Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Advisories, May 9, 2006

May 10, 2006, 04:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 1053-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
May 9th, 2006 http://www.debian.org/security/faq


Package : mozilla
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-1993
CERT advisory : VU#866300
BugTraq ID : 17671

Martijn Wargers and Nick Mott described crashes of Mozilla due to the use of a deleted controller context. In theory this could be abused to execute malicious code.

For the stable distribution (sarge) this problem has been fixed in version 1.7.8-1sarge6.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your mozilla packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6.dsc
      Size/MD5 checksum: 1123 46496c13d9bbf31e70a30a75c7c036c5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6.diff.gz
      Size/MD5 checksum: 473137 2558004214b55808e0b0fe068b65848d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
      Size/MD5 checksum: 30589520 13c0f0331617748426679e8f2e9f537a

Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_alpha.deb
      Size/MD5 checksum: 168072 fd51a6032a4038644185ba42d76612cd
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_alpha.deb
      Size/MD5 checksum: 146398 99802c860372f1144c96b82025352f50
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_alpha.deb
      Size/MD5 checksum: 184934 7a7fff15ff1cc8baa45010da2bf5d806
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_alpha.deb
      Size/MD5 checksum: 856004 e409a2fe8da3f0215ffe3637adfdbfbe
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_alpha.deb
      Size/MD5 checksum: 1034 2cb3fd1f941e797f8adfd14ad9e7e1d6
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_alpha.deb
      Size/MD5 checksum: 11477506 f5360780f7f66e9f6ba9eecc3af988c9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_alpha.deb
      Size/MD5 checksum: 403270 55f1e5834e4135c2aff95d6fe650a9dc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_alpha.deb
      Size/MD5 checksum: 158334 15707b9920fd1231d8e3c24558c5ac1e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_alpha.deb
      Size/MD5 checksum: 3357278 9e9ea74c8c227f387062ce356ca058cb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_alpha.deb
      Size/MD5 checksum: 122288 c332dc61330339af10c92de993c2fd4f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_alpha.deb
      Size/MD5 checksum: 204150 36b4a2719823507b9bb058299e3e053e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_alpha.deb
      Size/MD5 checksum: 1937080 51e2db56a854c04d2b6fa0fb3285c528
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_alpha.deb
      Size/MD5 checksum: 212400 6044a9f0baa8723ee74e82eb170d1939

AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_amd64.deb
      Size/MD5 checksum: 168076 d9afd6f232ed5c716dd4a0c2e771a355
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_amd64.deb
      Size/MD5 checksum: 145530 c162ca0375ff9316bd4e9fc9158e6483
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_amd64.deb
      Size/MD5 checksum: 184942 5cdc83d3c9b6cfa39100736aab2a5cb5
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_amd64.deb
      Size/MD5 checksum: 714382 0f002b28b068e483fd31e3ea54540e6b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_amd64.deb
      Size/MD5 checksum: 1038 ad8d53c0e52ebb58a430a743ffb4f2b5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_amd64.deb
      Size/MD5 checksum: 10945894 9fa739e52dee0153b376cd2d5c8844e9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_amd64.deb
      Size/MD5 checksum: 403286 a2245c4e556b3f17623bc830d44061d7
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_amd64.deb
      Size/MD5 checksum: 158326 3dedb0e836b39da2504d907c5ffdbd3d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_amd64.deb
      Size/MD5 checksum: 3351334 a6e589be976a34845954d988c57dda5b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_amd64.deb
      Size/MD5 checksum: 121186 88a81d81454871acdabe23c83642821b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_amd64.deb
      Size/MD5 checksum: 204154 1d9a676728b24b50657af17620bd904e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_amd64.deb
      Size/MD5 checksum: 1936016 f00575de568e089909a57d19ae6c165d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_amd64.deb
      Size/MD5 checksum: 204346 32e7a762c21f5e649ba41c1cdc36f0a1

ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_arm.deb
      Size/MD5 checksum: 168074 1e5df434f469fa0c069ebf4542de9181
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_arm.deb
      Size/MD5 checksum: 123890 e232f965819d40d1d9466d1f942706a1
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_arm.deb
      Size/MD5 checksum: 184960 0565cf1cdf465d01a5d4384a865ef133
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_arm.deb
      Size/MD5 checksum: 631594 274eb11303d3cc9679b2296895bb6177
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_arm.deb
      Size/MD5 checksum: 1034 248191bf66bc183f4197855d2dd51441
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_arm.deb
      Size/MD5 checksum: 9206762 4dff840978b6a8aaf9b9c18a8ac3d312
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_arm.deb
      Size/MD5 checksum: 403310 173d3e4bff6c5d8469fb4eaa7de5c633
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_arm.deb
      Size/MD5 checksum: 158346 f5984d5da46a0bb547ad1b76824279cc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_arm.deb
      Size/MD5 checksum: 3340792 6a7e72da2379a3c189739a6d92cf4c8e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_arm.deb
      Size/MD5 checksum: 112682 8979756e8d46faa7753bdc9ec87d08fb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_arm.deb
      Size/MD5 checksum: 204154 3a3e87e18613d570bc1e9da12d637d86
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_arm.deb
      Size/MD5 checksum: 1604408 35dec28401469095d9d17f13b2e40c60
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_arm.deb
      Size/MD5 checksum: 168868 b5205334331c55a7cccd1f3604f1832f

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_i386.deb
      Size/MD5 checksum: 170348 e1bc96a4ddd122975a8f4aaa3cf98173
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_i386.deb
      Size/MD5 checksum: 136366 4ed5d5de40d9428451612c5262fbe620
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_i386.deb
      Size/MD5 checksum: 187134 17ab055df354df90b4bf70fa9e1556d3
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_i386.deb
      Size/MD5 checksum: 661130 4484cdea9f8c86fdadba37a4887dd8d0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_i386.deb
      Size/MD5 checksum: 1036 5fa7cf89b623e35e5686f9ec49f76742
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_i386.deb
      Size/MD5 checksum: 10333018 028d1e2fb75728baa620856540e782cb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_i386.deb
      Size/MD5 checksum: 403510 cccbd195c56e7d1935a02e95e1a7c651
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_i386.deb
      Size/MD5 checksum: 158352 2f9157bc2301b72aa7c4bbcd97f5db5c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_i386.deb
      Size/MD5 checksum: 3592516 5b5b42a891ae39581e5f3e66eaf29085
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_i386.deb
      Size/MD5 checksum: 116682 e776421a5ea762c1b933f302c45d87bb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_i386.deb
      Size/MD5 checksum: 204166 a6f15974e674118ab0847c121d761f0c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_i386.deb
      Size/MD5 checksum: 1816048 7a9335c376f3df9b730073e11bea4fe1
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_i386.deb
      Size/MD5 checksum: 192636 dbec79d2e9edb833196c1e6dc8c4ca64

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_ia64.deb
      Size/MD5 checksum: 168056 5ded9fba54f701543368903b5f8ab563
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_ia64.deb
      Size/MD5 checksum: 173902 4eb9bab760f09379733393f8689050ac
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_ia64.deb
      Size/MD5 checksum: 184940 26a6d6f1ed2b5a61fc41e644d5f4d3e9
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_ia64.deb
      Size/MD5 checksum: 966314 ecfe259cb1c6a47fdd4ff01316c743e7
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_ia64.deb
      Size/MD5 checksum: 1034 bc8c91625c1f5256d83a93801792100d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_ia64.deb
      Size/MD5 checksum: 12942916 667732b8b16db84bc4584f4c91af9519
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_ia64.deb
      Size/MD5 checksum: 403262 2d17185a555f01eede7e6c96a187403e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_ia64.deb
      Size/MD5 checksum: 158326 19cf2fb90d3caa5f15476ae0faf98f8d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_ia64.deb
      Size/MD5 checksum: 3377068 761e0c9161590d030efcef70d4583e1f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_ia64.deb
      Size/MD5 checksum: 125590 018d272c97ae4fcbf680966d197cf85b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_ia64.deb
      Size/MD5 checksum: 204146 b1784652eef38d2b7affd09537630b39
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_ia64.deb
      Size/MD5 checksum: 2302194 5bce4fb8583a8702c3eb2ab81567a882
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_ia64.deb
      Size/MD5 checksum: 242672 1e9a6ee92e76736e3dd0a0da3237f160

HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_hppa.deb
      Size/MD5 checksum: 168076 d604fdbe94f09400aac43c7b0ca1d85e
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_hppa.deb
      Size/MD5 checksum: 156466 2aaaf6fed027b73b2403f7e808a50b63
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_hppa.deb
      Size/MD5 checksum: 184940 b88c9e1a659d82959315c2bb43982065
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_hppa.deb
      Size/MD5 checksum: 754330 c345a7bbbc5b8363c110823e8c1a4cb0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_hppa.deb
      Size/MD5 checksum: 1038 382fcc9b41aa657f7f49f742292f3073
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_hppa.deb
      Size/MD5 checksum: 12163096 ca4c3161cda013934910efbdb24949b0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_hppa.deb
      Size/MD5 checksum: 403290 3082c15be3a578867fbd164fe11e4c02
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_hppa.deb
      Size/MD5 checksum: 158342 5e696aa2191b2fd14bee3a3f2b906fa9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_hppa.deb
      Size/MD5 checksum: 3357748 5ce31c0589fdb05c43cc627e626526cb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_hppa.deb
      Size/MD5 checksum: 123524 3c8ea2bfd915bd1a95c37921bbe5a8ef
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_hppa.deb
      Size/MD5 checksum: 204152 7db51695f6612529f36b5b94a0441388
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_hppa.deb
      Size/MD5 checksum: 2135134 cd17baa6b30430e6f22188b43fc35212
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_hppa.deb
      Size/MD5 checksum: 216156 d3f0edc4cfbb6c0b4740800696b3745a

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_m68k.deb
      Size/MD5 checksum: 168084 2828179c6f90ff81627e886c59e8ce93
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_m68k.deb
      Size/MD5 checksum: 125556 041d0b731b29dd92b7657ea7cb8700dc
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_m68k.deb
      Size/MD5 checksum: 184988 c58e6af12d16335b0087b24762da2362
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_m68k.deb
      Size/MD5 checksum: 599662 e97a96943dec77a3c41c344e511529c4
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_m68k.deb
      Size/MD5 checksum: 1042 e3b3b654e4562aca7eb54320aa86f2db
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_m68k.deb
      Size/MD5 checksum: 9703552 b0d3087fa3f53fa64ad6b832311ab91a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_m68k.deb
      Size/MD5 checksum: 403328 de4624633b94d423dc99997a6b39cc49
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_m68k.deb
      Size/MD5 checksum: 158386 436b3cb1b221adc10d3f4f91487fb95d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_m68k.deb
      Size/MD5 checksum: 3335452 3e0afe82ab5c85df86c17898b912404d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_m68k.deb
      Size/MD5 checksum: 114448 d03b348963414a569222b502560d3b3b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_m68k.deb
      Size/MD5 checksum: 204182 ceba6c2491ac7ca1e90a3068781516dd
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_m68k.deb
      Size/MD5 checksum: 1683028 9df65956b8aedd47511ca513d9f7c392
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_m68k.deb
      Size/MD5 checksum: 174744 21601ec5747654e997bcf31a9dd5ca62

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_mips.deb
      Size/MD5 checksum: 168068 29c3a6d84037031a7e2260f14c582bb0
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_mips.deb
      Size/MD5 checksum: 140430 d4d5742d214ef356d92b47f7db08e8b2
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_mips.deb
      Size/MD5 checksum: 184944 0b8b31b9ecffb3ebb250842f70fc6c77
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_mips.deb
      Size/MD5 checksum: 725406 2fe07024db285b88558c01519186e97c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_mips.deb
      Size/MD5 checksum: 1036 039c4d29321b32b30da6e17938bacbd4
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_mips.deb
      Size/MD5 checksum: 10728064 03b0df29956a41290f80999e902a8296
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_mips.deb
      Size/MD5 checksum: 403300 3b917495fcbc728d29cc80cb40d8e34e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_mips.deb
      Size/MD5 checksum: 158338 a4a0966a627b0faa510b957b4980fa16
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_mips.deb
      Size/MD5 checksum: 3357314 c844c405881b9780db90aadf12e7c6db
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_mips.deb
      Size/MD5 checksum: 117616 cc7b51b151dddc8e9f2167f5b356861a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_mips.deb
      Size/MD5 checksum: 204160 a46d2a84ac1ac355e5f61a18bad6b670
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_mips.deb
      Size/MD5 checksum: 1795496 d4d4aedcba5c7c34a0098796b41703ce
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_mips.deb
      Size/MD5 checksum: 189884 9f44f232b5d5f21e48d26fd64c0966c5

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_mipsel.deb
      Size/MD5 checksum: 168076 0d912618b7df98b61713412291481d16
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_mipsel.deb
      Size/MD5 checksum: 140390 c1c97fa9fd4c2d6f18aba1423d8c1f6e
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_mipsel.deb
      Size/MD5 checksum: 184958 d8ee579e95af3094fd549eeccdc9769c
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_mipsel.deb
      Size/MD5 checksum: 714850 47d195b6c0fc034c9d0fb3b749a21893
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_mipsel.deb
      Size/MD5 checksum: 1038 b81d1b3b5a657c12a4e1e5930702bcc0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_mipsel.deb
      Size/MD5 checksum: 10603054 043a8b3c3b55a1318797c4e9447b6e1b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_mipsel.deb
      Size/MD5 checksum: 403306 a3ea4cd5e04b63d76d1d6a15f4828677
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_mipsel.deb
      Size/MD5 checksum: 158356 362126c740ec2bbf84d2d64d7eb9d5b5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_mipsel.deb
      Size/MD5 checksum: 3357908 bbb658b5f77111eb36f82ae536f5e290
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_mipsel.deb
      Size/MD5 checksum: 117206 e457c383ca6da670616cf0f53c8d1e97
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_mipsel.deb
      Size/MD5 checksum: 204164 1adab829fb96ecd09b6cd37428b63ea4
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_mipsel.deb
      Size/MD5 checksum: 1777568 189e91cd5722dbffb02307325d42d933
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_mipsel.deb
      Size/MD5 checksum: 187434 53d610ef976324813135bc014abcf0c7

PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_powerpc.deb
      Size/MD5 checksum: 168074 6adc6fc90aa9ed991a3fe0f44ba9cf6b
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_powerpc.deb
      Size/MD5 checksum: 130898 57a336d8e4a99a12bef99dbb0cc29b9f
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_powerpc.deb
      Size/MD5 checksum: 184934 4b4628bf889e47d4f771c219c3699816
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_powerpc.deb
      Size/MD5 checksum: 718600 8f9cd2cb3793558ffcefa81554534c6e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_powerpc.deb
      Size/MD5 checksum: 1034 c6f56998ae1a67f12a824c25c710356f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_powerpc.deb
      Size/MD5 checksum: 9702898 e640803c722e44bf1893e6adae9594fa
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_powerpc.deb
      Size/MD5 checksum: 403284 03dd1f7da767f52e3cd9687e67b36a65
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_powerpc.deb
      Size/MD5 checksum: 158334 3c1805cf8aff1f18f4bfbc4296e8425e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_powerpc.deb
      Size/MD5 checksum: 3339648 dd290b0471fab52733fc0d478be82e1a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_powerpc.deb
      Size/MD5 checksum: 114588 9665d6ace8e42e6cdaec57b9c2b2ed42
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_powerpc.deb
      Size/MD5 checksum: 204160 619e6806cb2252979deb912081da75e6
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_powerpc.deb
      Size/MD5 checksum: 1642980 15ad96270ea756471daba8330fbf3aa4
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_powerpc.deb
      Size/MD5 checksum: 175664 0ab0c49b4a261f3b09d190e554a77f67

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_s390.deb
      Size/MD5 checksum: 168076 74c3fdfdb043dade2ff387e4fbf312da
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_s390.deb
      Size/MD5 checksum: 156208 23c8e2acb419c70aa10d8f5d7c491c33
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_s390.deb
      Size/MD5 checksum: 184932 fc38cbadb10990b87f70e069f501cc21
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_s390.deb
      Size/MD5 checksum: 798594 cf5a50b4b93384cec5174d262b9c6040
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_s390.deb
      Size/MD5 checksum: 1038 25acca7f96f3bf92c64bbfd94800a05f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_s390.deb
      Size/MD5 checksum: 11325218 27197c826f43411d8cc5f7fece043b95
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_s390.deb
      Size/MD5 checksum: 403308 65996ca6b43d6b0f0f2c1efd351e4daa
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_s390.deb
      Size/MD5 checksum: 158350 e8ff0cee0271ab591822eafec2469a80
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_s390.deb
      Size/MD5 checksum: 3352164 3826b426e54de0471d91292a3f87c1e9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_s390.deb
      Size/MD5 checksum: 121350 e1a7149c57ca36d3f9a00ab95770ca8b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_s390.deb
      Size/MD5 checksum: 204168 11c161fd88b404cb2f30ac9b58d1ded3
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_s390.deb
      Size/MD5 checksum: 1944710 cdc344d61faf3851759e530a5efd6fdb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_s390.deb
      Size/MD5 checksum: 213436 975ec193e66982ac318c0ba118c3569e

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_sparc.deb
      Size/MD5 checksum: 168072 e6c720a04654e35f44956fb2d391837b
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_sparc.deb
      Size/MD5 checksum: 128110 b2e3472a4a47ca88dc13adaa521baf8d
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_sparc.deb
      Size/MD5 checksum: 184960 ffba73ff29a87999295dc32791b25bd5
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_sparc.deb
      Size/MD5 checksum: 672374 a121a25eb35cc82dd3c073c47556f440
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_sparc.deb
      Size/MD5 checksum: 1042 e27bf3a1491eb1b84547c19df1eed336
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_sparc.deb
      Size/MD5 checksum: 9373052 c1d44b9f7c43734908825b07ac622d4d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_sparc.deb
      Size/MD5 checksum: 403274 616c663eb1b55f17e3b4e7e45e535696
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_sparc.deb
      Size/MD5 checksum: 158338 436fa26f8f842fa09ae404c2bfb104d1
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_sparc.deb
      Size/MD5 checksum: 3340712 0ed39d284b2a960ad6e4e6d726411629
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_sparc.deb
      Size/MD5 checksum: 112516 4586fc8d6dc38b230741f3a4906d06be
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_sparc.deb
      Size/MD5 checksum: 204154 0028c2a21bf254ab510d948d4f73579a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_sparc.deb
      Size/MD5 checksum: 1583738 d92f8d2a073e45efb6d65dc5b157107c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_sparc.deb
      Size/MD5 checksum: 168008 16a730934dd4914ca2a100b81f3ed3f4

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 1054-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
May 9th, 2006 http://www.debian.org/security/faq


Package : tiff
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CAN-2006-2024 CAN-2006-2025 CAN-2006-2026
BugTraq IDs : 17730 17732 17733

Tavis Ormandy discovered several vulnerabilities in the TIFF library that can lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-2024

Multiple vulnerabilities allow attackers to cause a denial of service.

CVE-2006-2025

An integer overflows allows attackers to cause a denial of service and possibly execute arbitrary code.

CVE-2006-2026

A double-free vulnerability allows attackers to cause a denial of service and possibly execute arbitrary code.

For the old stable distribution (woody) these problems have been fixed in version 3.5.5-7woody1.

For the stable distribution (sarge) these problems have been fixed in version 3.7.2-3sarge1.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your libtiff packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7woody1.dsc
      Size/MD5 checksum: 637 cf22045e1a49b2742c91b7f0a905adeb
    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7woody1.diff.gz
      Size/MD5 checksum: 38424 d087fb3914b10aef86959b9ed52ec955
    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz
      Size/MD5 checksum: 693641 3b7199ba793dec6ca88f38bb0c8cc4d8

Alpha architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_alpha.deb
      Size/MD5 checksum: 141492 484fe914264072028ef4b02b97300ea8
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_alpha.deb
      Size/MD5 checksum: 106130 65673af7006686eb2718f45abfb39130
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_alpha.deb
      Size/MD5 checksum: 423888 2bc86fdbf9c751ac7173889e53d6ddcc

ARM architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_arm.deb
      Size/MD5 checksum: 117008 1f272257c4987092ff80563840acd4e3
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_arm.deb
      Size/MD5 checksum: 91560 e84fa486a3f25e69d7d6b093a8d890e4
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_arm.deb
      Size/MD5 checksum: 404854 b709c95f40e52e4e1003dbf6e5c768f7

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_i386.deb
      Size/MD5 checksum: 112074 0f9fb0719cb1ed7b5954b8c70d9c9049
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_i386.deb
      Size/MD5 checksum: 82018 c8f11403adfa3ec5695d5468f56401b2
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_i386.deb
      Size/MD5 checksum: 387406 1c2350b56c49cde7b899d6e8261397ec

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_ia64.deb
      Size/MD5 checksum: 158788 883e3b5861f0f3610e6d1005ca760d3d
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_ia64.deb
      Size/MD5 checksum: 136620 846e662216862a10e53e282a316400a6
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_ia64.deb
      Size/MD5 checksum: 447038 73838b902a9dd1bb26146a397eb692db

HP Precision architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_hppa.deb
      Size/MD5 checksum: 128282 eea419b6a514c4971d8cce8afe701b6e
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_hppa.deb
      Size/MD5 checksum: 107664 b71f9194d14e10758a13259654fcc410
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_hppa.deb
      Size/MD5 checksum: 420756 235956ededa69f803954040c8be01033

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtif