Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Advisories: August 24, 2005

Aug 25, 2005, 04:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 781-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 23rd, 2005 http://www.debian.org/security/faq


Package : mozilla-thunderbird
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0989 CAN-2005-1159 CAN-2005-1160 CAN-2005-1532 CAN-2005-2261 CAN-2005-2265 CAN-2005-2266 CAN-2005-2269 CAN-2005-2270
BugTraq ID : 14242 14242
Debian Bug : 318728

Several problems have been discovered in Mozilla Thunderbird, the standalone mail client of the Mozilla suite. The Common Vulnerabilities and Exposures project identifies the following problems:

CAN-2005-0989

Remote attackers could read portions of heap memory into a Javascript string via the lambda replace method.

CAN-2005-1159

The Javascript interpreter could be tricked to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code.

CAN-2005-1160

Remote attackers could override certain properties or methods of DOM nodes and gain privileges.

CAN-2005-1532

Remote attackers could override certain properties or methods due to missing proper limitation of Javascript eval and Script objects and gain privileges.

CAN-2005-2261

XML scripts ran even when Javascript disabled.

CAN-2005-2265

Missing input sanitising of InstallVersion.compareTo() can cause the application to crash.

CAN-2005-2266

Remote attackers could steal sensitive information such as cookies and passwords from web sites by accessing data in alien frames.

CAN-2005-2269

Remote attackers could modify certain tag properties of DOM nodes that could lead to the execution of arbitrary script or code.

CAN-2005-2270

The Mozilla browser familie does not properly clone base objects, which allows remote attackers to execute arbitrary code.

The old stable distribution (woody) is not affected by these problems since it does not contain Mozilla Thunderbird packages.

For the stable distribution (sarge) these problems have been fixed in version 1.0.2-2.sarge1.0.6.

For the unstable distribution (sid) these problems have been fixed in version 1.0.6-1.

We recommend that you upgrade your Mozilla Thunderbird package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6.dsc
      Size/MD5 checksum: 997 53157e26cb9b032a3fdd375adcbac2bb
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6.diff.gz
      Size/MD5 checksum: 187279 35ff6f4f69563681c282d818f9e08f23
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
      Size/MD5 checksum: 33288906 806175393a226670aa66060452d31df4

Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_alpha.deb
      Size/MD5 checksum: 12828558 258ee4d7ccd16193ef73a1e7f76b5e8e
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_alpha.deb
      Size/MD5 checksum: 3268880 e22ea42c42b9d9194c071b67372e1ed2
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_alpha.deb
      Size/MD5 checksum: 144960 78f53d39b9e4cf6897d29896a09f1fa9
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_alpha.deb
      Size/MD5 checksum: 26498 342c404ee93371fc0897059f549a7a9d
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_alpha.deb
      Size/MD5 checksum: 82278 48ad0c63a3da09affde9bbe934aff4e7

AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_amd64.deb
      Size/MD5 checksum: 12239002 886db98a0472273676651b622fb6db78
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_amd64.deb
      Size/MD5 checksum: 3269560 403f483ecb3adff814c78e3b8a44267f
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_amd64.deb
      Size/MD5 checksum: 144004 a7a1bafd0ead6f05ec2c7513431e2761
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_amd64.deb
      Size/MD5 checksum: 26498 056144ff158bbaa3e95081fb207ca026
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_amd64.deb
      Size/MD5 checksum: 82162 857d764cd365c7aecda22aadb794b2cf

ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_arm.deb
      Size/MD5 checksum: 10325602 afb900570718804d74b643b6fdcbe42a
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_arm.deb
      Size/MD5 checksum: 3264246 3cf2f71afc85cfdce8c2e80ad8b183a8
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_arm.deb
      Size/MD5 checksum: 136040 ef6d7998e45503c38565f53f1d240dd0
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_arm.deb
      Size/MD5 checksum: 26514 06819b7ec681da9c0c30ea37526d3c70
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_arm.deb
      Size/MD5 checksum: 74152 82e1e77ab75f6de61f6717af97e551c7

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_i386.deb
      Size/MD5 checksum: 11523292 0b3272e1f860da8d415a9d492718dab9
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_i386.deb
      Size/MD5 checksum: 3267364 e1c3e4a8c865bc13d69d94c5774c6806
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_i386.deb
      Size/MD5 checksum: 139484 43e24cd43ad7b87206866614dbe7f73c
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_i386.deb
      Size/MD5 checksum: 26502 e10611304b82a03ff28646cbc4a3ef4c
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_i386.deb
      Size/MD5 checksum: 80868 a017cf6698d4dc08d574083061876b18

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_ia64.deb
      Size/MD5 checksum: 14600148 ed6a27da1a997f2259c095a2d0fcd116
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_ia64.deb
      Size/MD5 checksum: 3283336 110376398b8b9ed932365de3f059f455
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_ia64.deb
      Size/MD5 checksum: 148328 d1b4914d0ac468538289856fc9e2c397
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_ia64.deb
      Size/MD5 checksum: 26500 36addd7bbce708f80f32a9ed7ec7307d
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_ia64.deb
      Size/MD5 checksum: 99946 91de5051f92e86f47aacc6a9909e1223

HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_hppa.deb
      Size/MD5 checksum: 13547772 1c53fd2a25d264244cb6d192cec34efd
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_hppa.deb
      Size/MD5 checksum: 3273922 fcfe3f416265b9315e1997959aa22dd1
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_hppa.deb
      Size/MD5 checksum: 146188 539321f5b43e18f58733c4105efec4cf
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_hppa.deb
      Size/MD5 checksum: 26512 5d91015a025bea70b15d65034233fdd0
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_hppa.deb
      Size/MD5 checksum: 90102 5947cd276b59a4637903a55af3a02303

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_m68k.deb
      Size/MD5 checksum: 10773214 e5fd6d229f37532ad9d0333b96cee1c2
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_m68k.deb
      Size/MD5 checksum: 3262424 f75ea663061af141c1c6e08a73defb27
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_m68k.deb
      Size/MD5 checksum: 137868 4ef977ad2552ddf5e6fe7d13479bb1e5
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_m68k.deb
      Size/MD5 checksum: 26516 84fe211d15cbd087124ee92e2fda0261
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_m68k.deb
      Size/MD5 checksum: 75366 f43e5ab28d62618be3e62e37c1b76002

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_mips.deb
      Size/MD5 checksum: 11932052 1935ec7c91cdb9b5e468d46d7d9157bf
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_mips.deb
      Size/MD5 checksum: 3269080 5582d0a2a1a1eceb4cc69eae7c9267ac
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_mips.deb
      Size/MD5 checksum: 140938 3578a4a679ffce4b60876f94de99c8d3
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_mips.deb
      Size/MD5 checksum: 26504 9e9a2e7cf4d2250377f24b7d7057b198
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_mips.deb
      Size/MD5 checksum: 77706 5abd79f4f7377cb3f1abaedb83f1bb99

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_mipsel.deb
      Size/MD5 checksum: 11792168 776ae7ac955ed7752f7ef68b8793a8a4
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_mipsel.deb
      Size/MD5 checksum: 3269258 a347fe9187b6da7236529d34e5e511b5
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_mipsel.deb
      Size/MD5 checksum: 140496 17e19ca8b6b544e15a179d20d8e8c486
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_mipsel.deb
      Size/MD5 checksum: 26502 6660fd9aa6bb0c1e334df72af0070386
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_mipsel.deb
      Size/MD5 checksum: 77556 5a3137f17694cfbd1579aba9b3272e18

PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_powerpc.deb
      Size/MD5 checksum: 10891054 a18795385ebbc6ed25eaf90387d54eea
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_powerpc.deb
      Size/MD5 checksum: 3262070 ec3bf4e8c959dac7dbbca1de8dbe8c11
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_powerpc.deb
      Size/MD5 checksum: 137876 194bf4676b6294708344f572b5495786
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_powerpc.deb
      Size/MD5 checksum: 26502 e0a5e3b166e1fbff1680c3d397e61aeb
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_powerpc.deb
      Size/MD5 checksum: 74240 35dcda6db87be485de2cc1a5581c5379

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_s390.deb
      Size/MD5 checksum: 12683578 d218dfa4a370a6b698e87481a7bc23c8
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_s390.deb
      Size/MD5 checksum: 3269612 e53f9324d774d130c0a319467690e551
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_s390.deb
      Size/MD5 checksum: 144314 91369b2da923d03324cb7bc5507c2ac3
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_s390.deb
      Size/MD5 checksum: 26510 7fc5828a1d89c0142f65896b35577382
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_s390.deb
      Size/MD5 checksum: 82196 af4fc5e81876b142f84e6ef40b98c135

