Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Advisories, April 27, 2005

Apr 28, 2005, 04:45 (1 Talkback[s])

Conectiva Linux


CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE : squid
SUMMARY : Fixes for multiple squid vulnerabilities
DATE : 2005-04-27 14:19:00
ID : CLA-2005:948
RELEVANT RELEASES : 9, 10


DESCRIPTION
Squid[1] is a full-featured web proxy cache.

This announcement upgrades Squid from 2.5STABLE5 to 2.5STABLE9 in order to fix bug #13718[2] and also fixes the two following vulnerabilities:

1.Unexpected access control results on configuration errors[3] On configuration errors involving wrongly defined or missing acls the http_access results may be different than expected, possibly allowing more access than intended. This patch makes such configuration errors a fatal error, preventing the service from starting until the access control configuration errors have been corrected.

2.Race condition related to Set-Cookie header[4] A race window has been discovered where Set-Cookie headers may leak to another users if the requested server relies on the old (obsolete since 1997) Netscape Set-Cookie specifications in how caches should handle the Set-Cookie header on otherwise cacheable content.

SOLUTION
It is recommended that all squid users upgrade to the latest packages. This update will automatically restart the service if it is already running.

REFERENCES
1.http://www.squid-cache.org/
2.http://bugzilla.conectiva.com.br/show_bug.cgi?id=13718
3.http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error
4.http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie

UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/10/SRPMS/squid-2.5.5-77559U10_10cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-2.5.5-77559U10_10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-auth-2.5.5-77559U10_10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-extra-templates-2.5.5-77559U10_10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/squid-2.5.5-77559U90_12cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/squid-2.5.5-77559U90_12cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/squid-auth-2.5.5-77559U90_12cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/squid-extra-templates-2.5.5-77559U90_12cl.i386.rpm

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

  • run: apt-get update
  • after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en


All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com
CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE : gaim
SUMMARY : Fixes for gaim's vulnerabilities
DATE : 2005-04-27 15:11:00
ID : CLA-2005:949
RELEVANT RELEASES : 9, 10


DESCRIPTION
Gaim[1] is a multi-protocol instant messaging (IM) client.

This announcement fixes three denial of service vulnerabilities that were encountered in Gaim.

The fixed vulnerabilities are:

CAN-2005-0965[2]: The gaim_markup_strip_html function allows remote attackers to cause a denial of service (application crash) via a string that contains malformed HTML, which causes an out-of-bounds read.

CAN-2005-0966[3]: The IRC protocol plugin allowed (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions.

CAN-2005-0967[4]: Sending a Gaim Jabber user a certain invalid file transfer request triggered an out-of-bounds read which caused Gaim to crash.

For further informations on Gaim's vulnerabilities, please refer to the project's security page[5].

SOLUTION
It is recommended that all Gaim users upgrade their packages.

IMPORTANT: Gaim must be restarted after the upgrade in order to close the vulnerabilities.

REFERENCES
1.http://gaim.sourceforge.net/
2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0965
3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0966
4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0967
5.http://gaim.sourceforge.net/security/

UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/10/SRPMS.gaim/gaim-1.2.1-69982U10_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-am-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-bg-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-ca-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-cs-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-da-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-de-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-en_AU-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-en_CA-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-en_GB-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-es-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-et-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-fi-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-fr-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-he-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-hi-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-hu-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-it-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-ja-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-ko-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-lt-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-mk-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-my_MM-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-nb-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-nl-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-pl-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-pt-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-pt_BR-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-ro-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-ru-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-sk-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-sl-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-sq-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-sr-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-sv-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-tr-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-uk-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-vi-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-zh_CN-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-zh_TW-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/libgaim-remote-devel-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/libgaim-remote0-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS.gaim/gaim-1.2.1-27683U90_4cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS.gaim/gaim-1.2.1-27683U90_4cl.i386.rpm

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

  • run: apt-get update
  • after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en


All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com
CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE : evolution
SUMMARY : Fix for Evolution vulnerability
DATE : 2005-04-27 15:58:00
ID : CLA-2005:950
RELEVANT RELEASES : 10


DESCRIPTION
Evolution[1] is the GNOME mailer, calendar, contact manager and communications tool.

This announcement fixes an issue[2] in Evolution which caused it to crash when displaying certain message types.

