Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

  • Corporate e-Learning technology has a long and diverse pedigree. As far back as the 1980s, companies were adopting computer-based training to supplement...
    Download

  • If you need new tools and tricks to make your meetings profitable and productive, then 5 Tips in 5 Minutes: A Quick Guide for More Profitable Sales Meetings...
    Download

More on LinuxToday


Advisories: October 11, 2005

Oct 12, 2005, 04:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 860-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 11th, 2005 http://www.debian.org/security/faq


Package : ruby
Vulnerability : programming error
Problem type : local
Debian-specific: no
CVE ID : CAN-2005-2337
CERT advisory : VU#160012
Debian Bug : 332742

Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The following matrix lists the fixed versions in our distributions:

  old stable (woody) stable (sarge) unstable (sid)
ruby 1.6.7-3woody5 n/a n/a
ruby1.6 n/a 1.6.8-12sarge1 1.6.8-13
ruby1.8 n/a 1.8.2-7sarge2 1.8.3-1

We recommend that you upgrade your ruby packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

    http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5.dsc
      Size/MD5 checksum: 952 551966d3fda510ab6609efc34d6bd8c3
    http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5.diff.gz
      Size/MD5 checksum: 45214 d4c661766b9dc68b5d242b132aacbf71
    http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7.orig.tar.gz
      Size/MD5 checksum: 996835 a8859c679ee9acbfdf5056cdf26fcad3

Architecture independent components:

    http://security.debian.org/pool/updates/main/r/ruby/irb_1.6.7-3woody5_all.deb
      Size/MD5 checksum: 51388 bdec8679bf80535ec7a3bbd49c4ed6e1
    http://security.debian.org/pool/updates/main/r/ruby/ruby-elisp_1.6.7-3woody5_all.deb
      Size/MD5 checksum: 30438 b172a832ca173372ababd59babf102cc
    http://security.debian.org/pool/updates/main/r/ruby/ruby-examples_1.6.7-3woody5_all.deb
      Size/MD5 checksum: 38018 4bb23549b9b4981886f37d70aa028993

Alpha architecture:

    http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_alpha.deb
      Size/MD5 checksum: 129594 5addf6eb42dde52eea7e0b7e0951be94
    http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_alpha.deb
      Size/MD5 checksum: 128700 16024eb4c9d88b3c1880a4f8bf792efc
    http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_alpha.deb
      Size/MD5 checksum: 130080 ac62e8e089060e2cd737840ad77ab271
    http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_alpha.deb
      Size/MD5 checksum: 134978 4e0df5a3e650ee59f755b3bf58c7d572
    http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_alpha.deb
      Size/MD5 checksum: 132018 aa03506125ab54056057d27a61af202e
    http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_alpha.deb
      Size/MD5 checksum: 128584 ed5002f3927814c0e08ab5f85d6ba9e5
    http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_alpha.deb
      Size/MD5 checksum: 644604 db64bd84fd323881f465a49d3179ff14
    http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_alpha.deb
      Size/MD5 checksum: 132470 802403def99ca35d674d808192cd146e
    http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_alpha.deb
      Size/MD5 checksum: 129070 6450e83dcf8c4ba3d794a04f1379b323
    http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_alpha.deb
      Size/MD5 checksum: 147602 d09ddb9cecb955a56fb7c42f4349b57f
    http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_alpha.deb
      Size/MD5 checksum: 161582 cd611b93c6e4220d0ffff99fb2556618
    http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_alpha.deb
      Size/MD5 checksum: 142760 3622426c392f9fca540ff1a44d5deed1
    http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_alpha.deb
      Size/MD5 checksum: 626082 e08e2e93602ac95abd45833a2eb92821

ARM architecture:

    http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_arm.deb
      Size/MD5 checksum: 128584 43c7e57f3a4f5e594221d4bf4c7dfb7f
    http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_arm.deb
      Size/MD5 checksum: 127460 2eda8af9bb8b722d0e6bd1b50ad89f4d
    http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_arm.deb
      Size/MD5 checksum: 128420 f01f4da2eb89ec6c6ffd50c461177ffc
    http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_arm.deb
      Size/MD5 checksum: 134588 bf7ac7c6d01120e64bb4cb35aa9f3f5a
    http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_arm.deb
      Size/MD5 checksum: 131328 216e67b0e333c046fadc659b6ff4c397
    http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_arm.deb
      Size/MD5 checksum: 127470 b116cc920991c4188ec2226c39af1002
    http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_arm.deb
      Size/MD5 checksum: 602774 b9ff70c418ddbf3b1b620301b4c36c56
    http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_arm.deb
      Size/MD5 checksum: 130602 f2aaadd527b7daede43307e158f283dc
    http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_arm.deb
      Size/MD5 checksum: 128296 18492115821c42676e3d8a78e5db009e
    http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_arm.deb
      Size/MD5 checksum: 146828 535237cacf1940c3ebc7de247d113abc
    http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_arm.deb
      Size/MD5 checksum: 161390 ab9a10b1778b37db459addc5de1e4566
    http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_arm.deb
      Size/MD5 checksum: 142410 204b041fff5bd5bc6e1bd294ae2bc892
    http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_arm.deb
      Size/MD5 checksum: 572716 e026e5c3452b42d455a2eec4d165d79e

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_i386.deb
      Size/MD5 checksum: 128068 08725c4eb2ed019492b0341dd0a5330d
    http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_i386.deb
      Size/MD5 checksum: 127282 32a6e3ef5466ce4731d36461eaa17972
    http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_i386.deb
      Size/MD5 checksum: 128072 2755301286c11c942d990d4700df4d7f
    http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_i386.deb
      Size/MD5 checksum: 132820 16f1188a52b0066c782aac16d0066b2c
    http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_i386.deb
      Size/MD5 checksum: 131126 98f642c1695aa85660e01b85da94221b
    http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_i386.deb
      Size/MD5 checksum: 127234 425551af222de3aafefa24abbac7562b
    http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_i386.deb
      Size/MD5 checksum: 561442 6711cd3d3dfa633741763af9a937aa23
    http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_i386.deb
      Size/MD5 checksum: 130096 522ad7b8d2d01afc5967df01590945e8
    http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_i386.deb
      Size/MD5 checksum: 127540 17b99f9bb7656a84da6291d98de82d99
    http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_i386.deb
      Size/MD5 checksum: 146466 718cc8a23c00a6c17551e8cc32a635e3
    http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_i386.deb
      Size/MD5 checksum: 161430 86da7a51ab1d8670d0ba975b63a17599
    http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_i386.deb
      Size/MD5 checksum: 142466 4c09dee6dca063b3a3129fba9ec5e2ff
    http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_i386.deb
      Size/MD5 checksum: 492656 870934b923271ea29f4dcd6d301a7230

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_ia64.deb
      Size/MD5 checksum: 133220 e79b7c824bf1b4d35fd32fe9f7fa792b
    http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_ia64.deb
      Size/MD5 checksum: 132740 c4542e3a1b6e042f44b18c1aa1acc1f8
    http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_ia64.deb
      Size/MD5 checksum: 134746 0caff55bf479b72a3955225f8a0554b7
    http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_ia64.deb
      Size/MD5 checksum: 139956 845ddc646096f8b83c2b7a17349eadb5
    http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_ia64.deb
      Size/MD5 checksum: 134108 c2c54195aa3afde5240bb700495e431f
    http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_ia64.deb
      Size/MD5 checksum: 131684 0d2bce7ea27bb42c04c5e57c9d427eba
    http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_ia64.deb
      Size/MD5 checksum: 854376 f9bbc7a3e2c24e5feea248d83a33cf45
    http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_ia64.deb
      Size/MD5 checksum: 140440 65338e07df3a04450a3ce77b56e349e6
    http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_ia64.deb
      Size/MD5 checksum: 130830 2f798f1dd5d1bab5430e053886f16f1a
    http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_ia64.deb
      Size/MD5 checksum: 150428 f9a529ac7f458e2a8b955cf045ede5ef
    http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_ia64.deb
      Size/MD5 checksum: 162432 f0faff2a31be069bc3725d91e3dfcf5e
    http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_ia64.deb
      Size/MD5 checksum: 143282 84ccf19fff6e067abacdeee5b53cfd62
    http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_ia64.deb
      Size/MD5 checksum: 755134 39d4e135ed7d41d7cf36c02fc65e40d8

HP Precision architecture:

    http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_hppa.deb
      Size/MD5 checksum: 130620 18824711592d38afb46c3bbe88b7000d
    http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_hppa.deb
      Size/MD5 checksum: 129342 b7604fa4086a3a2c087d22fce52d6926
    http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_hppa.deb
      Size/MD5 checksum: 130844 df54e9181c4cdb66b1eb3004757ed615
    http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_hppa.deb
      Size/MD5 checksum: 136100 66fa8cd3f735d490ac744ee8c8e065cc
    http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_hppa.deb
      Size/MD5 checksum: 132326 d7041eef1502d1f03800f36bf07c5d31
    http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_hppa.deb
      Size/MD5 checksum: 128682 153364a5308c6297d8ab052f58aede17
    http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_hppa.deb
      Size/MD5 checksum: 686092 c8c31e0dfd459134f4483c25ecb1605e
    http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_hppa.deb
      Size/MD5 checksum: 133000 e835d5bea37629a7c030f41f7727bd30
    http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_hppa.deb
      Size/MD5 checksum: 129138 fa5bd080276b3420e65e18dbf28b58db
    http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_hppa.deb
      Size/MD5 checksum: 148062 5438497f33bf13a89763ffcfad7e8307
    http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_hppa.deb
      Size/MD5 checksum: 161918 6a134229fe5bd8805a7eb1fb9f70fb7b
    http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_hppa.deb
      Size/MD5 checksum: 142682 ad86a668a0fdce652f82ecbc860642d4
    http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_hppa.deb
      Size/MD5 checksum: 667184 75525766980d720ef9466dc5084f0aad

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_m68k.deb
      Size/MD5 checksum: 128462 8b53b52b9d172ec8a4c2ca273ad2e50c
    http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_m68k.deb
      Size/MD5 checksum: 127274 22ea934d90e831ecb7301f770e4d4e4c
    http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_m68k.deb
      Size/MD5 checksum: 128422 b481bb5dbf7d8a93d564bf8ce2d3c8c9
    http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_m68k.deb
      Size/MD5 checksum: 132854 0762b8fd6b1a854cc8f8019cea72a4be
    http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_m68k.deb
      Size/MD5 checksum: 131388 17cbfe8113ded65e73296458b6c55e43
    http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_m68k.deb
      Size/MD5 checksum: 127460 b57b7ce7916bd449155859a12d5f36e3
    http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_m68k.deb
      Size/MD5 checksum: 561566 20c1f429ce0801de8fbccc42af9070fe
    http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_m68k.deb
      Size/MD5 checksum: 129810 a2a33ad6f2e99e2b02bf2a54bab0e639
    http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_m68k.deb
      Size/MD5 checksum: 128268 063cfc2ede7a7ddd2c468af73c241a84
    http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_m68k.deb
      Size/MD5 checksum: 146694 2a19f465b91bb3437c8af442c59e6421
    http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_m68k.deb
      Size/MD5 checksum: 161466 649623cc5642cd95376dbd79c0f07526
    http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_m68k.deb
      Size/MD5 checksum: 142414 c232d7bb1658e342ee111eacb36174bc
    http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_m68k.deb
      Size/MD5 checksum: 470866 59c178ae18b0b24f68ac9604251e3002

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_mips.deb
      Size/MD5 checksum: 128320 aefd47e6723cc63ff4fbf7362c149c8f
    http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_mips.deb
      Size/MD5 checksum: 126996 a7cf134385bb6b9f4c7816efce108b75
    http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_mips.deb
      Size/MD5 checksum: 128158 8e41685e563713c121ccbc4bf402d9db
    http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_mips.deb
      Size/MD5 checksum: 133776 f58298154540c36c03034ec05fa47197
    http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_mips.deb
      Size/MD5 checksum: 131022 981dbeab5f95af5fbd03701d33dc78f9
    http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_mips.deb
      Size/MD5 checksum: 127268 00fb08327c8ec736425ac8bbb8a59602
    http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_mips.deb
      Size/MD5 checksum: 581962 ae286a7d6af2b63c32e5c83221e037a3
    http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_mips.deb
      Size/MD5 checksum: 130500 61ed7a947ed21291986c550e582e7893
    http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_mips.deb
      Size/MD5 checksum: 127880 df2365ad710056bf5adf583599553769
    http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_mips.deb
      Size/MD5 checksum: 146632 f14e29848521e87c99eb831fa38aeaea
    http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_mips.deb
      Size/MD5 checksum: 161494 91f17ebfc8f2312ccd8de4b48f044fc5
    http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_mips.deb
      Size/MD5 checksum: 142794 6158778b805819770ae450c7be6cc636
    http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_mips.deb
      Size/MD5 checksum: 587476 56e3a663bed556c62245f44fb842a260

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_mipsel.deb
      Size/MD5 checksum: 128270 51cdcfce40d81d6638dc5911a53af74f
    http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_mipsel.deb
      Size/MD5 checksum: 127010 0a920aa47f080a9b7a013d9be6c4893d
    http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_mipsel.deb
      Size/MD5 checksum: 128170 6754cef3b431913af6beadc9d6b5c992
    http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_mipsel.deb
      Size/MD5 checksum: 133782 c12e182534e982c17748052456d2c63b
    http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_mipsel.deb
      Size/MD5 checksum: 130994 30c478fdee5b2b816f5cde1de1c9ce9a
    http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_mipsel.deb
      Size/MD5 checksum: 127204 e3d3b6570b9e466cb00422894b89f272
    http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_mipsel.deb
      Size/MD5 checksum: 581506 b440b99e2f4e22def3fb16acb53c2789
    http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_mipsel.deb
      Size/MD5 checksum: 130492 61b91e3644804b7930ef242bd7eaec00
    http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_mipsel.deb
      Size/MD5 checksum: 127860 b79131a39645af7ff39d28a46caf2281
    http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_mipsel.deb
      Size/MD5 checksum: 146560 9217697a7f9d61e8fa7afde70b05cb46
    http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_mipsel.deb
      Size/MD5 checksum: 161480 e2fd66dc33a7fef5774c0e9e206439b1
    http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_mipsel.deb
      Size/MD5 checksum: 142794 24f322a483564685309ec237564cb6d5
    http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_mipsel.deb
      Size/MD5 checksum: 578040 a3e73feefcefc2ba5a395d22988465ed

PowerPC architecture:

    http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_powerpc.deb
      Size/MD5 checksum: 128440 4aab33c5e3b67bb9587157ee92d54b59
    http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_powerpc.deb
      Size/MD5 checksum: 127652 43cea2b0744fb18d534a198ab378e56b
    http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_powerpc.deb
      Size/MD5 checksum: 128736 be8c8a5e89f4869b0cfb7fe2f459c0e0
    http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_powerpc.deb
      Size/MD5 checksum: 134484 41b2c0ac000cf39c6939044be278c901
    http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_powerpc.deb
      Size/MD5 checksum: 131380 9a9768cbd57fea5ffd213b5e3704477b
    http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_powerpc.deb
      Size/MD5 checksum: 127538 fd92851b186db9671b9f7ca5ae45becf
    http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_powerpc.deb
      Size/MD5 checksum: 607244 d8708b9ace56768e8d0f04fdaa73383d
    http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_powerpc.deb
      Size/MD5 checksum: 130610 ca66d341fa806e4134f28651d268a303
    http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_powerpc.deb
      Size/MD5 checksum: 128350 a15ae783638e26b5a8e304e1e5604ab5
    http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_powerpc.deb
      Size/MD5 checksum: 147064 91ca064abd335e40f9f4e78938031a06
    http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_powerpc.deb
      Size/MD5 checksum: 161490 0789a5a2db577b8a5e4f382ee021df5d
    http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_powerpc.deb
      Size/MD5 checksum: 142502 2985b64774c866d8ea9d696caec05d2d
    http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_powerpc.deb
      Size/MD5 checksum: 529288 f1524421a9e6dc8e6923f75bfc8f7db5