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_sparc.deb
      Size/MD5 checksum: 11155834 d6e7eee2c9ccd2f050672bb759fa4866
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_sparc.deb
      Size/MD5 checksum: 3266376 eb63387994b5d108ed735cd70ccfe0f3
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_sparc.deb
      Size/MD5 checksum: 137498 37e5452c55fbe883021466f0a9289abf
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_sparc.deb
      Size/MD5 checksum: 26508 d45278e5302d461392b9ef8b376071bb
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_sparc.deb
      Size/MD5 checksum: 75996 409d7ea53302393fbfe387910562edab

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 783-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 24th, 2005 http://www.debian.org/security/faq


Package : mysql-dfsg-4.1
Vulnerability : insecure temporary file
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-1636
BugTraq ID : 13660
Debian Bug : 319526

Eric Romang discovered a temporary file vulnerability in a script accompanied with MySQL, a popular database, that allows an attacker to execute arbitrary SQL commands when the server is installed or updated.

The old stable distribution (woody) as well as mysql-dfsg are not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in version 4.1_4.1.11a-4sarge1.

For the unstable distribution (sid) this problem has been fixed in version 4.1.12 for mysql-dfsg-4.1 and 5.0.11beta-3 of mysql-dfsg-5.0.

We recommend that you upgrade your mysql packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge1.dsc
      Size/MD5 checksum: 1021 13739557cb2a080e28e4d8b8d3c74b3c
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge1.diff.gz
      Size/MD5 checksum: 162785 ebabe63abfbe2c9cf4a56fb9515d99dd
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a.orig.tar.gz
      Size/MD5 checksum: 15771855 3c0582606a8903e758c2014c2481c7c3

Architecture independent components:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.11a-4sarge1_all.deb
      Size/MD5 checksum: 35642 abfc7caa37c13c6861ec88cf196ef1be

Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_alpha.deb
      Size/MD5 checksum: 1589514 7ef6a2aaa7323251d2367fed743356a9
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_alpha.deb
      Size/MD5 checksum: 7963364 4bb4ee99603b3c0918f9ef4ae8284ae1
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_alpha.deb
      Size/MD5 checksum: 999878 77f29c811d6515c8affffeec74c4bb7f
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_alpha.deb
      Size/MD5 checksum: 17484624 1149856989da8e133f38c3d59d96b30c

AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_amd64.deb
      Size/MD5 checksum: 1450326 9f45715323978f3f7c7e40267aec2ea4
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_amd64.deb
      Size/MD5 checksum: 5548998 c6365b2f962fc2092e6466c7e2c4b125
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_amd64.deb
      Size/MD5 checksum: 848544 b2584efe95149b344eb3c6205da2368e
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_amd64.deb
      Size/MD5 checksum: 14709540 1b1ca0bae85285d5b385495728f06af2

ARM architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_arm.deb
      Size/MD5 checksum: 1388076 0be4eec4f3929bf0b7964157fa76accc
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_arm.deb
      Size/MD5 checksum: 5557616 265a5c7293a18ea7f268bbbb4660f0fe
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_arm.deb
      Size/MD5 checksum: 835746 f8f6416e44435b01068176a1ac98de0f
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_arm.deb
      Size/MD5 checksum: 14555588 f8922b999f0b2f620853f3239b049fc9

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_i386.deb
      Size/MD5 checksum: 1416468 a8d52b676ff4ff91d413ff9324450036
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_i386.deb
      Size/MD5 checksum: 5641628 2d20f8b3174a6a9a19121a5e498bd5c9
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_i386.deb
      Size/MD5 checksum: 829580 1a4df96b603f27f7c2b139c1dd055460
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_i386.deb
      Size/MD5 checksum: 14556398 fe1c3f25184baab2bb0095b32c77a797

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_ia64.deb
      Size/MD5 checksum: 1711768 fda64e2e04286a2fdd67d2e86a905fb0
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_ia64.deb
      Size/MD5 checksum: 7780852 853e3a49046d46af94ceef13ebb51c29
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_ia64.deb
      Size/MD5 checksum: 1049644 b00ce1514972089cf719b85604808bde
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_ia64.deb
      Size/MD5 checksum: 18474664 85e75b5428af17ec8ef0629cf57c321e

HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_hppa.deb
      Size/MD5 checksum: 1550180 c5dd256372cd9627eb4dbd9582dce728
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_hppa.deb
      Size/MD5 checksum: 6249180 039c8b4f93c713e967d301fea234292e
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_hppa.deb
      Size/MD5 checksum: 909078 94164738f1978a1eadedb4014c38097e
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_hppa.deb
      Size/MD5 checksum: 15786540 bd9c9386dcacf37a1802160c21f87712

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_m68k.deb
      Size/MD5 checksum: 1396690 dfac1efd2c57ee8c1e5c8e3439e439bf
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_m68k.deb
      Size/MD5 checksum: 5282688 ed08875a118d9237d00f3e3011b1dac1
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_m68k.deb
      Size/MD5 checksum: 802834 e5ab7837ea28d267bfe698fee03cbba6
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_m68k.deb
      Size/MD5 checksum: 14069986 f869a37931dfb86519458a9d48747f96

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_mips.deb
      Size/MD5 checksum: 1477766 fb7a8d1fb9d4607d7172c36032ebcbbb
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_mips.deb
      Size/MD5 checksum: 6051760 6e97430bc9b02e866e04414e627f9f4c
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_mips.deb
      Size/MD5 checksum: 903542 f99636d7c17d9b9647c34d3dd3379c2d
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_mips.deb
      Size/MD5 checksum: 15407442 36eaf9d65e7c4dcaeff920389c6bd890

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_mipsel.deb
      Size/MD5 checksum: 1445230 a850a8ef0b9860fdea3530e9c20ca155
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_mipsel.deb
      Size/MD5 checksum: 5969356 4f65edebdd67451ff9f98d350d8de26f
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_mipsel.deb
      Size/MD5 checksum: 889146 f7f3a001055f08d94598a0829a76aaf2
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_mipsel.deb
      Size/MD5 checksum: 15103070 c204dcfe3af004201336df429d02972f

PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_powerpc.deb
      Size/MD5 checksum: 1475306 a9a981440a13e4da0f3f1eb28df8e178
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_powerpc.deb
      Size/MD5 checksum: 6024926 72553153e08c80d0d52a8abc5634c61b
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_powerpc.deb
      Size/MD5 checksum: 906294 6952b08aabe467261f3501fe9863d2cf
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_powerpc.deb
      Size/MD5 checksum: 15402300 a8052df1923122ec2fd18d5a3aa5c125

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_s390.deb
      Size/MD5 checksum: 1537478 d53485497a6fc99eb0186857fc799963
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_s390.deb
      Size/MD5 checksum: 5460684 2a11f9f50e74053a17679d59ffea44ad
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_s390.deb
      Size/MD5 checksum: 883270 61d8ef6a6d11ca03c84bf359a004e2e8
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_s390.deb
      Size/MD5 checksum: 15053878 1a9066f65b02545819ab1fddec62ba71

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_sparc.deb
      Size/MD5 checksum: 1459386 b801d56ac5282e4316a11c7e231bbac0
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_sparc.deb
      Size/MD5 checksum: 6205406 2cc5c4c174d61bf0f76b5fd9b75055f8
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_sparc.deb
      Size/MD5 checksum: 867260 b8d31122c0c678cd73c1ae2dba158fb0
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_sparc.deb
      Size/MD5 checksum: 15390174 f2ddbee863e67a62792dec779c3a9c2e

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Fedora Core


Fedora Update Notification
FEDORA-2005-802
2005-08-24

Product : Fedora Core 3
Name : pcre
Version : 4.5
Release : 3.1.1.fc3
Summary : Perl-compatible regular expression library.

Description :
Perl-compatible regular expression library. PCRE has its own native API, but a set of "wrapper" functions that are based on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE; the regular expressions themselves still follow Perl syntax and semantics. The header file for the POSIX-style functions is called pcreposix.h.


Update Information:

the new package includes a fix for a heap buffer overflow.


  • Fri Aug 19 2005 Than Ngo <than@redhat.com> 4.5-3.1.1.fc3
    • backport patch to fix heap overflow, CAN-2005-2491, #166330

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

cfca595b559afe8d33cbc39ab744d6db SRPMS/pcre-4.5-3.1.1.fc3.src.rpm
9f498d84c73b744cd03b2b93aca582c6 x86_64/pcre-4.5-3.1.1.fc3.x86_64.rpm
344d94e5b5b64c6422c71fec331dd94c x86_64/pcre-devel-4.5-3.1.1.fc3.x86_64.rpm
08efe09b0a59fcff8df2b42a1b64309a x86_64/debug/pcre-debuginfo-4.5-3.1.1.fc3.x86_64.rpm
81729fbca4064dd687bab07ae6cf9fd1 x86_64/pcre-4.5-3.1.1.fc3.i386.rpm
81729fbca4064dd687bab07ae6cf9fd1 i386/pcre-4.5-3.1.1.fc3.i386.rpm
35b406ce33a16b67b73a600ab5cb5b3e i386/pcre-devel-4.5-3.1.1.fc3.i386.rpm
14c8d8b5d8dec038bd54f9e16668d5da i386/debug/pcre-debuginfo-4.5-3.1.1.fc3.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.



Fedora Update Notification
FEDORA-2005-803
2005-08-24

Product : Fedora Core 4
Name : pcre
Version : 5.0
Release : 4.1.fc4
Summary : Perl-compatible regular expression library.

Description :
Perl-compatible regular expression library. PCRE has its own native API, but a set of "wrapper" functions that are based on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE; the regular expressions themselves still follow Perl syntax and semantics. The header file for the POSIX-style functions is called pcreposix.h.


Update Information:

the new package includes a fix for a heap buffer overflow.


  • Fri Aug 19 2005 Than Ngo <than@redhat.com> 5.0-4.1.fc4
    • backport patch to fix heap overflow, CAN-2005-2491, #166330

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

ec1decec12e651d1d5bec690e3627a7d SRPMS/pcre-5.0-4.1.fc4.src.rpm
1b891f92b05f283dfdb34b741d80cc56 ppc/pcre-5.0-4.1.fc4.ppc.rpm
6eaa9ffa13d1c54c2a77f3e38c09b243 ppc/pcre-devel-5.0-4.1.fc4.ppc.rpm
6cbe01b454cf34947086ac285f1b2434 ppc/debug/pcre-debuginfo-5.0-4.1.fc4.ppc.rpm
6f850622f337cc426174855d078080cf ppc/pcre-5.0-4.1.fc4.ppc64.rpm
f47bed04d3eeb5df7dd3eae206a4efc9 x86_64/pcre-5.0-4.1.fc4.x86_64.rpm
59d58d979da779954a975fd3b147c892 x86_64/pcre-devel-5.0-4.1.fc4.x86_64.rpm
c84a457fb0b05b28a32f4c225445091f x86_64/debug/pcre-debuginfo-5.0-4.1.fc4.x86_64.rpm
31bcef8ff26efea03e2a2825364ab420 x86_64/pcre-5.0-4.1.fc4.i386.rpm
31bcef8ff26efea03e2a2825364ab420 i386/pcre-5.0-4.1.fc4.i386.rpm
f8ff870b071671a3a4757fc38460a95d i386/pcre-devel-5.0-4.1.fc4.i386.rpm
198825cc873affdfe8dde48fb52b3556 i386/debug/pcre-debuginfo-5.0-4.1.fc4.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.



Fedora Update Notification
FEDORA-2005-804
2005-08-24

Product : Fedora Core 3
Name : epiphany
Version : 1.4.9
Release : 0
Summary : GNOME web browser based on the Mozilla rendering engine

Description :
epiphany is a simple GNOME web browser based on the Mozilla rendering engine


  • Thu Aug 18 2005 Marco Pesenti Gritti <mpg@redhat.com> 1.4.9-0
    • Update to 1.4.9
    • Remove download patch (integrated upstream)
    • Add the manual to the package

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

215f0da5fecdb2dd5e3590b11b6d2a56 SRPMS/epiphany-1.4.9-0.src.rpm
3ffec6505656ee3f2bdffaa375187128 x86_64/epiphany-1.4.9-0.x86_64.rpm
95ceb629352e0221cf89530ae1906a83 x86_64/epiphany-devel-1.4.9-0.x86_64.rpm
b459864c4cf3558045fef0c844f9a94c x86_64/debug/epiphany-debuginfo-1.4.9-0.x86_64.rpm
882cd7f444e2edd85fab9f0dfcb7b48a i386/epiphany-1.4.9-0.i386.rpm
e3e7927eaf8a7278fc4628294850d58a i386/epiphany-devel-1.4.9-0.i386.rpm
72699feb4ede1670707bd9dfe4913939 i386/debug/epiphany-debuginfo-1.4.9-0.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.