SOLUTION
It is recommended that all Evolution users upgade their packages.

IMPORTANT: It is necessary to restart the application after the upgrade in order to properly close the vulnerability.

REFERENCES
1.http://www.ximian.com/products/ximian_evolution
2.http://bugzilla.gnome.org/show_bug.cgi?id=272609

UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/10/SRPMS.evolution/evolution-2.0.4-75609U10_5cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-devel-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-devel-static-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-am-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-ar-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-az-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-be-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-bg-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-bn-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-bs-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-ca-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-cs-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-cy-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-da-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-de-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-el-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-en_AU-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-en_CA-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-en_GB-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-es-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-et-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-eu-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-fa-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-fi-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-fr-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-ga-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-gl-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-gu-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-he-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-hi-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-hr-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-hu-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-id-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-is-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-it-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-ja-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-ko-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-lt-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-lv-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-mk-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-ml-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-mn-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-ms-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-nb-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-nl-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-nn-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-no-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-pa-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-pl-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-pt-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-pt_BR-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-ro-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-ru-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-sk-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-sl-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-sq-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-sr-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-sv-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-ta-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-tr-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-uk-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-vi-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-wa-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-zh_CN-2.0.4-75609U10_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-zh_TW-2.0.4-75609U10_5cl.i386.rpm

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

  • run: apt-get update
  • after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en


All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com

Debian GNU/Linux


Debian Security Advisory DSA 714-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
April 26th, 2005 http://www.debian.org/security/faq


Package : kdelibs
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-1046

KDE security team discovered several vulnerabilities in the PCX and other image file format readers in the KDE core libraries, some of them exploitable to execute arbitrary code. To a small extend the packages in woody are affected as well.

For the stable distribution (woody) this problem has been fixed in version 2.2.2-13.woody.14.

For the unstable distribution (sid) this problem has been fixed in version 3.3.2-5.

We recommend that you upgrade your kdelibs packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.14.dsc
Size/MD5 checksum: 1355 2edeb0458baefabf6cad7e312f34712e
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.14.diff.gz
Size/MD5 checksum: 61029 aab99bcaa38986b246b4c390b3d6240f
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2.orig.tar.gz
Size/MD5 checksum: 6396699 7a9277a2e727821338f751855c2ce5d3

Architecture independent components:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-doc_2.2.2-13.woody.14_all.deb
Size/MD5 checksum: 2566570 bf158da1274e633190acdea02ff3a6b2

Alpha architecture:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_alpha.deb
Size/MD5 checksum: 757842 c36da42fb8265860b8867e45206c9185
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_alpha.deb
Size/MD5 checksum: 7533646 6c306edc12186660b14b05cc05176905
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_alpha.deb
Size/MD5 checksum: 137658 6f108583d6fa4b9faedc63815e8debd9
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_alpha.deb
Size/MD5 checksum: 202316 8c6888e10724394268186d5e02187e48
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_alpha.deb
Size/MD5 checksum: 1022540 4415412df2720a1f2a2a2d4d96a0f67f
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_alpha.deb
Size/MD5 checksum: 1029392 e48959c7502219939d7ae0c978a137f9
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_alpha.deb
Size/MD5 checksum: 198464 06ed7e88d3d172eb614e1bfebc715a84
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_alpha.deb
Size/MD5 checksum: 175010 69a33131b2910a627277a0fe6a8a347c
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_alpha.deb
Size/MD5 checksum: 178430 bdd26c67147a6fe2f330693d4115ff34
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_alpha.deb
Size/MD5 checksum: 37504 82131f7d56034cd5e3fb51bb93feb3ee

ARM architecture:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_arm.deb
Size/MD5 checksum: 744050 494a6b5e13989bb1af655a08fc6b034d
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_arm.deb
Size/MD5 checksum: 6605028 f82ea87f6cb02efbba5f15eb84d9600a
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_arm.deb
Size/MD5 checksum: 104870 62c8b620f4902992a797e17d5b5e80c3
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_arm.deb
Size/MD5 checksum: 186886 7a931840616877b3a64d5d8a9fdf0b5f
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_arm.deb
Size/MD5 checksum: 652040 a5553896972a43d53cc439ef3b1e4c08
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_arm.deb
Size/MD5 checksum: 655674 294711360824657a7d82322913a0052a
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_arm.deb
Size/MD5 checksum: 156014 5f773c03b00e642344491753752f90d0
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_arm.deb
Size/MD5 checksum: 125094 1f8527c29f51feec519d194347891a2f
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_arm.deb
Size/MD5 checksum: 128216 644d9e2f238ae3674c0bbefc3abd0913
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_arm.deb
Size/MD5 checksum: 37508 555511e6d1542dd85b3f2525a8d1f179

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_i386.deb
Size/MD5 checksum: 743320 91785fa72bd2f7d60f5c1a20fcee6edd
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_i386.deb
Size/MD5 checksum: 6619904 3cb4a66ec80635e08a33d18cbc539c31
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_i386.deb
Size/MD5 checksum: 106408 03e67ed6c91058b72c9421aba5a29fd5
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_i386.deb
Size/MD5 checksum: 183424 5b34a15931eca4001dca956b74a4a827
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_i386.deb
Size/MD5 checksum: 625580 1a9670079bedc52aaf36d50f65a6cdfe
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_i386.deb
Size/MD5 checksum: 629740 eb924c6a36898ed0f4154e92271302a6
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_i386.deb
Size/MD5 checksum: 155318 67ae607a8ce21027cd3c73805c464cab
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_i386.deb
Size/MD5 checksum: 123770 196d19248c6671040e3fc9204c308273
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_i386.deb
Size/MD5 checksum: 126846 ed76442966d9757101beaa782d8bf8f1
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_i386.deb
Size/MD5 checksum: 37486 1a4128190396a577ef04466930cc6e6b

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_ia64.deb
Size/MD5 checksum: 768242 1237c0dfd23668879908a2a2965c227a
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_ia64.deb
Size/MD5 checksum: 8843698 da72b2d17c7c26c9db8f9bc23f92564f
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_ia64.deb
Size/MD5 checksum: 154020 43c47aa7108caa693157bffec1c72447
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_ia64.deb
Size/MD5 checksum: 257678 d2d312195da96a197e9949834c7e6da8
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_ia64.deb
Size/MD5 checksum: 1045820 85d7913da76ecf49dd7ee0c6834204cd
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_ia64.deb
Size/MD5 checksum: 1051304 8cbdc7d36e899a4f71fdea223ec6c88c
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_ia64.deb
Size/MD5 checksum: 199792 f4c638fa150d33b228f5bcdd7d27df8a
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_ia64.deb
Size/MD5 checksum: 185778 fec5f64d251724241d42347c73b68319
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_ia64.deb
Size/MD5 checksum: 191298 a9e1f44bb6d66f786f06e15ae0c0560c
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_ia64.deb
Size/MD5 checksum: 37496 f7ee54e15c6247ddaf296e62b9dc2ef2

HP Precision architecture:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_hppa.deb
Size/MD5 checksum: 750128 5cde6628d6065687f32d23ca42c4b4a2
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_hppa.deb
Size/MD5 checksum: 7367572 ad1e68fa713ed91b5ccb8f14fb97a023
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_hppa.deb
Size/MD5 checksum: 117832 be8e58fb33a273b8ea4c3f55585a430d
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_hppa.deb
Size/MD5 checksum: 218258 8035d8010c52bc2567400dd48fce0c02
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_hppa.deb
Size/MD5 checksum: 1112036 a04250ae1a33687931f7d180e925c6a1
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_hppa.deb
Size/MD5 checksum: 1115628 a0d26fa493cfa9fc3775b9eaa16222da
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_hppa.deb
Size/MD5 checksum: 208046 b6c325233fcb98d2a8d724feaa607c36
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_hppa.deb
Size/MD5 checksum: 172310 4f1e932b44e8a542624b77b5ad27ff7e
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_hppa.deb
Size/MD5 checksum: 176484 db2f63e71a237953ecd5a8fa8604c465
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_hppa.deb
Size/MD5 checksum: 37500 bce68008ede6c63e44500e616331fbb6

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_m68k.deb
Size/MD5 checksum: 740488 80ebcca522f2b3cf87005f0f9f3555e4
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_m68k.deb
Size/MD5 checksum: 6485098 7959f90d7d271535222901edc139c273
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_m68k.deb
Size/MD5 checksum: 103950 f59690bd51e8b1c9809f9df9198d6b37
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_m68k.deb
Size/MD5 checksum: 178844 dec6510a262922ed8b4b3dd9471d024d
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_m68k.deb
Size/MD5 checksum: 629010 8bd957e00e0593af9dba939fe64ac3c8
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_m68k.deb
Size/MD5 checksum: 633518 840ab067671bd13996dc51ddf55e3ac8
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_m68k.deb
Size/MD5 checksum: 151550 713a805ea7a0d530950183b90f60958a
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_m68k.deb
Size/MD5 checksum: 121080 542da8694055f5d3e218e7e8adf456c2
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_m68k.deb
Size/MD5 checksum: 124000 a10868d87ef70a54db09abc0df4434c5
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_m68k.deb
Size/MD5 checksum: 37512 1ad80019230d31fe389ba146771e7ed5

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_mips.deb
Size/MD5 checksum: 740276 960ceb78e82e2df114c7c1fdbfaf45e5
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_mips.deb
Size/MD5 checksum: 6284820 5d7c8d96e691e9026975b7f03071662d
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_mips.deb
Size/MD5 checksum: 107202 4954f1153e012cb625fb675bdefcbe40
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_mips.deb
Size/MD5 checksum: 161288 2113879170ac67549384ced2a64ea5a2
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_mips.deb
Size/MD5 checksum: 621216 433ab8e45480b9db258a42b11a2d83c2
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_mips.deb
Size/MD5 checksum: 625566 4e7b13c2d0cc10469b5524728024ca01
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_mips.deb
Size/MD5 checksum: 176214 65e13e2bf05121c6a4c3dedd12ef7379
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_mips.deb
Size/MD5 checksum: 124612 5f37f8c5aea38bf745f1bc83917fc2af
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_mips.deb
Size/MD5 checksum: 127616 ed13fd47b01ec4c1e932b2e1ab9a5097
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_mips.deb
Size/MD5 checksum: 37512 e89bae84f5d23e44bc8a8c97f90beca5

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_mipsel.deb
Size/MD5 checksum: 739614 b6c96307d8e4bb13eb8030c3c9d8b4fc
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_mipsel.deb
Size/MD5 checksum: 6190894 05e576bc649eaa947db4841872bd9af5
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_mipsel.deb
Size/MD5 checksum: 106208 8b5bad7478c2817b381090e0dbb29795
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_mipsel.deb
Size/MD5 checksum: 159544 3dce69d70433c6d2cb49d875e139eeaa
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_mipsel.deb
Size/MD5 checksum: 614058 838c176f4bd39640a5ba9c37f0a38cc5
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_mipsel.deb
Size/MD5 checksum: 617518 d35cd5459d046df52ddfc0211141ef73
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_mipsel.deb
Size/MD5 checksum: 175364 a77dcb1b7f29aa1603aa20f642ad824e
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_mipsel.deb
Size/MD5 checksum: 123628 fd6962b418fe4c33bf1364429f16446b
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_mipsel.deb
Size/MD5 checksum: 126584 d3170d436f8ffc0a74a1ddc43e1788f3
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_mipsel.deb
Size/MD5 checksum: 37508 ca51ad9bea2b452af76e86e632c111e9

PowerPC architecture:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_powerpc.deb
Size/MD5 checksum: 741300 eb89bb59fa2f161b35999d9181dc01db
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_powerpc.deb
Size/MD5 checksum: 6743570 9619dca36a404d209f93232279508185
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_powerpc.deb
Size/MD5 checksum: 106326 242e987d56b6c372b591033cffde91b7
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_powerpc.deb
Size/MD5 checksum: 182946 f5c3f5cc9ddd5076345bd66c59231ba0
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_powerpc.deb
Size/MD5 checksum: 691316 d137a0428c5e4fd3fae8a7831bdadb3e
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_powerpc.deb
Size/MD5 checksum: 695130 cb7e5a47e2e9892227a3a5dddc726bfd
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_powerpc.deb
Size/MD5 checksum: 154244 fec6e32c9e1a7ed943d7a1984324426a
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_powerpc.deb
Size/MD5 checksum: 127922 b73520e3822413ccb507185c56af1ced
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_powerpc.deb
Size/MD5 checksum: 130804 133638aa6468f9c8bc6f2f6f5e2e4e67
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_powerpc.deb
Size/MD5 checksum: 37504 38201cb34cd63798675dfa5a9e6e90d7

IBM S/390 architecture: