Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections: Blog - Developer - High Performance - Infrastructure - IT Management - Security - Storage -
Linux Today Navigation
LT Home
Preferences
Contribute
Link to Us
Search
Linux Jobs

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Technology Jobs

JustTechJobs.com

LinuxToday Newsletters
Server Daily
IT Management Daily
Subscribe News
Subscribe PR
Subscribe Security

internet.com
Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

 






Current Newswire:

20 popular Ubuntu Linux apps you may want to try

A Selection of the Very Best Open Source Tutorials and Tools

Android Ice Cream Sandwich ported to x86 tablets, netbooks and notebooks

SECURITY: Google Chrome 17 Improves Security

How to read a CSV file in Perl?

Red Hat Brings Gluster to Amazon Cloud

New Linux kernel fixes power-saving issues

Using Wii remote with Android Device- Taking Gaming to the Next Level

Commercial Support now available for the open-source NGINX Web server

Linux Top 5: Linux's New Fellow



Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Justtechjobs.com Post A Job | Post A Resume
:Security Digest: November 30, 2004
Security Digest: November 30, 2004
Dec 1, 2004, 04 :45 UTC (0 Talkback[s]) (3725 reads)

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200411-38

http://security.gentoo.org/

Severity: Normal
Title: Sun and Blackdown Java: Applet privilege escalation
Date: November 29, 2004
Bugs: #72172, #72221
ID: 200411-38

Synopsis

The Java plug-in security in Sun and Blackdown Java environments can be bypassed to access arbitrary packages, allowing untrusted Java applets to perform unrestricted actions on the host system.

Background

Sun and Blackdown both provide implementations of Java Development Kits (JDK) and Java Runtime Environments (JRE). All these implementations provide a Java plug-in that can be used to execute Java applets in a restricted environment for web browsers.

Affected packages

PackageVulnerableUnaffected
1 dev-java/sun-jdk< 1.4.2.06>= 1.4.2.06
2 dev-java/sun-jre-bin< 1.4.2.06>= 1.4.2.06
3 dev-java/blackdown-jdk< 1.4.2.01>= 1.4.2.01
4 dev-java/blackdown-jre< 1.4.2.01>= 1.4.2.01
  • Package 1 [dev-java/sun-jdk] only applies to x86 and AMD64 users.
  • Package 2 [dev-java/sun-jre-bin] only applies to x86 and AMD64 users.
  • Package 3 [dev-java/blackdown-jdk] only applies to x86 and AMD64 users.
  • Package 4 [dev-java/blackdown-jre] only applies to x86 and AMD64 users.

4 affected packages; please see the notes above...

Description

All Java plug-ins are subject to a vulnerability allowing unrestricted Java package access.

Impact

A remote attacker could embed a malicious Java applet in a web page and entice a victim to view it. This applet can then bypass security restrictions and execute any command or access any file with the rights of the user running the web browser.

Workaround

As a workaround you could disable Java applets on your web browser.

Resolution

All Sun JDK users should upgrade to the latest version: 

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.4.2.06"

All Sun JRE users should upgrade to the latest version: 

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.4.2.06"

All Blackdown JDK users should upgrade to the latest version: 

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-java/blackdown-jdk-1.4.2.01"
All Blackdown JRE users should upgrade to the latest version: 
    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-java/blackdown-jre-1.4.2.01"

Note: You should unmerge all vulnerable versions to be fully protected.

References

[ 1 ] iDEFENSE Security Advisory 11.22.04

http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities

[ 2 ] CAN-2004-1029

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1029

[ 3 ] Blackdown Security Advisory 2004-01

http://www.blackdown.org/java-linux/java2-status/security/Blackdown-SA-2004-01.txt

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200411-38.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Debian GNU/Linux

Debian Security Advisory DSA 602-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
November 29th, 2004 http://www.debian.org/security/faq

Package : libgd2
Vulnerability : integer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0941 CAN-2004-0990

More potential integer overflows have been found in the GD graphics library which weren't covered by our security advisory DSA 591. They could be exploited by a specially crafted graphic and could lead to the execution of arbitrary code on the victim's machine.

For the stable distribution (woody) these problems have been fixed in version 2.0.1-10woody2.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your libgd2 packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2.dsc
Size/MD5 checksum: 705 1d2cc9219ddb2b7aa2966529cf3bc9a7
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2.diff.gz
Size/MD5 checksum: 9617 1086d76096e77001fbba0f2a1c6059a8
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1.orig.tar.gz
Size/MD5 checksum: 436945 43af994a97f3300a1165ca4888176ece

Alpha architecture:

http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_alpha.deb
Size/MD5 checksum: 19612 d8e0f6c33ded095632f70bceff42c902
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_alpha.deb
Size/MD5 checksum: 134116 337b21a9138da8f5b9ba1b4ccf4760d0
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_alpha.deb
Size/MD5 checksum: 161990 e48689243cb8cf857aff43f54766b83f
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_alpha.deb
Size/MD5 checksum: 133478 7635ffe6ed708c1d12ff0aec06cbf1f8

ARM architecture:

http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_arm.deb
Size/MD5 checksum: 16678 9d87fe62796182b01405f09ef4031811
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_arm.deb
Size/MD5 checksum: 123176 b2684677aa60a8def6a771a3602d3c12
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_arm.deb
Size/MD5 checksum: 150024 a046e85434b31854f1f5c997e9c3ea27
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_arm.deb
Size/MD5 checksum: 122514 033146ae522a41a8efdca70f7dc3ecfb

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_i386.deb
Size/MD5 checksum: 16556 c0c113933c4bb677f4763689942bde11
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_i386.deb
Size/MD5 checksum: 122904 ea468d664be2a7672f4c5856ef953f56
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_i386.deb
Size/MD5 checksum: 144664 74eebdfad50dec6c551ca6409646b8e0
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_i386.deb
Size/MD5 checksum: 122354 b1e823ea997b3665e28dcd5df5d565f0

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_ia64.deb
Size/MD5 checksum: 19884 1a2a378fa128e54aab768e40c4e8cc17
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_ia64.deb
Size/MD5 checksum: 151472 6b8055f52467d9c43e38f444dd731c89
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_ia64.deb
Size/MD5 checksum: 177078 27c0631cef98d8602dfed8b772c2450a
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_ia64.deb
Size/MD5 checksum: 150532 fb9c8afc9b895967ba3cae6ff2b74452

HP Precision architecture:

http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_hppa.deb
Size/MD5 checksum: 17726 beb91da619465a73ab4fc90935f86108
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_hppa.deb
Size/MD5 checksum: 134078 e99fe164ac8cc74d6c4c9c0d1ecc541a
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_hppa.deb
Size/MD5 checksum: 158574 2f0566bb2871a391495e42627d7e705a
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_hppa.deb
Size/MD5 checksum: 133518 2e55dadfe4ea416b0ec74c20680a06eb

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_m68k.deb
Size/MD5 checksum: 16438 a863dc05c5565f5359881fcc49040aeb
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_m68k.deb
Size/MD5 checksum: 119870 fe27169e9dc7b3e9413e1f4ebdf9b02b
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_m68k.deb
Size/MD5 checksum: 141724 70e95f0f20d21c495bdfc8d4dced972d
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_m68k.deb
Size/MD5 checksum: 119350 152b2d46cf82c97d75bc9ccf51e6ecc6

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_mips.deb
Size/MD5 checksum: 16444 a152fba2273b6b54ae18448ae67392c2
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_mips.deb
Size/MD5 checksum: 126318 bb4e835619a3443300586605f16fe4af
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_mips.deb
Size/MD5 checksum: 155760 002ce559170228161da9caffaf776741
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_mips.deb
Size/MD5 checksum: 125662 88899f0ae15e1ea2a11fcde9dcab0f4f

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_mipsel.deb
Size/MD5 checksum: 16368 e344c32a505c139e9789adabddb1c986
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_mipsel.deb
Size/MD5 checksum: 126540 6f260950974335ad39c57c4350e50b61
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_mipsel.deb
Size/MD5 checksum: 155890 c8c4dc6d12355235c14e6ede8011e259
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_mipsel.deb
Size/MD5 checksum: 125878 016b32057da5be715b5ebf7c5b5357a4

PowerPC architecture:

http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_powerpc.deb
Size/MD5 checksum: 16890 308133d8ad1da9f48ec94a3f08e70e8f
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_powerpc.deb
Size/MD5 checksum: 126636 d7690253a70b57bdc0169209b4fd7561
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_powerpc.deb
Size/MD5 checksum: 152556 65d26bd5c7ef02258bb2b06a28328699
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_powerpc.deb
Size/MD5 checksum: 125914 55f702e8918e631c1dfb72f1932624f4

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_s390.deb
Size/MD5 checksum: 17718 e38089edf1722e2cda69ace4423f1fce
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_s390.deb
Size/MD5 checksum: 126340 bbd375aeda1a9a0caca229c152efcd8e
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_s390.deb
Size/MD5 checksum: 147102 42d0dc54e0b4b75734b81d5f7c608fc6
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_s390.deb
Size/MD5 checksum: 125702 8e131f35632284e63eb28ed880a63920

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_sparc.deb
Size/MD5 checksum: 16810 63fd97e9700109cfe69266d49bb47472
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_sparc.deb
Size/MD5 checksum: 125274 d3055730f788964a930308d6be184b4d
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_sparc.deb
Size/MD5 checksum: 148672 16373aa1fe4f1afcf4e4244910b3bb4f
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_sparc.deb
Size/MD5 checksum: 124302 ee59db0d17b4222018c166805d02d2b8

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Debian Security Advisory DSA 601-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
November 29th, 2004 http://www.debian.org/security/faq

Package : libgd1
Vulnerability : integer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0941 CAN-2004-0990

More potential integer overflows have been found in the GD graphics library which weren't covered by our security advisory DSA 589. They could be exploited by a specially crafted graphic and could lead to the execution of arbitrary code on the victim's machine.

For the stable distribution (woody) these problems have been fixed in version 1.8.4-17.woody4.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your libgd1 packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4-17.woody4.dsc
Size/MD5 checksum: 707 93634a4d33738a412a0554f49a8b9d40
http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4-17.woody4.diff.gz
Size/MD5 checksum: 9965 b3f6bb9f8269f7ac51cff0fc90d6617e
http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4.orig.tar.gz
Size/MD5 checksum: 559248 813625508e31f5c205904a305bdc8669

Alpha architecture:

http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_alpha.deb
Size/MD5 checksum: 135268 4081dc6cb206bfc5b1cda52848477db6
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_alpha.deb
Size/MD5 checksum: 133882 f3fc4248b544b666c9da66802955261e
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_alpha.deb
Size/MD5 checksum: 112150 bbab42fc652e4b735790d0de813676a2
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_alpha.deb
Size/MD5 checksum: 111514 d20afbe1269e0e7f56d73a259dac326d

ARM architecture:

http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_arm.deb
Size/MD5 checksum: 123886 8192e767d6bb9ae979ac5b0031bb9b60
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_arm.deb
Size/MD5 checksum: 123426 bbc5f441b18551da49239c2d496412dc
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_arm.deb
Size/MD5 checksum: 104492 a8e41e0cf59296301a07c7175681ea83
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_arm.deb
Size/MD5 checksum: 103866 657a40da6ae0fb0a98ef39359ecf09f4

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_i386.deb
Size/MD5 checksum: 121370 9f75236cecdc4300281637b7ff0e6f19
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_i386.deb
Size/MD5 checksum: 120872 6156511cd4f42f6ac1c0ab7f02e4efd7
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_i386.deb
Size/MD5 checksum: 104316 3b752d25dc603e1c22cfc8c9d3652d39
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_i386.deb
Size/MD5 checksum: 103768 ce23f2ec399e3b03afd6187f267c5c44

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_ia64.deb
Size/MD5 checksum: 146000 add35b37fde3258d0bbace805fb53bbc
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_ia64.deb
Size/MD5 checksum: 145044 4435f6176f328a78ccefdfe577e7ace9
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_ia64.deb
Size/MD5 checksum: 126062 09461d4fbd83910d2e2d9bf9bb498a32
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_ia64.deb
Size/MD5 checksum: 124688 e548cf3792b430145297be8cb0fc1148

HP Precision architecture:

http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_hppa.deb
Size/MD5 checksum: 132370 6f44ec992062767c437a1eec29a5811f
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_hppa.deb
Size/MD5 checksum: 131562 947d10314f9ae5ebb330dedcf9114c96
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_hppa.deb
Size/MD5 checksum: 111716 8ca65c20c5e68f8d78cd77bb4bd065e7
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_hppa.deb
Size/MD5 checksum: 111198 11f0ed821eef8eae926a001748a6ec03

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_m68k.deb
Size/MD5 checksum: 119412 64ad2486eaec36a62126c4c236b12b4a
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_m68k.deb
Size/MD5 checksum: 118876 058c5e042eab276f9c054d63f0cb276e
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_m68k.deb
Size/MD5 checksum: 102588 b395ac9ab99000983bf8fd48196d5614
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_m68k.deb
Size/MD5 checksum: 102144 f08e703ec62969f178cf06955149a606

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_mips.deb
Size/MD5 checksum: 129264 dc786f699111737bfb6f415e61d66553
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_mips.deb
Size/MD5 checksum: 128468 610ae2712619c7a7614795198a7f4143
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_mips.deb
Size/MD5 checksum: 106732 335c3345b9d936f144a151e7ee1cb147
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_mips.deb
Size/MD5 checksum: 106128 ad4974e0dea304ca0026b44d780965d1

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_mipsel.deb
Size/MD5 checksum: 129454 8f65e73363314e981b49ead4fe377571
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_mipsel.deb
Size/MD5 checksum: 128600 b07298698afd4415c545d4dba0f0642d
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_mipsel.deb
Size/MD5 checksum: 106750 65621045098ed9c1ae14a5ac26d848a3
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_mipsel.deb
Size/MD5 checksum: 106174 ca5be6fd6631e1af4b5a8413c09152af

PowerPC architecture:

http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_powerpc.deb
Size/MD5 checksum: 126704 9dc8d2c7e7ac7612d7060c50a9891ff5
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_powerpc.deb
Size/MD5 checksum: 125832 6c46a4587c269ad692f3897617a13cca
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_powerpc.deb
Size/MD5 checksum: 107162 0247901b207dde950db5cf6f64b74f09
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_powerpc.deb
Size/MD5 checksum: 106626 b8a6de56f1eb995717615ff245e791af

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_s390.deb
Size/MD5 checksum: 122748 20c39c114c631325e077c57fd6211aa5
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_s390.deb
Size/MD5 checksum: 122184 c9108d0471bb1825159cc5f8a58496d0
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_s390.deb
Size/MD5 checksum: 106588 82ba4f2b04e549deb0f22834ea5cc452
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_s390.deb
Size/MD5 checksum: 105890 da80b129742d8b427e52f6ee0afa8594

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_sparc.deb
Size/MD5 checksum: 123594 b230f7aa1beaa534f411e1de18e847e0
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_sparc.deb
Size/MD5 checksum: 123086 a68b2ff47c4801bf409027915ffa085c
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_sparc.deb
Size/MD5 checksum: 105088 32eb04da2010c77616faacfd7737cc33
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_sparc.deb
Size/MD5 checksum: 104800 7a78072a008f89d561222ea29695f7af

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Mandrakelinux

Mandrakelinux Security Update Advisory

Package name: libxpm4
Advisory ID: MDKSA-2004:137-1
Date: November 29th, 2004
Original Advisory Date: January 22nd, 2004
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1

Problem Description:

The previous libxpm4 update had a linking error that resulted in a missing s_popen symbol error running applications dependant on the library. In addition, the file path checking in the security updates prevented some applications, like gimp-2.0 from being able to save xpm format images.

Updated packages are patched to correct all these issues.

Updated Packages:

Mandrakelinux 10.0:
35c897c12a36e38cceb1774f890e91e9 10.0/RPMS/libxpm4-3.4k-27.3.100mdk.i586.rpm
ff399d6be76862ac2b61ca5bab76941a 10.0/RPMS/libxpm4-devel-3.4k-27.3.100mdk.i586.rpm
d673354abbc067dbc454481e11c0e110 10.0/SRPMS/xpm-3.4k-27.3.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
0df2d07d04793600e2ede34733c18700 amd64/10.0/RPMS/lib64xpm4-3.4k-27.3.100mdk.amd64.rpm
c699a6fa6400dd3dfd803b129392b398 amd64/10.0/RPMS/lib64xpm4-devel-3.4k-27.3.100mdk.amd64.rpm
d673354abbc067dbc454481e11c0e110 amd64/10.0/SRPMS/xpm-3.4k-27.3.100mdk.src.rpm

Mandrakelinux 10.1:
e00bdfcecbf0d09dc6758a2dbce6dc9b 10.1/RPMS/libxpm4-3.4k-28.2.101mdk.i586.rpm
6eb66944f25e92ca7d3d7f76cfa6b577 10.1/RPMS/libxpm4-devel-3.4k-28.2.101mdk.i586.rpm
562eaedc47c52d4952d27b023bcd49f2 10.1/SRPMS/xpm-3.4k-28.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
3b17a7a58c7345520e63fad235a47a3f x86_64/10.1/RPMS/lib64xpm4-3.4k-28.2.101mdk.x86_64.rpm
18a71ab6716293e66668bf627c24e2a8 x86_64/10.1/RPMS/lib64xpm4-devel-3.4k-28.2.101mdk.x86_64.rpm
562eaedc47c52d4952d27b023bcd49f2 x86_64/10.1/SRPMS/xpm-3.4k-28.2.101mdk.src.rpm

Corporate Server 2.1:
a2910d380ebe04ca8ee624e218b7a9b7 corporate/2.1/RPMS/libxpm4-3.4k-21.3.C21mdk.i586.rpm
28d0c7868d8b3231751a3f1d97e47725 corporate/2.1/RPMS/libxpm4-devel-3.4k-21.3.C21mdk.i586.rpm
873a7591285599bdb062d1c26eca3f72 corporate/2.1/SRPMS/xpm-3.4k-21.3.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
adc64096557a3934aad0d149918efdae x86_64/corporate/2.1/RPMS/libxpm4-3.4k-21.3.C21mdk.x86_64.rpm
1a2ab77f1754f1a60781d1e2a8306c47 x86_64/corporate/2.1/RPMS/libxpm4-devel-3.4k-21.3.C21mdk.x86_64.rpm
873a7591285599bdb062d1c26eca3f72 x86_64/corporate/2.1/SRPMS/xpm-3.4k-21.3.C21mdk.src.rpm

Mandrakelinux 9.2:
a7c7c5441b22e690f9be0258db581052 9.2/RPMS/libxpm4-3.4k-27.3.92mdk.i586.rpm
e950cdc935e75873a4f81a1cc5d6a812 9.2/RPMS/libxpm4-devel-3.4k-27.3.92mdk.i586.rpm
7d53ee8024d4d586ec50ba0281987fd4 9.2/SRPMS/xpm-3.4k-27.3.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
47b3147cf8ca6fc1fae0d267569b6a15 amd64/9.2/RPMS/lib64xpm4-3.4k-27.3.92mdk.amd64.rpm
09e3d45094730c2da539437922abb2b6 amd64/9.2/RPMS/lib64xpm4-devel-3.4k-27.3.92mdk.amd64.rpm
7d53ee8024d4d586ec50ba0281987fd4 amd64/9.2/SRPMS/xpm-3.4k-27.3.92mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com>

Fedora Core Linux

Fedora Update Notification
FEDORA-2004-472
2004-11-28

Product : Fedora Core 3
Name : squirrelmail
Version : 1.4.3a
Release : 6.FC3
Summary : SquirrelMail webmail client

Description :
SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation.

  • Fri Nov 19 2004 Warren Togami <wtogami@redhat.com> 1.4.3a-6.FC3
    • FC3
  • Fri Nov 19 2004 Warren Togami <wtogami@redhat.com> 1.4.3a-7
    • CAN-2004-1036 Cross Site Scripting in encoded text
    • #112769 updated splash screens
This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

f3214fb13b71f13ac46fe6c440c09ad4 SRPMS/squirrelmail-1.4.3a-6.FC3.src.rpm
e0ff639d45092e5c1130c35b0dd6fbea x86_64/squirrelmail-1.4.3a-6.FC3.noarch.rpm
e0ff639d45092e5c1130c35b0dd6fbea i386/squirrelmail-1.4.3a-6.FC3.noarch.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.

Fedora Update Notification
FEDORA-2004-471
2004-11-28

Product : Fedora Core 2
Name : squirrelmail
Version : 1.4.3a
Release : 6.FC2
Summary : SquirrelMail webmail client

Description :
SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation.

  • Fri Nov 19 2004 Warren Togami <wtogami@redhat.com> 1.4.3a-6.FC2
    • FC2
  • Fri Nov 19 2004 Warren Togami <wtogami@redhat.com> 1.4.3a-7
    • CAN-2004-1036 Cross Site Scripting in encoded text
    • #112769 updated splash screens
  • Thu Oct 14 2004 Warren Togami <wtogami@redhat.com> 1.4.3a-5
    • default_folder_prefix dovecot compatible by default

      /etc/squirrelmail/config_local.php if you must change it

  • Wed Oct 13 2004 Warren Togami <wtogami@redhat.com> 1.4.3a-4
    • HIGASHIYAMA Masato's patch to improve Japanese support

      (coordinated by Scott A. Hughes).

    • real 1.4.3a tarball
  • Tue Aug 31 2004 Warren Togami <wtogami@redhat.com> 1.4.3-2
    • #125638 config_local.php and default_pref in /etc/squirrelmail/ to match upstream RPM. This should allow smoother drop-in replacements and upgrades.
    • other spec cleanup.
This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

ef1c31c817be7a19cb217f17c79fda8c SRPMS/squirrelmail-1.4.3a-6.FC2.src.rpm
523c3aa13e3a2f134c12cf2df5b8d3cc x86_64/squirrelmail-1.4.3a-6.FC2.noarch.rpm
523c3aa13e3a2f134c12cf2df5b8d3cc i386/squirrelmail-1.4.3a-6.FC2.noarch.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.

Netwosix

Linux Netwosix Security Announcement Italy
<http://www.netwosix.org>; by Vincenzo Ciaglia

Together with the new release of "Linux Netwosix 1.2 Jinko" (http://www.netwosix.org/announce.html), NEPOTE (NEtwosix POrting Tool Environment) has been updated with fixed packages. All the users are invited to update their version to the latest one to avoid some security problems for their own systems and upgrade every packages.

You can download the latest version of Nepote from one of the official mirror at http://download.netwosix.org/ (directory /nepote) and follow the instructions in the file "ports.readme".

Cheers,
- --
Vincenzo Ciaglia
Linux Netwosix Team <http://www.netwosix.org>



No talkbacks posted.
  Home | Search Talkbacks | Customize View    Top of Page  



Enter your comments below:

* Your Name:

* Your Email Address:

* Subject:

CC: [will also send this talkback to an E-Mail address]

* Comments:

Tags allowed:<I>,<B> and <U>. See our talkback-policy for more about talkback content.

Fields marked with * are required!

..............................




All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux, Apache and PHP