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_s390.deb
      Size/MD5 checksum: 128658 5e577aab56fda2c047e3dba9339c68e0
    http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_s390.deb
      Size/MD5 checksum: 127854 4339a54fcc69ea122b828823780f9898
    http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_s390.deb
      Size/MD5 checksum: 128914 81334959c6f199176b33f21dd7e78554
    http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_s390.deb
      Size/MD5 checksum: 133690 9dc2189e5874e459739a644add67adc6
    http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_s390.deb
      Size/MD5 checksum: 131850 8579274c8888e4a1d6fba0dd19118242
    http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_s390.deb
      Size/MD5 checksum: 127940 087559fad36518eeb6fd44a01ed912c4
    http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_s390.deb
      Size/MD5 checksum: 600770 3eeca259d6d6e5daf060048ae1c8c519
    http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_s390.deb
      Size/MD5 checksum: 130864 d2a839f6b33c2e7020218fd23ac7f6a1
    http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_s390.deb
      Size/MD5 checksum: 127924 72df0f116934d714d32def89277a970a
    http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_s390.deb
      Size/MD5 checksum: 147222 e6778fca82f71b5d43fb03d4cbb03fe9
    http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_s390.deb
      Size/MD5 checksum: 161560 668c35f9c33acdd9f3a994a0bc927d1a
    http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_s390.deb
      Size/MD5 checksum: 142670 ae3246594cfa2e3285bcd636f984386f
    http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_s390.deb
      Size/MD5 checksum: 532308 445a8016212e5b787625097127b4a1a4

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_sparc.deb
      Size/MD5 checksum: 128412 87c7feb58f11785c1af6f9a51d987a2f
    http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_sparc.deb
      Size/MD5 checksum: 127468 c34d8ed252a8d1ef5051a17e3fbd743e
    http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_sparc.deb
      Size/MD5 checksum: 128918 b24361084a9998be8f7fb84393221c19
    http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_sparc.deb
      Size/MD5 checksum: 134320 9015a2988d0f5305d996f5fb387f2bc4
    http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_sparc.deb
      Size/MD5 checksum: 131362 8272893400574f4f0934f2b04072ce09
    http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_sparc.deb
      Size/MD5 checksum: 127438 0b36fe5c0f86ba2334cc91013f366688
    http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_sparc.deb
      Size/MD5 checksum: 603136 07188840adfada3ac0af455668f7a908
    http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_sparc.deb
      Size/MD5 checksum: 130212 8d41c72d9695b44afe1e67369fd1ce46
    http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_sparc.deb
      Size/MD5 checksum: 128284 3be2192cc38ab41907c7a2331069b286
    http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_sparc.deb
      Size/MD5 checksum: 146774 3f65f580c669efb932f31411b58c4c4c
    http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_sparc.deb
      Size/MD5 checksum: 161528 76ca94791c147efc9a7beb85c526cfdf
    http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_sparc.deb
      Size/MD5 checksum: 142452 a606854f0cf791b868b2821d4bed54f2
    http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_sparc.deb
      Size/MD5 checksum: 561276 e1e23af9f2a36746bdcdf5f8e24769b6

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 861-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 11th, 2005 http://www.debian.org/security/faq


Package : uw-imap
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CAN-2005-2933

"infamous41md" discovered a buffer overflow in uw-imap, the University of Washington's IMAP Server that allows attackers to execute arbitrary code.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in version 2002edebian1-11sarge1.

For the unstable distribution (sid) this problem has been fixed in version 2002edebian1-11sarge1.

We recommend that you upgrade your uw-imap packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imap_2002edebian1-11sarge1.dsc
      Size/MD5 checksum: 785 bf3e532a78669fd66c329a46ea11809d
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imap_2002edebian1-11sarge1.diff.gz
      Size/MD5 checksum: 85400 b295b9c10972cb78f3b4d25394b4b31d
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imap_2002edebian1.orig.tar.gz
      Size/MD5 checksum: 1517069 8ff277e7831326988d0ee0bfeca7c8ff

Architecture independent components:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd-ssl_2002edebian1-11sarge1_all.deb
      Size/MD5 checksum: 19982 ee7e9d78916253bef43c0513b1fa2df3
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd-ssl_2002edebian1-11sarge1_all.deb
      Size/MD5 checksum: 19968 01cd3a699013ba2679af4cd4c4c97ee7

Alpha architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_alpha.deb
      Size/MD5 checksum: 45316 8eff87a5d99f8514a97ba925f64cc29c
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_alpha.deb
      Size/MD5 checksum: 1400536 508b3322c04aba6a16ccd8360bcb2c8f
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_alpha.deb
      Size/MD5 checksum: 623866 007e483d0f71e26d88135ebd621cf913
    http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_alpha.deb
      Size/MD5 checksum: 26112 1512b9c49a9e67222c42e1e1a3161f62
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_alpha.deb
      Size/MD5 checksum: 76068 d3f6e63d18eee660aec45970c75a1e9f
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_alpha.deb
      Size/MD5 checksum: 50388 7915af40dc8454ed9c28b8210785b4b2

AMD64 architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_amd64.deb
      Size/MD5 checksum: 43842 9ee07ca885ad0a760624ee9ac3359573
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_amd64.deb
      Size/MD5 checksum: 1241462 a04eea3b29ce844bd36e882c358ec589
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_amd64.deb
      Size/MD5 checksum: 585262 43379b991740461a5247103be7bb481c
    http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_amd64.deb
      Size/MD5 checksum: 25256 b46f5e4f874df2b1c64e46d4d179753f
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_amd64.deb
      Size/MD5 checksum: 71862 9ea5e627919c4dc40db2ed70047da69c
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_amd64.deb
      Size/MD5 checksum: 47526 607377887f83ed71a87264bc85317bf3

ARM architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_arm.deb
      Size/MD5 checksum: 43908 cbb7163d6976c804f7f7dde0eba82e8f
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_arm.deb
      Size/MD5 checksum: 1218296 e942c426a47bfa5fe43b269040dc259d
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_arm.deb
      Size/MD5 checksum: 572074 325eab596c707493b112c4157192fd7d
    http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_arm.deb
      Size/MD5 checksum: 25284 aeedc4004a68ceb78d705c44cce7bd2b
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_arm.deb
      Size/MD5 checksum: 71378 611cd65efdeebdc3aba327482a966109
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_arm.deb
      Size/MD5 checksum: 46240 48f471e616eb16cb6682ef206eff68b5

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_i386.deb
      Size/MD5 checksum: 42640 222b9d6cfae656aeb0995b6b742a8018
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_i386.deb
      Size/MD5 checksum: 1192272 a641726681b49cbf4a59d15a992c3307
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_i386.deb
      Size/MD5 checksum: 580390 70951fce39878d16e551d0a3d20b1396
    http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_i386.deb
      Size/MD5 checksum: 25354 f72ec8b8f6c62b1c0185582387624fd3
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_i386.deb
      Size/MD5 checksum: 69812 9f7ef54531d8a7f98302526ba0395b93
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_i386.deb
      Size/MD5 checksum: 46514 07f09150e567ab8628e66b81ac4eef45

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_ia64.deb
      Size/MD5 checksum: 49584 cf5a3f4db538e69659eba3464ded819b
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_ia64.deb
      Size/MD5 checksum: 1392282 8ad6f8db3031f8f312cdac57b423d9a6
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_ia64.deb
      Size/MD5 checksum: 692648 0b9c67065ef7dc2bd19781778df56411