Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Advisories: August 23, 2005

Aug 24, 2005, 04:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 781-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 23rd, 2005 http://www.debian.org/security/faq


Package : mozilla-thunderbird
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0989 CAN-2005-1159 CAN-2005-1160 CAN-2005-1532 CAN-2005-2261 CAN-2005-2265 CAN-2005-2266 CAN-2005-2269 CAN-2005-2270
BugTraq ID : 14242 14242
Debian Bug : 318728

Several problems have been discovered in Mozilla Thunderbird, the standalone mail client of the Mozilla suite. The Common Vulnerabilities and Exposures project identifies the following problems:

CAN-2005-0989

Remote attackers could read portions of heap memory into a Javascript string via the lambda replace method.

CAN-2005-1159

The Javascript interpreter could be tricked to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code.

CAN-2005-1160

Remote attackers could override certain properties or methods of DOM nodes and gain privileges.

CAN-2005-1532

Remote attackers could override certain properties or methods due to missing proper limitation of Javascript eval and Script objects and gain privileges.

CAN-2005-2261

XML scripts ran even when Javascript disabled.

CAN-2005-2265

Missing input sanitising of InstallVersion.compareTo() can cause the application to crash.

CAN-2005-2266

Remote attackers could steal sensitive information such as cookies and passwords from web sites by accessing data in alien frames.

CAN-2005-2269

Remote attackers could modify certain tag properties of DOM nodes that could lead to the execution of arbitrary script or code.

CAN-2005-2270

The Mozilla browser familie does not properly clone base objects, which allows remote attackers to execute arbitrary code.

The old stable distribution (woody) is not affected by these problems since it does not contain Mozilla Thunderbird packages.

For the stable distribution (sarge) these problems have been fixed in version 1.0.2-2.sarge1.0.6.

For the unstable distribution (sid) these problems have been fixed in version 1.0.6-1.

We recommend that you upgrade your Mozilla Thunderbird package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6.dsc
      Size/MD5 checksum: 997 53157e26cb9b032a3fdd375adcbac2bb
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6.diff.gz
      Size/MD5 checksum: 187279 35ff6f4f69563681c282d818f9e08f23
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
      Size/MD5 checksum: 33288906 806175393a226670aa66060452d31df4

Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_alpha.deb
      Size/MD5 checksum: 12828558 258ee4d7ccd16193ef73a1e7f76b5e8e
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_alpha.deb
      Size/MD5 checksum: 3268880 e22ea42c42b9d9194c071b67372e1ed2
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_alpha.deb
      Size/MD5 checksum: 144960 78f53d39b9e4cf6897d29896a09f1fa9
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_alpha.deb
      Size/MD5 checksum: 26498 342c404ee93371fc0897059f549a7a9d
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_alpha.deb
      Size/MD5 checksum: 82278 48ad0c63a3da09affde9bbe934aff4e7

AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_amd64.deb
      Size/MD5 checksum: 12239002 886db98a0472273676651b622fb6db78
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_amd64.deb
      Size/MD5 checksum: 3269560 403f483ecb3adff814c78e3b8a44267f
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_amd64.deb
      Size/MD5 checksum: 144004 a7a1bafd0ead6f05ec2c7513431e2761
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_amd64.deb
      Size/MD5 checksum: 26498 056144ff158bbaa3e95081fb207ca026
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_amd64.deb
      Size/MD5 checksum: 82162 857d764cd365c7aecda22aadb794b2cf

ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_arm.deb
      Size/MD5 checksum: 10325602 afb900570718804d74b643b6fdcbe42a
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_arm.deb
      Size/MD5 checksum: 3264246 3cf2f71afc85cfdce8c2e80ad8b183a8
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_arm.deb
      Size/MD5 checksum: 136040 ef6d7998e45503c38565f53f1d240dd0
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_arm.deb
      Size/MD5 checksum: 26514 06819b7ec681da9c0c30ea37526d3c70
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_arm.deb
      Size/MD5 checksum: 74152 82e1e77ab75f6de61f6717af97e551c7

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_i386.deb
      Size/MD5 checksum: 11523292 0b3272e1f860da8d415a9d492718dab9
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_i386.deb
      Size/MD5 checksum: 3267364 e1c3e4a8c865bc13d69d94c5774c6806
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_i386.deb
      Size/MD5 checksum: 139484 43e24cd43ad7b87206866614dbe7f73c
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_i386.deb
      Size/MD5 checksum: 26502 e10611304b82a03ff28646cbc4a3ef4c
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_i386.deb
      Size/MD5 checksum: 80868 a017cf6698d4dc08d574083061876b18

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_ia64.deb
      Size/MD5 checksum: 14600148 ed6a27da1a997f2259c095a2d0fcd116
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_ia64.deb
      Size/MD5 checksum: 3283336 110376398b8b9ed932365de3f059f455
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_ia64.deb
      Size/MD5 checksum: 148328 d1b4914d0ac468538289856fc9e2c397
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_ia64.deb
      Size/MD5 checksum: 26500 36addd7bbce708f80f32a9ed7ec7307d
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_ia64.deb
      Size/MD5 checksum: 99946 91de5051f92e86f47aacc6a9909e1223

HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_hppa.deb
      Size/MD5 checksum: 13547772 1c53fd2a25d264244cb6d192cec34efd
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_hppa.deb
      Size/MD5 checksum: 3273922 fcfe3f416265b9315e1997959aa22dd1
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_hppa.deb
      Size/MD5 checksum: 146188 539321f5b43e18f58733c4105efec4cf
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_hppa.deb
      Size/MD5 checksum: 26512 5d91015a025bea70b15d65034233fdd0
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_hppa.deb
      Size/MD5 checksum: 90102 5947cd276b59a4637903a55af3a02303

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_m68k.deb
      Size/MD5 checksum: 10773214 e5fd6d229f37532ad9d0333b96cee1c2
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_m68k.deb
      Size/MD5 checksum: 3262424 f75ea663061af141c1c6e08a73defb27
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_m68k.deb
      Size/MD5 checksum: 137868 4ef977ad2552ddf5e6fe7d13479bb1e5
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_m68k.deb
      Size/MD5 checksum: 26516 84fe211d15cbd087124ee92e2fda0261
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_m68k.deb
      Size/MD5 checksum: 75366 f43e5ab28d62618be3e62e37c1b76002

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_mips.deb
      Size/MD5 checksum: 11932052 1935ec7c91cdb9b5e468d46d7d9157bf
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_mips.deb
      Size/MD5 checksum: 3269080 5582d0a2a1a1eceb4cc69eae7c9267ac
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_mips.deb
      Size/MD5 checksum: 140938 3578a4a679ffce4b60876f94de99c8d3
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_mips.deb
      Size/MD5 checksum: 26504 9e9a2e7cf4d2250377f24b7d7057b198
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_mips.deb
      Size/MD5 checksum: 77706 5abd79f4f7377cb3f1abaedb83f1bb99

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_mipsel.deb
      Size/MD5 checksum: 11792168 776ae7ac955ed7752f7ef68b8793a8a4
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_mipsel.deb
      Size/MD5 checksum: 3269258 a347fe9187b6da7236529d34e5e511b5
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_mipsel.deb
      Size/MD5 checksum: 140496 17e19ca8b6b544e15a179d20d8e8c486
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_mipsel.deb
      Size/MD5 checksum: 26502 6660fd9aa6bb0c1e334df72af0070386
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_mipsel.deb
      Size/MD5 checksum: 77556 5a3137f17694cfbd1579aba9b3272e18

PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_powerpc.deb
      Size/MD5 checksum: 10891054 a18795385ebbc6ed25eaf90387d54eea
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_powerpc.deb
      Size/MD5 checksum: 3262070 ec3bf4e8c959dac7dbbca1de8dbe8c11
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_powerpc.deb
      Size/MD5 checksum: 137876 194bf4676b6294708344f572b5495786
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_powerpc.deb
      Size/MD5 checksum: 26502 e0a5e3b166e1fbff1680c3d397e61aeb
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_powerpc.deb
      Size/MD5 checksum: 74240 35dcda6db87be485de2cc1a5581c5379

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_s390.deb
      Size/MD5 checksum: 12683578 d218dfa4a370a6b698e87481a7bc23c8
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_s390.deb
      Size/MD5 checksum: 3269612 e53f9324d774d130c0a319467690e551
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_s390.deb
      Size/MD5 checksum: 144314 91369b2da923d03324cb7bc5507c2ac3
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_s390.deb
      Size/MD5 checksum: 26510 7fc5828a1d89c0142f65896b35577382
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_s390.deb
      Size/MD5 checksum: 82196 af4fc5e81876b142f84e6ef40b98c135

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_sparc.deb
      Size/MD5 checksum: 11155834 d6e7eee2c9ccd2f050672bb759fa4866
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_sparc.deb
      Size/MD5 checksum: 3266376 eb63387994b5d108ed735cd70ccfe0f3
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_sparc.deb
      Size/MD5 checksum: 137498 37e5452c55fbe883021466f0a9289abf
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_sparc.deb
      Size/MD5 checksum: 26508 d45278e5302d461392b9ef8b376071bb
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_sparc.deb
      Size/MD5 checksum: 75996 409d7ea53302393fbfe387910562edab

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Fedora Core


Fedora Update Notification
FEDORA-2005-790
2005-08-23

Product : Fedora Core 4
Name : cvs
Version : 1.11.19
Release : 9
Summary : A version control system.

Description :
CVS (Concurrent Version System) is a version control system that can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why changes occurred.

CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release.


  • Tue Aug 23 2005 Martin Stransky <stransky@redhat.com> 1.11.19-9
    • fix for #166366 - CVS temporary file issue

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

4bf76c04c60a124330489518b865530d SRPMS/cvs-1.11.19-9.src.rpm
cf08814339be854831348d6ee73254df ppc/cvs-1.11.19-9.ppc.rpm
f673c301ff24c76b0ce0bd9c179c49f9 ppc/debug/cvs-debuginfo-1.11.19-9.ppc.rpm
990ce8931ca7359cebe6de4b63218a21 x86_64/cvs-1.11.19-9.x86_64.rpm
8e7ccdb5a3e6df223679fb861f9c107b x86_64/debug/cvs-debuginfo-1.11.19-9.x86_64.rpm
29a8086ccac579c5fc525ffc8b35adc6 i386/cvs-1.11.19-9.i386.rpm
c261db337d4e26beac46a06bed72907a i386/debug/cvs-debuginfo-1.11.19-9.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.



Fedora Update Notification
FEDORA-2005-791
2005-08-23

Product : Fedora Core 3
Name : cvs
Version : 1.11.17
Release : 7.FC3
Summary : A version control system.

Description :
CVS (Concurrent Version System) is a version control system that can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why changes occurred.

CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release.


  • Tue Aug 23 2005 Martin Stransky <stransky@redhat.com> 1.11.17-7.FC3
    • fix for #166366 - CVS temporary file issue

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

69a876ca0452cb1c73c3be35f4eb19a6 SRPMS/cvs-1.11.17-7.FC3.src.rpm
db5de9c27d8901ebb6bdbae1a150c196 x86_64/cvs-1.11.17-7.FC3.x86_64.rpm
cafb738040a63eaf2eca539c10e4259a x86_64/debug/cvs-debuginfo-1.11.17-7.FC3.x86_64.rpm
3f062459045d7679ed27f8825ebcb8ef i386/cvs-1.11.17-7.FC3.i386.rpm
74494c45dbb4d46c4f234c36d59ed3a9 i386/debug/cvs-debuginfo-1.11.17-7.FC3.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.


Mandriva Linux


Mandriva Linux Security Update Advisory


Package name: openvpn
Advisory ID: MDKSA-2005:145
Date: August 22nd, 2005
Affected versions: Multi Network Firewall 2.0


Problem Description:

A number of vulnerabilities were discovered in OpenVPN that were fixed in the 2.0.1 release:

A DoS attack against the server when run with "verb 0" and without "tls-auth" when a client connection to the server fails certificate verification, the OpenSSL error queue is not properly flushed. This could result in another unrelated client instance on the server seeing the error and responding to it, resulting in a disconnection of the unrelated client (CAN-2005-2531).

A DoS attack against the server by an authenticated client that sends a packet which fails to decrypt on the server, the OpenSSL error queue was not properly flushed. This could result in another unrelated client instance on the server seeing the error and responding to it, resulting in a disconnection of the unrelated client (CAN-2005-2532).

A DoS attack against the server by an authenticated client is possible in "dev tap" ethernet bridging mode where a malicious client could theoretically flood the server with packets appearing to come from hundreds of thousands of different MAC addresses, resulting in the OpenVPN process exhausting system virtual memory (CAN-2005-2533).

If two or more client machines tried to connect to the server at the same time via TCP, using the same client certificate, a race condition could crash the server if --duplicate-cn is not enabled on the server (CAN-2005-2534).

This update provides OpenVPN 2.0.1 which corrects these issues as well as a number of other bugs.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2534


Updated Packages:

Multi Network Firewall 2.0:
20daf4b6f9dbc1c53f3b4f4d375262d4 mnf/2.0/RPMS/openvpn-2.0.1-0.1.M20mdk.i586.rpm
a92bbc0c8285fecfbe3f439d18a62580 mnf/2.0/SRPMS/openvpn-2.0.1-0.1.M20mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Update Advisory


Package name: php-pear
Advisory ID: MDKSA-2005:146
Date: August 22nd, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0


Problem Description:

A problem was discovered in the PEAR XML-RPC Server package included in the php-pear package. If a PHP script which implements the XML-RPC Server is used, it would be possible for a remote attacker to construct an XML-RPC request which would cause PHP to execute arbitrary commands as the 'apache' user.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498


Updated Packages:

Mandrakelinux 10.0:
ad5790382b19a06f31d341d7eba05fb6 10.0/RPMS/php-pear-4.3.4-3.2.100mdk.noarch.rpm
7d41047a2fb997725773ae9dccd76ff9 10.0/SRPMS/php-pear-4.3.4-3.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
ad5790382b19a06f31d341d7eba05fb6 amd64/10.0/RPMS/php-pear-4.3.4-3.2.100mdk.noarch.rpm
7d41047a2fb997725773ae9dccd76ff9 amd64/10.0/SRPMS/php-pear-4.3.4-3.2.100mdk.src.rpm

Mandrakelinux 10.1:
3c0b4ed15139d42df9be6ed177a571d6 10.1/RPMS/php-pear-4.3.8-1.2.101mdk.noarch.rpm
ffd4b96fe8e05b7246eccd881563229d 10.1/SRPMS/php-pear-4.3.8-1.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
3c0b4ed15139d42df9be6ed177a571d6 x86_64/10.1/RPMS/php-pear-4.3.8-1.2.101mdk.noarch.rpm
ffd4b96fe8e05b7246eccd881563229d x86_64/10.1/SRPMS/php-pear-4.3.8-1.2.101mdk.src.rpm

Mandrakelinux 10.2:
484af9862c08f5fdec98007d74fdcf8c 10.2/RPMS/php-pear-4.3.10-3.2.102mdk.noarch.rpm
28e358ce40a0561251ba34d909a7c617 10.2/SRPMS/php-pear-4.3.10-3.2.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
484af9862c08f5fdec98007d74fdcf8c x86_64/10.2/RPMS/php-pear-4.3.10-3.2.102mdk.noarch.rpm
28e358ce40a0561251ba34d909a7c617 x86_64/10.2/SRPMS/php-pear-4.3.10-3.2.102mdk.src.rpm

Corporate 3.0:
4f1eede09f0e47209b13e7c8168bcb79 corporate/3.0/RPMS/php-pear-4.3.4-3.2.C30mdk.noarch.rpm
e5e1fa37415a8761c2b25799ef8fffb5 corporate/3.0/SRPMS/php-pear-4.3.4-3.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
4f1eede09f0e47209b13e7c8168bcb79 x86_64/corporate/3.0/RPMS/php-pear-4.3.4-3.2.C30mdk.noarch.rpm
e5e1fa37415a8761c2b25799ef8fffb5 x86_64/corporate/3.0/SRPMS/php-pear-4.3.4-3.2.C30mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Update Advisory


Package name: slocate
Advisory ID: MDKSA-2005:147
Date: August 22nd, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate Server 2.1


Problem Description:

A bug was discovered in the way that slocate processes very long paths. A local user could create a carefully crafted directory structure that would prevent updatedb from completing its filesystem scan, resulting in an incomplete database.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2499


Updated Packages:

Mandrakelinux 10.0:
8b492b8674dcd11652f28b267f314f89 10.0/RPMS/slocate-2.7-4.1.100mdk.i586.rpm
752863ae586d26b93bc4833967d4c5cd 10.0/SRPMS/slocate-2.7-4.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
abd885edd206419961702efee3b76f16 amd64/10.0/RPMS/slocate-2.7-4.1.100mdk.amd64.rpm
752863ae586d26b93bc4833967d4c5cd amd64/10.0/SRPMS/slocate-2.7-4.1.100mdk.src.rpm

Mandrakelinux 10.1:
c5eb5da64a9500f2917467380ec2016b 10.1/RPMS/slocate-2.7-4.1.101mdk.i586.rpm
734eb05ad18bd9c4955a29574b2bebd0 10.1/SRPMS/slocate-2.7-4.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
2d7791f13424975932551dc9e83bfceb x86_64/10.1/RPMS/slocate-2.7-4.1.101mdk.x86_64.rpm
734eb05ad18bd9c4955a29574b2bebd0 x86_64/10.1/SRPMS/slocate-2.7-4.1.101mdk.src.rpm

Mandrakelinux 10.2:
fd8bf38e59bb05eea611de5b2ae70255 10.2/RPMS/slocate-2.7-4.1.102mdk.i586.rpm
37c7654356b72327dd028e2ce3b1e9f0 10.2/SRPMS/slocate-2.7-4.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
8344b2bece3dca3cac1d3afbe5774936 x86_64/10.2/RPMS/slocate-2.7-4.1.102mdk.x86_64.rpm
37c7654356b72327dd028e2ce3b1e9f0 x86_64/10.2/SRPMS/slocate-2.7-4.1.102mdk.src.rpm

Corporate Server 2.1:
57e13aee8eb5547443b1d6df1897a5a4 corporate/2.1/RPMS/slocate-2.7-2.2.C21mdk.i586.rpm
e827615678546ce552ddea3784ea7651 corporate/2.1/SRPMS/slocate-2.7-2.2.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
be3dab7dac13c4a873296f9f81d8c893 x86_64/corporate/2.1/RPMS/slocate-2.7-2.2.C21mdk.x86_64.rpm
e827615678546ce552ddea3784ea7651 x86_64/corporate/2.1/SRPMS/slocate-2.7-2.2.C21mdk.src.rpm

Corporate 3.0:
6410921b0027b5fbfd6357934eb8283e corporate/3.0/RPMS/slocate-2.7-4.1.C30mdk.i586.rpm
cfd5b24994f7c16a10e0fbafd86f8e47 corporate/3.0/SRPMS/slocate-2.7-4.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
0cfb14d70b0fd89f49e5ed9b42d98782 x86_64/corporate/3.0/RPMS/slocate-2.7-4.1.C30mdk.x86_64.rpm
cfd5b24994f7c16a10e0fbafd86f8e47 x86_64/corporate/3.0/SRPMS/slocate-2.7-4.1.C30mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Update Advisory


Package name: vim
Advisory ID: MDKSA-2005:148
Date: August 22nd, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate Server 2.1, Multi Network Firewall 2.0


Problem Description:

A vulnerability was discovered in the way that vim processed modelines. If a user with modelines enabled opened a textfile with a specially crafted modeline, arbitrary commands could be executed.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2368


Updated Packages:

Mandrakelinux 10.0:
962c81613136ed7ca634b960a92722b4 10.0/RPMS/vim-X11-6.2-14.4.100mdk.i586.rpm
cd0286f3cdcca0bcb61e91b690c33e50 10.0/RPMS/vim-common-6.2-14.4.100mdk.i586.rpm
84c7a8451f4b84ae5f362ad1e21fff66 10.0/RPMS/vim-enhanced-6.2-14.4.100mdk.i586.rpm
669fc75bbda5aa9fb66f63428ba340e5 10.0/RPMS/vim-minimal-6.2-14.4.100mdk.i586.rpm
0c122671de7f0be1fe5889b97077ae4d 10.0/SRPMS/vim-6.2-14.4.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
0f3caed96b7f1f2baed8a8962ec3b4ca amd64/10.0/RPMS/vim-X11-6.2-14.4.100mdk.amd64.rpm
ab87468b1829e910b4ca7ac0d0100978 amd64/10.0/RPMS/vim-common-6.2-14.4.100mdk.amd64.rpm
ffd161316881f3b1507eb3290094a25a amd64/10.0/RPMS/vim-enhanced-6.2-14.4.100mdk.amd64.rpm
4868d574f0f9f25e758f925083a90b72 amd64/10.0/RPMS/vim-minimal-6.2-14.4.100mdk.amd64.rpm
0c122671de7f0be1fe5889b97077ae4d amd64/10.0/SRPMS/vim-6.2-14.4.100mdk.src.rpm

Mandrakelinux 10.1:
aafd1a6fd9f2b5971a563f4e2afa962a 10.1/RPMS/vim-X11-6.3-5.4.101mdk.i586.rpm
376493f4f15bf4472e5b9607d3274231 10.1/RPMS/vim-common-6.3-5.4.101mdk.i586.rpm
9939e76b7510a330f999a0c59a8fe7eb 10.1/RPMS/vim-enhanced-6.3-5.4.101mdk.i586.rpm
766aee98f2396becd720b924512bcd16 10.1/RPMS/vim-minimal-6.3-5.4.101mdk.i586.rpm
f373a2117c65bf18d25efd95db9fc3cd 10.1/SRPMS/vim-6.3-5.4.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
57b16ed9c7ec73a21849f813b7d14c8d x86_64/10.1/RPMS/vim-X11-6.3-5.4.101mdk.x86_64.rpm
7a7d30797acda07ae1ff25d6f7c58dca x86_64/10.1/RPMS/vim-common-6.3-5.4.101mdk.x86_64.rpm
65e69d9cb477cc0477d3ddf9687065d4 x86_64/10.1/RPMS/vim-enhanced-6.3-5.4.101mdk.x86_64.rpm
1807eb9791da5518167a3fc2f4637776 x86_64/10.1/RPMS/vim-minimal-6.3-5.4.101mdk.x86_64.rpm
f373a2117c65bf18d25efd95db9fc3cd x86_64/10.1/SRPMS/vim-6.3-5.4.101mdk.src.rpm

Mandrakelinux 10.2:
534262aacc55523ac8f70bd0bb128c0d 10.2/RPMS/vim-X11-6.3-12.1.102mdk.i586.rpm
edc277a6b8e1f68f936283addd4c693b 10.2/RPMS/vim-common-6.3-12.1.102mdk.i586.rpm
ca29f9b56afb7130378179187e2dff48 10.2/RPMS/vim-enhanced-6.3-12.1.102mdk.i586.rpm
890cee90f519765234316fe31e53adab 10.2/RPMS/vim-minimal-6.3-12.1.102mdk.i586.rpm
91627d558879abb42b848dfba98f2c75 10.2/SRPMS/vim-6.3-12.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
1df911cedfaedfe99e60463296af6672 x86_64/10.2/RPMS/vim-X11-6.3-12.1.102mdk.x86_64.rpm
8a673c26fac6a9ab7d06d5295b4c7229 x86_64/10.2/RPMS/vim-common-6.3-12.1.102mdk.x86_64.rpm
b4bc9aec773899cfee039cc7a3eacb8a x86_64/10.2/RPMS/vim-enhanced-6.3-12.1.102mdk.x86_64.rpm
a5c194fb681f9eb51c6b2dae3c47d716 x86_64/10.2/RPMS/vim-minimal-6.3-12.1.102mdk.x86_64.rpm
91627d558879abb42b848dfba98f2c75 x86_64/10.2/SRPMS/vim-6.3-12.1.102mdk.src.rpm

Multi Network Firewall 2.0:
a155774dfb2e3de1398520b1fcc26ec7 mnf/2.0/RPMS/vim-common-6.2-14.4.M20mdk.i586.rpm
568587310ed3f7901dd5d4b5a165f32f mnf/2.0/RPMS/vim-enhanced-6.2-14.4.M20mdk.i586.rpm
b677a06a11ed028b08d8eeed9bcaaab6 mnf/2.0/RPMS/vim-minimal-6.2-14.4.M20mdk.i586.rpm
6bd495589bc061390b3bf2bfa1470c0a mnf/2.0/SRPMS/vim-6.2-14.4.M20mdk.src.rpm

Corporate Server 2.1:
5a0b82ffacb2846807366ed0df79aa5f corporate/2.1/RPMS/vim-X11-6.1-34.5.C21mdk.i586.rpm
e3645b75141486cd7a0df56f1a55b21f corporate/2.1/RPMS/vim-common-6.1-34.5.C21mdk.i586.rpm
20d0a95ab5a8deadbb0e776997f436fb corporate/2.1/RPMS/vim-enhanced-6.1-34.5.C21mdk.i586.rpm
6de52fca478c565cded946eb24d7fbe8 corporate/2.1/RPMS/vim-minimal-6.1-34.5.C21mdk.i586.rpm
944de1a2b8348726c6fbe3bc5c7eb719 corporate/2.1/SRPMS/vim-6.1-34.5.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
c86249e6a7541ef5ddfe2b90e1c498aa x86_64/corporate/2.1/RPMS/vim-X11-6.1-34.5.C21mdk.x86_64.rpm
f21a7e25f753c36c57841e27953e9ed9 x86_64/corporate/2.1/RPMS/vim-common-6.1-34.5.C21mdk.x86_64.rpm
27d5ce793640ae0cfcaebc09a977388d x86_64/corporate/2.1/RPMS/vim-enhanced-6.1-34.5.C21mdk.x86_64.rpm
8e84a6e1153bc4b140916184b5fb2d67 x86_64/corporate/2.1/RPMS/vim-minimal-6.1-34.5.C21mdk.x86_64.rpm
944de1a2b8348726c6fbe3bc5c7eb719 x86_64/corporate/2.1/SRPMS/vim-6.1-34.5.C21mdk.src.rpm

Corporate 3.0:
f9487b4995c1f64b176feec5e93775cb corporate/3.0/RPMS/vim-X11-6.2-14.4.C30mdk.i586.rpm
3d33b7f4c3685c1874b2ca6150b9bf1a corporate/3.0/RPMS/vim-common-6.2-14.4.C30mdk.i586.rpm
9cb2997766630fed03f1da93a874e662 corporate/3.0/RPMS/vim-enhanced-6.2-14.4.C30mdk.i586.rpm
c98990ae777f2d6a16f259412e61b6be corporate/3.0/RPMS/vim-minimal-6.2-14.4.C30mdk.i586.rpm
08174e3db0af720dd3bd8f8ac2492def corporate/3.0/SRPMS/vim-6.2-14.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
52175513104bf687a0dc7002e5d2374f x86_64/corporate/3.0/RPMS/vim-X11-6.2-14.4.C30mdk.x86_64.rpm
719644f6a0b76baa21d0d950b80df548 x86_64/corporate/3.0/RPMS/vim-common-6.2-14.4.C30mdk.x86_64.rpm
c5e65cec1752232eb0123bd5e02970e1 x86_64/corporate/3.0/RPMS/vim-enhanced-6.2-14.4.C30mdk.x86_64.rpm
ef9cdaf59ea64f6abe526c430c368926 x86_64/corporate/3.0/RPMS/vim-minimal-6.2-14.4.C30mdk.x86_64.rpm
08174e3db0af720dd3bd8f8ac2492def x86_64/corporate/3.0/SRPMS/vim-6.2-14.4.C30mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Red Hat Linux


Red Hat Security Advisory

Synopsis: Critical: elm security update
Advisory ID: RHSA-2005:755-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-755.html
Issue date: 2005-08-23
Updated on: 2005-08-23
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-2665


1. Summary:

An updated elm package is now available that fixes a buffer overflow issue for Red Hat Enterprise Linux 2.1 AS and AW.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64

3. Problem description:

Elm is a terminal mode email client.

A buffer overflow flaw in Elm was discovered that was triggered by viewing a mailbox containing a message with a carefully crafted 'Expires' header. An attacker could create a malicious message that would execute arbitrary code with the privileges of the user who received it. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-2665 to this issue.

Users of Elm should update to this updated package, which contains a backported patch that corrects this issue.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

166580 - CAN-2005-2665 elm buffer overflow

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/elm-2.5.6-6.src.rpm
479f0512285ad516895777c2e995a9a7 elm-2.5.6-6.src.rpm

i386:
71cba99974d435407927cffd9901eaf9 elm-2.5.6-6.i386.rpm

ia64:
6272e2c92c5eb207992b60d79c096565 elm-2.5.6-6.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/elm-2.5.6-6.src.rpm
479f0512285ad516895777c2e995a9a7 elm-2.5.6-6.src.rpm

ia64:
6272e2c92c5eb207992b60d79c096565 elm-2.5.6-6.ia64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2665

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

Ubuntu Linux


Ubuntu Security Notice USN-172-1 August 23, 2005
lm-sensors vulnerabilities
https://bugzilla.ubuntu.com/show_bug.cgi?id=13887

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

lm-sensors

The problem can be corrected by upgrading the affected package to version 2.8.8-7ubuntu2.1. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Javier Fernández-Sanguino Peña noticed that the pwmconfig script created temporary files in an insecure manner. This could allow a symlink attack to create or overwrite arbitrary files with full root privileges since pwmconfig is usually executed by root.

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8.8-7ubuntu2.1.diff.gz
      Size/MD5: 28002 78649f71071530897671aec9d90530bc
    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8.8-7ubuntu2.1.dsc
      Size/MD5: 659 2e17dd3a420f2be9fee42ba8932acc93
    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8.8.orig.tar.gz
      Size/MD5: 820983 95cdb083b4d16e2419a2c78b35f608d0

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors-dev_2.8.8-7ubuntu2.1_amd64.deb
      Size/MD5: 94266 927658de6c8c8dfd592bbd6ea4a2ebf6
    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors3_2.8.8-7ubuntu2.1_amd64.deb
      Size/MD5: 81466 e216f3ac2e5b40dcf3c80a0dedfdddaa
    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8.8-7ubuntu2.1_amd64.deb
      Size/MD5: 467670 e5593dcddbe395f31966b58dd0ff8d6e
    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/sensord_2.8.8-7ubuntu2.1_amd64.deb
      Size/MD5: 54554 f69b44c19c1d6640291a140a172d124b

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors-dev_2.8.8-7ubuntu2.1_i386.deb
      Size/MD5: 88018 f1f90add89d25e99cc1c12f62a4652f4
    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors3_2.8.8-7ubuntu2.1_i386.deb
      Size/MD5: 73074 551f33f59451ab244e972bf5cd77b200
    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8.8-7ubuntu2.1_i386.deb
      Size/MD5: 464566 3175fceb85c4f8500d325b551e600e6c
    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/sensord_2.8.8-7ubuntu2.1_i386.deb
      Size/MD5: 52492 067285384debd4bfcd5ca87083d51e3d

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors-dev_2.8.8-7ubuntu2.1_powerpc.deb
      Size/MD5: 100452 cd698db9856bfe43c20e4b359372a592
    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors3_2.8.8-7ubuntu2.1_powerpc.deb
      Size/MD5: 79554 899763c092e6497a64437aba12cc07f0
    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8.8-7ubuntu2.1_powerpc.deb
      Size/MD5: 468262 bb280b3c35f59386bad25e332a91c969
    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/sensord_2.8.8-7ubuntu2.1_powerpc.deb
      Size/MD5: 55752 d1c2efe66350314ed725713885d23e95


Ubuntu Security Notice USN-173-1 August 23, 2005
pcre3 vulnerability
CAN-2005-2491

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

libpcre3

The problem can be corrected by upgrading the affected package to version 4.5-1.1ubuntu0.4.10 (for Ubuntu 4.10), or 4.5-1.1ubuntu0.5.04 (for Ubuntu 5.04).

A standard system upgrade is NOT SUFFICIENT to effect the necessary changes! If you can afford to reboot your machine, this is the easiest way to ensure that all services using this library are restarted correctly. If not, please manually restart all server processes (exim, Apache, PHP, etc.). It is advised to also restart your desktop session.

Details follow:

A buffer ove