Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections: Developer - High Performance - Infrastructure - IT Management - Security - Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs

Partner Sites
JustLinux.com
Linux Planet
PHPBuilder
Technology Jobs

Top White Papers

Current Newswire:

More on LinuxToday

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Justtechjobs.com Post A Job | Post A Resume

Advisories, January 29, 2006

Jan 30, 2006, 04:45 (0 Talkback[s])

Debian GNU/Linux

Debian Security Advisory DSA 950-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 23rd, 2006 http://www.debian.org/security/faq

Package : cupsys
Vulnerability : buffer overflows
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628

"infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in CUPS, the Common UNIX Printing System, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

For the old stable distribution (woody) these problems have been fixed in version 1.1.14-5woody14.

For the stable distribution (sarge) these problems have been fixed in version 1.1.23-10sarge1.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your CUPS packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14.dsc
      Size/MD5 checksum: 712 87055bd9647d440b8ce56afc1c53c062
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14.diff.gz
      Size/MD5 checksum: 41961 2d996ab8926c30dda9b4b1da5db2dcf5
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14.orig.tar.gz
      Size/MD5 checksum: 6150756 0dfa41f29fa73e7744903b2471d2ca2f

Alpha architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_alpha.deb
      Size/MD5 checksum: 1901460 d9c2716ed4e3eb17551e93bd09ef3cb1
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_alpha.deb
      Size/MD5 checksum: 74640 ecc0016c60f37d7b99c4d8848588a4d1
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_alpha.deb
      Size/MD5 checksum: 93286 9f018be9b70c2dc86ee7d022b92ff102
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_alpha.deb
      Size/MD5 checksum: 2446114 c097158954ffc328f578dea763337440
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_alpha.deb
      Size/MD5 checksum: 138306 3d938cc09f9b17c65c79a4b7c4c7474a
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_alpha.deb
      Size/MD5 checksum: 181258 db9cc1c0273d516386ccf2be873166a0

ARM architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_arm.deb
      Size/MD5 checksum: 1822154 a6c2a7bc9ed9a2daf492474dfbfee387
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_arm.deb
      Size/MD5 checksum: 68790 a6504ee333ddb3bea747835678a025f3
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_arm.deb
      Size/MD5 checksum: 85976 20b1bc34eee904186892e47522024266
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_arm.deb
      Size/MD5 checksum: 2346140 ed23313e05032089bb5cee70cd914711
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_arm.deb
      Size/MD5 checksum: 113304 9ffcce59eb3f9b306dbd661fe9b28760
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_arm.deb
      Size/MD5 checksum: 150704 be20a14dfa2fb2251d9a046159a4ac9e

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_i386.deb
      Size/MD5 checksum: 1788452 f920699db4f6756a27ef73c00d41cb1c
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_i386.deb
      Size/MD5 checksum: 68280 728e5ab852df891dbb094c877d5d26f2
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_i386.deb
      Size/MD5 checksum: 84416 352934f7cabf8e8835cbe685e136ab69
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_i386.deb
      Size/MD5 checksum: 2312294 656e02e4f86107449f528789393bf3d4
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_i386.deb
      Size/MD5 checksum: 111268 cdd8f173a676c42e1e6f800757777e44
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_i386.deb
      Size/MD5 checksum: 136824 3762ca0a2e9f04e82c69de42bee5c6d1

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_ia64.deb
      Size/MD5 checksum: 2009046 515a82e65816d7306a0eed23eb81eca7
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_ia64.deb
      Size/MD5 checksum: 77740 1934f438e856d54966bd86d1e575185c
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_ia64.deb
      Size/MD5 checksum: 97452 b74539e18af4838477d91c604d8a92ed
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_ia64.deb
      Size/MD5 checksum: 2657094 64e4f7fef054d690c03ca3753742a762
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_ia64.deb
      Size/MD5 checksum: 156328 82d9922dc92754c43bf39e8f4cc77928
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_ia64.deb
      Size/MD5 checksum: 183270 6a90afecd9464585d98e294ff73929c7

HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_hppa.deb
      Size/MD5 checksum: 1882286 4ec8f0298dc7249fa9ca70017b324de2
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_hppa.deb
      Size/MD5 checksum: 71102 4fe9e3556038e7ad2a5f98b93293a37a
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_hppa.deb
      Size/MD5 checksum: 90130 eeb463655e9c4d920e9bd9bf6f59fc2e
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_hppa.deb
      Size/MD5 checksum: 2456368 06cd1008318bbb3508f78208360c25dd
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_hppa.deb
      Size/MD5 checksum: 126830 9438fad24f29a082acf3af12f1b78ba2
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_hppa.deb
      Size/MD5 checksum: 159848 992335895e6d5f9507cd5f261bab3083

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_m68k.deb
      Size/MD5 checksum: 1756060 ab11910eddafa259de3bd745b44bf3da
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_m68k.deb
      Size/MD5 checksum: 66570 e2c198da29470435c7728c04ec1dddcd
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_m68k.deb
      Size/MD5 checksum: 81710 aba951dcf7e9b48289d66d28b52a8fe1
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_m68k.deb
      Size/MD5 checksum: 2261686 aba414903aed1f525daddefc42d9cb0f
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_m68k.deb
      Size/MD5 checksum: 106548 52dd393183f425b3cfd7dfb424a83df8
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_m68k.deb
      Size/MD5 checksum: 129094 4348111e8d1be636745d7871e8891948

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_mips.deb
      Size/MD5 checksum: 1812104 dd3a152cc6f60aee92caf1b1d48be116
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_mips.deb
      Size/MD5 checksum: 68192 471231e45b6758318b09593584561492
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_mips.deb
      Size/MD5 checksum: 81620 20a54b310accf0c618ae17b1939928d6
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_mips.deb
      Size/MD5 checksum: 2404894 e5448e7a68d1b9b2faffe6250e293504
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_mips.deb
      Size/MD5 checksum: 113064 bef1f42d86e8f491fc3c01eab9d1978d
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_mips.deb
      Size/MD5 checksum: 151504 bea406cc6863a488054206378e8fb04c

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_mipsel.deb
      Size/MD5 checksum: 1812764 83e4dac89074dcb5adeeadc94e1b77fc
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_mipsel.deb
      Size/MD5 checksum: 68190 8a5f9228fd00e1f2010b4ecc3192043f
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_mipsel.deb
      Size/MD5 checksum: 81664 c7329620731adcafa54c76956c7570fa
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_mipsel.deb
      Size/MD5 checksum: 2407286 597914ee83c1d95f071f3f9cc2a712c4
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_mipsel.deb
      Size/MD5 checksum: 112850 b0ba6a07c9ae3dd1265428e591c46e97
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_mipsel.deb
      Size/MD5 checksum: 151320 08f9b0bd3e63b83e4486a736f4183c80

PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_powerpc.deb
      Size/MD5 checksum: 1801230 7ae9ff1ad1a2b39bcac9caf0a1ea84bf
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_powerpc.deb
      Size/MD5 checksum: 68216 c4a5278ee7b0decab415799498ec4c0e
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_powerpc.deb
      Size/MD5 checksum: 83804 1f0e2917e7bbfa3c41b42a8706aa4dbc
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_powerpc.deb
      Size/MD5 checksum: 2360122 0205d9a7e7294b1c5df64b7b5aeef414
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_powerpc.deb
      Size/MD5 checksum: 117102 75a66b72bc9f3de5db50bab7c0fd877d
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_powerpc.deb
      Size/MD5 checksum: 145562 d77e1f716df37e1e1f4fa0408adaa2d7

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_s390.deb
      Size/MD5 checksum: 1796146 6fa046122e3b7f1c3d8d4b5d74ab4f44
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_s390.deb
      Size/MD5 checksum: 69592 f2f9bf8682b4cb7fc45daddff2643bf2
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_s390.deb
      Size/MD5 checksum: 86316 b48887446a27a55d25ac400c1aac22ce
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_s390.deb
      Size/MD5 checksum: 2337954 7a17b6c38961912f5c8ac1d3a93df115
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_s390.deb
      Size/MD5 checksum: 115630 c441bc67529c0ca9d65b2ecf7ae77a22
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_s390.deb
      Size/MD5 checksum: 141154 6c1045dab37cd0c2de8ea9521fb15ce5

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_sparc.deb
      Size/MD5 checksum: 1845976 02c8158a514550f09e71440b57bbe091
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_sparc.deb
      Size/MD5 checksum: 71162 e80f373008dae5e4c53f573cb8211742
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_sparc.deb
      Size/MD5 checksum: 84582 9a972b8f43a72a85b83deaca3fd33dd9
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_sparc.deb
      Size/MD5 checksum: 2354982 984c7d23e08833f26d1cd63e54292a41
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_sparc.deb
      Size/MD5 checksum: 120776 704f789385683f359cc6ed1328892516
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_sparc.deb
      Size/MD5 checksum: 147072 e9aabfc1246767e35667aeed061f0184

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1.dsc
      Size/MD5 checksum: 843 149c91767477b75a0cf7db28c6129b30
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1.diff.gz
      Size/MD5 checksum: 1273227 8e6fbc6b8ca8d4588d90312a3a7c2199
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23.orig.tar.gz
      Size/MD5 checksum: 10071818 d6995f493129e9637581f3a717c8345e

Architecture independent components:

    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.23-10sarge1_all.deb
      Size/MD5 checksum: 972 0f85b73fa4d13914cf8f50dc2dc1910f

Alpha architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_alpha.deb
      Size/MD5 checksum: 8998558 547b44162becac3729e55a1efa9bf526
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_alpha.deb
      Size/MD5 checksum: 51964 4961aed776b96ad6201d56a9d2405a2f
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_alpha.deb
      Size/MD5 checksum: 116824 732753a8cfbd0eeb5f52b8686948f6b6
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_alpha.deb
      Size/MD5 checksum: 61186 e6dab465c327d8b5769a406130e47216
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_alpha.deb
      Size/MD5 checksum: 61054 d6261652e2a0cbb4d396411f224a0322
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_alpha.deb
      Size/MD5 checksum: 112100 28f6458e3a69ee997b3dee07b7c2b616
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_alpha.deb
      Size/MD5 checksum: 83694 433ccca31f21ee3d1b726acc36fe3350

AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_amd64.deb
      Size/MD5 checksum: 8965490 0ed3172129be9fac870f3c27c16d9b6b
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_amd64.deb
      Size/MD5 checksum: 48912 481fb3ff53dcea0ab7675e2935d0c4b5
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_amd64.deb
      Size/MD5 checksum: 111480 0d29c73380d005759e830a560765115b
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_amd64.deb
      Size/MD5 checksum: 54140 7aa240c5363d73169f72ced83b9418f9
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_amd64.deb
      Size/MD5 checksum: 45302 4bf1056c7dbfb8f8ca5418b2bd0da446
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_amd64.deb
      Size/MD5 checksum: 88114 31b7feb9363003f66f67f957e4933e9a
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_amd64.deb
      Size/MD5 checksum: 76420 b550d92e77c52790bf5a58031f605c8d

ARM architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_arm.deb
      Size/MD5 checksum: 8957012 915fdb81401cd63d854e5cf40605a797
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_arm.deb
      Size/MD5 checksum: 47944 7464b760910c7eec6450fb3608a54845
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_arm.deb
      Size/MD5 checksum: 108064 f6f2d9a1dbefa5bb4adfeec4592df8af
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_arm.deb
      Size/MD5 checksum: 52704 67a5ae9c5dcdf9a5a86f7d64292bf967
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_arm.deb
      Size/MD5 checksum: 47096 9fa5503ff99ecfb041243039362b3a2a
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_arm.deb
      Size/MD5 checksum: 88946 ecdf555d38255fd39a08ee1387013f1b
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_arm.deb
      Size/MD5 checksum: 70916 10e8a947858a4707236de9e2006e3907

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_i386.deb
      Size/MD5 checksum: 8956128 da71b0801cba48f1cb692d93297abc2b
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_i386.deb
      Size/MD5 checksum: 48344 41ebb63f63a0f2dae4312cb0618114fa
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_i386.deb
      Size/MD5 checksum: 109956 fbc4c77291e86a1ef4cbba36cfa54b7d
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_i386.deb
      Size/MD5 checksum: 54588 140f3a9b6f693b7d5cfc5666b1ca9811
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_i386.deb
      Size/MD5 checksum: 45896 45916eeaf110d91dfffd39ce25f0b36a
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_i386.deb
      Size/MD5 checksum: 86752 04ef904ec3d610eca55a8c4c27126dc5
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_i386.deb
      Size/MD5 checksum: 75220 f5dcffc2f6f71ccc85c939001d84a3b7

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_ia64.deb
      Size/MD5 checksum: 9097650 7833e9cdda700ca59e4ca74c68c8c94f
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_ia64.deb
      Size/MD5 checksum: 57190 05e645e5af8ea79fffe60985668f4d1a
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_ia64.deb
      Size/MD5 checksum: 131422 72e92715d0f7c044313dce896e32327d
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_ia64.deb
      Size/MD5 checksum: 68416 744165acbbe1ab96f53d8e4d91346367
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_ia64.deb
      Size/MD5 checksum: 59894 1d3e91c509a4e0f790b7abbbf379d623
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_ia64.deb
      Size/MD5 checksum: 112768 96f6ecd302463e5a401f52c3e060b498
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_ia64.deb
      Size/MD5 checksum: 97514 612eb7ff11d4f89e9c03224917586fa3

HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_hppa.deb
      Size/MD5 checksum: 9010754 0c11b272d05a6f65c3665ac8b15b8947
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_hppa.deb
      Size/MD5 checksum: 52902 84620c8436668790219d44c1cf7373b4
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_hppa.deb
      Size/MD5 checksum: 117598 4c4500d88ed256ef352e59849cf8a286
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_hppa.deb
      Size/MD5 checksum: 59694 7917b68267148a9f0c82e55e4a759783
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_hppa.deb
      Size/MD5 checksum: 51240 2c078aa79136b3ace1c2d28b94da9256
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_hppa.deb
      Size/MD5 checksum: 95354 203442791f4f1d2ecd1e70e3279dbfd5
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_hppa.deb
      Size/MD5 checksum: 82904 bd10a9918c341f9614f68a3ee81683db

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_m68k.deb
      Size/MD5 checksum: 8925186 a926ab8492abf60434ffdadfb307b9e8
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_m68k.deb
      Size/MD5 checksum: 46966 6562751ea50409726f36af2016408821
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_m68k.deb
      Size/MD5 checksum: 104484 0318d6db604c936380a4fdfb3482eac8
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_m68k.deb
      Size/MD5 checksum: 49714 272c0080ae763db015e2199c39c72220
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_m68k.deb
      Size/MD5 checksum: 37408 3179193900762362145cd7b45e91cbf2
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_m68k.deb
      Size/MD5 checksum: 75744 f898ee020d7f540eafdabf95decc768f
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_m68k.deb
      Size/MD5 checksum: 70676 8882d7075c9cb16ee51ba2051c6e801c

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_mips.deb
      Size/MD5 checksum: 8994246 e0b394ae2fe5dd1bd72750cfad52de53
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_mips.deb
      Size/MD5 checksum: 54694 a3a93dad227e79d81be0f9db867afc6d
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_mips.deb
      Size/MD5 checksum: 121500 e41d68c6950a41cf7ce208a6ac0bc3de
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_mips.deb
      Size/MD5 checksum: 53986 b511a7cb6c46058ea49a621dcc3c4988
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_mips.deb
      Size/MD5 checksum: 48646 e54608c8ff507c59f73d6bf47f4f5b7e
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_mips.deb
      Size/MD5 checksum: 88824 3f494a70d277f0f7340860d9e9898fe6
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_mips.deb
      Size/MD5 checksum: 72820 67af0adb3c1e2ce71c4f3810c80c6338

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_mipsel.deb
      Size/MD5 checksum: 8995140 195358c1b1afbde4fc6c8335efaa4181
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_mipsel.deb
      Size/MD5 checksum: 54840 959fc8269f565b6a60b90ac6216da171
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_mipsel.deb
      Size/MD5 checksum: 121638 8102c77355666f900144bbbf06a6e737
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_mipsel.deb
      Size/MD5 checksum: 54148 31231eb300e28dd7b27acd92b6118e81
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_mipsel.deb
      Size/MD5 checksum: 48762 45222e32a7a0ae9de9882a73d6008342
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_mipsel.deb
      Size/MD5 checksum: 88954 41584ce383f4282195d63c627eaa724a
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_mipsel.deb
      Size/MD5 checksum: 72696 5d14ee7a81b0a0e083210b82ddca20c7

PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_powerpc.deb
      Size/MD5 checksum: 8969934 4e344b217f6ef0a9c8e60358023b31ee
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_powerpc.deb
      Size/MD5 checksum: 53294 d37e799234391a7d8a7aea39feb77e17
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_powerpc.deb
      Size/MD5 checksum: 119228 77809235fdf58d3f061514fc0cd8a6d1
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_powerpc.deb
      Size/MD5 checksum: 56414 27ca9a1284d4d61c61d1f3cd8ec8ac2b
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_powerpc.deb
      Size/MD5 checksum: 44490 28e399b1d223a87154c0121b7d03d611
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_powerpc.deb
      Size/MD5 checksum: 87470 2568624e044d49e0941b8ad30871eb3b
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_powerpc.deb
      Size/MD5 checksum: 76432 56bf5eca39b58eaf2ed3979b30a327f0

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_s390.deb
      Size/MD5 checksum: 8970048 9cc28b376bc998fcb677d07560578af5
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_s390.deb
      Size/MD5 checksum: 49436 551d0048566181bac7df0649d07d5612
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_s390.deb
      Size/MD5 checksum: 110080 2e8273c064ed8274fcbefb76ba7e658d
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_s390.deb
      Size/MD5 checksum: 55788 92ca368281195401f5df2b49e739804d
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_s390.deb
      Size/MD5 checksum: 44886 5391354597b49101acd2c6a30dd3ab4b
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_s390.deb
      Size/MD5 checksum: 90062 222e90ed6137450d20d2cdd6b22987a4
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_s390.deb
      Size/MD5 checksum: 78542 c6da804896bc9fb88c39b0bb1c53ce26

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_sparc.deb
      Size/MD5 checksum: 8972432 c4ecce3bcfadaeda1503afe260d84b7f
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_sparc.deb
      Size/MD5 checksum: 47664 6d5c126bdc8ba8581b8e197468577934
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_sparc.deb
      Size/MD5 checksum: 108100 c0b006f4a79340275585150450e91f0b
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_sparc.deb
      Size/MD5 checksum: 54544 4e81501aee3e095dc6c0dcb44c1d15ce
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_sparc.deb
      Size/MD5 checksum: 46028 5ceccb76a01d1a1b0fba31d4d80539aa
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_sparc.deb
      Size/MD5 checksum: 86606 7444f4cf093195c09db2e53fe8f45636
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_sparc.deb
      Size/MD5 checksum: 74404 d30b3e52cb5948f869332d91eb89c850

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 951-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 23rd, 2006 http://www.debian.org/security/faq

Package : trac
Vulnerability : missing input sanitising
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2005-4065 CVE-2005-4644
BugTraq IDs : 15720 16198
Debian Bug : 348791

Several vulnerabilies have been discovered in trac, an enhanced wiki and issue tracking system for software development projects. The Common Vulnerabilities and Exposures project identifie the following problems:

CVE-2005-4065

Due to missing input sanitising it is possible to inject arbitrary SQL code into the SQL statements.

CVE-2005-4644

A cross-site scripting vulnerability has been discovered that allows remote attackers to inject arbitrary web script or HTML.

The old stable distribution (woody) does not contain trac packages.

For the stable distribution (sarge) these problems have been fixed in version 0.8.1-3sarge3.

For the unstable distribution (sid) these problems have been fixed in version 0.9.3-1.

We recommend that you upgrade your trac package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge3.dsc
      Size/MD5 checksum: 656 cb4d61028dc622d02d3b8c0ff858416e
    http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge3.diff.gz
      Size/MD5 checksum: 12672 6dfb5852433afe58057848058005497e
    http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1.orig.tar.gz
      Size/MD5 checksum: 236791 1b6c44fae90c760074762b73cdc88c8d

Architecture independent components:

    http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge3_all.deb
      Size/MD5 checksum: 198526 c8953db99c9532a6971163c91facedbc

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 952-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
January 23rd, 2006 http://www.debian.org/security/faq

Package : libapache-auth-ldap
Vulnerability : format string
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-0150

"Seregorn" discovered a format string vulnerability in the logging function of libapache-auth-ldap, an LDAP authentication module for the Apache webserver, that can lead to the execution of arbitrary code.

For the old stable distribution (woody) this problem has been fixed in version 1.6.0-3.1.

For the stable distribution (sarge) this problem has been fixed in version 1.6.0-8.1

The unstable distribution (sid) does no longer contain libapache-auth-ldap.

We recommend that you upgrade your libapache-auth-ldap package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

    http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-3.1.dsc
      Size/MD5 checksum: 652 6ef1d9323674ef6a5f076b3b65ccf60e
    http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-3.1.diff.gz
      Size/MD5 checksum: 3927 e8197f2db55a7c9e570ee5f72bc3ff39
    http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0.orig.tar.gz
      Size/MD5 checksum: 79058 de283639b40e3f359ad6e4a65cad1813

Alpha architecture:

    http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-3.1_alpha.deb
      Size/MD5 checksum: 71528 46f26f6c68fa1e900e7c3b4b6f65e83c

ARM architecture:

    http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-3.1_arm.deb
      Size/MD5 checksum: 69554 59ed4e025245a4b2397530f165d7a20e

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-3.1_i386.deb
      Size/MD5 checksum: 68958 1bded30a2554d58d8a856e61477b42ba

Intel IA-64 architecture: