Linux Today - Advisories, December 5, 2005

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices

Technology Jobs

LinuxToday Newsletters

Server Daily
IT Management Daily
Subscribe News
Subscribe PR
Subscribe Security

internet.com

Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

Current Newswire:

20 popular Ubuntu Linux apps you may want to try

A Selection of the Very Best Open Source Tutorials and Tools

Android Ice Cream Sandwich ported to x86 tablets, netbooks and notebooks

SECURITY: Google Chrome 17 Improves Security

How to read a CSV file in Perl?

Red Hat Brings Gluster to Amazon Cloud

New Linux kernel fixes power-saving issues

Using Wii remote with Android Device- Taking Gaming to the Next Level

Commercial Support now available for the open-source NGINX Web server

Linux Top 5: Linux's New Fellow

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Post A Job | Post A Resume

:Advisories, December 5, 2005

Advisories, December 5, 2005
Dec 6, 2005, 05 :00 UTC (0 Talkback[s]) (5068 reads)

Debian GNU/Linux

Debian Security Advisory DSA 913-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
December 1st, 2005 http://www.debian.org/security/faq

Package : gdk-pixbuf
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2005-2975 CVE-2005-2976 CVE-2005-3186
BugTraq ID : 15428
Debian Bug : 339431

Several vulnerabilities have been found in gdk-pixbuf, the Gtk+ GdkPixBuf XPM image rendering library. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2005-2975

Ludwig Nussel discovered an infinite loop when processing XPM images that allows an attacker to cause a denial of service via a specially crafted XPM file.

CVE-2005-2976

Ludwig Nussel discovered an integer overflow in the way XPM images are processed that could lead to the execution of arbitrary code or crash the application via a specially crafted XPM file.

CVE-2005-3186

"infamous41md" discovered an integer in the XPM processing routine that can be used to execute arbitrary code via a traditional heap overflow.

The following matrix explains which versions fix these problems:

old stable (woody) stable (sarge) unstable (sid)

gdk-pixbuf 0.17.0-2woody3 0.22.0-8.1 0.22.0-11

gtk+2.0 2.0.2-5woody3 2.6.4-3.1 2.6.10-2

We recommend that you upgrade your gdk-pixbuf packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.17.0-2woody3.dsc
      Size/MD5 checksum: 706 148ab895e798cb66959ae0bf7c725424
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.17.0-2woody3.diff.gz
      Size/MD5 checksum: 20031 7851718d740e6e6a629e462b87269234
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.17.0.orig.tar.gz
      Size/MD5 checksum: 547194 021914ad9104f265527c28220315e542

Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_alpha.deb
      Size/MD5 checksum: 177066 edf14dd71b77d893ca27c7768dd0a9f4
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_alpha.deb
      Size/MD5 checksum: 9730 52bcd65497f80d9f9b649f2dff012436
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_alpha.deb
      Size/MD5 checksum: 8874 1d7cfd64edf8fc05888e608bbba6edc9
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_alpha.deb
      Size/MD5 checksum: 193844 d20a90a4252d8f9ada81eb07b9798f25

ARM architecture:

    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_arm.deb
      Size/MD5 checksum: 156918 7a96bcd45ce4b637283c2b966c1fbbbc
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_arm.deb
      Size/MD5 checksum: 8146 b1081dd21eadff238d9b411a71487759
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_arm.deb
      Size/MD5 checksum: 7282 b65d0f3169de9ff0bd73289de74be475
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_arm.deb
      Size/MD5 checksum: 161486 96ab7f9daf68d8f5317cf8e633e2da29

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_i386.deb
      Size/MD5 checksum: 147604 45fbdaa219558095236d758b15ab8da0
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_i386.deb
      Size/MD5 checksum: 7602 b0d9ed0671ea6b4abc1311c3b50c2821
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_i386.deb
      Size/MD5 checksum: 7142 e125861f4de9b5958e47336332532408
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_i386.deb
      Size/MD5 checksum: 151634 8db98edeeeceddca00ab90d23a3377fd

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_ia64.deb
      Size/MD5 checksum: 194976 de93fe82b55f27ae64566d9946d0fee9
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_ia64.deb
      Size/MD5 checksum: 11016 11b9ec958564155bf58ecef0ce38621f
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_ia64.deb
      Size/MD5 checksum: 11076 d425f1ddd7dda9a2b09816976e365da8
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_ia64.deb
      Size/MD5 checksum: 229474 69ad68e6ed5ea88df1abdf954e26dfa4

HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_hppa.deb
      Size/MD5 checksum: 181324 e3543dc0a15a94e57946647fdc777791
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_hppa.deb
      Size/MD5 checksum: 9638 b392986cc6d6ddf24a47589f9fc78b5b
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_hppa.deb
      Size/MD5 checksum: 9316 3be84377508b98df8f700885dc0bcb13
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_hppa.deb
      Size/MD5 checksum: 190026 4741d1df4e66ba1a90758a44a68123ab

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_m68k.deb
      Size/MD5 checksum: 142140 505be04e8005f316259cad3025d599c3
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_m68k.deb
      Size/MD5 checksum: 7306 3967ebf6db8793d6a86fd294af843260
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_m68k.deb
      Size/MD5 checksum: 7016 fb75b5d4d20a3a9f497a154622071d12
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_m68k.deb
      Size/MD5 checksum: 156574 12a13ab0e1bd6aa4557d52e433ce0128

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_mips.deb
      Size/MD5 checksum: 167564 44823af863fa6eaea95bec78a78f3c48
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_mips.deb
      Size/MD5 checksum: 9566 722001dea6d4386afdcaa5503a2734f4
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_mips.deb
      Size/MD5 checksum: 8274 8400f88e4c1ccf9d0a0fc1cdfd160818
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_mips.deb
      Size/MD5 checksum: 165456 e8f367d5b275641cac0dcdb78dd8b847

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_mipsel.deb
      Size/MD5 checksum: 168088 27fe81d3e0d259d0b2f9f1d0cb6b20c3
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_mipsel.deb
      Size/MD5 checksum: 9482 4d21b6c2528e39207b4e161ffc9f8bce
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_mipsel.deb
      Size/MD5 checksum: 8116 5465609ebc24647a0bb8cce0b855c04a
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_mipsel.deb
      Size/MD5 checksum: 165596 9a1e6e006eccecd83d1531e22a5eb69c

PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_powerpc.deb
      Size/MD5 checksum: 166132 cda8b87f950b3711955c8e3124ee40e1
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_powerpc.deb
      Size/MD5 checksum: 9246 6823a85cd60349e4ba10e24884a173fd
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_powerpc.deb
      Size/MD5 checksum: 8072 b57e887073c448885cba21df750f7b3c
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_powerpc.deb
      Size/MD5 checksum: 171316 d343436d579fbb1a359e076b84480114

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_s390.deb
      Size/MD5 checksum: 153500 4e03bafc909b4461adead1162b7b2621
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_s390.deb
      Size/MD5 checksum: 7866 20eb416547214564d687c6e1b6dc0d81
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_s390.deb
      Size/MD5 checksum: 7564 bc0b59ddcb29b96cbbe839d881a419e2
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_s390.deb
      Size/MD5 checksum: 167510 59c3f71ee91508e678a66bf28c983f82

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_sparc.deb
      Size/MD5 checksum: 161136 aa671663e7343c7f7f8b47960b558f11
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_sparc.deb
      Size/MD5 checksum: 8270 2f7862d0a6f2f98b0d4c6e3e0b6929df
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_sparc.deb
      Size/MD5 checksum: 7502 97aac947b5168472b1ab4a6a0399d1c1
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_sparc.deb
      Size/MD5 checksum: 167184 9d79c42f3dcba5026069b15e742aafdd

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0-8.1.dsc
      Size/MD5 checksum: 709 7a800a91469430a28ab1900ebb92ba83
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0-8.1.diff.gz
      Size/MD5 checksum: 372331 20d149f93e8093e4dbb365e9278ce741
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0.orig.tar.gz
      Size/MD5 checksum: 519266 4db0503b5a62533db68b03908b981751

Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_alpha.deb
      Size/MD5 checksum: 185780 fbfdd560a6b3591165a757797198e931
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_alpha.deb
      Size/MD5 checksum: 10376 3b5273e0e21ee40c5d540a22ff91b99a
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_alpha.deb
      Size/MD5 checksum: 8650 c5d672403f8038129d35022515e8a339
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_alpha.deb
      Size/MD5 checksum: 205704 22b1261a845cea95520acd68cf6e74ec

AMD64 architecture:

