eebd81c197381dbf5c
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_powerpc.deb
Size/MD5 checksum: 538788 5435fb5147d931b8386eacc607a23dfc
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_powerpc.deb
Size/MD5 checksum: 288854 73dd971eb95f10766b75938e531b850f
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_powerpc.deb
Size/MD5 checksum: 388886 9b17d971390abcda56a1dae375bb57f8
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_s390.deb
Size/MD5 checksum: 311694 6249eb1de5c7350957867560879ab144
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_s390.deb
Size/MD5 checksum: 184588 6350de7268b17a8698ff11f5054c6e4a
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_s390.deb
Size/MD5 checksum: 537386 f2daa306f4815cfc6e147b89b2c9f836
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_s390.deb
Size/MD5 checksum: 380158 1e7bdd0dd3de68c319a38071814bcf25
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_s390.deb
Size/MD5 checksum: 537530 9c94d38e0969a1a3ade7340623de07c0
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_s390.deb
Size/MD5 checksum: 380300 2761ba52e1fb0b7e8f899b5c24121159
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_s390.deb
Size/MD5 checksum: 311354 7a314e4d02c883e281f4eafe25f04d31
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_s390.deb
Size/MD5 checksum: 184510 05b634e19e7e85d994d5625dda5e6c52
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_sparc.deb
Size/MD5 checksum: 378986 3b732e25a6bcd5c2300af4820553516f
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_sparc.deb
Size/MD5 checksum: 169598 34390667473c6d12097ede5c2c3c3610
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_sparc.deb
Size/MD5 checksum: 271000 1c5024b2fd07ef8c98276afa17fac00b
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_sparc.deb
Size/MD5 checksum: 169682 58c18c588e2e09bb97ace63713a8accf
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_sparc.deb
Size/MD5 checksum: 378848 1d86c8b4356b8be1cb6a31620469bada
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_sparc.deb
Size/MD5 checksum: 491096 672ae9d75e0071ced67518ee05ae3733
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_sparc.deb
Size/MD5 checksum: 271146 74514dfa3c95b1afe4388cc31bc4cba5
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_sparc.deb
Size/MD5 checksum: 491162 0dbc5d0426b64b4abff5acdabb2c42f0
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJJkSYVAAoJEL97/wQC1SS+Nc4H/2TnDuV0VpsjmK/uRsQx99R/
bUkz4ZcTFzMP5VztCE4gNMy0UmVNyk6mtu87L2Md0JnHWPU3xY7+2ZZFZ6DfjUpQ
7GGwl4DN6y3ge2/F2QIMid3iSolJaXQ2lkj/50OelS/MwTTDNQ6Q5W6SFet40SOr
rCRDLQFCW7mgkCPa9v+meXWRy1wuSx6h5UAr6wMIy0Z/20BrQtS+8hyHxOHtxbGQ
FhFMa3n6KySUt9JbJ7QipSBxIqn2oTmaNy4AL3W5dpGY7UEoBxQ/67S2hAnhoTZH
i7ipu3PQMWX+ov1uyIe3EEQmIQpfyHA3EwKujJNIozI88NeuWdJF18AIbuQrodo=
=N+Yn
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1720-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 10th, 2009 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : typo3-src
Vulnerability : several
Problem type : remote
Debian-specific: no
Debian Bug : 514713
Several remote vulnerabilities have been discovered in the TYPO3 web
content management framework.
Marcus Krause and Michael Stucki from the TYPO3 security team
discovered that the jumpUrl mechanism discloses secret hashes enabling
a remote attacker to bypass access control by submitting the correct
value as a URL parameter and thus being able to read the content of
arbitrary files.
Jelmer de Hen and Dmitry Dulepov discovered multiple cross-site
scripting vulnerabilities in the backend user interface allowing
remote attackers to inject arbitrary web script or HTML.
As it is very likely that your encryption key has been exposed we
strongly recommend to change your encyption key via the install tool
after installing the update.
For the stable distribution (etch) these problems have been fixed in
version 4.0.2+debian-8.
For the testing distribution (lenny) these problems have been fixed in
version 4.2.5-1+lenny1.
For the unstable distribution (sid) these problems have been fixed in
version 4.2.6-1.
We recommend that you upgrade your typo3 package.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian-8.dsc
Size/MD5 checksum: 618 8a7ebb8edf133224fc8c552c12b6cb3d
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian-8.diff.gz
Size/MD5 checksum: 24943 588b00a669ba0db62551749d9379a0ce
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian.orig.tar.gz
Size/MD5 checksum: 7683527 be509391b0e4d24278c14100c09dc673
Architecture independent components:
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src-4.0_4.0.2+debian-8_all.deb
Size/MD5 checksum: 7677310 456187cb35360f2f9b35ab54fb8d6db5
http://security.debian.org/pool/updates/main/t/typo3-src/typo3_4.0.2+debian-8_all.deb
Size/MD5 checksum: 77252 87ceec7498d3df3436dc0a663088d2b6
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJkekUW5ql+IAeqTIRAmcrAKC4kFo9JIPMxth84ZxxmMSe5FIGaACgoXkp
6di1jqOPGBzLHH3TPYKca2o=
=kmvS
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1721-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
February 11, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : libpam-krb5
Vulnerability : several
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2009-0360 CVE-2009-0361
Several local vulnerabilities have been discovered in the PAM module
for MIT Kerberos. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2009-0360
Russ Allbery discovered that the Kerberos PAM module parsed
configuration settings from enviromnent variables when run from a
setuid context. This could lead to local privilege escalation if
an attacker points a setuid program using PAM authentication to a
Kerberos setup under her control.
CVE-2009-0361
Derek Chan discovered that the Kerberos PAM module allows
reinitialisation of user credentials when run from a setuid
context, resulting in potential local denial of service by
overwriting the credential cache file or to privilege escalation.
For the stable distribution (etch), these problems have been fixed in
version 2.6-1etch1.
For the upcoming stable distribution (lenny), these problems have been
fixed in version 3.11-4.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your libpam-krb5 package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1.dsc
Size/MD5 checksum: 670 e24d2e134c78f26f571ae691a4dd3209
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6.orig.tar.gz
Size/MD5 checksum: 119752 5742d0fb75ac148b7748387bc295f472
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1.diff.gz
Size/MD5 checksum: 11016 93ab13d570cbb2938e703fef2f06581e
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_alpha.deb
Size/MD5 checksum: 58440 a526c51fb9e6c4193b8591000ff7b632
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_amd64.deb
Size/MD5 checksum: 57502 d8607f991e0da76e191bc2c468c7ed59
arm architecture (ARM)
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_arm.deb
Size/MD5 checksum: 55372 e90de3bd06a9fc12d61866e718896c2e
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_hppa.deb
Size/MD5 checksum: 58952 0774be83acdc3e36ddf9c55bbfc9ee16
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_i386.deb
Size/MD5 checksum: 56726 9d3eb6c5e1954393cde41f73b3824190
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_ia64.deb
Size/MD5 checksum: 62910 874687c0aba8ecbce11bd126ff5c2585
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_mips.deb
Size/MD5 checksum: 56894 0f10eccba6afdc540c23a39728df0bc9
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_mipsel.deb
Size/MD5 checksum: 56886 55d1faffac772a008d46674442f480f9
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_powerpc.deb
Size/MD5 checksum: 58572 66ecfa0eb67c381dc8b2a63a1d7dec44
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_s390.deb
Size/MD5 checksum: 57928 73b6597abb7682378667210bd980a8b2
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_sparc.deb
Size/MD5 checksum: 56390 7896f97c1d3b2daa5e94a195a12a11a6
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkmTO4kACgkQXm3vHE4uylrXlwCfXryID0RL+Pt+F5IrMGYlI6GP
Fy8Anje/tPsQUC5b7E0D0ZY2EzD3n91p
=ACs+
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1722-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
February 11, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : libpam-heimdal
Vulnerability : programming error
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2009-0361
Derek Chan discovered that the PAM module for the Heimdal Kerberos
implementation allows reinitialisation of user credentials when run
from a setuid context, resulting in potential local denial of service
by overwriting the credential cache file or to local privilege
escalation.
For the stable distribution (etch), this problem has been fixed in
version 2.5-1etch1.
For the upcoming stable distribution (lenny), this problem has been
fixed in version 3.10-2.1.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your libpam-heimdal package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/libp/libpam-heimdal/libpam-heimdal_2.5-1etch1.dsc
Size/MD5 checksum: 699 09e39eb1552950761fdcc51babceef11
http://security.debian.org/pool/updates/main/libp/libpam-heimdal/libpam-heimdal_2.5-1etch1.diff.gz
Size/MD5 checksum: 8208 3e178b9617aadc2e030c07fec659330c
http://security.debian.org/pool/updates/main/libp/libpam-heimdal/libpam-heimdal_2.5.orig.tar.gz
Size/MD5 checksum: 117834 a80c66fcf0c48608abfb5ff0c443ab94
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/libp/libpam-heimdal/libpam-heimdal_2.5-1etch1_amd64.deb
Size/MD5 checksum: 38348 a9b7ddbb56515616567b46ead7d48213
arm architecture (ARM)
http://security.debian.org/pool/updates/main/libp/libpam-heimdal/libpam-heimdal_2.5-1etch1_arm.deb
Size/MD5 checksum: 36226 bdfaa1037d3b02494f28d2da628e038f
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/libp/libpam-heimdal/libpam-heimdal_2.5-1etch1_hppa.deb
Size/MD5 checksum: 39432 f721ac5acbaeb33f26c6387ccc4e73da
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/libp/libpam-heimdal/libpam-heimdal_2.5-1etch1_i386.deb
Size/MD5 checksum: 37652 c1b56b35fb35c0d700de6ea53d753a4e
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/libp/libpam-heimdal/libpam-heimdal_2.5-1etch1_ia64.deb
Size/MD5 checksum: 43594 2238be62f72a01bbac329d2b5dc0bbe4
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/libp/libpam-heimdal/libpam-heimdal_2.5-1etch1_mips.deb
Size/MD5 checksum: 37544 80164efa305002d37aeb9c67b1a41f09
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/libp/libpam-heimdal/libpam-heimdal_2.5-1etch1_mipsel.deb
Size/MD5 checksum: 37534 7d911ce54e2e8f078f117984ffbe4b97
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/libp/libpam-heimdal/libpam-heimdal_2.5-1etch1_powerpc.deb
Size/MD5 checksum: 39256 076218cc619f405bb07016ecb2eeaef6
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/libp/libpam-heimdal/libpam-heimdal_2.5-1etch1_s390.deb
Size/MD5 checksum: 38826 be7ee31cad3f876e7f2a343d8cf9f413
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/libp/libpam-heimdal/libpam-heimdal_2.5-1etch1_sparc.deb
Size/MD5 checksum: 37166 bc2d46af607a9acd7978f6973cdc5ecf
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkmTPPMACgkQXm3vHE4uylpNrQCgubliWx2XLOuiece2KpczkcsC
FEwAn1OXJGgjyV3dIyGX6opMEM5nwfrc
=k2FA
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1724-1 security@debian.org
http://www.debian.org/security/ Steffen Joeris
February 13th, 2009 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : moodle
Vulnerability : several vulnerabilities
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2009-0500 CVE-2009-0502 CVE-2008-5153
Debian Bug : 514284
Several vulnerabilities have been discovered in Moodle, an online
course management system. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2009-0500
It was discovered that the information stored in the log tables
was not properly sanitized, which could allow attackers to inject
arbitrary web code.
CVE-2009-0502
It was discovered that certain input via the "Login as" function
was not properly sanitised leading to the injection of arbitrary
web script.
CVE-2008-5153
Dmitry E. Oboukhov discovered that the SpellCheker plugin creates
temporary files insecurely, allowing a denial of service attack.
Since the plugin was unused, it is removed in this update.
For the stable distribution (etch) these problems have been fixed in
version 1.6.3-2+etch2.
For the testing (lenny) distribution these problems have been fixed in
version 1.8.2.dfsg-3+lenny1.
For the unstable (sid) distribution these problems have been fixed in
version 1.8.2.dfsg-4.
We recommend that you upgrade your moodle package.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2.dsc
Size/MD5 checksum: 793 b86fd980d09fc1f54744962d765a17d7
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2.diff.gz
Size/MD5 checksum: 25398 60b9bf677040fbd71e7951deaa8b91d7
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3.orig.tar.gz
Size/MD5 checksum: 7465709 2f9f3fcf83ab0f18c409f3a48e07eae2
Architecture independent components:
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb
Size/MD5 checksum: 6582298 7a90893e954672f33e129aa4d7ca5aa3
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJldoJW5ql+IAeqTIRAqgIAJ0dhSgFQxBDCq0PoSav/LyyCmtaYQCgj+Ln
r8qoVwy7k6F60fJPA1DAKYE=
=GzCu
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1725-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
February 15, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : websvn
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-0240
Debian Bug : 512191
Bas van Schaik discovered that WebSVN, a tool to view Subversion
repositories over the web, did not properly restrict access to private
repositories, allowing a remote attacker to read significant parts of
their content.
The old stable distribution (etch) is not affected by this problem.
For the stable distribution (lenny), this problem has been fixed in
version 2.0-4+lenny1.
For the unstable distribution (sid), this problem has also been fixed in
version 2.0-4+lenny1.
We recommend that you upgrade your websvn package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/w/websvn/websvn_2.0-4+lenny1.diff.gz
Size/MD5 checksum: 21217 fec9c4c9173ac5da1e6866b6afdb37ff
http://security.debian.org/pool/updates/main/w/websvn/websvn_2.0-4+lenny1.dsc
Size/MD5 checksum: 1291 3b2910de66eb35b3650558c2a6b70d74
http://security.debian.org/pool/updates/main/w/websvn/websvn_2.0.orig.tar.gz
Size/MD5 checksum: 172005 047e02c0fa2948fdf98a3e348e3f1530
Architecture independent packages:
http://security.debian.org/pool/updates/main/w/websvn/websvn_2.0-4+lenny1_all.deb
Size/MD5 checksum: 194618 f03bd2f1bf00ee0666368a85faf1a9ef
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJJmDH0AAoJECIIoQCMVaAciZAH/332bnuIAmGcSQAMzkQJGYZJ
echCkVJq4OZeTqWAPLPd7TskYAdP1LlV/nDkEZmivrfkEEa8Vfv9RM5gphYclMZb
6ZU4Wn56hpNfKy725qnuEd+E95uOXwLpX0VBLUwVk0BA64hEVN/c7IQ9DV59y/Rs
TJT3elMf8CgZ44IQhCpiUyD9STI1ZLEhfGjPKRnqpK+uBu+LIHKpnIkuXDhLkmIM
+gbV0vAXP564tHvYCAAreg6CBxl7iJPq59HyOh0fq2Nwh/jsz7gvP9YPy3kdfpib
tguX9Kd3uH84+YufykAGW39DxX5nXITzSNont3pSk4zJyuqH+oJF4naL0YiHs6w=
=GO2G
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1726-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
February 25, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : python-crypto
Vulnerability : buffer overflow
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2009-0544
Mike Wiacek discovered that a buffer overflow in the ARC2 implementation
of Python Crypto, a collection of cryptographic algorithms and protocols
for Python allows denial of service and potentially the execution of
arbitrary code.
For the stable distribution (lenny), this problem has been fixed in
version 2.0.1+dfsg1-2.3+lenny0.
Due to a technical limitation in the Debian archive management scripts
the update for the old stable distribution (etch) cannot be released
synchronously. It will be fixed in version 2.0.1+dfsg1-1.2+etch0 soon.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your python-crypto package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0.diff.gz
Size/MD5 checksum: 10119 1bcc8b9ca25adb5442612ecb08a87773
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1.orig.tar.gz
Size/MD5 checksum: 158593 f81d94a506981c67188f08057d797420
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0.dsc
Size/MD5 checksum: 1294 1f0b48e12f296ba99bfa8da9fa362cb4
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_alpha.deb
Size/MD5 checksum: 627788 631e1ea5e7f73d59ab07c3986434f11f
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_alpha.deb
Size/MD5 checksum: 266176 9c551d2d4a85f90f33ec715df3eeb584
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_amd64.deb
Size/MD5 checksum: 572068 ef452cdbc44fa2dd5565c5a3913cf957
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_amd64.deb
Size/MD5 checksum: 245640 f79d0401a21ebde70268367435462e84
arm architecture (ARM)
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_arm.deb
Size/MD5 checksum: 544928 d354bb116a8346aa92405e288bd323eb
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_arm.deb
Size/MD5 checksum: 235126 55b4ef5994132145f6d17d51076d0351
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_armel.deb
Size/MD5 checksum: 544874 a03c5dbbcb16b8ab554010547806fc3d
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_armel.deb
Size/MD5 checksum: 230526 71356ee6ddb8be712b909aaaea1f5f48
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_i386.deb
Size/MD5 checksum: 520136 d8be00fbefb8abaf7603708852014947
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_i386.deb
Size/MD5 checksum: 225730 3c36d456175771351141a5e5f9494308
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_ia64.deb
Size/MD5 checksum: 339162 e7d63ed452443707c7e482d612bccb65
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_ia64.deb
Size/MD5 checksum: 669298 ee288f0fe63f2f952336f9272732579a
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_mips.deb
Size/MD5 checksum: 227878 51faa12fe32052d6bd9d8f5eb2e5612d
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_mips.deb
Size/MD5 checksum: 545022 7ec73b47a01bd75460a9ea8afbee8892
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_mipsel.deb
Size/MD5 checksum: 226694 c47c31f8091a3759ca032211fd8f606b
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_mipsel.deb
Size/MD5 checksum: 540456 ceea7cce9a95487f7d538854dbfbd0a6
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_powerpc.deb
Size/MD5 checksum: 264798 ea753acccc457266739ed3e4b38dab9c
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_powerpc.deb
Size/MD5 checksum: 674786 0734263a3974af01562d5c2107787eed
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_s390.deb
Size/MD5 checksum: 234282 9ce5e55881a826ccaffc1ffb7bd2e60e
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_s390.deb
Size/MD5 checksum: 541262 6756b41a086e615dd5bdb864e4274dae
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_sparc.deb
Size/MD5 checksum: 230684 37fc20c2e65c3fe273aac05e76a72789
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_sparc.de
Size/MD5 checksum: 510644 486f3ffd9ee9385eae475580be4fba17
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkmlqlwACgkQXm3vHE4uyloAoACfeG2KmsHVYnnX1kfsp1RrCLYR
pfAAoN+869pQnXI68LNdD7sL/hsHDDWM
=TQSU
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1727-1 security@debian.org
http://www.debian.org/security/ Steffen Joeris
February 26th, 2009 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : proftpd-dfsg
Vulnerability : SQL injection vulnerabilites
Problem type : remote
Debian-specific: no
CVE Ids : CVE-2009-0542 CVE-2009-0543
Two SQL injection vulnerabilities have been found in proftpd, a
virtual-hosting FTP daemon. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2009-0542
Shino discovered that proftpd is prone to an SQL injection
vulnerability via the use of certain characters in the username.
CVE-2009-0543
TJ Saunders discovered that proftpd is prone to an SQL injection
vulnerability due to insufficient escaping mechanisms, when
multybite character encodings are used.
For the stable distribution (lenny), these problems have been fixed in
version 1.3.1-17lenny1.
For the oldstable distribution (etch), these problems will be fixed
soon.
For the testing distribution (squeeze), these problems will be fixed
soon.
For the unstable distribution (sid), these problems have been fixed in
version 1.3.2-1.
We recommend that you upgrade your proftpd-dfsg package.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1-17lenny1.dsc
Size/MD5 checksum: 1348 bb4118976a78b6eef4356123b4e322da
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1-17lenny1.diff.gz
Size/MD5 checksum: 102388 7873fdab33c5e044dce721300d496d7e
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1.orig.tar.gz
Size/MD5 checksum: 2662056 da40b14c5b8ec5467505c98b4ee4b7b9
Architecture independent components:
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-doc_1.3.1-17lenny1_all.deb
Size/MD5 checksum: 1256300 f0e73bd54793839c802b3c3ce85bb123
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.1-17lenny1_all.deb
Size/MD5 checksum: 194896 cda6edb78e4a5ab9c8a90cfdaeb19b32
AMD64 architecture:
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny1_amd64.deb
Size/MD5 checksum: 744914 4c09f5af5f825f0c068f3dce4a1c7a84
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny1_amd64.deb
Size/MD5 checksum: 214334 eb8f6f56afda836f85f6d808a6086c6a
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny1_amd64.deb
Size/MD5 checksum: 203878 8d13ce2c0d2c15eec496d3e014aa1ea3
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny1_amd64.deb
Size/MD5 checksum: 203902 ce74fcf7e0f082fcf4454120e984a0c3
ARM architecture:
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny1_arm.deb
Size/MD5 checksum: 696884 cab353aa755852b2c07916f234268e39
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny1_arm.deb
Size/MD5 checksum: 213832 faad0df7dab14fdca108c6370ae3edf0
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny1_arm.deb
Size/MD5 checksum: 203260 3940f22df22db3ce6a3644a22b68e82b
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny1_arm.deb
Size/MD5 checksum: 203448 35f6cb99d5f9886d74a8a1e72df36a2d
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny1_i386.deb
Size/MD5 checksum: 688540 bdcbe2b33ed58bf474824c4639dcfb99
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny1_i386.deb
Size/MD5 checksum: 212208 bcb4bce6c950fe4fd416fcf9e97b79f6
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny1_i386.deb
Size/MD5 checksum: 203074 55e8334da716aeb8efe43803c8f71d00
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny1_i386.deb
Size/MD5 checksum: 203054 189e02b962d043af8bbb0b29ac61e881
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny1_ia64.deb
Size/MD5 checksum: 980498 6129efd03c600138d89d341dfd2b9641
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny1_ia64.deb
Size/MD5 checksum: 221974 3aea4ff6d0dd4729a901a21ddfefe18c
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny1_ia64.deb
Size/MD5 checksum: 207238 2670aca7f909b86c6b567e2a1ac44917
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny1_ia64.deb
Size/MD5 checksum: 207126 9f52b57603c3d47c354edb2c460e0aa1
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny1_mips.deb
Size/MD5 checksum: 691342 6d88d7863198638c168ac1de05d5cb49
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny1_mips.deb
Size/MD5 checksum: 212038 d1e82db5072e2f62f5f84e2daf86f978
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny1_mips.deb
Size/MD5 checksum: 203104 f59921ea889ce268bdf36d54285ae3ed
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny1_mips.deb
Size/MD5 checksum: 203032 89a9deeecb78e593cd2499c6b5bdcff1
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny1_mipsel.deb
Size/MD5 checksum: 688780 041668e9d855af2d5b6c010a783e66bc
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny1_mipsel.deb
Size/MD5 checksum: 211596 b8c5e6fa91a952ecb304610d42b7819d
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny1_mipsel.deb
Size/MD5 checksum: 203172 32c0cd6a98215dc943b35354b999041a
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny1_mipsel.deb
Size/MD5 checksum: 203064 72cad0d3aea5aaef1535294da306f989
PowerPC architecture:
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny1_powerpc.deb
Size/MD5 checksum: 776798 0bdd119672b2ce4a57229f791e4740a5
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny1_powerpc.deb
Size/MD5 checksum: 218006 e3ca91a5e057086a28ee00d698505171
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny1_powerpc.deb
Size/MD5 checksum: 205758 75db9214e07ca88a71371731d3b445d7
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny1_powerpc.deb
Size/MD5 checksum: 205942 c1ae0f701446f8e71b58d51f9cbdd31b
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny1_s390.deb
Size/MD5 checksum: 739296 3297f0d1b3add5d9b34ffddbfb192c0b
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny1_s390.deb
Size/MD5 checksum: 214182 2ee7910d17befa48c491e3303f825d6a
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny1_s390.deb
Size/MD5 checksum: 204150 2c7622b4ba0a1fce7ac5c862be2d7163
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny1_s390.deb
Size/MD5 checksum: 204266 be2aac143d55ad96c1a705712998947c
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny1_sparc.deb
Size/MD5 checksum: 701314 7d15073aba40282034905f0b98537fbf
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny1_sparc.deb
Size/MD5 checksum: 213518 a5ae26d4877378b69350a780d91a20f9
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny1_sparc.deb
Size/MD5 checksum: 203274 ac2e2659e6865eefc9b92be8d74f75b9
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny1_sparc.deb
Size/MD5 checksum: 203550 83e40d59d94f86ddd761f5c93df0e945
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJplHOW5ql+IAeqTIRAtgEAKCzWrcMOwYY3OFt3nyvr8PLU8uFZACgsWRY
d2Eqc9UdqKrHYaKNbRFEkwM=
=Cxa4
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1728-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
February 27, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : dkim-milter
Vulnerability : improper assertion
Problem type : remote
Debian-specific: no
It was discovered that dkim-milter, an implementation of the DomainKeys
Identified Mail protocol, may crash during DKIM verification if it
encounters a specially-crafted or revoked public key record in DNS.
The old stable distribution (etch) does not contain dkim-milter packages.
For the stable distribution (lenny), this problem has been fixed in
version 2.6.0.dfsg-1+lenny1.
For the unstable distribution (sid), this problem has been fixed in
version 2.6.0.dfsg-2.
We recommend that you upgrade your dkim-milter packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/d/dkim-milter/dkim-milter_2.6.0.dfsg-1+lenny1.dsc
Size/MD5 checksum: 1125 c695a2adc00497bd3e531f702fdad6c5
http://security.debian.org/pool/updates/main/d/dkim-milter/dkim-milter_2.6.0.dfsg-1+lenny1.diff.gz
Size/MD5 checksum: 11222 5eeb15993844159a99aa7efad6a4457f
http://security.debian.org/pool/updates/main/d/dkim-milter/dkim-milter_2.6.0.dfsg.orig.tar.gz
Size/MD5 checksum: 554381 a9520ac897c00f100d2b9036f97e925d
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim-dev_2.6.0.dfsg-1+lenny1_alpha.deb
Size/MD5 checksum: 106174 64fd75abaae625b4fe4f5e5e77803137
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim2_2.6.0.dfsg-1+lenny1_alpha.deb
Size/MD5 checksum: 74756 46e35d1d8c3d1cd0cfe1ab7a87a0b1e5
http://security.debian.org/pool/updates/main/d/dkim-milter/dkim-filter_2.6.0.dfsg-1+lenny1_alpha.deb
Size/MD5 checksum: 263692 c150425e62a8c42d22f112c46d340dc2
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/d/dkim-milter/dkim-filter_2.6.0.dfsg-1+lenny1_amd64.deb
Size/MD5 checksum: 259706 5230d1c37c8598a034bb8dc2970e865e
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim2_2.6.0.dfsg-1+lenny1_amd64.deb
Size/MD5 checksum: 74416 b01065c6aed363c50281c2949e39beed
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim-dev_2.6.0.dfsg-1+lenny1_amd64.deb
Size/MD5 checksum: 90920 bef1f1041ef224e20d954212f1d74e89
arm architecture (ARM)
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim-dev_2.6.0.dfsg-1+lenny1_arm.deb
Size/MD5 checksum: 87692 14c39e403fec43a55b69f2e304050e2a
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim2_2.6.0.dfsg-1+lenny1_arm.deb
Size/MD5 checksum: 69962 b4830076fdda43d2a4db796d633db4fe
http://security.debian.org/pool/updates/main/d/dkim-milter/dkim-filter_2.6.0.dfsg-1+lenny1_arm.deb
Size/MD5 checksum: 246112 58cb873f1036c18e460053dbcaa9e76a
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/d/dkim-milter/dkim-filter_2.6.0.dfsg-1+lenny1_armel.deb
Size/MD5 checksum: 245366 ebbb7ddd6a2c8cccab7e099e96413c85
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim2_2.6.0.dfsg-1+lenny1_armel.deb
Size/MD5 checksum: 69040 29891d1857f34bce97b6b0c965020619
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim-dev_2.6.0.dfsg-1+lenny1_armel.deb
Size/MD5 checksum: 88818 0f2504c45da3b1919bc3ef59de880b38
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim-dev_2.6.0.dfsg-1+lenny1_i386.deb
Size/MD5 checksum: 89048 3413f284eb34cc2d74496f707cd9f852
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim2_2.6.0.dfsg-1+lenny1_i386.deb
Size/MD5 checksum: 71414 6b5cceb3b9e42729950197054757264d
http://security.debian.org/pool/updates/main/d/dkim-milter/dkim-filter_2.6.0.dfsg-1+lenny1_i386.deb
Size/MD5 checksum: 248094 7aedd3ad014a4e10294e475230b00080
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim2_2.6.0.dfsg-1+lenny1_ia64.deb
Size/MD5 checksum: 92120 f73c905f2613b8aafabbf5a948429cea
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim-dev_2.6.0.dfsg-1+lenny1_ia64.deb
Size/MD5 checksum: 115088 b4769e6be121b6ae912ad27193b02809
http://security.debian.org/pool/updates/main/d/dkim-milter/dkim-filter_2.6.0.dfsg-1+lenny1_ia64.deb
Size/MD5 checksum: 347570 7b98b7f6cfc281d72393e3f648a26736
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim2_2.6.0.dfsg-1+lenny1_mips.deb
Size/MD5 checksum: 69302 745bb19092981898f9a4bbf92bc7d9db
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim-dev_2.6.0.dfsg-1+lenny1_mips.deb
Size/MD5 checksum: 95356 36f43fb3977aa3ba9e98e1afad32ba77
http://security.debian.org/pool/updates/main/d/dkim-milter/dkim-filter_2.6.0.dfsg-1+lenny1_mips.deb
Size/MD5 checksum: 250860 b0a56dfd1f82c9e6202905aec3f53559
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim2_2.6.0.dfsg-1+lenny1_mipsel.deb
Size/MD5 checksum: 69398 89a04a7c609fa5efe202d10f0326b937
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim-dev_2.6.0.dfsg-1+lenny1_mipsel.deb
Size/MD5 checksum: 95412 c8292e490a07173b953677ecdf61afc8
http://security.debian.org/pool/updates/main/d/dkim-milter/dkim-filter_2.6.0.dfsg-1+lenny1_mipsel.deb
Size/MD5 checksum: 251438 f40ff08f280bb227d9ceaa9b8fb4e2c1
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/d/dkim-milter/dkim-filter_2.6.0.dfsg-1+lenny1_powerpc.deb
Size/MD5 checksum: 260594 4827598e3fae9fe900705474c29b3fda
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim2_2.6.0.dfsg-1+lenny1_powerpc.deb
Size/MD5 checksum: 74160 7919526d3a8c919f183e350c6adee3ed
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim-dev_2.6.0.dfsg-1+lenny1_powerpc.deb
Size/MD5 checksum: 87024 f0123b62e03427c5f70269a627d10cba
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim-dev_2.6.0.dfsg-1+lenny1_s390.deb
Size/MD5 checksum: 91646 8052a658ac6c38ec302a3fe7e8773c4c
http://security.debian.org/pool/updates/main/d/dkim-milter/dkim-filter_2.6.0.dfsg-1+lenny1_s390.deb
Size/MD5 checksum: 260100 2732ddacf46e58303132fe71c0f61cf0
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim2_2.6.0.dfsg-1+lenny1_s390.deb
Size/MD5 checksum: 73834 ec7ca2318b02a2bcd93656b5379dd8b0
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/d/dkim-milter/dkim-filter_2.6.0.dfsg-1+lenny1_sparc.deb
Size/MD5 checksum: 242386 ec1bcb5b3906f99f35968cbceafb98f3
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim2_2.6.0.dfsg-1+lenny1_sparc.deb
Size/MD5 checksum: 70150 d62a1b54ba4645eaf30c2ef3fbf12aac
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim-dev_2.6.0.dfsg-1+lenny1_sparc.deb
Size/MD5 checksum: 90104 7b63548becd10c016eb77dc77eb8ad29
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJJqC39AAoJEL97/wQC1SS+KuUH/3D57UXMbg9aYs5EMg6guw+e
Yzg+M+DBBCcIx0UoC3TtQmUUrVFCcvXzmI1lC10FLAihsvqDbKipGhL0lwPcXRki
5wkDj4izWNCU9NnhPIaC/wcj0zjbW+N+ugbcsHjE4jKTKsjqCEZbV6kxTV4CcraV
BbLyDTwk+q1h4dFDbS9QoGvCikITpeV8IVt50FEt0xfWscLx/a74UqQFbfkmzVMg
5Vs79E4CFld/YBc6fI3FT1MHhhs8PQkdUaiWvRAJOBnlSbi/t2hHsOPsaW/YA0sp
tMBxHziFxLyvVG+oT9nNYrzLOASwRPOER6W4eIkQ52qCtyQp2PSt6myDxT8sVJY=
=MLVN
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1719-2 security@debian.org
http://www.debian.org/security/ Florian Weimer
February 28, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : gnutls13, gnutls26
Vulnerability : design flaw
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-4989
Debian Bug : 505360
Changes in DSA-1719-1 caused GNUTLS to reject X.509v1 certificates as
CA root certificates by default, as originally described in the
documentation. However, it turned out that there is still significant
use of historic X.509v1 CA root certificates, so this constitutes an
unacceptable regression. This update reverses this part of the
changes in DSA-1719-1. Note that the X.509v1 certificate format does
not distinguish between server and CA certificates, which means that
an X.509v1 server certificates is implicitly converted into a CA
certificate when added to the trust store (which was the reason for
the change in DSA-1719-1).
The current stable distribution (lenny) was released with the changes
in DSA-1719-1 already applied, and this update reverses the changes
concerning X.509v1 CA certificates for this distribution, too.
For the old stable distribution (etch), this problem has been fixed in
version 1.4.4-3+etch4.
For the stable distribution (lenny), this problem has been fixed in
version 2.4.2-6+lenny1.
We recommend that you upgrade your GNUTLS packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4.orig.tar.gz
Size/MD5 checksum: 4752009 c06ada020e2b69caa51833175d59f8b2
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch4.diff.gz
Size/MD5 checksum: 21337 fd8b423c5f4a11af2c60eda979df9b00
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch4.dsc
Size/MD5 checksum: 1259 229287edc239349b5014f2d31890912a
Architecture independent packages:
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-doc_1.4.4-3+etch4_all.deb
Size/MD5 checksum: 2305134 4809b5a15fa8554dbf0cc7331ed0128a
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_amd64.deb
Size/MD5 checksum: 389308 c6aa74857be44068f4e0d1f1322e30af
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_amd64.deb
Size/MD5 checksum: 314864 9ea77f3b9e6fb21d899786f0f14d714c
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_amd64.deb
Size/MD5 checksum: 183034 8e1dae14f9ea57b112fe260b1b0d4133
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_amd64.deb
Size/MD5 checksum: 539598 223f5f50236b96400405a7c2ea4af3b9
arm architecture (ARM)
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_arm.deb
Size/MD5 checksum: 353164 9f47a15eb353836c9f02bc7621c8ee2f
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_arm.deb
Size/MD5 checksum: 281742 977162dcbafd9a88bb5715d1295c7cab
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_arm.deb
Size/MD5 checksum: 509214 d64fac5c2a6aeaaf47ae8aa0f99aa841
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_arm.deb
Size/MD5 checksum: 169820 ace0fc294e2f61d61a163ebf6ea98af9
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_i386.deb
Size/MD5 checksum: 525750 944d1f780c8ea773d8d01d1839d0f8cd
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_i386.deb
Size/MD5 checksum: 281910 5b2168a10c343bb48d7ff6b063f90b26
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_i386.deb
Size/MD5 checksum: 173350 5cd3104555a852ed354265c3d4921924
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_i386.deb
Size/MD5 checksum: 359610 8ca01d76b60baa1164782aacfa7f12da
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_ia64.deb
Size/MD5 checksum: 229280 3de3e4fad552e820d9b62b4a161b6807
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_ia64.deb
Size/MD5 checksum: 550354 c66467b0a8ea04ff8695f0f51dc23fa0
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_ia64.deb
Size/MD5 checksum: 394816 c7e52cfc951d1395eafc88d600be8082
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_ia64.deb
Size/MD5 checksum: 528264 0c5a00e683ed44c8e70bd7788fa544f3
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_mips.deb
Size/MD5 checksum: 418556 517105132650631d491e16951f50f4ea
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_mips.deb
Size/MD5 checksum: 182930 1dd9d1855f0a76002afa0283859be901
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_mips.deb
Size/MD5 checksum: 279350 ad784dd6ef0a0225c3cb05a123899109
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_mips.deb
Size/MD5 checksum: 553722 8775869e9a8c161ac775484fb4266412
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_mipsel.deb
Size/MD5 checksum: 277854 c918ae14c6f090db47d8524bb960da86
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_mipsel.deb
Size/MD5 checksum: 182814 2fac3eef97e8d358133428efc41be2a8
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_mipsel.deb
Size/MD5 checksum: 417234 9bf2baa3edb0f726eb712182c76255d8
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_mipsel.deb
Size/MD5 checksum: 542104 c332743916f758cd9ab65ac0d6acf835
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_powerpc.deb
Size/MD5 checksum: 184706 6ab0e02d76e0e399379601cd8017ee5a
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_powerpc.deb
Size/MD5 checksum: 538836 d6c1e636a1cfebfa39013abc8f7de22a
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_powerpc.deb
Size/MD5 checksum: 289006 3a5f173773e21f77e5c361c7c83cad95
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_powerpc.deb
Size/MD5 checksum: 388930 e784341c5933f4bd1e6e6ebd07f6fee4
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_s390.deb
Size/MD5 checksum: 184614 c7587959cdf1216f4bdea48a9a637152
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_s390.deb
Size/MD5 checksum: 311684 f5716c1530abed02d290464f7cada72c
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_s390.deb
Size/MD5 checksum: 537542 4fadf059fb5875cc990de83a79a1b7a3
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_s390.deb
Size/MD5 checksum: 380358 8bc9700e54e895947bc4ee2b399dfee3
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_sparc.deb
Size/MD5 checksum: 491496 e24ea4ca4cbc14f35791523c4f955932
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_sparc.deb
Size/MD5 checksum: 169438 c872e4a810ab75450b90c79e3ea7fe3f
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_sparc.deb
Size/MD5 checksum: 271296 7fe33d25598be79b4bd58d5ea5e0258f
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_sparc.deb
Size/MD5 checksum: 380138 10c4452d13237bda8e15c5ee5be878c6
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls26_2.4.2-6+lenny1.diff.gz
Size/MD5 checksum: 20298 e6bb02c6522cf6b6842e0b38c633a087
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls26_2.4.2-6+lenny1.dsc
Size/MD5 checksum: 1904 3410a16fe6f7dcce25f1c55946357dc6
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls26_2.4.2.orig.tar.gz
Size/MD5 checksum: 5984345 8fea7c57f4badcafcd31eb0f981f169a
Architecture independent packages:
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-doc_2.4.2-6+lenny1_all.deb
Size/MD5 checksum: 2751582 9c920495e79d03f377d96ed94915a378
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_alpha.deb
Size/MD5 checksum: 746956 6ba68bc991abcd886314ca52fb301f0d
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_alpha.deb
Size/MD5 checksum: 516830 6db84226b03e84bdd6e143b9c372f6ff
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_alpha.deb
Size/MD5 checksum: 301862 13e22f528ab7a5f196111d187889e8d7
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_alpha.deb
Size/MD5 checksum: 1141862 fc33865426c76c54994c076aa4dc55ec
http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_alpha.deb
Size/MD5 checksum: 217774 aa5c315542532f504fa0f40e6756d3ee
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_amd64.deb
Size/MD5 checksum: 285624 48f7e580aed0f99e92eeee384c97cc21
http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_amd64.deb
Size/MD5 checksum: 215802 2ed45e368aabeb938f90fee4b3cf4668
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_amd64.deb
Size/MD5 checksum: 1136770 db82f80deb858958e98ff3fd1422dd2c
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_amd64.deb
Size/MD5 checksum: 586148 c95ef6b6b2af28fc7a8bfebe60703092
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_amd64.deb
Size/MD5 checksum: 505908 e560d1c33d60f9b8c9748d6f70a2ccbc
arm architecture (ARM)
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_arm.deb
Size/MD5 checksum: 527790 87252e8649cdf5f317a3ac193c68c70d
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_arm.deb
Size/MD5 checksum: 269682 250998601126d1a5ae82be7db086a0f7
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_arm.deb
Size/MD5 checksum: 1070766 59d90bba4d2287794ed753021ecbbf02
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_arm.deb
Size/MD5 checksum: 445782 e31938233bab678b943a3f4c2dd1ea56
http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_arm.deb
Size/MD5 checksum: 206486 4b388bbcc3c79008786c8aac9c387376
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_armel.deb
Size/MD5 checksum: 206812 1f067f477dd0408255ee75810107c8c0
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_armel.deb
Size/MD5 checksum: 452356 908efc56e9b571d0f2ba965566924064
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_armel.deb
Size/MD5 checksum: 1076694 25ddb450f16240a9ef522b9cf8e0b176
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_armel.deb
Size/MD5 checksum: 530178 e314774bf8163d3ab38693798eba8718
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_armel.deb
Size/MD5 checksum: 271192 6fe14120a5ecf84cce73420a58306f3f
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_i386.deb
Size/MD5 checksum: 1093972 e84fc62e663d53231d7238b97a75cb2e
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_i386.deb
Size/MD5 checksum: 538250 f68cc41f9e9b90901a5e8e73ae83de68
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_i386.deb
Size/MD5 checksum: 457306 2b4ce30e59d0d9f0924ca5952cd03035
http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_i386.deb
Size/MD5 checksum: 211152 87efd0f0aec95b071881f3e3540c3afa
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_i386.deb
Size/MD5 checksum: 270274 61bad9c03e790afb18e4a938cbe2446f
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_ia64.deb
Size/MD5 checksum: 782620 95712b24bb1114caa021729297664601
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_ia64.deb
Size/MD5 checksum: 933118 ba4cf6d4ccbb1701f30f3a875a77615a
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_ia64.deb
Size/MD5 checksum: 341822 553a30423b78eb84b76168e825b13bea
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_ia64.deb
Size/MD5 checksum: 607420 29f719a5c0fee969d968753bdd17d92d
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_mips.deb
Size/MD5 checksum: 450090 9e8b0b237b372fb9564367513b5f6ffb
http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_mips.deb
Size/MD5 checksum: 204034 9bb1b622aa462a4db4e2f1472a507bd0
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_mips.deb
Size/MD5 checksum: 611794 1d9e8fec47f7a68b64d57c4d67a8dfa9
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_mips.deb
Size/MD5 checksum: 1155814 6dd48f5c93110588df75719fe1da4d99
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_mips.deb
Size/MD5 checksum: 277060 ed80ff11b8463272c89d70efa295b8bb
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_mipsel.deb
Size/MD5 checksum: 276744 b6b3ccdfa730e35c4feda7a0787ece43
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_mipsel.deb
Size/MD5 checksum: 1134448 4a3265f360fafa7454e5377091efff7d
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_mipsel.deb
Size/MD5 checksum: 608204 255d5a1d3e84c596ba4f5cf9debfb8a6
http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_mipsel.deb
Size/MD5 checksum: 203572 c06441ed377c6e1c4baf8c73bdfc4baf
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_mipsel.deb
Size/MD5 checksum: 447520 dd41ed0007cb4e3385746f0e289532a4
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_powerpc.deb
Size/MD5 checksum: 487814 01f1da9942a0e77ac35d39566a22771a
http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_powerpc.deb
Size/MD5 checksum: 218270 62e9e476659217bb4028bd9a87b19047
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_powerpc.deb
Size/MD5 checksum: 1134278 4f8242f3dae43f6f9211857739775b01
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_powerpc.deb
Size/MD5 checksum: 305018 b91fd4b4f92b83f70c9e7d6c578d3353
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_powerpc.deb
Size/MD5 checksum: 578388 ccb884fa2239186f1e71f6dc07c409fc
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_s390.deb
Size/MD5 checksum: 566204 e62bf4f8d31b18a1b8c8342e19bc3ad2
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_s390.deb
Size/MD5 checksum: 289806 e51ed7c4ff9f68882f4a15fcdca96071
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_s390.deb
Size/MD5 checksum: 1130046 a1ac3b9c196f7e75bc289a3b22f493d2
http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_s390.deb
Size/MD5 checksum: 216206 1ce8f67ca2b9f739394f10724f420923
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_s390.deb
Size/MD5 checksum: 495762 5455f27aaaeba4f915c926a30cab67b7
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_sparc.deb
Size/MD5 checksum: 275976 36ce4af3d5cc465dbde5f5a2aae79412
http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_sparc.deb
Size/MD5 checksum: 209024 fa624b91e2aaace19fd3e8811c58db93
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_sparc.deb
Size/MD5 checksum: 555742 73d68d4ca103be6606211447453d7c1f
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_sparc.deb
Size/MD5 checksum: 437112 afcefdffc5735c5e3c7560e18b0cf993
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_sparc.deb
Size/MD5 checksum: 1021176 0736c346230146549d5871a4572bec13
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJJqSNZAAoJEL97/wQC1SS+tmYIAIuUDIUysM8BoxgRHnictnQP
uK8PJi5Az2Sz5PqBwXziLna2Z+TjknoqtLrSUX6M3sLR5m5Rfslj+N+PT/zTyFnE
94HESrVwFJFhxZQ9cVr/8aZUMoOZE7F8i05SrBXuU9LFgp58HfwyXozAIRSGrYjc
1rXKlJ5tmb6mF9ljq36g8Z4DWwPRNRpXB69lz4inzITfpBqBb4W9PGr2PrCoX33t
2jAJT3wcCl+6SfARrH79e+clnU2OIk8U4U5zBn5vosuQWY+JDuh6XiXXSUNpxOSH
aMxgkRi00uYbX95B3i/QggqrYR3tzPkPuVYioWDT0tPCUP/SrWz79Z5hpQZI6yM=
=JLzS
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1729-1 security@debian.org
http://www.debian.org/security/ Noah Meyerhans
March 02, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : gst-plugins-bad0.10
Vulnerability : several vulnerabilities
Problem type : local (remote)
Debian-specific: no
CVE Id : CVE-2009-0386 CVE-2009-0387 CVE-2009-0397
Several vulnerabilities have been found in gst-plugins-bad0.10, a
collection of various GStreamer plugins. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2009-0386
Tobias Klein discovered a buffer overflow in the quicktime stream
demuxer (qtdemux), which could potentially lead to the execution of
arbitrary code via crafted .mov files.
CVE-2009-0387
Tobias Klein discovered an array index error in the quicktime stream
demuxer (qtdemux), which could potentially lead to the execution of
arbitrary code via crafted .mov files.
CVE-2009-0397
Tobias Klein discovered a buffer overflow in the quicktime stream
demuxer (qtdemux) similar to the issue reported in CVE-2009-0386, which
could also lead to the execution of arbitrary code via crafted .mov
files.
For the stable distribution (lenny), these problems have been fixed in
version 0.10.8-4.1~lenny1 of gst-plugins-good0.10, since the affected
plugin has been moved there. The fix was already included in the lenny
release.
For the oldstable distribution (etch), these problems have been fixed in
version 0.10.3-3.1+etch1.
For the unstable distribution (sid) and the testing distribution
(squeeze), these problems have been fixed in version 0.10.8-4.1 of
gst-plugins-good0.10.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gst-plugins-bad0.10_0.10.3-3.1+etch1.dsc
Size/MD5 checksum: 819 3a44313023fb5a930247b5b981e700ae
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gst-plugins-bad0.10_0.10.3.orig.tar.gz
Size/MD5 checksum: 1377759 6d09962ac9ae6218932578ccc623407f
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gst-plugins-bad0.10_0.10.3-3.1+etch1.diff.gz
Size/MD5 checksum: 9477 74cfd15f0e32f3b56509e648953fdec8
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_alpha.deb
Size/MD5 checksum: 733630 5a57a10505b41e4c28bc4e0642f8650a
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_amd64.deb
Size/MD5 checksum: 549878 cd0413ebf02e178ea27c5c8d16ad95fa
arm architecture (ARM)
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_arm.deb
Size/MD5 checksum: 561194 a0724a6cab918a8da823d7bf46443ef1
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_i386.deb
Size/MD5 checksum: 552386 5925c3bdbbb3d1f498653ca201112ca0
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_ia64.deb
Size/MD5 checksum: 832140 365297044bf80b32378e97fa3657f201
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_mips.deb
Size/MD5 checksum: 619356 053cceaa42b6c38dc1cc1d64a8d3e7bd
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_mipsel.deb
Size/MD5 checksum: 600068 09cf53d117f6c449664d96bba3e3fc9a
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_powerpc.deb
Size/MD5 checksum: 600966 6a0e5ed57d4da5875040be8cc96345f5
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_s390.deb
Size/MD5 checksum: 580644 1bdfe57a99a1b2398fe163421d97cc9d
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_sparc.deb
Size/MD5 checksum: 576270 cbe44fa23352da55f24506ee60262bfd
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJrELUYrVLjBFATsMRAs/rAJ4u0ozLEF8iFBt+NiFnDso2uyhZiACfTiIR
hLpLh3he1Zg+z0gNSTR7Y+k=
=FhiP
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1730-1 security@debian.org
http://www.debian.org/security/ Steffen Joeris
March 02, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : proftpd-dfsg
Vulnerability : SQL injection vulnerabilites
Problem type : remote
Debian-specific: no
CVE Id : CVE-2009-0542 CVE-2009-0543
The security update for proftpd-dfsg in DSA-1727-1 caused a regression
with the postgresql backend. This update corrects the flaw. Also it was
discovered that the oldstable distribution (etch) is not affected by the
security issues. For reference the original advisory follows.
Two SQL injection vulnerabilities have been found in proftpd, a
virtual-hosting FTP daemon. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2009-0542
Shino discovered that proftpd is prone to an SQL injection vulnerability
via the use of certain characters in the username.
CVE-2009-0543
TJ Saunders discovered that proftpd is prone to an SQL injection
vulnerability due to insufficient escaping mechanisms, when multybite
character encodings are used.
For the stable distribution (lenny), these problems have been fixed in
version 1.3.1-17lenny2.
The oldstable distribution (etch) is not affected by these problems.
For the unstable distribution (sid), these problems have been fixed in
version 1.3.2-1.
For the testing distribution (squeeze), these problems will be fixed
soon.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1-17lenny2.dsc
Size/MD5 checksum: 1348 999a90bce53bdbedb466c330f53930b3
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1-17lenny2.diff.gz
Size/MD5 checksum: 102454 7aef5be0467c618268e6855853cc6ede
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1.orig.tar.gz
Size/MD5 checksum: 2662056 da40b14c5b8ec5467505c98b4ee4b7b9
Architecture independent packages:
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.1-17lenny2_all.deb
Size/MD5 checksum: 194944 c8ff69e853fa9f2d99ac2f2ec6ef1931
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-doc_1.3.1-17lenny2_all.deb
Size/MD5 checksum: 1256374 246af0eb2708ed8a95a4b09e6c12eeb6
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_alpha.deb
Size/MD5 checksum: 204606 e7684fb8cea0eab2e70768e649cabfda
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_alpha.deb
Size/MD5 checksum: 204494 0a8af70dbca35c00922dd74ac157950e
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_alpha.deb
Size/MD5 checksum: 783174 412ec178e00e2c81b5ac03c011289cb9
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_alpha.deb
Size/MD5 checksum: 215212 8ed3a97fd48134c095155b80280944f4
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_amd64.deb
Size/MD5 checksum: 744994 088cc61e58bfe5cb69d1a289a01583c9
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_amd64.deb
Size/MD5 checksum: 214394 2f91032b7ed9ac63bd185e44fbd9f9fc
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_amd64.deb
Size/MD5 checksum: 203948 93a20998ec01d0146896715fff2eef4b
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_amd64.deb
Size/MD5 checksum: 203960 2432cb98472f84d422af51b1e73f162f
arm architecture (ARM)
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_arm.deb
Size/MD5 checksum: 203054 82374f3091fde19ef25a05c6e84875f3
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_arm.deb
Size/MD5 checksum: 699514 2780b586246090d45c89018a7c55405a
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_arm.deb
Size/MD5 checksum: 203210 4a03125743c3a1648d19063f4f2da049
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_arm.deb
Size/MD5 checksum: 213892 57cd6dd74cc84056983c6bd33b570336
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_armel.deb
Size/MD5 checksum: 708946 be11be15d30a2006e1dc48e66729df5c
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_armel.deb
Size/MD5 checksum: 213904 e90774a0f2b1872c1d263e767098395d
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_armel.deb
Size/MD5 checksum: 203448 60fb5e55dac79485ac647428b6352e25
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_armel.deb
Size/MD5 checksum: 203348 c374bc03f28fd0c28f4fcc2873044f9f
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_i386.deb
Size/MD5 checksum: 688594 4cd06204ef629266c1c8155947a6b6a2
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_i386.deb
Size/MD5 checksum: 212258 bafaa0315c5b5297b88b60b8616aac60
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_i386.deb
Size/MD5 checksum: 203120 a227e785663434eae3dab1009a0bc62f
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_i386.deb
Size/MD5 checksum: 203068 48b8a2dd5dff88c7efc712d10194378b
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_ia64.deb
Size/MD5 checksum: 207290 590a5a7e19eaf9894a7e4ca7daca5b14
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_ia64.deb
Size/MD5 checksum: 207130 03ca7f3af176a288f34629e858a2ca95
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_ia64.deb
Size/MD5 checksum: 980558 0ef2425118c7512e57b1cdb71244cef8
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_ia64.deb
Size/MD5 checksum: 222020 5a7e799ae7a49dc9d90835eb31da6aae
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_mips.deb
Size/MD5 checksum: 203074 79d45e3f03cb02da954c88cdc02d814d
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_mips.deb
Size/MD5 checksum: 203200 293e8ae86efc6db5974ea918c97e15d5
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_mips.deb
Size/MD5 checksum: 211744 392471183f511b5af897ba94ee288c15
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_mips.deb
Size/MD5 checksum: 688174 67dba7a05c79d64237dc9613556024b1
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_mipsel.deb
Size/MD5 checksum: 203088 7fe0c3ca99c6a09d0c23132e5079c0ed
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_mipsel.deb
Size/MD5 checksum: 203232 1686c31ecbc317e5ad06fd82c2561764
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_mipsel.deb
Size/MD5 checksum: 688842 dace55dd469da8536ad0bd59bbc2be4b
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_mipsel.deb
Size/MD5 checksum: 211658 6851634f6d477e86639c1251fd099fd7
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_powerpc.deb
Size/MD5 checksum: 218060 2ed41953d64c3cc937a2b0536f7c2399
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_powerpc.deb
Size/MD5 checksum: 205960 fc56a5d5bb506410f01096a97097cdf4
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_powerpc.deb
Size/MD5 checksum: 205814 ecc3ac792892e290cf9e3ffd6d28fc90
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_powerpc.deb
Size/MD5 checksum: 776858 79a93a35a4ef2f141598ffa73811f57c
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_s390.deb
Size/MD5 checksum: 204214 7106c2dafe368d8433a4a3ff239e8039
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_s390.deb
Size/MD5 checksum: 204292 2b3489d42a909772a8a2185bb8d60e1c
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_s390.deb
Size/MD5 checksum: 214240 5822e4fb227da29983f2cabd119a7e9a
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_s390.deb
Size/MD5 checksum: 739348 87004df746c69fe18a73544977dbd36a
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJrEdGYrVLjBFATsMRAmFWAJ0RHS6vv9UfhoX300gl4dZK/AwjDwCfSrzU
O78qmS5B51smaHAXMOT/Mdc=
=t+Ak
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1731-1 security@debian.org
http://www.debian.org/security/ Steffen Joeris
March 02, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : ndiswrapper
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE Id : CVE-2008-4395
Debian Bugs : 504696
Anders Kaseorg discovered that ndiswrapper suffers from buffer overflows
via specially crafted wireless network traffic, due to incorrectly
handling long ESSIDs. This could lead to the execution of arbitrary
code.
For the oldstable distribution (etch), this problem has been fixed in
version 1.28-1+etch1.
For the stable distribution (lenny), this problem has been fixed in
version 1.53-2, which was already included in the lenny release.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 1.53-2.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper_1.28-1+etch1.diff.gz
Size/MD5 checksum: 8480 5f89b53c0adefd6c3a894ea0f35f8d25
http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper_1.28.orig.tar.gz
Size/MD5 checksum: 187576 c7655d7e85df7d724be4c0ae973d957e
http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper_1.28-1+etch1.dsc
Size/MD5 checksum: 723 b38be610377feff2433069addb88bb7b
Architecture independent packages:
http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper-common_1.28-1+etch1_all.deb
Size/MD5 checksum: 16556 335ac5bfd0898d13d2467005a68b1a03
http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper-source_1.28-1+etch1_all.deb
Size/MD5 checksum: 150532 7a09fe7069f263df9c659f519a5e5a2e
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper-utils-1.9_1.28-1+etch1_amd64.deb
Size/MD5 checksum: 30402 3316cdad5626350a07a09830b29cb55a
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper-utils-1.9_1.28-1+etch1_i386.deb
Size/MD5 checksum: 30414 464e12e2751d26e6e0d810d608fde8d9
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJrErsYrVLjBFATsMRAv/DAJ4tYKYJmdtVdhtORaWR7pzwXnN7DQCghNfd
W7LFAgF1YopnDi6HGmeMBBM=
=CEvb
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1732 security@debian.org
http://www.debian.org/security/ Steffen Joeris
March 03, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : squid3
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-0478
Joshua Morin, Mikko Varpiola and Jukka Taimisto discovered an assertion
error in squid3, a full featured Web Proxy cache, which could lead to
a denial of service attack.
For the stable distribution (lenny), this problem has been fixed in
version 3.0.STABLE8-3, which was already included in the lenny release.
For the oldstable distribution (etch), this problem has been fixed in
version 3.0.PRE5-5+etch1.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 3.0.STABLE8-3.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5.orig.tar.gz
Size/MD5 checksum: 3061614 35cc83c17afb17c4718ffc8d0d71bcae
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1.diff.gz
Size/MD5 checksum: 13354 4993554616685c3596d9f96eb12d53c1
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1.dsc
Size/MD5 checksum: 735 98fac484b56ec7ee5f69ad6336656e28
Architecture independent packages:
http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3.0.PRE5-5+etch1_all.deb
Size/MD5 checksum: 248732 2b26e7e28cefe82d5c7a94d7cdb73c74
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch1_alpha.deb
Size/MD5 checksum: 66928 73ba707ff043dabf778d8839591ff00c
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1_alpha.deb
Size/MD5 checksum: 887986 246a0992ee6867cba9b5bd90ae3bb167
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch1_alpha.deb
Size/MD5 checksum: 71404 11af955fd5604bd2595fcce41e6d4632
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch1_amd64.deb
Size/MD5 checksum: 64534 3bb28edd86a31e8fdfb37551631f3da8
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch1_amd64.deb
Size/MD5 checksum: 68328 798fa101699710b329935a78bf0cd0ea
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1_amd64.deb
Size/MD5 checksum: 792302 78aa4fae02843d22ee8784e5f1ee87cb
arm architecture (ARM)
http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch1_arm.deb
Size/MD5 checksum: 63484 d6f2107d20788bf7dd07abb9b206172c
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1_arm.deb
Size/MD5 checksum: 769738 10d6ac7123424be28690c2030cbf5eb7
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch1_arm.deb
Size/MD5 checksum: 67272 2fdd845095b8fa0cb3d9574e5fdb4bcd
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch1_hppa.deb
Size/MD5 checksum: 69974 604c4c10f65c185b89d1cff91136a32e
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1_hppa.deb
Size/MD5 checksum: 929058 a90594d57f20ea12d7f1cd05fab538a4
http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch1_hppa.deb
Size/MD5 checksum: 66514 961004e071bff449058b1fcbbf11910c
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch1_i386.deb
Size/MD5 checksum: 64442 8f93ed7979e6346f09240bda0f8397fb
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1_i386.deb
Size/MD5 checksum: 743098 85d673af4e6a9451acca3e519a057727
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch1_i386.deb
Size/MD5 checksum: 68450 b4b71002a819ed312b5049f52f6b26af
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1_ia64.deb
Size/MD5 checksum: 1185186 d0a0f2f96cdcaa68f64fb712e60e388a
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch1_ia64.deb
Size/MD5 checksum: 76120 59e1000682f659bd8c279cdbb03aabbe
http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch1_ia64.deb
Size/MD5 checksum: 70344 70082e6f0d055c6fbc5bb659d291a59c
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch1_mipsel.deb
Size/MD5 checksum: 70014 2776662dce0de56454d4e19525c616fa
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1_mipsel.deb
Size/MD5 checksum: 911840 16122bd2616f77ac6019dc142fe64157
http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch1_mipsel.deb
Size/MD5 checksum: 66332 1e67fe985396c482e963876626975523
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch1_powerpc.deb
Size/MD5 checksum: 69072 311a6d89f5e29f14319fde9d7aee364c
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1_powerpc.deb
Size/MD5 checksum: 819050 28e74d4371d39fa553c1ecacb282c7a3
http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch1_powerpc.deb
Size/MD5 checksum: 64818 35cbc5e8ebd78dc0294750d2e2d32d7a
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1_s390.deb
Size/MD5 checksum: 787254 1303b619f1b56d7908fea5308c88669c
http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch1_s390.deb
Size/MD5 checksum: 65164 cc13b2a7b237ff84219a65760a8cca95
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch1_s390.deb
Size/MD5 checksum: 69104 de5334329dbad3f151a6322b9ec6d2d0
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJrOarU5XKDemr/NIRAruiAJ4n/G69QyOXkYcxSXzgKuJtexgf1QCgwiKe
JqUm+FjVX2eyDn2e0zcSJdE=
=1HUa
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1733 security@debian.org
http://www.debian.org/security/ Steffen Joeris
March 03, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : vim
Vulnerability : several vulnerabilities
Problem type : local (remote)
Debian-specific: no
CVE Ids : CVE-2008-2712 CVE-2008-3074 CVE-2008-3075 CVE-2008-3076
CVE-2008-4104
Debian Bugs : 486502 506919
Several vulnerabilities have been found in vim, an enhanced vi editor.
The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2008-2712
Jan Minar discovered that vim did not properly sanitise inputs
before invoking the execute or system functions inside vim
scripts. This could lead to the execution of arbitrary code.
CVE-2008-3074
Jan Minar discovered that the tar plugin of vim did not properly
sanitise the filenames in the tar archive or the name of the
archive file itself, making it prone to arbitrary code execution.
CVE-2008-3075
Jan Minar discovered that the zip plugin of vim did not properly
sanitise the filenames in the zip archive or the name of the
archive file itself, making it prone to arbitrary code execution.
CVE-2008-3076
Jan Minar discovered that the netrw plugin of vim did not properly
sanitise the filenames or directory names it is given. This could
lead to the execution of arbitrary code.
CVE-2008-4101
Ben Schmidt discovered that vim did not properly escape characters
when performing keyword or tag lookups. This could lead to the
execution of arbitrary code.
For the stable distribution (lenny), these problems have been fixed in
version 1:7.1.314-3+lenny1, which was already included in the lenny
release.
For the oldstable distribution (etch), these problems have been fixed in
version 1:7.0-122+1etch4.
For the testing distribution (squeeze), these problems have been fixed
in version 1:7.1.314-3+lenny1.
For the unstable distribution (sid), these problems have been fixed in
version 2:7.2.010-1.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/v/vim/vim_7.0.orig.tar.gz
Size/MD5 checksum: 8457888 9ba05680b0719462f653e82720599f32
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5.diff.gz
Size/MD5 checksum: 309257 3fb68c04086cf384e9a0be519a0faa6d
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5.dsc
Size/MD5 checksum: 1445 f49da047b6b5836abfe2d7d93d30d11d
Architecture independent packages:
http://security.debian.org/pool/updates/main/v/vim/vim-gui-common_7.0-122+1etch5_all.deb
Size/MD5 checksum: 166080 77259d158e96c1406dba1f1b4b47a2d2
http://security.debian.org/pool/updates/main/v/vim/vim-runtime_7.0-122+1etch5_all.deb
Size/MD5 checksum: 6436142 3e7fee588474fbc9ad1110ae78cdffb5
http://security.debian.org/pool/updates/main/v/vim/vim-doc_7.0-122+1etch5_all.deb
Size/MD5 checksum: 2048224 d5005e3efc24d3d7bd3d6a9c7b01cc42
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_alpha.deb
Size/MD5 checksum: 1072856 8193230db603c1254188fc2013288c55
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_alpha.deb
Size/MD5 checksum: 1158448 6ceb30fd5932d2945b962dee13d4f4cf
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_alpha.deb
Size/MD5 checksum: 925404 23d8b9608aaf47fe3a651aedd3b3c3ce
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_alpha.deb
Size/MD5 checksum: 205362 0c7fb486c98a609ac9185c2a794c4ef8
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_alpha.deb
Size/MD5 checksum: 1065236 90a42e55852d6450cbd79b10a2dd9582
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_alpha.deb
Size/MD5 checksum: 1080626 973d5e77cf259e3025fb73d9e5734e51
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_alpha.deb
Size/MD5 checksum: 1124104 59ef34ed09e3f8e1d2d01c7a419dd15f
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_alpha.deb
Size/MD5 checksum: 681132 4dd97b0d70f400ce31e75a7c005103fc
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_alpha.deb
Size/MD5 checksum: 1069628 9a8757df139e529a7f04edaa015c0db4
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_alpha.deb
Size/MD5 checksum: 1118000 5553bc93d68daa7010bd2b439603a805
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_alpha.deb
Size/MD5 checksum: 1129778 7c68287a63f92c85bbe7c451e0cd79db
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_amd64.deb
Size/MD5 checksum: 970296 adb9326145046a8517f29430d9185356
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_amd64.deb
Size/MD5 checksum: 1024798 474fc78e7e8d1baefbfbbb3b803c4593
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_amd64.deb
Size/MD5 checksum: 615478 70ac9e55bb99b0e1b5d22f105e099ce0
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_amd64.deb
Size/MD5 checksum: 1019868 97ecb9505f3497309aeff9c821da7451
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_amd64.deb
Size/MD5 checksum: 1029122 0b446946ede11c6bd0acca6c701f7043
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_amd64.deb
Size/MD5 checksum: 961786 6d0d2f78b0111b1b996fabec5b697230
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_amd64.deb
Size/MD5 checksum: 835050 3cfcc7270baad54009293a3aacb1587a
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_amd64.deb
Size/MD5 checksum: 972692 71f4f5e25b0962058740ba4d718b7ee0
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_amd64.deb
Size/MD5 checksum: 203924 5c46591877f80de331011eb2fc8922e2
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_amd64.deb
Size/MD5 checksum: 1055448 750e596ed6bf61bd0c369834577d0760
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_amd64.deb
Size/MD5 checksum: 977848 70898b3a8793165593e2279df412847d
arm architecture (ARM)
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_arm.deb
Size/MD5 checksum: 880468 e49632c4a2368c7caf5321e1d501f5d2
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_arm.deb
Size/MD5 checksum: 959492 8f06863583aa9d8de9e0bae69bdb22ec
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_arm.deb
Size/MD5 checksum: 194216 9f1a19f592d16ee5984e70309fd3046e
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_arm.deb
Size/MD5 checksum: 936934 a32d6e6c4c655469db40537d5e67ed46
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_arm.deb
Size/MD5 checksum: 925570 7ec6e1bd4de8d545fdd452b630ef4200
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_arm.deb
Size/MD5 checksum: 875960 d40a82f95a046771e12158c715394b44
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_arm.deb
Size/MD5 checksum: 548658 b65534d4f507d17343338b209fb4a7ef
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_arm.deb
Size/MD5 checksum: 930386 db9786b5c368e0f7d0c85137720ac265
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_arm.deb
Size/MD5 checksum: 885960 f0a44d7da770bc2c28dd18ac48fcc5f0
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_arm.deb
Size/MD5 checksum: 878132 8afa2754690619255e62c685ecbd7384
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_arm.deb
Size/MD5 checksum: 756278 7d66f29205b21154a9ef1a4cd544b2f1
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_i386.deb
Size/MD5 checksum: 918284 2dbb674af6d8fb2906bd7ed6fec1dd95
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_i386.deb
Size/MD5 checksum: 215990 07fc4b6106d1316c92338aa5c5645a2f
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_i386.deb
Size/MD5 checksum: 540652 9c15ac5b85c605011d1b0ab4b13b0269
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_i386.deb
Size/MD5 checksum: 947842 cd7147610def6f6aebfc8ddd14a1f7ed
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_i386.deb
Size/MD5 checksum: 914094 0273374e2bba8706ac12ee449c1835e3
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_i386.deb
Size/MD5 checksum: 866124 00dd2547963789615b71b0f0fb291eb9
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_i386.deb
Size/MD5 checksum: 868326 3f04461e4f0414368fe60e0f4085d28c
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_i386.deb
Size/MD5 checksum: 873570 dae9ebb6f4e2cd0c3d82e5e547dd1957
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_i386.deb
Size/MD5 checksum: 860292 467ce64f0171f10ac4149e5716f651da
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_i386.deb
Size/MD5 checksum: 745560 ade89928c860c4990ec6e202a294f0c8
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_i386.deb
Size/MD5 checksum: 924858 1942cedccbe124303b4ad0f7c650f0c6
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_ia64.deb
Size/MD5 checksum: 1591938 aaa5a72cfdacb3c3d2574390902bcfa2
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_ia64.deb
Size/MD5 checksum: 1523258 08f9a82ec68f452e1701f11b9c20d0e3
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_ia64.deb
Size/MD5 checksum: 1530006 9b77cd0ec49c8519d0c1af0914092260
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_ia64.deb
Size/MD5 checksum: 1538210 3dbde934956291182e5bf61157a80b44
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_ia64.deb
Size/MD5 checksum: 1575130 e328ca048ee883dba500128a2a06fc88
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_ia64.deb
Size/MD5 checksum: 1525510 e3736c90e105fa354c691546bec3922b
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_ia64.deb
Size/MD5 checksum: 1325622 693a3412efd63e8ac0d975b4fcae3ac5
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_ia64.deb
Size/MD5 checksum: 1627904 90ca86e74caf9c0367c20b32eb9d42b3
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_ia64.deb
Size/MD5 checksum: 970874 2dccfb8e2287cd9e6285545e43dac87a
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_ia64.deb
Size/MD5 checksum: 1585804 06a43c2668bf468ffe521880cc497518
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_ia64.deb
Size/MD5 checksum: 184650 516d8eddce4e6628e8b6ee32f55ce2aa
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_mips.deb
Size/MD5 checksum: 1061694 a2e9b2bc8f31cf878805dbc1babd4074
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_mips.deb
Size/MD5 checksum: 1027336 d86f7c3fab9143c1c93d82b3762f8c0d
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_mips.deb
Size/MD5 checksum: 215734 c23239c8579e53a4277325a048567e75
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_mips.deb
Size/MD5 checksum: 1021942 d75231c3c7950785df8f52680e28c956
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_mips.deb
Size/MD5 checksum: 1029478 e74670d4918287fb3d05436419b7f5a9
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_mips.deb
Size/MD5 checksum: 1037498 ac41c65a077d84f0f5405356d0b52ef1
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_mips.deb
Size/MD5 checksum: 654740 994339f109e5db97079633b5249bd8d2
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_mips.deb
Size/MD5 checksum: 1034390 2c4337c763ea13a11e13b711c25313b5
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_mips.deb
Size/MD5 checksum: 1033336 eb70a508dd3a9f30f31a87c4a2266959
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_mips.deb
Size/MD5 checksum: 1024984 8d99fbb2712f791c3a0989929cf3f0a4
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_mips.deb
Size/MD5 checksum: 884306 7aeb2418d5366493e09306cb0dff0080
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_mipsel.deb
Size/MD5 checksum: 884962 b58372db99660ff0e4f547b3c66335e2
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_mipsel.deb
Size/MD5 checksum: 1034202 0622c0fac8ee51c7dd403a2d3a709f1f
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_mipsel.deb
Size/MD5 checksum: 1024616 fa6a91224476aadab8e9086031c93843
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_mipsel.deb
Size/MD5 checksum: 655488 9ecdf0e56665da0aff429e23e9c0cb85
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_mipsel.deb
Size/MD5 checksum: 1061362 accba14e8f0043ef3a0b9be85ae481cd
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_mipsel.deb
Size/MD5 checksum: 181736 5ba79db87623562481162cbac53ec2b6
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_mipsel.deb
Size/MD5 checksum: 1037954 28979a474d512ec1abfb33a598b524c7
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_mipsel.deb
Size/MD5 checksum: 1026874 5c10e35e281ec28eecc36b8fa80ef0d7
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_mipsel.deb
Size/MD5 checksum: 1032800 75be0356398f5a88e836eafccdf11154
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_mipsel.deb
Size/MD5 checksum: 1029056 0a13b0913667d03e2d3875611498c54c
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_mipsel.deb
Size/MD5 checksum: 1022658 18d03119dc62eaca237a2513cba2c0ca
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_powerpc.deb
Size/MD5 checksum: 996154 f3c3d5660dd3e5e7fdb325a1f9ee80f3
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_powerpc.deb
Size/MD5 checksum: 1019842 f626233054124e014d335722e6b7b1f5
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_powerpc.deb
Size/MD5 checksum: 592366 e4bd0cbf615c36476bff4979d0987393
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_powerpc.deb
Size/MD5 checksum: 936024 be64d238a9cbf4d938999472026fde89
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_powerpc.deb
Size/MD5 checksum: 808854 7dfff56d11567d2dabafa290618b5e18
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_powerpc.deb
Size/MD5 checksum: 990262 6114d3fcd53521a8c2cd317d586b6fcd
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_powerpc.deb
Size/MD5 checksum: 933488 503e433ae6fd737f2b3ae48698e8e671
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_powerpc.deb
Size/MD5 checksum: 985094 28babdde5091f90ae7b64f6e33c6c50f
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_powerpc.deb
Size/MD5 checksum: 943596 3beb1be6cde901814742b33ee4973142
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_powerpc.deb
Size/MD5 checksum: 181648 b71e88d76eacbfa861c24c6c21881f66
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_powerpc.deb
Size/MD5 checksum: 938174 3a729f2922d8e84b222947a18bc6ace3
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_s390.deb
Size/MD5 checksum: 1023236 1ee38cca410e5bd069a72a325fd8147e
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_s390.deb
Size/MD5 checksum: 1019258 e1f6cae1e293d3cb212ff17dd7beb264
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_s390.deb
Size/MD5 checksum: 1049408 4b1f42bb092f9dd62d7324e430a1a88e
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_s390.deb
Size/MD5 checksum: 825560 2b8b69171c45094c184e357b1a6a7336
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_s390.deb
Size/MD5 checksum: 955228 ceea2d07ea609414724aeedae57a3a0a
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_s390.deb
Size/MD5 checksum: 965878 824e5bfdcc9a8ed7ee54e4553c9461f8
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_s390.deb
Size/MD5 checksum: 971822 194d010d7aea2f2c47075b6f205de0c1
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_s390.deb
Size/MD5 checksum: 963294 a7636d870a3bc1de7fc8248d35c74cf3
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_s390.deb
Size/MD5 checksum: 610092 6762beafb4e7376087c4f8962d1521f6
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_s390.deb
Size/MD5 checksum: 181488 00d25451b3c22213bf5eb807a6d4a75f
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_s390.deb
Size/MD5 checksum: 1013748 598ccccd6f90df0ca7bedd5ec1d136c7
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_sparc.deb
Size/MD5 checksum: 881430 2688537934012af957695fea329b48a1
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_sparc.deb
Size/MD5 checksum: 545376 1ea2967048cd369cc870441f5caeb1b1
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_sparc.deb
Size/MD5 checksum: 867886 f663757c3929af6b241a91efa07a626a
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_sparc.deb
Size/MD5 checksum: 928250 9c0199efd36a47c6d05861af5e04ff02
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_sparc.deb
Size/MD5 checksum: 874108 4d351161d497905352ac6ef1dcabfc9e
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_sparc.deb
Size/MD5 checksum: 934390 2151ef35c9424c90850c579f90effce4
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_sparc.deb
Size/MD5 checksum: 874100 c05ccf6f4ffb15037cfd794647848617
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_sparc.deb
Size/MD5 checksum: 204512 1e3590447f3f0804e9fe27ea61959b31
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_sparc.deb
Size/MD5 checksum: 876370 1782507a950cbb17519d768f5655278a
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_sparc.deb
Size/MD5 checksum: 751910 582313f03a36980fab96074ee218c0eb
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_sparc.deb
Size/MD5 checksum: 952632 31875cb1a0037cf8923e7eda269ead80
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
ze/MD5 checksum: 970874 2dccfb8e2287cd9e6285545e43dac87a
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_ia64.deb
Size/MD5 checksum: 1585804 06a43c2668bf468ffe521880cc497518
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_ia64.deb
Size/MD5 checksum: 184650 516d8eddce4e6628e8b6ee32f55ce2aa
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_mips.deb
Size/MD5 checksum: 1061694 a2e9b2bc8f31cf878805dbc1babd4074
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_mips.deb
Size/MD5 checksum: 1027336 d86f7c3fab9143c1c93d82b3762f8c0d
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_mips.deb
Size/MD5 checksum: 215734 c23239c8579e53a4277325a048567e75
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_mips.deb
Size/MD5 checksum: 1021942 d75231c3c7950785df8f52680e28c956
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_mips.deb
Size/MD5 checksum: 1029478 e74670d4918287fb3d05436419b7f5a9
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_mips.deb
Size/MD5 checksum: 1037498 ac41c65a077d84f0f5405356d0b52ef1
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_mips.deb
Size/MD5 checksum: 654740 994339f109e5db97079633b5249bd8d2
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_mips.deb
Size/MD5 checksum: 1034390 2c4337c763ea13a11e13b711c25313b5
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_mips.deb
Size/MD5 checksum: 1033336 eb70a508dd3a9f30f31a87c4a2266959
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_mips.deb
Size/MD5 checksum: 1024984 8d99fbb2712f791c3a0989929cf3f0a4
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_mips.deb
Size/MD5 checksum: 884306 7aeb2418d5366493e09306cb0dff0080
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_mipsel.deb
Size/MD5 checksum: 884962 b58372db99660ff0e4f547b3c66335e2
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_mipsel.deb
Size/MD5 checksum: 1034202 0622c0fac8ee51c7dd403a2d3a709f1f
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_mipsel.deb
Size/MD5 checksum: 1024616 fa6a91224476aadab8e9086031c93843
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_mipsel.deb
Size/MD5 checksum: 655488 9ecdf0e56665da0aff429e23e9c0cb85
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_mipsel.deb
Size/MD5 checksum: 1061362 accba14e8f0043ef3a0b9be85ae481cd
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_mipsel.deb
Size/MD5 checksum: 181736 5ba79db87623562481162cbac53ec2b6
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_mipsel.deb
Size/MD5 checksum: 1037954 28979a474d512ec1abfb33a598b524c7
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_mipsel.deb
Size/MD5 checksum: 1026874 5c10e35e281ec28eecc36b8fa80ef0d7
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_mipsel.deb
Size/MD5 checksum: 1032800 75be0356398f5a88e836eafccdf11154
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_mipsel.deb
Size/MD5 checksum: 1029056 0a13b0913667d03e2d3875611498c54c
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_mipsel.deb
Size/MD5 checksum: 1022658 18d03119dc62eaca237a2513cba2c0ca
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_powerpc.deb
Size/MD5 checksum: 996154 f3c3d5660dd3e5e7fdb325a1f9ee80f3
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_powerpc.deb
Size/MD5 checksum: 1019842 f626233054124e014d335722e6b7b1f5
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_powerpc.deb
Size/MD5 checksum: 592366 e4bd0cbf615c36476bff4979d0987393
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_powerpc.deb
Size/MD5 checksum: 936024 be64d238a9cbf4d938999472026fde89
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_powerpc.deb
Size/MD5 checksum: 808854 7dfff56d11567d2dabafa290618b5e18
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_powerpc.deb
Size/MD5 checksum: 990262 6114d3fcd53521a8c2cd317d586b6fcd
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_powerpc.deb
Size/MD5 checksum: 933488 503e433ae6fd737f2b3ae48698e8e671
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_powerpc.deb
Size/MD5 checksum: 985094 28babdde5091f90ae7b64f6e33c6c50f
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_powerpc.deb
Size/MD5 checksum: 943596 3beb1be6cde901814742b33ee4973142
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_powerpc.deb
Size/MD5 checksum: 181648 b71e88d76eacbfa861c24c6c21881f66
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_powerpc.deb
Size/MD5 checksum: 938174 3a729f2922d8e84b222947a18bc6ace3
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_s390.deb
Size/MD5 checksum: 1023236 1ee38cca410e5bd069a72a325fd8147e
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_s390.deb
Size/MD5 checksum: 1019258 e1f6cae1e293d3cb212ff17dd7beb264
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_s390.deb
Size/MD5 checksum: 1049408 4b1f42bb092f9dd62d7324e430a1a88e
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_s390.deb
Size/MD5 checksum: 825560 2b8b69171c45094c184e357b1a6a7336
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_s390.deb
Size/MD5 checksum: 955228 ceea2d07ea609414724aeedae57a3a0a
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_s390.deb
Size/MD5 checksum: 965878 824e5bfdcc9a8ed7ee54e4553c9461f8
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_s390.deb
Size/MD5 checksum: 971822 194d010d7aea2f2c47075b6f205de0c1
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_s390.deb
Size/MD5 checksum: 963294 a7636d870a3bc1de7fc8248d35c74cf3
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_s390.deb
Size/MD5 checksum: 610092 6762beafb4e7376087c4f8962d1521f6
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_s390.deb
Size/MD5 checksum: 181488 00d25451b3c22213bf5eb807a6d4a75f
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_s390.deb
Size/MD5 checksum: 1013748 598ccccd6f90df0ca7bedd5ec1d136c7
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_sparc.deb
Size/MD5 checksum: 881430 2688537934012af957695fea329b48a1
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_sparc.deb
Size/MD5 checksum: 545376 1ea2967048cd369cc870441f5caeb1b1
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_sparc.deb
Size/MD5 checksum: 867886 f663757c3929af6b241a91efa07a626a
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_sparc.deb
Size/MD5 checksum: 928250 9c0199efd36a47c6d05861af5e04ff02
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_sparc.deb
Size/MD5 checksum: 874108 4d351161d497905352ac6ef1dcabfc9e
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_sparc.deb
Size/MD5 checksum: 934390 2151ef35c9424c90850c579f90effce4
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_sparc.deb
Size/MD5 checksum: 874100 c05ccf6f4ffb15037cfd794647848617
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_sparc.deb
Size/MD5 checksum: 204512 1e3590447f3f0804e9fe27ea61959b31
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_sparc.deb
Size/MD5 checksum: 876370 1782507a950cbb17519d768f5655278a
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_sparc.deb
Size/MD5 checksum: 751910 582313f03a36980fab96074ee218c0eb
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_sparc.deb
Size/MD5 checksum: 952632 31875cb1a0037cf8923e7eda269ead80
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJrOlOU5XKDemr/NIRAr4MAJ9albLKf0txEhSML8el6c2wNrcrvgCfav20
S+9XuS0g1xNC3Bwlv5Ck0AA=
=dEJC
-----END PGP SIGNATURE-----
--- End Message ---