Gentoo Linux


Gentoo Linux Security Advisory GLSA 200508-12

http://security.gentoo.org/


Severity: Normal
Title: Evolution: Format string vulnerabilities
Date: August 23, 2005
Bugs: #102051
ID: 200508-12


Synopsis

Evolution is vulnerable to format string vulnerabilities which may result in remote execution of arbitrary code.

Background

Evolution is a GNOME groupware application.

Affected packages


     Package                /  Vulnerable  /                Unaffected

  1  mail-client/evolution     < 2.2.3-r3                  >= 2.2.3-r3

Description

Ulf Harnhammar discovered that Evolution is vulnerable to format string bugs when viewing attached vCards and when displaying contact information from remote LDAP servers or task list data from remote servers (CAN-2005-2549). He also discovered that Evolution fails to handle special calendar entries if the user switches to the Calendars tab (CAN-2005-2550).

Impact

An attacker could attach specially crafted vCards to emails or setup malicious LDAP servers or calendar entries which would trigger the format string vulnerabilities when viewed or accessed from Evolution. This could potentially result in the execution of arbitrary code with the rights of the user running Evolution.

Workaround

There is no known workaround at this time.

Resolution

All Evolution users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=mail-client/evolution-2.2.3-r3"

References

[ 1 ] CAN-2005-2549

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2549

[ 2 ] CAN-2005-2550

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2550

[ 3 ] SITIC Vulnerability Advisory SA05-001

http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200508-12.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Mandriva Linux


Mandriva Linux Security Update Advisory


Package name: slocate
Advisory ID: MDKSA-2005:147
Date: August 22nd, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate Server 2.1


Problem Description:

A bug was discovered in the way that slocate processes very long paths. A local user could create a carefully crafted directory structure that would prevent updatedb from completing its filesystem scan, resulting in an incomplete database.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2499


Updated Packages:

Mandrakelinux 10.0:
8b492b8674dcd11652f28b267f314f89 10.0/RPMS/slocate-2.7-4.1.100mdk.i586.rpm
752863ae586d26b93bc4833967d4c5cd 10.0/SRPMS/slocate-2.7-4.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
abd885edd206419961702efee3b76f16 amd64/10.0/RPMS/slocate-2.7-4.1.100mdk.amd64.rpm
752863ae586d26b93bc4833967d4c5cd amd64/10.0/SRPMS/slocate-2.7-4.1.100mdk.src.rpm

Mandrakelinux 10.1:
c5eb5da64a9500f2917467380ec2016b 10.1/RPMS/slocate-2.7-4.1.101mdk.i586.rpm
734eb05ad18bd9c4955a29574b2bebd0 10.1/SRPMS/slocate-2.7-4.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
2d7791f13424975932551dc9e83bfceb x86_64/10.1/RPMS/slocate-2.7-4.1.101mdk.x86_64.rpm
734eb05ad18bd9c4955a29574b2bebd0 x86_64/10.1/SRPMS/slocate-2.7-4.1.101mdk.src.rpm

Mandrakelinux 10.2:
fd8bf38e59bb05eea611de5b2ae70255 10.2/RPMS/slocate-2.7-4.1.102mdk.i586.rpm
37c7654356b72327dd028e2ce3b1e9f0 10.2/SRPMS/slocate-2.7-4.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
8344b2bece3dca3cac1d3afbe5774936 x86_64/10.2/RPMS/slocate-2.7-4.1.102mdk.x86_64.rpm
37c7654356b72327dd028e2ce3b1e9f0 x86_64/10.2/SRPMS/slocate-2.7-4.1.102mdk.src.rpm

Corporate Server 2.1:
57e13aee8eb5547443b1d6df1897a5a4 corporate/2.1/RPMS/slocate-2.7-2.2.C21mdk.i586.rpm
e827615678546ce552ddea3784ea7651 corporate/2.1/SRPMS/slocate-2.7-2.2.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
be3dab7dac13c4a873296f9f81d8c893 x86_64/corporate/2.1/RPMS/slocate-2.7-2.2.C21mdk.x86_64.rpm
e827615678546ce552ddea3784ea7651 x86_64/corporate/2.1/SRPMS/slocate-2.7-2.2.C21mdk.src.rpm

Corporate 3.