    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_amd64.deb
      Size/MD5 checksum: 155358 8653e4d9403ff7baeefbc7c955b83eb7
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_amd64.deb
      Size/MD5 checksum: 8474 ffad5870291f93584f70fa7645b54bdd
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_amd64.deb
      Size/MD5 checksum: 7942 d32005b5de994f10f15dfb91a6caf507
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_amd64.deb
      Size/MD5 checksum: 183366 6304fdc084b9e2ec433712b091e497c5

ARM architecture:

    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_arm.deb
      Size/MD5 checksum: 153978 e13ef5dd0694f3d0cc5836d2fdbddec0
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_arm.deb
      Size/MD5 checksum: 8126 4ef59c62c86c0d567929d0e88fd4ebb9
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_arm.deb
      Size/MD5 checksum: 7076 ccc7721296431294a6a657ec5c4bf2a7
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_arm.deb
      Size/MD5 checksum: 171352 afe13217c5566e0ecf26950bc9b2f4b5

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_i386.deb
      Size/MD5 checksum: 150416 0f2d4af07ce624a4fa3af2e0964e91a3
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_i386.deb
      Size/MD5 checksum: 7860 4e0d60fa4cebefe5c434fbe2e5bf16e6
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_i386.deb
      Size/MD5 checksum: 7354 3b6d8fc4ebc1314a35c307dd51ec1e1f
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_i386.deb
      Size/MD5 checksum: 172140 0f6b383d15e21f02a9db0f3b58d31864

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_ia64.deb
      Size/MD5 checksum: 196584 25c9be6f81524a4641c8b7faf3f14b48
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_ia64.deb
      Size/MD5 checksum: 10860 a04397bc288e8abe6f8094ac5cdfc8a8
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_ia64.deb
      Size/MD5 checksum: 10544 97dec60626ea52e0ce3adf5df0619228
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_ia64.deb
      Size/MD5 checksum: 232546 973a9a9a079936e682fe352dfb2eae0a

HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_hppa.deb
      Size/MD5 checksum: 173056 0960b569e9cc3c6533e4a2394b56b18a
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_hppa.deb
      Size/MD5 checksum: 9238 5699f6b933217187a165956a4adcf8c9
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_hppa.deb
      Size/MD5 checksum: 9070 e82facecfb3184345b797176110c8795
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_hppa.deb
      Size/MD5 checksum: 201596 df67a873b1f1781b5418479802780074

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_m68k.deb
      Size/MD5 checksum: 137808 855cd148e584d2a47e15b893bc771076
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_m68k.deb
      Size/MD5 checksum: 7114 1c2ffc6287c76e8b656ac4cc8cb45197
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_m68k.deb
      Size/MD5 checksum: 6822 b23f138f206443979bef0f0d16429e9f
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_m68k.deb
      Size/MD5 checksum: 168122 fec535c555ffcec871f015251bb5d392

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_mips.deb
      Size/MD5 checksum: 166212 c3648e5b7be69cb95dd162d1532a4064
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_mips.deb
      Size/MD5 checksum: 9512 c4b9a6a610d879af5986eabeb819bd44
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_mips.deb
      Size/MD5 checksum: 8084 af031e50f98a270977aac6d3f60c37aa
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_mips.deb
      Size/MD5 checksum: 178910 0538e2bfe12f9fcd0d9b391adc4ca403

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_mipsel.deb
      Size/MD5 checksum: 167032 2739863166ce8ccdd7a289e47ce94e8f
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_mipsel.deb
      Size/MD5 checksum: 9544 cdd63315a97c0ff14fa6982811d25ac4
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_mipsel.deb
      Size/MD5 checksum: 8058 a7fee13884e082a5c0646c6723e757f4
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_mipsel.deb
      Size/MD5 checksum: 180220 d15b93b2235a05eeba9ab2fdce88327e

PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_powerpc.deb
      Size/MD5 checksum: 163132 8562f340ba8cba0079fa6c36a5c3a384
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_powerpc.deb
      Size/MD5 checksum: 9170 cd1fe56377a4313d54bbce1622c5f10f
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_powerpc.deb
      Size/MD5 checksum: 9526 c9f4119ba2c4b9b2a00fd0b44b01358c
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_powerpc.deb
      Size/MD5 checksum: 192594 3adc981ada6481239fc3c61af7781da2

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_s390.deb
      Size/MD5 checksum: 164994 c92cd17bdead77f5ab59a314208d07ea
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_s390.deb
      Size/MD5 checksum: 8168 e4bce7d526b10a608e6238d0fb602131
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_s390.deb
      Size/MD5 checksum: 7802 551bdf573b50cff118ff68360a249630
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_s390.deb
      Size/MD5 checksum: 184668 d0917c0875e16ab54637f1ac1c299208

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_sparc.deb
      Size/MD5 checksum: 155602 8c2980db112716debc75371df0ae3e3a
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_sparc.deb
      Size/MD5 checksum: 8130 462d2e5c734a69f942dd73d67224f3d4
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_sparc.deb
      Size/MD5 checksum: 7304 4935a0b91d3056e28b8375d99a13181c
    http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_sparc.deb
      Size/MD5 checksum: 174592 93b600efa8160007aa687eb67b63b141

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 915-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
December 2nd, 2005 http://www.debian.org/security/faq

Package : helix-player
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2005-2629
BugTraq ID : 15381

An integer overflow has been discovered in helix-player, the helix audio and video player. This flaw could allow a remote attacker to run arbitrary code on a victims computer by supplying a specially crafted network resource.

This vulnerability is fixed by version 1.0.6-1 in unstable. Helix-player is not currently in the testing distribution.

The old stable distribution (woody) does not contain a helix-player package.

For the stable distribution (sarge) these problems have been fixed in version 1.0.4-1sarge2.

For the unstable distribution (sid) these problems have been fixed in version 1.0.6-1.

We recommend that you upgrade your helix-player package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge2.dsc
      Size/MD5 checksum: 908 5abe49b8d746b78b1f70016382d44a35
    http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge2.diff.gz
      Size/MD5 checksum: 9113 b7103af4ca93cb52cd548a4f7da43c3b
    http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4.orig.tar.gz
      Size/MD5 checksum: 18044552 a277710be35426b317869503a4ad36d7

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge2_i386.deb
Size/MD5 checksum: 4289142 afe49d505b51edefe6b66e92720e9a62

PowerPC architecture:

http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge2_powerpc.deb
Size/MD5 checksum: 4415648 9a9ad7733abed7ffcd6c69ce366d576c

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Fedora Core

Fedora Update Notification
FEDORA-2005-1116
2005-12-01

Product : Fedora Core 3
Name : perl
Version : 5.8.5
Release : 18.FC3
Summary : The Perl programming language.

Description :
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common applications are system administration utilities and web programming. A large proportion of the CGI scripts on the web are written in Perl. You need the perl package installed on your system so that your system can handle Perl scripts.

Install this package if you want to program in Perl or enable your system to handle Perl scripts.

Update Information:

Fixes security vulnerabilites:
CVE-2005-3962:
http://marc.theaimsgroup.com/?l=full-disclosure&m=113342788118630&w=2
CVE-2005-3912:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3912
CVE-2005-0452:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0452
CVE-2004-0976:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0976

Thu Dec 1 2005 Jason Vas Dias <jvdias@redhat.com> - 3:5.8.5-18.FC3
- fix bug 174683 / CVE-2005-3962: sprintf integer overflow vulnerability backport upstream patch #26240
Wed Nov 9 2005 Jason Vas Dias <jvdias@redhat.com> - 3:5.8.5-17
- fix bug 136009: restore MakeMaker support for LD_RUN_PATH, while removing empty LD_RUN_PATH
Tue Nov 8 2005 Jason Vas Dias <jvdias@redhat.com> - 3:5.8.5-17
- fix CAN-2004-0976: insecure use of temporary files
Wed Nov 2 2005 Jason Vas Dias <jvdias@redhat.com> - 3:5.8.5-17
- fix bug 164772: panic (crash) on invalid UTF-8 in Encode.xs
- fix bug 172327 / upstream bug 37056: backport upstream patch 25084: prevent realloc recursion on nss get* ERANGE errno
Tue Nov 1 2005 Jason Vas Dias <jvdias@redhat.com> - 3:5.8.5-17
- fix bug 170088: broken h2ph fixed with h2ph from 5.8.7
- fix bug 171111 / upstream bug 37535: IOCPARM_LEN should be _IOC_SIZE
- fix bug 172236: make h2ph pick up gcc built-in include directory
Tue Aug 2 2005 Petr Rockai <prockai@redhat.com> - 3:5.8.5-16
- update filter-depends.sh to get rid of FCGI requires
Wed Jul 27 2005 Petr Rockai <prockai@redhat.com> - 3:5.8.5-15
- remove incorrect Provides on FCGI and Mac::File, cf. BR148848

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

2ebe04eeb426388b213977c552e6a004 SRPMS/perl-5.8.5-18.FC3.src.rpm
bb9e5f6a8e05992e4c74e532841cf686 x86_64/perl-5.8.5-18.FC3.x86_64.rpm
2d70d5e1b85d8d6f0a11cd2ef4a6b3cd x86_64/perl-suidperl-5.8.5-18.FC3.x86_64.rpm
d4904e4d622040a34d905c7bfa4a0a03 x86_64/debug/perl-debuginfo-5.8.5-18.FC3.x86_64.rpm
946544c3a8d689c3521719a2205d1aea i386/perl-5.8.5-18.FC3.i386.rpm
0dd03d80622fdbac49b53a0b76a6cf45 i386/perl-suidperl-5.8.5-18.FC3.i386.rpm
aa479beda71d9c015e283b769e4465a7 i386/debug/perl-debuginfo-5.8.5-18.FC3.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.

Fedora Legacy

Fedora Legacy Update Advisory

Synopsis: Updated php packages fix security issues
Advisory ID: FLSA:166943
Issue date: 2005-12-02
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-2498 CVE-2005-3390 CVE-2005-3389 CVE-2005-3388 CVE-2005-3353

1. Topic:

Updated PHP packages that fix multiple security issues are now available.

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.

[Updated 2nd December 2005]
Red Hat Linux 9 packages have been updated to add missing security patches.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386

3. Problem description:

A bug was discovered in the PEAR XML-RPC Server package included in PHP. If a PHP script is used which implements an XML-RPC Server using the PEAR XML-RPC package, then it is possible for a remote attacker to construct an XML-RPC request which can cause PHP to execute arbitrary PHP commands as the 'apache' user. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2005-2498 to this issue.

A flaw was found in the way PHP registers global variables during a file upload request. A remote attacker could submit a carefully crafted multipart/form-data POST request that would overwrite the $GLOBALS array, altering expected script behavior, and possibly leading to the execution of arbitrary PHP commands. Please note that this vulnerability only affects installations which have register_globals enabled in the PHP configuration file, which is not a default or recommended option. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3390 to this issue.

A flaw was found in the PHP parse_str() function. If a PHP script passes only one argument to the parse_str() function, and the script can be forced to abort execution during operation (for example due to the memory_limit setting), the register_globals may be enabled even if it is disabled in the PHP configuration file. This vulnerability only affects installations that have PHP scripts using the parse_str function in this way. (CVE-2005-3389)

A Cross-Site Scripting flaw was found in the phpinfo() function. If a victim can be tricked into following a malicious URL to a site with a page displaying the phpinfo() output, it may be possible to inject javascript or HTML content into the displayed page or steal data such as cookies. This vulnerability only affects installations which allow users to view the output of the phpinfo() function. As the phpinfo() function outputs a large amount of information about the current state of PHP, it should only be used during debugging or if protected by authentication. (CVE-2005-3388)

A denial of service flaw was found in the way PHP processes EXIF image data. It is possible for an attacker to cause PHP to crash by supplying carefully crafted EXIF image data. (CVE-2005-3353)

Users of PHP should upgrade to these updated packages, which contain backported patches that resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166943

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/php-4.1.2-7.3.18.legacy.src.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/php-4.2.2-17.17.legacy.src.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/php-4.3.11-1.fc1.3.legacy.src.rpm

Fedora Core 2:

SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/php-4.3.11-1.fc2.4.legacy.src.rpm

7. Verification:

SHA1 sum Package Name

8bdf500386f11c6484c04361095061cce6c5c5f8 redhat/7.3/updates/i386/php-4.1.2-7.3.18.legacy.i386.rpm
592c870e99523279267a0daea98c7dc08b09e5ca redhat/7.3/updates/i386/php-devel-4.1.2-7.3.18.legacy.i386.rpm
9f84a76296d88673ba8354f416a6ee75b86afb3f redhat/7.3/updates/i386/php-imap-4.1.2-7.3.18.legacy.i386.rpm
8c4b7136f2cac5f8eea394db819e0f67a973e4ff redhat/7.3/updates/i386/php-ldap-4.1.2-7.3.18.legacy.i386.rpm
d579f333822efd11fb2fc1364d2b9218bd3547a9 redhat/7.3/updates/i386/php-manual-4.1.2-7.3.18.legacy.i386.rpm
50ec5b4419f70839b5c0b328a605189137477d12 redhat/7.3/updates/i386/php-mysql-4.1.2-7.3.18.legacy.i386.rpm
a73300b91e8ac8aee1792f5ec0975fb312b7f780 redhat/7.3/updates/i386/php-odbc-4.1.2-7.3.18.legacy.i386.rpm
af7de72af9756d6085d255544de389eb8f355c39 redhat/7.3/updates/i386/php-pgsql-4.1.2-7.3.18.legacy.i386.rpm
d96277ec0aa9d37af3372eedb0868249ca96ff51 redhat/7.3/updates/i386/php-snmp-4.1.2-7.3.18.legacy.i386.rpm
8a03b8a7832aba6baf825ec64778f4a321707405 redhat/7.3/updates/SRPMS/php-4.1.2-7.3.18.legacy.src.rpm
a3770f044b61275fe671c2e41452fdc3556cd68b redhat/9/updates/i386/php-4.2.2-17.17.legacy.i386.rpm
282e79a54800f0f078702983a54391ddf97637eb redhat/9/updates/i386/php-devel-4.2.2-17.17.legacy.i386.rpm
08cf701a137ed486294e7768d3f1464d40ee72b0 redhat/9/updates/i386/php-imap-4.2.2-17.17.legacy.i386.rpm
1b882b5ad1933a567eeb03e9ea40f59a124bfd4f redhat/9/updates/i386/php-ldap-4.2.2-17.17.legacy.i386.rpm
11ce31a48256813fd0b61975b4189f9053ea0b37 redhat/9/updates/i386/php-manual-4.2.2-17.17.legacy.i386.rpm
a23a1e0fc5f254f0b3284c20f35736e9c0cb70f4 redhat/9/updates/i386/php-mysql-4.2.2-17.17.legacy.i386.rpm
11204a5ad7b12dc80a021ebf23acaf5c791c518d redhat/9/updates/i386/php-odbc-4.2.2-17.17.legacy.i386.rpm
791b822042fed0cd3936e0148a51a215db3d7f78 redhat/9/updates/i386/php-pgsql-4.2.2-17.17.legacy.i386.rpm
b93fc807a74caefeb1f0d848b4a6f2c268ec1508 redhat/9/updates/i386/php-snmp-4.2.2-17.17.legacy.i386.rpm
5df94b0dda6f043a8312a03be66689c2abd373ab redhat/9/updates/SRPMS/php-4.2.2-17.17.legacy.src.rpm
cd04cc6c329e18a9c0c989cdb9a5fcdc9b6712c8 fedora/1/updates/i386/php-4.3.11-1.fc1.3.legacy.i386.rpm
bdb82f6017f088488443cec5f97650aa172714bd fedora/1/updates/i386/php-devel-4.3.11-1.fc1.3.legacy.i386.rpm
5921f184247991ddac4b398a617abea8768cd9d5 fedora/1/updates/i386/php-domxml-4.3.11-1.fc1.3.legacy.i386.rpm
b38b1aabdcee19a8764b9156ffbd4a7fd15c5345 fedora/1/updates/i386/php-imap-4.3.11-1.fc1.3.legacy.i386.rpm
ecb2bfd639fe1e44a389e2527babbd912279d6ad fedora/1/updates/i386/php-ldap-4.3.11-1.fc1.3.legacy.i386.rpm
3bd193c7d75216cbe34cee7c637be042b2197693 fedora/1/updates/i386/php-mbstring-4.3.11-1.fc1.3.legacy.i386.rpm
0883a4ef7c03d8faebc90ed0f4a138e1f9b64c9f fedora/1/updates/i386/php-mysql-4.3.11-1.fc1.3.legacy.i386.rpm
62017bd8700dcaceb2280443abb3e6fd17e9458e fedora/1/updates/i386/php-odbc-4.3.11-1.fc1.3.legacy.i386.rpm
c9a90440e780eb1420100ed8b0e28d92ddea0295 fedora/1/updates/i386/php-pgsql-4.3.11-1.fc1.3.legacy.i386.rpm
ef627102ded443de2e78c33a29f76c6066f7bf5a fedora/1/updates/i386/php-snmp-4.3.11-1.fc1.3.legacy.i386.rpm
38da5e66ead97e573a7105ad4a62a14c75763268 fedora/1/updates/i386/php-xmlrpc-4.3.11-1.fc1.3.legacy.i386.rpm
d2b93da45a735956e980e8a5401c4b171644794a fedora/1/updates/SRPMS/php-4.3.11-1.fc1.3.legacy.src.rpm
edce472b6a404a45bb0187ed2058929b51850423 fedora/2/updates/i386/php-4.3.11-1.fc2.4.legacy.i386.rpm
5f55d05ec4dbbbd6717a14f495bfe9948bec3837 fedora/2/updates/i386/php-devel-4.3.11-1.fc2.4.legacy.i386.rpm
d308529686de245b33057c4ce1a7e0435ba748e6 fedora/2/updates/i386/php-domxml-4.3.11-1.fc2.4.legacy.i386.rpm
a85ba72dbcf8357c63bd7ddd71a8e7b1e270a0d0 fedora/2/updates/i386/php-imap-4.3.11-1.fc2.4.legacy.i386.rpm
8856c97f65e6dfdf5241faa5294a9a8883de049b fedora/2/updates/i386/php-ldap-4.3.11-1.fc2.4.legacy.i386.rpm
f7d1159e5756ba33282920d0923bcd338306a2c8 fedora/2/updates/i386/php-mbstring-4.3.11-1.fc2.4.legacy.i386.rpm
24d23bd41dc5c3233019a86a988057dfa8fd3576 fedora/2/updates/i386/php-mysql-4.3.11-1.fc2.4.legacy.i386.rpm
618b32b0c28b71755c8f487b035649e44213b2cf fedora/2/updates/i386/php-odbc-4.3.11-1.fc2.4.legacy.i386.rpm
cf728abb52acc26f2f6d33dbb5135fdbd2ec4df0 fedora/2/updates/i386/php-pear-4.3.11-1.fc2.4.legacy.i386.rpm
fe3a23d81b92930426f7dd3a5b687ef979d8a3b9 fedora/2/updates/i386/php-pgsql-4.3.11-1.fc2.4.legacy.i386.rpm
771c5041ed29045e4de59bcacbc0c640247c80e7 fedora/2/updates/i386/php-snmp-4.3.11-1.fc2.4.legacy.i386.rpm
2962cc479b53c181dd67fdd4008ee904d81e71ac fedora/2/updates/i386/php-xmlrpc-4.3.11-1.fc2.4.legacy.i386.rpm
2c6d2007423a9334a22451521a742ca942677c57 fedora/2/updates/SRPMS/php-4.3.11-1.fc2.4.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3353

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org

Mandriva Linux

Mandriva Linux Security Advisory MDKSA-2005:221
http://www.mandriva.com/security/

Package : spamassassin
Date : December 2, 2005
Affected: 10.1, 10.2, 2006.0

Problem Description:

SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl.

Updated packages have been patched to address this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3351

Updated Packages:

Mandriva Linux 10.1:
bef6bc710a84e631fdd4d4f94a86248c 10.1/RPMS/perl-Mail-SpamAssassin-3.0.4-0.2.101mdk.i586.rpm
6c3246d2e9860379b267593fbdd2be74 10.1/RPMS/spamassassin-3.0.4-0.2.101mdk.i586.rpm
75171a7044be3d193e2f9979fd991e62 10.1/RPMS/spamassassin-spamc-3.0.4-0.2.101mdk.i586.rpm
20f74aae0c01c0819fc0d686a2967979 10.1/RPMS/spamassassin-spamd-3.0.4-0.2.101mdk.i586.rpm
095c5d7c16b74e4004bf731c427c9b0f 10.1/RPMS/spamassassin-tools-3.0.4-0.2.101mdk.i586.rpm
c605bdcc9ac46522efaeca7e12c80949 10.1/SRPMS/spamassassin-3.0.4-0.2.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
18805a860661de486a7ae0a716823da2 x86_64/10.1/RPMS/perl-Mail-SpamAssassin-3.0.4-0.2.101mdk.x86_64.rpm
3fd255f3e04fc2b4380063a9b4ca7403 x86_64/10.1/RPMS/spamassassin-3.0.4-0.2.101mdk.x86_64.rpm
208127aaeb59bb39b9711b4e260fd47c x86_64/10.1/RPMS/spamassassin-spamc-3.0.4-0.2.101mdk.x86_64.rpm
21c05e1003d08a3a9b869971d713c6a7 x86_64/10.1/RPMS/spamassassin-spamd-3.0.4-0.2.101mdk.x86_64.rpm
086b1cb83ee2f4343116bbece2b37261 x86_64/10.1/RPMS/spamassassin-tools-3.0.4-0.2.101mdk.x86_64.rpm
c605bdcc9ac46522efaeca7e12c80949 x86_64/10.1/SRPMS/spamassassin-3.0.4-0.2.101mdk.src.rpm

Mandriva Linux 10.2:
cc43a9f882ef5a1e20d587d961db8d1a 10.2/RPMS/perl-Mail-SpamAssassin-3.0.4-0.2.102mdk.i586.rpm
a42113eae2989be9d3af932338535c5d 10.2/RPMS/spamassassin-3.0.4-0.2.102mdk.i586.rpm
f294a8ebb83ec6245ee4cb477f01510a 10.2/RPMS/spamassassin-spamc-3.0.4-0.2.102mdk.i586.rpm
d017ebbbe4778c147dcc9903473aa092 10.2/RPMS/spamassassin-spamd-3.0.4-0.2.102mdk.i586.rpm
bb699d1b5875a53b5daace54ef544d20 10.2/RPMS/spamassassin-tools-3.0.4-0.2.102mdk.i586.rpm
eec76ea982c797aaa1b18f6b1c35471c 10.2/SRPMS/spamassassin-3.0.4-0.2.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
dccacca323368a74af5af12392e1486c x86_64/10.2/RPMS/perl-Mail-SpamAssassin-3.0.4-0.2.102mdk.x86_64.rpm
d104a1c344b1616a881e29e8b4cb495c x86_64/10.2/RPMS/spamassassin-3.0.4-0.2.102mdk.x86_64.rpm
410ce462bf261c2e1c73cff6eefa4517 x86_64/10.2/RPMS/spamassassin-spamc-3.0.4-0.2.102mdk.x86_64.rpm
b8c5daaf23e58bcf8d344178a6d28b72 x86_64/10.2/RPMS/spamassassin-spamd-3.0.4-0.2.102mdk.x86_64.rpm
04bf196106dfc274c726e9be8bf293ce x86_64/10.2/RPMS/spamassassin-tools-3.0.4-0.2.102mdk.x86_64.rpm
eec76ea982c797aaa1b18f6b1c35471c x86_64/10.2/SRPMS/spamassassin-3.0.4-0.2.102mdk.src.rpm

Mandriva Linux 2006.0:
a4f918d6bf1ca8fedc56537d17a63269 2006.0/RPMS/perl-Mail-SpamAssassin-3.0.4-3.2.20060mdk.i586.rpm
51c25677480258fb2d314bafb0f9dfa8 2006.0/RPMS/spamassassin-3.0.4-3.2.20060mdk.i586.rpm
b30bf3189682f28947ede6cc32c23cfe 2006.0/RPMS/spamassassin-spamc-3.0.4-3.2.20060mdk.i586.rpm
af129cafa8c0afacf47848248e2a093f 2006.0/RPMS/spamassassin-spamd-3.0.4-3.2.20060mdk.i586.rpm
e5c6baedbbb98c975cfdbcfbddf50940 2006.0/RPMS/spamassassin-tools-3.0.4-3.2.20060mdk.i586.rpm
4b6ae867e1bcfc10a29fc13b04d9a1a6 2006.0/SRPMS/spamassassin-3.0.4-3.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
d76d8b497ef31d06b89a3ff3a6c1fbd9 x86_64/2006.0/RPMS/perl-Mail-SpamAssassin-3.0.4-3.2.20060mdk.x86_64.rpm
29b0e1af99bc43c46c3d53b4c9e1ca1d x86_64/2006.0/RPMS/spamassassin-3.0.4-3.2.20060mdk.x86_64.rpm
f8239556e3a60e290a51d70ccdc3fc48 x86_64/2006.0/RPMS/spamassassin-spamc-3.0.4-3.2.20060mdk.x86_64.rpm
0f2ac7444f0878e2c6d001d8c52a6bfd x86_64/2006.0/RPMS/spamassassin-spamd-3.0.4-3.2.20060mdk.x86_64.rpm
d6770761031d62efcd536f0d087a0f40 x86_64/2006.0/RPMS/spamassassin-tools-3.0.4-3.2.20060mdk.x86_64.rpm
4b6ae867e1bcfc10a29fc13b04d9a1a6 x86_64/2006.0/SRPMS/spamassassin-3.0.4-3.2.20060mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2005:222
http://www.mandriva.com/security/

Package : mailman
Date : December 2, 2005
Affected: 10.1, 10.2, 2006.0, Corporate 3.0

Problem Description:

Scrubber.py in Mailman 2.1.4 - 2.1.6 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service. (CVE-2005-3573)

In addition, these versions of mailman have an issue where the server will fail with an Overflow on bad date data in a processed message.

The version of mailman in Corporate Server 2.1 does not contain the above vulnerable code.

Updated packages are patched to correct these issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3573

Updated Packages:

Mandriva Linux 10.1:
b62f2bdad4a9295bcedec597f5479843 10.1/RPMS/mailman-2.1.5-7.5.101mdk.i586.rpm
4ebd694b50ccbc9f2b602676840c4bc9 10.1/SRPMS/mailman-2.1.5-7.5.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
a887edf3dd65a418c441fae7588f7e5e x86_64/10.1/RPMS/mailman-2.1.5-7.5.101mdk.x86_64.rpm
4ebd694b50ccbc9f2b602676840c4bc9 x86_64/10.1/SRPMS/mailman-2.1.5-7.5.101mdk.src.rpm

Mandriva Linux 10.2:
99e3dbde709dfa5eb7bd71041adf41be 10.2/RPMS/mailman-2.1.5-15.2.102mdk.i586.rpm
c01867687ff9c78b4c1e2da9d70c4f11 10.2/SRPMS/mailman-2.1.5-15.2.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
c66dd1916ba0d8ecf8796b1890a064fd x86_64/10.2/RPMS/mailman-2.1.5-15.2.102mdk.x86_64.rpm
c01867687ff9c78b4c1e2da9d70c4f11 x86_64/10.2/SRPMS/mailman-2.1.5-15.2.102mdk.src.rpm

Mandriva Linux 2006.0:
f917270b5334f62843bbdb4a06d12ae0 2006.0/RPMS/mailman-2.1.6-6.2.20060mdk.i586.rpm
15bc0be9373657ac39a9e3956de90801 2006.0/SRPMS/mailman-2.1.6-6.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
e92b1dd1ae0bfe3bbc61ba5d6f3b52c3 x86_64/2006.0/RPMS/mailman-2.1.6-6.2.20060mdk.x86_64.rpm
15bc0be9373657ac39a9e3956de90801 x86_64/2006.0/SRPMS/mailman-2.1.6-6.2.20060mdk.src.rpm

Corporate 3.0:
867bdc1fe018e94eb4d5352fc69747ae corporate/3.0/RPMS/mailman-2.1.4-2.5.C30mdk.i586.rpm
572477eb207dadbabc22b0e53b0c2b2b corporate/3.0/SRPMS/mailman-2.1.4-2.5.C30mdk.src.rpm

Corporate 3.0/X86_64:
8a4cc67f45481e9d4b25c41e80f54809 x86_64/corporate/3.0/RPMS/mailman-2.1.4-2.5.C30mdk.x86_64.rpm
572477eb207dadbabc22b0e53b0c2b2b x86_64/corporate/3.0/SRPMS/mailman-2.1.4-2.5.C30mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2005:223
http://www.mandriva.com/security/

Package : webmin
Date : December 2, 2005
Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0

Problem Description:

Jack Louis discovered a format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled. This can allow remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3912

Updated Packages:

Mandriva Linux 10.1:
1c75e57f72de9b9eb187d18de15d9a0b 10.1/RPMS/webmin-1.150-3.2.101mdk.noarch.rpm
fb3f30131577c5e7e799ee58264055aa 10.1/SRPMS/webmin-1.150-3.2.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
39782b6c2fe898596023ad384cd2d5ce x86_64/10.1/RPMS/webmin-1.150-3.2.101mdk.noarch.rpm
fb3f30131577c5e7e799ee58264055aa x86_64/10.1/SRPMS/webmin-1.150-3.2.101mdk.src.rpm

Mandriva Linux 10.2:
5ff784b1c60b7cc2fbc39487c22b6b78 10.2/RPMS/webmin-1.180-1.2.102mdk.noarch.rpm
060c31856652e82003997150f9403021 10.2/SRPMS/webmin-1.180-1.2.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
a268a1aa09cf68c7727aa7f0f479c8ac x86_64/10.2/RPMS/webmin-1.180-1.2.102mdk.noarch.rpm
060c31856652e82003997150f9403021 x86_64/10.2/SRPMS/webmin-1.180-1.2.102mdk.src.rpm

Mandriva Linux 2006.0:
25b784d8c69c42f5f816272f47528156 2006.0/RPMS/webmin-1.220-9.2.20060mdk.noarch.rpm
64772a0268b55e2d2650f4c43f4fe0b2 2006.0/SRPMS/webmin-1.220-9.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
bab0f651f140671b4bb01f65b9799de9 x86_64/2006.0/RPMS/webmin-1.220-9.2.20060mdk.noarch.rpm
64772a0268b55e2d2650f4c43f4fe0b2 x86_64/2006.0/SRPMS/webmin-1.220-9.2.20060mdk.src.rpm

Corporate Server 2.1:
303bd86b1156ea7ff6d08654fe824707 corporate/2.1/RPMS/webmin-0.990-6.6.C21mdk.noarch.rpm
0141850dc79c0ef041bd077264213dc9 corporate/2.1/SRPMS/webmin-0.990-6.6.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
8bb1b1dd0afea4178626fd6d8470b730 x86_64/corporate/2.1/RPMS/webmin-0.990-6.6.C21mdk.noarch.rpm
0141850dc79c0ef041bd077264213dc9 x86_64/corporate/2.1/SRPMS/webmin-0.990-6.6.C21mdk.src.rpm

Corporate 3.0:
5826c5c5fea5793c594d4fa46cae6338 corporate/3.0/RPMS/webmin-1.121-4.5.C30mdk.noarch.rpm
d38cdd7a15e0340ca4e5aa95e8a5b5ec corporate/3.0/SRPMS/webmin-1.121-4.5.C30mdk.src.rpm

Corporate 3.0/X86_64:
abd80f852fa1c5628da3613623a1f1c1 x86_64/corporate/3.0/RPMS/webmin-1.121-4.5.C30mdk.noarch.rpm
d38cdd7a15e0340ca4e5aa95e8a5b5ec x86_64/corporate/3.0/SRPMS/webmin-1.121-4.5.C30mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Ubuntu Linux

Ubuntu Security Notice USN-180-2 December 05, 2005
mysql-dfsg-4.1 vulnerability
CVE-2005-2558

A security issue affects the following Ubuntu releases:

Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

mysql-server-4.1

The problem can be corrected by upgrading the affected package to version 4.1.12-1ubuntu3.1. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

USN-180-1 fixed a vulnerability in the mysql-server package (which ships version 4.0). Version 4.1 is vulnerable against the same flaw.

Please note that this package is not officially supported in Ubuntu 5.10.

Origial advisory:

"AppSecInc Team SHATTER discovered a buffer overflow in the "CREATE FUNCTION" statement. By specifying a specially crafted long function name, a local or remote attacker with function creation privileges could crash the server or execute arbitrary code with server privileges.

However, the right to create function is usually not granted to untrusted users."

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12-1ubuntu3.1.diff.gz
      Size/MD5: 160353 1f6bdfc757592d25e6e5e0c40405c68a
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12-1ubuntu3.1.dsc
      Size/MD5: 1024 6df2740a688ebd8330bab80bcafa6f9a
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12.orig.tar.gz
      Size/MD5: 15921909 c7b83a19bd8a4f42d5d64c239d05121f

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.12-1ubuntu3.1_all.deb
Size/MD5: 36022 86a50a42f1685ad909ae5674d641b6d6

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.1_amd64.deb
      Size/MD5: 5830550 34427f9076358567e0b0104b83e236f9
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.1_amd64.deb
      Size/MD5: 1539274 09ce1eebeae5d58115c8a8b10b40511b
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.1_amd64.deb
      Size/MD5: 897406 29713a5ce0c8b18cb7b8d49809f4aefb
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.1_amd64.deb
      Size/MD5: 18429032 677948b959d99cdca3770e32c19601f6

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.1_i386.deb
      Size/MD5: 5347118 2944f5066bed041df004c51cd7e511e1
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.1_i386.deb
      Size/MD5: 1474316 d23d2f2af47577fbda0f754547a44fae
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.1_i386.deb
      Size/MD5: 865524 afdde59778fc2bc0971a959bc91960cb
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.1_i386.deb
      Size/MD5: 17335734 ea56a770e30cff750d7894e787deaefe

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.1_powerpc.deb
      Size/MD5: 6067392 661904ba18915482689a65594fbb8f66
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.1_powerpc.deb
      Size/MD5: 1547466 69a5573b7a30c2993e2e5685fd00a3a9
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.1_powerpc.deb
      Size/MD5: 936726 a060001f07b8c239f9b1d2b4b064c83d
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.1_powerpc.deb
      Size/MD5: 18521170 f858e627120278b8245079d77e61348e

Ubuntu Security Notice USN-220-1 December 01, 2005
w3c-libwww vulnerability
CVE-2005-3183

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libwww0

The problem can be corrected by upgrading the affected package to version 5.4.0-9ubuntu0.4.10 (for Ubuntu 4.10), 5.4.0-9ubuntu0.5.04 (for Ubuntu 5.04), or 5.4.0-9ubuntu0.5.10 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Sam Varshavchik discovered several buffer overflows in the HTBoundary_put_block() function. By sending specially crafted HTTP multipart/byteranges MIME messages, a malicious HTTP server could trigger an out of bounds memory access in the libwww library, which causes the program that uses the library to crash.

Updated packages for Ubuntu 4.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/w3c-libwww_5.4.0-9ubuntu0.4.10.diff.gz
      Size/MD5: 510355 15f9592db51864e0e060fe1f3a6f63f6
    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/w3c-libwww_5.4.0-9ubuntu0.4.10.dsc
      Size/MD5: 714 637bf331ecefe995ae2ef4b280e2bc2b
    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/w3c-libwww_5.4.0.orig.tar.gz
      Size/MD5: 1127018 a6073cda765b7f9fa0970eb92757f6bb

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww-dev_5.4.0-9ubuntu0.4.10_amd64.deb
      Size/MD5: 684660 313c59ca507046ff8a2b66ac49d0ac7e
    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww-ssl-dev_5.4.0-9ubuntu0.4.10_amd64.deb
      Size/MD5: 692530 d06eb91e03a400e23ae94d8466965bc5
    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww-ssl0_5.4.0-9ubuntu0.4.10_amd64.deb
      Size/MD5: 512118 2646446086e15f870cc8930d39fa65ad
    http://security.ubuntu.com/ubuntu/pool/universe/w/w3c-libwww/libwww0_5.4.0-9ubuntu0.4.10_amd64.deb
      Size/MD5: 503738 7dffb1bfe8e5215be6840aa9a8f2d2c9

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww-dev_5.4.0-9ubuntu0.4.10_i386.deb
      Size/MD5: 607840 b16565a4a8dfaa8a5b10227f73d0ca5d
    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww-ssl-dev_5.4.0-9ubuntu0.4.10_i386.deb
      Size/MD5: 614156 01705c593f044c6ef920c3799b8a7cb7
    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww-ssl0_5.4.0-9ubuntu0.4.10_i386.deb
      Size/MD5: 452774 21fe2a50e533a6be012c07ca2e1bca33
    http://security.ubuntu.com/ubuntu/pool/universe/w/w3c-libwww/libwww0_5.4.0-9ubuntu0.4.10_i386.deb
      Size/MD5: 444552 098a59839be744797f2c8f9df0fc70ba

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww-dev_5.4.0-9ubuntu0.4.10_powerpc.deb
      Size/MD5: 694934 c4b38eaec0fbff44f0b92e6b8d4c646f
    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww-ssl-dev_5.4.0-9ubuntu0.4.10_powerpc.deb
      Size/MD5: 704214 98db309dd1b252e6fe1fc7ec3f5e342c
    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww-ssl0_5.4.0-9ubuntu0.4.10_powerpc.deb
      Size/MD5: 507282 96d5f4382a0df15df9a04b72f33350f5
    http://security.ubuntu.com/ubuntu/pool/universe/w/w3c-libwww/libwww0_5.4.0-9ubuntu0.4.10_powerpc.deb
      Size/MD5: 498518 f77c5c60228ec7f769281ca4ba690ac1

Updated packages for Ubuntu 5.04:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/w3c-libwww_5.4.0-9ubuntu0.5.04.diff.gz
      Size/MD5: 510353 dfacb49b7bc30b6829a064ed857bad36
    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/w3c-libwww_5.4.0-9ubuntu0.5.04.dsc
      Size/MD5: 714 6b2128a3be183cbb204645423fa4fb22
    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/w3c-libwww_5.4.0.orig.tar.gz
      Size/MD5: 1127018 a6073cda765b7f9fa0970eb92757f6bb

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww-dev_5.4.0-9ubuntu0.5.04_amd64.deb
      Size/MD5: 684646 774b5e3bb24748468fb4417119648b1b
    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww-ssl-dev_5.4.0-9ubuntu0.5.04_amd64.deb
      Size/MD5: 692468 bc282e4fc92517bea58d67f8682f4793
    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww-ssl0_5.4.0-9ubuntu0.5.04_amd64.deb
      Size/MD5: 512176 17bce1afc105e18c7d0a87a2bd1c0e35
    http://security.ubuntu.com/ubuntu/pool/universe/w/w3c-libwww/libwww0_5.4.0-9ubuntu0.5.04_amd64.deb
      Size/MD5: 503836 229e14f16890a3698b7a6c0f643c3a07

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww-dev_5.4.0-9ubuntu0.5.04_i386.deb
      Size/MD5: 607932 f8d90cd4c1c414fd3be1445452b0f9dc
    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww-ssl-dev_5.4.0-9ubuntu0.5.04_i386.deb
      Size/MD5: 614278 7c49d8fb328a1615fbf68df3e31e8874
    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww-ssl0_5.4.0-9ubuntu0.5.04_i386.deb
      Size/MD5: 452130 8869e99df88b832629d392fb09bd4943
    http://security.ubuntu.com/ubuntu/pool/universe/w/w3c-libwww/libwww0_5.4.0-9ubuntu0.5.04_i386.deb
      Size/MD5: 443922 8fe4ee3f786484817a18269ff5b1bb00

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww-dev_5.4.0-9ubuntu0.5.04_powerpc.deb
      Size/MD5: 694902 9adb92ce0d06b187804ea4ef3b9b98e0
    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww-ssl-dev_5.4.0-9ubuntu0.5.04_powerpc.deb
      Size/MD5: 704190 4ede635cd936116304be4938db47c206
    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww-ssl0_5.4.0-9ubuntu0.5.04_powerpc.deb
      Size/MD5: 507868 cd6be292a8642f6ba829f20c0d477dcd
    http://security.ubuntu.com/ubuntu/pool/universe/w/w3c-libwww/libwww0_5.4.0-9ubuntu0.5.04_powerpc.deb
      Size/MD5: 498974 d12c45e22e60c084bfe6245884a3c911

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/w3c-libwww_5.4.0-9ubuntu0.5.10.diff.gz
      Size/MD5: 510354 66df7306af726ce9ca9c09e02f773fab
    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/w3c-libwww_5.4.0-9ubuntu0.5.10.dsc
      Size/MD5: 714 e4c57b709f40d8ecb2d58ea37550b78e
    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/w3c-libwww_5.4.0.orig.tar.gz
      Size/MD5: 1127018 a6073cda765b7f9fa0970eb92757f6bb

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww-dev_5.4.0-9ubuntu0.5.10_amd64.deb
      Size/MD5: 692584 1cdf973add1144853304890300a381de
    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww-ssl-dev_5.4.0-9ubuntu0.5.10_amd64.deb
      Size/MD5: 700096 09ce0c2f9e3cf3f8b0a1a79d38379c18
    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww-ssl0_5.4.0-9ubuntu0.5.10_amd64.deb
      Size/MD5: 520120 b16e4d23b9503b41468d9a8862347b2e
    http://security.ubuntu.com/ubuntu/pool/universe/w/w3c-libwww/libwww0_5.4.0-9ubuntu0.5.10_amd64.deb
      Size/MD5: 511492 11b9667628eb7fcaaec93b53d50a1881

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww-dev_5.4.0-9ubuntu0.5.10_i386.deb
      Size/MD5: 608218 6702f91d61eb03f7aa76ddecc68e0723
    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww-ssl-dev_5.4.0-9ubuntu0.5.10_i386.deb
      Size/MD5: 614374 f057682a4109808438162afe09ca5376
    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww-ssl0_5.4.0-9ubuntu0.5.10_i386.deb
      Size/MD5: 448164 4e09a8140ee0519a6b4512a442effff7
    http://security.ubuntu.com/ubuntu/pool/universe/w/w3c-libwww/libwww0_5.4.0-9ubuntu0.5.10_i386.deb
      Size/MD5: 441186 33bafbd9b12a56ed2633f3e7a7619e2a

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww-dev_5.4.0-9ubuntu0.5.10_powerpc.deb
      Size/MD5: 698766 8ecc3202704293dea4fc9555d7ffc0f1
    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww-ssl-dev_5.4.0-9ubuntu0.5.10_powerpc.deb
      Size/MD5: 707580 469d6a312828982ce40a5aeb931f24fd
    http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww-ssl0_5.4.0-9ubuntu0.5.10_powerpc.deb
      Size/MD5: 510528 b9fda83cd926e9d926ef5ff16b474487
    http://security.ubuntu.com/ubuntu/pool/universe/w/w3c-libwww/libwww0_5.4.0-9ubuntu0.5.10_powerpc.deb
      Size/MD5: 501542 7e17ff5ee5861d8e7eb2d6fe7e780ec9

Ubuntu Security Notice USN-221-1 December 01, 2005
ipsec-tools vulnerability
CVE-2005-3732

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

racoon

The problem can be corrected by upgrading the affected package to version 0.3.3-1ubuntu0.2 (for Ubuntu 4.10), 1:0.5-5ubuntu0.1 (for Ubuntu 5.04), or 1:0.6-1ubuntu1.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

The Oulu University Secure Programming Group discovered a remote Denial of Service vulnerability in the racoon daemon. When the daemon is configured to use aggressive mode, then it did not check whether the peer sent all required payloads during the IKE negotiation phase. A malicious IPsec peer could exploit this to crash the racoon daemon.

Please be aware that racoon is not officially supported by Ubuntu, the package is in the 'universe' component of the archive.

Updated packages for Ubuntu 4.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.2.diff.gz
      Size/MD5: 191462 3f68d0eb625f920ef3ab5e4e1a2b942f
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.2.dsc
      Size/MD5: 705 8c92ea1c2b68e7e335892c10020bafc2
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3.orig.tar.gz
      Size/MD5: 864122 b141da8ae299c8fdc53e536f6bbc3ad0

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.2_amd64.deb
      Size/MD5: 106260 491ea714d329c5b0d6b8283c7579140f
    http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.3.3-1ubuntu0.2_amd64.deb
      Size/MD5: 201510 7c3c1d31969a6924bfe0afbf6f56b468

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.2_i386.deb
      Size/MD5: 101224 5e35a5bfca069cf88d0d349ad86b3cf8
    http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.3.3-1ubuntu0.2_i386.deb
      Size/MD5: 186400 0627a043d0f0ad1e05830d57c35666f2

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.2_powerpc.deb
      Size/MD5: 108966 67f208c020df5f1194ab71a0569004f2
    http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.3.3-1ubuntu0.2_powerpc.deb
      Size/MD5: 196078 2acd7c40b8a56db688fc8ac8484272da

Updated packages for Ubuntu 5.04:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.5-5ubuntu0.1.diff.gz
      Size/MD5: 41200 47ee31ab5776589dd049a90f0437865b
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.5-5ubuntu0.1.dsc
      Size/MD5: 660 cad8e0faad2316aa0a65e28880548f58
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.5.orig.tar.gz
      Size/MD5: 883484 57de611b23eb141173698478e9b64474

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.5-5ubuntu0.1_amd64.deb
      Size/MD5: 80430 47b366f44e0c8fb49ea43500161a6419
    http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.5-5ubuntu0.1_amd64.deb
      Size/MD5: 301450 9fd3f818fc41641ed0e691f69b23c441

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.5-5ubuntu0.1_i386.deb
      Size/MD5: 75606 390fe7eb94e2e519bef1a0df6b6d46b5
    http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.5-5ubuntu0.1_i386.deb
      Size/MD5: 276974 baef582ea75ecaf240298d2917b79fac

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.5-5ubuntu0.1_powerpc.deb
      Size/MD5: 83030 7880cae89438386a5b9f676760eff1be
    http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.5-5ubuntu0.1_powerpc.deb
      Size/MD5: 296838 f417446dce53652608242e1798663622

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6-1ubuntu1.1.diff.gz
      Size/MD5: 49677 79084ce144e4b54267f69876d8104387
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6-1ubuntu1.1.dsc
      Size/MD5: 685 c22deb12d9a0943e3a66aad1a83c3857
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.orig.tar.gz
      Size/MD5: 905983 2cd85d36012b4d2c6947f7c17ad45b3e

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6-1ubuntu1.1_amd64.deb
      Size/MD5: 85086 e894b1b0168138fdb46d0c55095252bf
    http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.6-1ubuntu1.1_amd64.deb
      Size/MD5: 326258 1e7da4aa300a082cdf8034639de4f0a0

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6-1ubuntu1.1_i386.deb
      Size/MD5: 78912 b46dd5373458dd5500b2513edc6ceec8
    http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.6-1ubuntu1.1_i386.deb
      Size/MD5: 298016 5df2e64e0ac064876aa21d29c086f902

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6-1ubuntu1.1_powerpc.deb
      Size/MD5: 86902 c7c905f335db1bae382af11fe659d335
    http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.6-1ubuntu1.1_powerpc.deb
      Size/MD5: 319518 1a7abc7fd9645d47d045f63d9f980528

Ubuntu Security Notice USN-222-1 December 02, 2005
perl vulnerability
CVE-2005-3962

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

perl-base

The problem can be corrected by upgrading the affected package to version 5.8.4-2ubuntu0.5 (for Ubuntu 4.10), 5.8.4-6ubuntu1.1 (for Ubuntu 5.04), or 5.8.7-5ubuntu1.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Jack Louis of Dyad Security discovered that Perl did not sufficiently check the explicit length argument in format strings. Specially crafted format strings with overly large length arguments led to a crash of the Perl interpreter or even to execution of arbitrary attacker-defined code with the privileges of the user running the Perl program.

However, this attack was only possible in insecure Perl programs which use variables with user-defined values in string interpolations without checking their validity.

Updated packages for Ubuntu 4.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.5.diff.gz
      Size/MD5: 60449 138a02883a2dbe7a64ab04afdd66e9d9
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.5.dsc
      Size/MD5: 727 703d3ffd2a87bde7c541c6e8e837aadb
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4.orig.tar.gz
      Size/MD5: 12094233 912050a9cb6b0f415b76ba56052fb4cf

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.4-2ubuntu0.5_all.deb
      Size/MD5: 37058 bd3315452eecd9d428dabe16e53f2ded
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.4-2ubuntu0.5_all.deb
      Size/MD5: 7049780 5786917c60337ce874fe75bd3356ca12
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.4-2ubuntu0.5_all.deb
      Size/MD5: 2181250 7c97e5758dfff350f684ba84aab0a2dc

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.5_amd64.deb
      Size/MD5: 605446 b75c1a5bf7e1663f74c99fe3b42ceab7
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.5_amd64.deb
      Size/MD5: 1030 010890e33535d7a9b5f3c29fb18c2278
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.5_amd64.deb
      Size/MD5: 787320 7028286655aa8f1583cbc33de1769810
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.5_amd64.deb
      Size/MD5: 3819880 c0234ca782a1821ceb46a6e3f31c5040
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.5_amd64.deb
      Size/MD5: 32838 298ae33f6e488bb5676358862672bf7d
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.5_amd64.deb
      Size/MD5: 3834290 ea9cb2fe0d5da2cf9f41280d82af236f

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.5_i386.deb
      Size/MD5: 546916 c1696ad6b6cc8b135ef8b9b3c4d641dc
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.5_i386.deb
      Size/MD5: 494116 6969f99be7a08e72397f88141cf792fa
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.5_i386.deb
      Size/MD5: 727682 8df403b46255458380f8f1cc470695cf
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.5_i386.deb
      Size/MD5: 3631196 8b2c590421d6fb1990c10cbbd082127e
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.5_i386.deb
      Size/MD5: 30812 e59daea11508610cce6fbfe1d1d27352
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.5_i386.deb
      Size/MD5: 3229772 b29f36a2a1d486b13b021785ae7416e4

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.5_powerpc.deb
      Size/MD5: 561030 3d81dd76a5b743776b4c8b9596199075
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.5_powerpc.deb
      Size/MD5: 1036 febc4be8e86ba57988038b2245098602
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.5_powerpc.deb
      Size/MD5: 718498 5e1d9871793e853806968c95d065da8c
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.5_powerpc.deb
      Size/MD5: 3817110 71b313d4d4e8fbaf159c570ca8a67ccc
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.5_powerpc.deb
      Size/MD5: 30564 869d07e824d69d9eb729ffac2ee3e307
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.5_powerpc.deb
      Size/MD5: 3477134 5bc641ebc225d4df2d758a27bc4b076d

Updated packages for Ubuntu 5.04:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.1.diff.gz
      Size/MD5: 85222 f860ad98b388fe9b8bb86cc7e35345c7
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.1.dsc
      Size/MD5: 744 a7ed7714ee125e9ef47ad3815ef631d9
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4.orig.tar.gz
      Size/MD5: 12094233 912050a9cb6b0f415b76ba56052fb4cf

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.4-6ubuntu1.1_all.deb
      Size/MD5: 37848 e127ed7dfc844352edc5decfce571304
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.4-6ubuntu1.1_all.deb
      Size/MD5: 7050018 04f464518415aba917f23fb92aa2c692
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.4-6ubuntu1.1_all.deb
      Size/MD5: 2178096 dd899c9f55a68afd7b9fbfd20be24e6d

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-6ubuntu1.1_amd64.deb
      Size/MD5: 605492 e7ced10f4d56325865215644ca3cf206
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-6ubuntu1.1_amd64.deb
      Size/MD5: 1032 0de0991b480a41be576e0eb314cf9076
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-6ubuntu1.1_amd64.deb
      Size/MD5: 791098 48622e7501239e1bf514a478958e641f
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-6ubuntu1.1_amd64.deb
      Size/MD5: 3825826 86680f4b3ec293e8ff7d6766aa8e34fc
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-6ubuntu1.1_amd64.deb
      Size/MD5: 32840 9087597015a77995be3fae92dc8875dd
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.1_amd64.deb
      Size/MD5: 3833986 0e950b7f25c2c2d133cdc5deeed083bc

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-6ubuntu1.1_i386.deb
      Size/MD5: 547172 be2b0d1b086af1fe4de25456d8db0a32
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-6ubuntu1.1_i386.deb
      Size/MD5: 494206 a23e58dc0ed626af909d7b5d6992665c
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-6ubuntu1.1_i386.deb
      Size/MD5: 731022 5cbdd58be91bec1b8bda5b9e0ce5041c
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-6ubuntu1.1_i386.deb
      Size/MD5: 3630452 340473c47f02b82e3ab58ebce8a2cb4c
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-6ubuntu1.1_i386.deb
      Size/MD5: 30464 5c493e827dcd495f0a74be1cb7d76d26
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.1_i386.deb
      Size/MD5: 3230234 6dfd8e1ffc89ab95f380093ae676829a

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-6ubuntu1.1_powerpc.deb
      Size/MD5: 625218 71310d2d768fe03cf6a9a23a4d43298a
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-6ubuntu1.1_powerpc.deb
      Size/MD5: 1044 45d4349e536701ce7ed8032056da3ba0
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-6ubuntu1.1_powerpc.deb
      Size/MD5: 789578 1ff2f2abd2469dc46cb7cbda0d9be51d
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-6ubuntu1.1_powerpc.deb
      Size/MD5: 3588104 2fbb1cb36d1f38af8a165397bbe08695
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-6ubuntu1.1_powerpc.deb
      Size/MD5: 33578 9b2011b06bf9837f88d24cbc4051067c
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.1_powerpc.deb
      Size/MD5: 3509086 5029a74793ea9a46ddf8053a94193d21

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.1.diff.gz
      Size/MD5: 134597 d5eb14b2a7b72b5fef014284cb989404
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.1.dsc
      Size/MD5: 724 cc3cd8ed85ab22c3dc5bcc28e4dfa166
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7.orig.tar.gz
      Size/MD5: 12512211 dacefa1fe3c5b6d7bbc334ad94826131

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.7-5ubuntu1.1_all.deb
      Size/MD5: 39132 1698e69173383d40dbf7265ea9c31c75
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.7-5ubuntu1.1_all.deb
      Size/MD5: 7206644 da242594035cf2bf1e7f7e73e67c2562
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.7-5ubuntu1.1_all.deb
      Size/MD5: 2325766 7f69e0426eca9092f4e0da8c12be7cb5

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-5ubuntu1.1_amd64.deb
      Size/MD5: 641136 5f3b2d6818b93ce69f45c2225475f994
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-5ubuntu1.1_amd64.deb
      Size/MD5: 1008 909ca536921167aa03a9bcfe17504ecc
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-5ubuntu1.1_amd64.deb
      Size/MD5: 819570 323c17484cbcdd2325016faa41954d9d
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-5ubuntu1.1_amd64.deb
      Size/MD5: 2689162 81924c3f4ea92a95efe6ca26a9e93d35
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-5ubuntu1.1_amd64.deb
      Size/MD5: 31392 7b62c900f9d4226baf46536f33aa43cb
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.1_amd64.deb
      Size/MD5: 3974714 ec727b329279874b06c3a1ff4eaf013d

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-5ubuntu1.1_i386.deb
      Size/MD5: 560106 4a7bfbf041785c53c17549b9fe8b5651
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-5ubuntu1.1_i386.deb
      Size/MD5: 505946 8b87d461dd40e550869ab377449cd07b
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-5ubuntu1.1_i386.deb
      Size/MD5: 737400 49b7d3f90c86c53c75dddaf1c7451b01
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-5ubuntu1.1_i386.deb
      Size/MD5: 2453904 932044f5e5b32e7cbe7ebe7ba1787806
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-5ubuntu1.1_i386.deb
      Size/MD5: 28828 1824f7c1147d4039b5ad8e0880329fc2
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.1_i386.deb
      Size/MD5: 3297136 39cdfaba9743158eb0f770e2caec2adc

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-5ubuntu1.1_powerpc.deb
      Size/MD5: 656086 7fbb2c2885063467fb63ceadf83856e0
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-5ubuntu1.1_powerpc.deb
      Size/MD5: 1008 c463dda6c6b94f4a279d8180924c1fa3
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-5ubuntu1.1_powerpc.deb
      Size/MD5: 814770 ba1a2147b2717afdeb6bc6c603748684
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-5ubuntu1.1_powerpc.deb
      Size/MD5: 2646280 c7debfc211977a5587eeb353dcf9ac09
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-5ubuntu1.1_powerpc.deb
      Size/MD5: 31994 635f808e87308177acc302816f65a566
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.1_powerpc.deb
      Size/MD5: 3657374 cbe8f520cc8e821b288c06af052822f6

Ubuntu Security Notice USN-223-1 December 05, 2005
inkscape vulnerability
CVE-2005-3885

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

inkscape

The problem can be corrected by upgrading the affected package to version 0.40-2ubuntu1.1. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Javier FernÃ¡ndez-Sanguino PeÃ±a discovered that Inkscape's ps2epsi.sh script, which converts PostScript files to Encapsulated PostScript format, creates a temporary file in an insecure way. A local attacker could exploit this with a symlink attack to create or overwrite arbitrary files with the privileges of the user running Inkscape.

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/inkscape/inkscape_0.40-2ubuntu1.1.diff.gz
      Size/MD5: 7572 50ddba7ed014ae75870d1e87fcf8318f
    http://security.ubuntu.com/ubuntu/pool/main/i/inkscape/inkscape_0.40-2ubuntu1.1.dsc
      Size/MD5: 859 e5630cb77d15e601517fe6a43451bbdb
    http://security.ubuntu.com/ubuntu/pool/main/i/inkscape/inkscape_0.40.orig.tar.gz
      Size/MD5: 5292595 11c549c0ffdd45db9f9fe62dfec162ce

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/i/inkscape/inkscape_0.40-2ubuntu1.1_amd64.deb
Size/MD5: 3987574 67e8cc45c5b45fccae06c081ab59b5da

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/i/inkscape/inkscape_0.40-2ubuntu1.1_i386.deb
Size/MD5: 3898986 26b463fdc90342cd6418f103d6d1748e

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/i/inkscape/inkscape_0.40-2ubuntu1.1_powerpc.deb
Size/MD5: 4107808 66d473b7c6ce5551f262006e83f40135