|
 |
Debian GNU/Linux
Debian Security Advisory DSA 980-1 security@debian.org
Package : tutos Joxean Koret discovered several security problems in tutos, a web-based team organization software. The Common Vulnerabilities and Exposures Project identifies the following problems: CVE-2004-2161 An SQL injection vulnerability allows the execution of SQL commands through the link_id parameter in file_overview.php. CVE-2004-2162 Cross-Site-Scripting vulnerabilities in the search function of the address book and in app_new.php allow the execution of web script code. The old stable distribution (woody) does not contain tutos packages. For the stable distribution (sarge) these problems have been fixed in version 1.1.20031017-2+1sarge1. The unstable distribution (sid) does no longer contain tutos packages. We recommend that you upgrade your tutos package. Upgrade Instructions wget url
will fetch the file for you will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge Source archives:
http://security.debian.org/pool/updates/main/t/tutos/tutos_1.1.20031017-2+1sarge1.dsc Architecture independent components:
http://security.debian.org/pool/updates/main/t/tutos/tutos_1.1.20031017-2+1sarge1_all.deb These files will probably be moved into the stable distribution on its next update.
Debian Security Advisory DSA 981-1 security@debian.org
Package : bmv "felinemalice" discovered an integer overflow in BMV, a post script viewer for SVGAlib, that may lead to the execution of arbitrary code through specially crafted Postscript files. For the old stable distribution (woody) this problem has been fixed in version 1.2-14.3. For the stable distribution (sarge) this problem has been fixed in version 1.2-17sarge1. For the unstable distribution (sid) this problem has been fixed in version 1.2-18. We recommend that you upgrade your bmv package. Upgrade Instructions wget url
will fetch the file for you will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody Source archives:
http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2-14.3.dsc Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2-14.3_i386.deb Debian GNU/Linux 3.1 alias sarge Source archives:
http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2-17sarge1.dsc Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2-17sarge1_i386.deb These files will probably be moved into the stable distribution on its next update.
Debian Security Advisory DSA 984-1 security@debian.org
Package : xpdf Derek Noonburg has fixed several potential vulnerabilities in xpdf, the Portable Document Format (PDF) suite. The old stable distribution (woody) does not seem to be affected. For the stable distribution (sarge) these problems have been fixed in version 3.00-13.6. For the unstable distribution (sid) these problems have been fixed in version 3.01-7. We recommend that you upgrade your xpdf packages. Upgrade Instructions wget url
will fetch the file for you will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge Source archives:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.6.dsc Architecture independent components:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.00-13.6_all.deb Alpha architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_alpha.deb AMD64 architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_amd64.deb ARM architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_arm.deb Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_i386.deb Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_ia64.deb HP Precision architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_hppa.deb Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_m68k.deb Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_mips.deb Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_mipsel.deb PowerPC architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_powerpc.deb IBM S/390 architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_s390.deb Sun Sparc architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_sparc.deb These files will probably be moved into the stable distribution on its next update. For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> Fedora CoreFedora Update Notification FEDORA-2006-131 2006-03-02
Product : Fedora Core 4
Description : Update Information: This update rebases to the latest -stable release (2.6.15.5), which fixes a number of security problems.
Further information on 2.6.15.5 changes can be found in the
upstream changelog at Further Fedora specific changes are detailed below.
This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
7682f506eeb41aee31371405d55e7fa93e01360f SRPMS/kernel-2.6.15-1.1833_FC4.src.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. Fedora LegacyFedora Legacy Update Advisory
Synopsis: Updated perl-DBI package fixes security issue 1. Topic: An updated perl-DBI package that fixes a temporary file flaw in DBI::ProxyServer is now available. DBI is a database access Application Programming Interface (API) for the Perl programming language. 2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386 3. Problem description: The Debian Security Audit Project discovered that the DBI library creates a temporary PID file in an insecure manner. A local user could overwrite or create files as a different user who happens to run an application which uses DBI::ProxyServer. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2005-0077 to this issue. Users should update to this erratum package which disables the temporary PID file unless configured. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178989 6. RPMs required:
Red Hat Linux 7.3:
i386: Red Hat Linux 9:
SRPM:
i386: Fedora Core 1:
SRPM:
i386: Fedora Core 2:
SRPM:
i386: 7. Verification: SHA1 sum Package Name
847cb03e61abf1bbb965b2fa6e7c0f812e7edde1
redhat/7.3/updates/i386/perl-DBI-1.21-1.1.legacy.i386.rpm
2e473b5822a019a10b7b9577f4de60933e75fecc
redhat/9/updates/i386/perl-DBI-1.32-5.1.legacy.i386.rpm
50a02fd2d68f47d35f76bc690281253bbdf9a486
fedora/1/updates/i386/perl-DBI-1.37-1.1.legacy.i386.rpm
69a623c7db409341705bfc125b5fd6f0c056af7b
fedora/2/updates/i386/perl-DBI-1.40-4.1.legacy.i386.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum <filename> 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0077 9. Contact: The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org Mandriva Linux
Mandriva Linux Security Advisory MDKSA-2006:052
Package : mozilla-thunderbird Problem Description: The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and earlier allows user-complicit attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail. Updated packages have been patched to address this issue. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0884 Updated Packages:
Mandriva Linux 2006.0:
Mandriva Linux 2006.0/X86_64: To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com
Type Bits/KeyID Date User ID Ubuntu LinuxUbuntu Security Notice USN-259-1 March 01, 2006 irssi-text vulnerability CVE-2006-0458 A security issue affects the following Ubuntu releases: Ubuntu 5.10 (Breezy Badger) The following packages are affected: irssi-text The problem can be corrected by upgrading the affected package to version 0.8.9+0.8.10rc5-0ubuntu4.1. After a standard system upgrade you need to restart irssi to effect the necessary changes. Details follow: A Denial of Service vulnerability was discoverd in irssi. The DCC ACCEPT command handler did not sufficiently verify the remotely specified arguments. A remote attacker could exploit this to crash irssi by sending a specially crafted DCC commands. Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/irssi-text/irssi-text_0.8.9+0.8.10rc5-0ubuntu4.1.diff.gz amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/irssi-text/irssi-text_0.8.9+0.8.10rc5-0ubuntu4.1_amd64.deb i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/irssi-text/irssi-text_0.8.9+0.8.10rc5-0ubuntu4.1_i386.deb powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/i/irssi-text/irssi-text_0.8.9+0.8.10rc5-0ubuntu4.1_powerpc.deb  
|
 |
|
|
|
|
| All times are recorded in UTC. Linux is a trademark of Linus Torvalds. Powered by Linux, Apache and PHP |
