Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections: Blog - Developer - High Performance - Infrastructure - IT Management - Security - Storage -
Linux Today Navigation
LT Home
Preferences
Contribute
Link to Us
Search
Linux Jobs

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Technology Jobs

JustTechJobs.com

LinuxToday Newsletters
Server Daily
IT Management Daily
Subscribe News
Subscribe PR
Subscribe Security

internet.com
Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

 






Current Newswire:

20 popular Ubuntu Linux apps you may want to try

A Selection of the Very Best Open Source Tutorials and Tools

Android Ice Cream Sandwich ported to x86 tablets, netbooks and notebooks

SECURITY: Google Chrome 17 Improves Security

How to read a CSV file in Perl?

Red Hat Brings Gluster to Amazon Cloud

New Linux kernel fixes power-saving issues

Using Wii remote with Android Device- Taking Gaming to the Next Level

Commercial Support now available for the open-source NGINX Web server

Linux Top 5: Linux's New Fellow



Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Justtechjobs.com Post A Job | Post A Resume
:Advisories, May 9, 2006
Advisories, May 9, 2006
May 10, 2006, 04 :45 UTC (0 Talkback[s]) (2234 reads)

Debian GNU/Linux

Debian Security Advisory DSA 1053-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
May 9th, 2006 http://www.debian.org/security/faq

Package : mozilla
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-1993
CERT advisory : VU#866300
BugTraq ID : 17671

Martijn Wargers and Nick Mott described crashes of Mozilla due to the use of a deleted controller context. In theory this could be abused to execute malicious code.

For the stable distribution (sarge) this problem has been fixed in version 1.7.8-1sarge6.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your mozilla packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6.dsc
      Size/MD5 checksum: 1123 46496c13d9bbf31e70a30a75c7c036c5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6.diff.gz
      Size/MD5 checksum: 473137 2558004214b55808e0b0fe068b65848d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
      Size/MD5 checksum: 30589520 13c0f0331617748426679e8f2e9f537a

Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_alpha.deb
      Size/MD5 checksum: 168072 fd51a6032a4038644185ba42d76612cd
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_alpha.deb
      Size/MD5 checksum: 146398 99802c860372f1144c96b82025352f50
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_alpha.deb
      Size/MD5 checksum: 184934 7a7fff15ff1cc8baa45010da2bf5d806
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_alpha.deb
      Size/MD5 checksum: 856004 e409a2fe8da3f0215ffe3637adfdbfbe
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_alpha.deb
      Size/MD5 checksum: 1034 2cb3fd1f941e797f8adfd14ad9e7e1d6
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_alpha.deb
      Size/MD5 checksum: 11477506 f5360780f7f66e9f6ba9eecc3af988c9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_alpha.deb
      Size/MD5 checksum: 403270 55f1e5834e4135c2aff95d6fe650a9dc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_alpha.deb
      Size/MD5 checksum: 158334 15707b9920fd1231d8e3c24558c5ac1e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_alpha.deb
      Size/MD5 checksum: 3357278 9e9ea74c8c227f387062ce356ca058cb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_alpha.deb
      Size/MD5 checksum: 122288 c332dc61330339af10c92de993c2fd4f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_alpha.deb
      Size/MD5 checksum: 204150 36b4a2719823507b9bb058299e3e053e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_alpha.deb
      Size/MD5 checksum: 1937080 51e2db56a854c04d2b6fa0fb3285c528
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_alpha.deb
      Size/MD5 checksum: 212400 6044a9f0baa8723ee74e82eb170d1939

AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_amd64.deb
      Size/MD5 checksum: 168076 d9afd6f232ed5c716dd4a0c2e771a355
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_amd64.deb
      Size/MD5 checksum: 145530 c162ca0375ff9316bd4e9fc9158e6483
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_amd64.deb
      Size/MD5 checksum: 184942 5cdc83d3c9b6cfa39100736aab2a5cb5
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_amd64.deb
      Size/MD5 checksum: 714382 0f002b28b068e483fd31e3ea54540e6b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_amd64.deb
      Size/MD5 checksum: 1038 ad8d53c0e52ebb58a430a743ffb4f2b5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_amd64.deb
      Size/MD5 checksum: 10945894 9fa739e52dee0153b376cd2d5c8844e9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_amd64.deb
      Size/MD5 checksum: 403286 a2245c4e556b3f17623bc830d44061d7
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_amd64.deb
      Size/MD5 checksum: 158326 3dedb0e836b39da2504d907c5ffdbd3d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_amd64.deb
      Size/MD5 checksum: 3351334 a6e589be976a34845954d988c57dda5b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_amd64.deb
      Size/MD5 checksum: 121186 88a81d81454871acdabe23c83642821b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_amd64.deb
      Size/MD5 checksum: 204154 1d9a676728b24b50657af17620bd904e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_amd64.deb
      Size/MD5 checksum: 1936016 f00575de568e089909a57d19ae6c165d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_amd64.deb
      Size/MD5 checksum: 204346 32e7a762c21f5e649ba41c1cdc36f0a1

ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_arm.deb
      Size/MD5 checksum: 168074 1e5df434f469fa0c069ebf4542de9181
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_arm.deb
      Size/MD5 checksum: 123890 e232f965819d40d1d9466d1f942706a1
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_arm.deb
      Size/MD5 checksum: 184960 0565cf1cdf465d01a5d4384a865ef133
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_arm.deb
      Size/MD5 checksum: 631594 274eb11303d3cc9679b2296895bb6177
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_arm.deb
      Size/MD5 checksum: 1034 248191bf66bc183f4197855d2dd51441
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_arm.deb
      Size/MD5 checksum: 9206762 4dff840978b6a8aaf9b9c18a8ac3d312
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_arm.deb
      Size/MD5 checksum: 403310 173d3e4bff6c5d8469fb4eaa7de5c633
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_arm.deb
      Size/MD5 checksum: 158346 f5984d5da46a0bb547ad1b76824279cc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_arm.deb
      Size/MD5 checksum: 3340792 6a7e72da2379a3c189739a6d92cf4c8e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_arm.deb
      Size/MD5 checksum: 112682 8979756e8d46faa7753bdc9ec87d08fb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_arm.deb
      Size/MD5 checksum: 204154 3a3e87e18613d570bc1e9da12d637d86
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_arm.deb
      Size/MD5 checksum: 1604408 35dec28401469095d9d17f13b2e40c60
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_arm.deb
      Size/MD5 checksum: 168868 b5205334331c55a7cccd1f3604f1832f

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_i386.deb
      Size/MD5 checksum: 170348 e1bc96a4ddd122975a8f4aaa3cf98173
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_i386.deb
      Size/MD5 checksum: 136366 4ed5d5de40d9428451612c5262fbe620
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_i386.deb
      Size/MD5 checksum: 187134 17ab055df354df90b4bf70fa9e1556d3
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_i386.deb
      Size/MD5 checksum: 661130 4484cdea9f8c86fdadba37a4887dd8d0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_i386.deb
      Size/MD5 checksum: 1036 5fa7cf89b623e35e5686f9ec49f76742
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_i386.deb
      Size/MD5 checksum: 10333018 028d1e2fb75728baa620856540e782cb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_i386.deb
      Size/MD5 checksum: 403510 cccbd195c56e7d1935a02e95e1a7c651
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_i386.deb
      Size/MD5 checksum: 158352 2f9157bc2301b72aa7c4bbcd97f5db5c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_i386.deb
      Size/MD5 checksum: 3592516 5b5b42a891ae39581e5f3e66eaf29085
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_i386.deb
      Size/MD5 checksum: 116682 e776421a5ea762c1b933f302c45d87bb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_i386.deb
      Size/MD5 checksum: 204166 a6f15974e674118ab0847c121d761f0c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_i386.deb
      Size/MD5 checksum: 1816048 7a9335c376f3df9b730073e11bea4fe1
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_i386.deb
      Size/MD5 checksum: 192636 dbec79d2e9edb833196c1e6dc8c4ca64

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_ia64.deb
      Size/MD5 checksum: 168056 5ded9fba54f701543368903b5f8ab563
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_ia64.deb
      Size/MD5 checksum: 173902 4eb9bab760f09379733393f8689050ac
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_ia64.deb
      Size/MD5 checksum: 184940 26a6d6f1ed2b5a61fc41e644d5f4d3e9
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_ia64.deb
      Size/MD5 checksum: 966314 ecfe259cb1c6a47fdd4ff01316c743e7
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_ia64.deb
      Size/MD5 checksum: 1034 bc8c91625c1f5256d83a93801792100d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_ia64.deb
      Size/MD5 checksum: 12942916 667732b8b16db84bc4584f4c91af9519
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_ia64.deb
      Size/MD5 checksum: 403262 2d17185a555f01eede7e6c96a187403e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_ia64.deb
      Size/MD5 checksum: 158326 19cf2fb90d3caa5f15476ae0faf98f8d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_ia64.deb
      Size/MD5 checksum: 3377068 761e0c9161590d030efcef70d4583e1f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_ia64.deb
      Size/MD5 checksum: 125590 018d272c97ae4fcbf680966d197cf85b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_ia64.deb
      Size/MD5 checksum: 204146 b1784652eef38d2b7affd09537630b39
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_ia64.deb
      Size/MD5 checksum: 2302194 5bce4fb8583a8702c3eb2ab81567a882
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_ia64.deb
      Size/MD5 checksum: 242672 1e9a6ee92e76736e3dd0a0da3237f160

HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_hppa.deb
      Size/MD5 checksum: 168076 d604fdbe94f09400aac43c7b0ca1d85e
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_hppa.deb
      Size/MD5 checksum: 156466 2aaaf6fed027b73b2403f7e808a50b63
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_hppa.deb
      Size/MD5 checksum: 184940 b88c9e1a659d82959315c2bb43982065
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_hppa.deb
      Size/MD5 checksum: 754330 c345a7bbbc5b8363c110823e8c1a4cb0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_hppa.deb
      Size/MD5 checksum: 1038 382fcc9b41aa657f7f49f742292f3073
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_hppa.deb
      Size/MD5 checksum: 12163096 ca4c3161cda013934910efbdb24949b0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_hppa.deb
      Size/MD5 checksum: 403290 3082c15be3a578867fbd164fe11e4c02
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_hppa.deb
      Size/MD5 checksum: 158342 5e696aa2191b2fd14bee3a3f2b906fa9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_hppa.deb
      Size/MD5 checksum: 3357748 5ce31c0589fdb05c43cc627e626526cb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_hppa.deb
      Size/MD5 checksum: 123524 3c8ea2bfd915bd1a95c37921bbe5a8ef
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_hppa.deb
      Size/MD5 checksum: 204152 7db51695f6612529f36b5b94a0441388
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_hppa.deb
      Size/MD5 checksum: 2135134 cd17baa6b30430e6f22188b43fc35212
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_hppa.deb
      Size/MD5 checksum: 216156 d3f0edc4cfbb6c0b4740800696b3745a

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_m68k.deb
      Size/MD5 checksum: 168084 2828179c6f90ff81627e886c59e8ce93
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_m68k.deb
      Size/MD5 checksum: 125556 041d0b731b29dd92b7657ea7cb8700dc
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_m68k.deb
      Size/MD5 checksum: 184988 c58e6af12d16335b0087b24762da2362
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_m68k.deb
      Size/MD5 checksum: 599662 e97a96943dec77a3c41c344e511529c4
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_m68k.deb
      Size/MD5 checksum: 1042 e3b3b654e4562aca7eb54320aa86f2db
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_m68k.deb
      Size/MD5 checksum: 9703552 b0d3087fa3f53fa64ad6b832311ab91a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_m68k.deb
      Size/MD5 checksum: 403328 de4624633b94d423dc99997a6b39cc49
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_m68k.deb
      Size/MD5 checksum: 158386 436b3cb1b221adc10d3f4f91487fb95d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_m68k.deb
      Size/MD5 checksum: 3335452 3e0afe82ab5c85df86c17898b912404d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_m68k.deb
      Size/MD5 checksum: 114448 d03b348963414a569222b502560d3b3b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_m68k.deb
      Size/MD5 checksum: 204182 ceba6c2491ac7ca1e90a3068781516dd
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_m68k.deb
      Size/MD5 checksum: 1683028 9df65956b8aedd47511ca513d9f7c392
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_m68k.deb
      Size/MD5 checksum: 174744 21601ec5747654e997bcf31a9dd5ca62

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_mips.deb
      Size/MD5 checksum: 168068 29c3a6d84037031a7e2260f14c582bb0
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_mips.deb
      Size/MD5 checksum: 140430 d4d5742d214ef356d92b47f7db08e8b2
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_mips.deb
      Size/MD5 checksum: 184944 0b8b31b9ecffb3ebb250842f70fc6c77
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_mips.deb
      Size/MD5 checksum: 725406 2fe07024db285b88558c01519186e97c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_mips.deb
      Size/MD5 checksum: 1036 039c4d29321b32b30da6e17938bacbd4
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_mips.deb
      Size/MD5 checksum: 10728064 03b0df29956a41290f80999e902a8296
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_mips.deb
      Size/MD5 checksum: 403300 3b917495fcbc728d29cc80cb40d8e34e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_mips.deb
      Size/MD5 checksum: 158338 a4a0966a627b0faa510b957b4980fa16
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_mips.deb
      Size/MD5 checksum: 3357314 c844c405881b9780db90aadf12e7c6db
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_mips.deb
      Size/MD5 checksum: 117616 cc7b51b151dddc8e9f2167f5b356861a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_mips.deb
      Size/MD5 checksum: 204160 a46d2a84ac1ac355e5f61a18bad6b670
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_mips.deb
      Size/MD5 checksum: 1795496 d4d4aedcba5c7c34a0098796b41703ce
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_mips.deb
      Size/MD5 checksum: 189884 9f44f232b5d5f21e48d26fd64c0966c5

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_mipsel.deb
      Size/MD5 checksum: 168076 0d912618b7df98b61713412291481d16
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_mipsel.deb
      Size/MD5 checksum: 140390 c1c97fa9fd4c2d6f18aba1423d8c1f6e
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_mipsel.deb
      Size/MD5 checksum: 184958 d8ee579e95af3094fd549eeccdc9769c
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_mipsel.deb
      Size/MD5 checksum: 714850 47d195b6c0fc034c9d0fb3b749a21893
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_mipsel.deb
      Size/MD5 checksum: 1038 b81d1b3b5a657c12a4e1e5930702bcc0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_mipsel.deb
      Size/MD5 checksum: 10603054 043a8b3c3b55a1318797c4e9447b6e1b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_mipsel.deb
      Size/MD5 checksum: 403306 a3ea4cd5e04b63d76d1d6a15f4828677
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_mipsel.deb
      Size/MD5 checksum: 158356 362126c740ec2bbf84d2d64d7eb9d5b5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_mipsel.deb
      Size/MD5 checksum: 3357908 bbb658b5f77111eb36f82ae536f5e290
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_mipsel.deb
      Size/MD5 checksum: 117206 e457c383ca6da670616cf0f53c8d1e97
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_mipsel.deb
      Size/MD5 checksum: 204164 1adab829fb96ecd09b6cd37428b63ea4
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_mipsel.deb
      Size/MD5 checksum: 1777568 189e91cd5722dbffb02307325d42d933
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_mipsel.deb
      Size/MD5 checksum: 187434 53d610ef976324813135bc014abcf0c7

PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_powerpc.deb
      Size/MD5 checksum: 168074 6adc6fc90aa9ed991a3fe0f44ba9cf6b
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_powerpc.deb
      Size/MD5 checksum: 130898 57a336d8e4a99a12bef99dbb0cc29b9f
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_powerpc.deb
      Size/MD5 checksum: 184934 4b4628bf889e47d4f771c219c3699816
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_powerpc.deb
      Size/MD5 checksum: 718600 8f9cd2cb3793558ffcefa81554534c6e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_powerpc.deb
      Size/MD5 checksum: 1034 c6f56998ae1a67f12a824c25c710356f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_powerpc.deb
      Size/MD5 checksum: 9702898 e640803c722e44bf1893e6adae9594fa
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_powerpc.deb
      Size/MD5 checksum: 403284 03dd1f7da767f52e3cd9687e67b36a65
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_powerpc.deb
      Size/MD5 checksum: 158334 3c1805cf8aff1f18f4bfbc4296e8425e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_powerpc.deb
      Size/MD5 checksum: 3339648 dd290b0471fab52733fc0d478be82e1a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_powerpc.deb
      Size/MD5 checksum: 114588 9665d6ace8e42e6cdaec57b9c2b2ed42
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_powerpc.deb
      Size/MD5 checksum: 204160 619e6806cb2252979deb912081da75e6
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_powerpc.deb
      Size/MD5 checksum: 1642980 15ad96270ea756471daba8330fbf3aa4
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_powerpc.deb
      Size/MD5 checksum: 175664 0ab0c49b4a261f3b09d190e554a77f67

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_s390.deb
      Size/MD5 checksum: 168076 74c3fdfdb043dade2ff387e4fbf312da
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_s390.deb
      Size/MD5 checksum: 156208 23c8e2acb419c70aa10d8f5d7c491c33
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_s390.deb
      Size/MD5 checksum: 184932 fc38cbadb10990b87f70e069f501cc21
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_s390.deb
      Size/MD5 checksum: 798594 cf5a50b4b93384cec5174d262b9c6040
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_s390.deb
      Size/MD5 checksum: 1038 25acca7f96f3bf92c64bbfd94800a05f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_s390.deb
      Size/MD5 checksum: 11325218 27197c826f43411d8cc5f7fece043b95
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_s390.deb
      Size/MD5 checksum: 403308 65996ca6b43d6b0f0f2c1efd351e4daa
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_s390.deb
      Size/MD5 checksum: 158350 e8ff0cee0271ab591822eafec2469a80
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_s390.deb
      Size/MD5 checksum: 3352164 3826b426e54de0471d91292a3f87c1e9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_s390.deb
      Size/MD5 checksum: 121350 e1a7149c57ca36d3f9a00ab95770ca8b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_s390.deb
      Size/MD5 checksum: 204168 11c161fd88b404cb2f30ac9b58d1ded3
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_s390.deb
      Size/MD5 checksum: 1944710 cdc344d61faf3851759e530a5efd6fdb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_s390.deb
      Size/MD5 checksum: 213436 975ec193e66982ac318c0ba118c3569e

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_sparc.deb
      Size/MD5 checksum: 168072 e6c720a04654e35f44956fb2d391837b
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_sparc.deb
      Size/MD5 checksum: 128110 b2e3472a4a47ca88dc13adaa521baf8d
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_sparc.deb
      Size/MD5 checksum: 184960 ffba73ff29a87999295dc32791b25bd5
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_sparc.deb
      Size/MD5 checksum: 672374 a121a25eb35cc82dd3c073c47556f440
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_sparc.deb
      Size/MD5 checksum: 1042 e27bf3a1491eb1b84547c19df1eed336
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_sparc.deb
      Size/MD5 checksum: 9373052 c1d44b9f7c43734908825b07ac622d4d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_sparc.deb
      Size/MD5 checksum: 403274 616c663eb1b55f17e3b4e7e45e535696
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_sparc.deb
      Size/MD5 checksum: 158338 436fa26f8f842fa09ae404c2bfb104d1
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_sparc.deb
      Size/MD5 checksum: 3340712 0ed39d284b2a960ad6e4e6d726411629
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_sparc.deb
      Size/MD5 checksum: 112516 4586fc8d6dc38b230741f3a4906d06be
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_sparc.deb
      Size/MD5 checksum: 204154 0028c2a21bf254ab510d948d4f73579a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_sparc.deb
      Size/MD5 checksum: 1583738 d92f8d2a073e45efb6d65dc5b157107c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_sparc.deb
      Size/MD5 checksum: 168008 16a730934dd4914ca2a100b81f3ed3f4

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 1054-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
May 9th, 2006 http://www.debian.org/security/faq

Package : tiff
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CAN-2006-2024 CAN-2006-2025 CAN-2006-2026
BugTraq IDs : 17730 17732 17733

Tavis Ormandy discovered several vulnerabilities in the TIFF library that can lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-2024

Multiple vulnerabilities allow attackers to cause a denial of service.

CVE-2006-2025

An integer overflows allows attackers to cause a denial of service and possibly execute arbitrary code.

CVE-2006-2026

A double-free vulnerability allows attackers to cause a denial of service and possibly execute arbitrary code.

For the old stable distribution (woody) these problems have been fixed in version 3.5.5-7woody1.

For the stable distribution (sarge) these problems have been fixed in version 3.7.2-3sarge1.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your libtiff packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7woody1.dsc
      Size/MD5 checksum: 637 cf22045e1a49b2742c91b7f0a905adeb
    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7woody1.diff.gz
      Size/MD5 checksum: 38424 d087fb3914b10aef86959b9ed52ec955
    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz
      Size/MD5 checksum: 693641 3b7199ba793dec6ca88f38bb0c8cc4d8

Alpha architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_alpha.deb
      Size/MD5 checksum: 141492 484fe914264072028ef4b02b97300ea8
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_alpha.deb
      Size/MD5 checksum: 106130 65673af7006686eb2718f45abfb39130
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_alpha.deb
      Size/MD5 checksum: 423888 2bc86fdbf9c751ac7173889e53d6ddcc

ARM architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_arm.deb
      Size/MD5 checksum: 117008 1f272257c4987092ff80563840acd4e3
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_arm.deb
      Size/MD5 checksum: 91560 e84fa486a3f25e69d7d6b093a8d890e4
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_arm.deb
      Size/MD5 checksum: 404854 b709c95f40e52e4e1003dbf6e5c768f7

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_i386.deb
      Size/MD5 checksum: 112074 0f9fb0719cb1ed7b5954b8c70d9c9049
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_i386.deb
      Size/MD5 checksum: 82018 c8f11403adfa3ec5695d5468f56401b2
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_i386.deb
      Size/MD5 checksum: 387406 1c2350b56c49cde7b899d6e8261397ec

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_ia64.deb
      Size/MD5 checksum: 158788 883e3b5861f0f3610e6d1005ca760d3d
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_ia64.deb
      Size/MD5 checksum: 136620 846e662216862a10e53e282a316400a6
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_ia64.deb
      Size/MD5 checksum: 447038 73838b902a9dd1bb26146a397eb692db

HP Precision architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_hppa.deb
      Size/MD5 checksum: 128282 eea419b6a514c4971d8cce8afe701b6e
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_hppa.deb
      Size/MD5 checksum: 107664 b71f9194d14e10758a13259654fcc410
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_hppa.deb
      Size/MD5 checksum: 420756 235956ededa69f803954040c8be01033

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_m68k.deb
      Size/MD5 checksum: 107256 9d10fc534cf1bf95c16dd5db5373334c
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_m68k.deb
      Size/MD5 checksum: 80700 9a1986ea34f0b86b3bfb5255315528d5
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_m68k.deb
      Size/MD5 checksum: 380346 7ec9a504a5c39a3d2e2bddec81be6bc6

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_mips.deb
      Size/MD5 checksum: 124018 a4f309ec307e0b965578ed940d4a0ea9
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_mips.deb
      Size/MD5 checksum: 88772 1923797ce7bcc87a5717e9916314ba06
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_mips.deb
      Size/MD5 checksum: 411214 f27e5579da8ca6a547286e5e7585cb86

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_mipsel.deb
      Size/MD5 checksum: 123542 ea78a9c8d14ff4627b7f01846334789b
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_mipsel.deb
      Size/MD5 checksum: 89078 6cb7602c3c14127a9df23b4b250a90cf
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_mipsel.deb
      Size/MD5 checksum: 411310 b2b76ce9f914e4f8b27f4587a0777ccc

PowerPC architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_powerpc.deb
      Size/MD5 checksum: 116098 3b39efd8b84ee2e30c9f5bae6e71733b
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_powerpc.deb
      Size/MD5 checksum: 90574 b0d0cff70a07f0257ec0ebeb58e34d37
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_powerpc.deb
      Size/MD5 checksum: 403134 b56fb0d12f26942ab109256bcf2b6c5f

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_s390.deb
      Size/MD5 checksum: 116916 e2bf80099e059ded08e58da8cecf296f
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_s390.deb
      Size/MD5 checksum: 92756 e2fedfbfd543ffdbcfbe670b63f6a7bc
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_s390.deb
      Size/MD5 checksum: 395662 0648812bd3022237c75085deba6524c3

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_sparc.deb
      Size/MD5 checksum: 132898 427a7a7666e5d5099368fc8290652e9a
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_sparc.deb
      Size/MD5 checksum: 89748 1d42ae0eb84771f168696e118762a5c9
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_sparc.deb
      Size/MD5 checksum: 397464 380f640a527e6a2cc659bd191f168631

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-3sarge1.dsc
      Size/MD5 checksum: 750 5292d79663e45dc1a815fdf4fbced88f
    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-3sarge1.diff.gz
      Size/MD5 checksum: 10929 0dc2c9b82a80b9aa72844089feeaf5b2
    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2.orig.tar.gz
      Size/MD5 checksum: 1252995 221679f6d5c15670b3c242cbfff79a00

Alpha architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_alpha.deb
      Size/MD5 checksum: 46780 32137fed99cfe1e4abf975b76e53e534
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_alpha.deb
      Size/MD5 checksum: 243516 cebb5556cac9f8a2989ce719175510de
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_alpha.deb
      Size/MD5 checksum: 478224 075e9d2d41cecc0a12099004e2a3f5e5
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_alpha.deb
      Size/MD5 checksum: 309642 b21266c7e4769ff718441113d6f06776
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_alpha.deb
      Size/MD5 checksum: 40902 1300556889de2ca4a1db5fa67faf521d

AMD64 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_amd64.deb
      Size/MD5 checksum: 45708 aa3ec93031ee68464e1d179fa93a996d
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_amd64.deb
      Size/MD5 checksum: 217720 95fba37c5822a8a76b049ff7c8f0e3e3
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_amd64.deb
      Size/MD5 checksum: 459198 f73e3337905b20f021f21430e5d1cd6a
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_amd64.deb
      Size/MD5 checksum: 266792 1d05b2504f1024b4ea1e42b939dd23d3
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_amd64.deb
      Size/MD5 checksum: 40466 e99bcfb2c1c196a3a5883645e0e87f59

ARM architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_arm.deb
      Size/MD5 checksum: 45226 493405e066e7e4e34382785c61ed63aa
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_arm.deb
      Size/MD5 checksum: 208348 cebc75bc41462e3bbec3bb680782f2ae
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_arm.deb
      Size/MD5 checksum: 453422 17e77299f3cfed68c18d45e49bfb0cdc
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_arm.deb
      Size/MD5 checksum: 265098 a7fe69596d51036b8bc1aca3ddb4ffce
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_arm.deb
      Size/MD5 checksum: 39974 0bcc5bbbca1a4a5e68c4915e71aa5264

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_i386.deb
      Size/MD5 checksum: 45070 6d615bf5aabdb87e53b392e56d67a31c
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_i386.deb
      Size/MD5 checksum: 206070 d243294914c50dd2184459ac4056d4da
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_i386.deb
      Size/MD5 checksum: 452436 aaa4c81b1731ea3b936cef591ae0094d
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_i386.deb
      Size/MD5 checksum: 251548 c769d9abda84f2581a0918d8d0e14ad6
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_i386.deb
      Size/MD5 checksum: 40518 1d1983f8b8d910d829024f0e68c3f430

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_ia64.deb
      Size/MD5 checksum: 48174 95f9a574537c9e4749b61d36ba7f0c4b
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_ia64.deb
      Size/MD5 checksum: 268840 e7ada3b6f4dede0cc615f2e357c7f1b6
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_ia64.deb
      Size/MD5 checksum: 510948 baa9e6bb3e5b47c20f12648c683ad650
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_ia64.deb
      Size/MD5 checksum: 330612 7e23b99dfd8e7611ce90eec63ee7f298
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_ia64.deb
      Size/MD5 checksum: 42102 4398a87b268ef69b54adac33e616252e

HP Precision architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_hppa.deb
      Size/MD5 checksum: 46506 626e3e1f6704a8f1660c079c15c55f5d
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_hppa.deb
      Size/MD5 checksum: 230020 a7a58223d62a7929b7810628efaf7ec4
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_hppa.deb
      Size/MD5 checksum: 472842 c051e1c0b5853f695c193ac6e45996ff
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_hppa.deb
      Size/MD5 checksum: 281488 ac8dff3f4c0e06f9634871431da84272
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_hppa.deb
      Size/MD5 checksum: 41158 58bbe3291069c661e9ec2206ea15b787

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_m68k.deb
      Size/MD5 checksum: 45082 5b41876dbeb2620959880fe2255151c3
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_m68k.deb
      Size/MD5 checksum: 193346 d19e70706a4f421421360dcbf50f79bc
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_m68k.deb
      Size/MD5 checksum: 442584 feb24367354884bfbcb260fc81308192
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_m68k.deb
      Size/MD5 checksum: 234324 e15dd919316bb5a1392b2c8a1c1d230a
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_m68k.deb
      Size/MD5 checksum: 40108 0c96a6175862ef00c892752b91f4558f

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_mips.deb
      Size/MD5 checksum: 45966 01b790d715989a69e712102d7f75bb9b
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_mips.deb
      Size/MD5 checksum: 252098 703f77c67402e375af6042803c0a853c
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_mips.deb
      Size/MD5 checksum: 458446 39e019da604ea401404262d1148e67e2
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_mips.deb
      Size/MD5 checksum: 280364 e69fd2380a2aac192e81f548461586db
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_mips.deb
      Size/MD5 checksum: 40746 ecc9da81ea37deff720a8a1f4b146680

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_mipsel.deb
      Size/MD5 checksum: 45924 2cf8e9413e317a7ca6db5a25115e3198
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_mipsel.deb
      Size/MD5 checksum: 252556 c0bc05bdc88e29e400bc011457b8e80c
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_mipsel.deb
      Size/MD5 checksum: 458864 8c07f54637d99e347f3a87fd2e40ef21
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_mipsel.deb
      Size/MD5 checksum: 280238 94681c55971b4fe94869ad558e625139
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_mipsel.deb
      Size/MD5 checksum: 40730 9482ea1a711ff8cec430b1c909c2dc58

PowerPC architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_powerpc.deb
      Size/MD5 checksum: 47144 96335b6a94658bb97852948f6abd538a
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_powerpc.deb
      Size/MD5 checksum: 235298 d77e58b3988c957830e076beefba79ec
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_powerpc.deb
      Size/MD5 checksum: 460428 2185eb42d4629fd7615c6d267a8d3f64
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_powerpc.deb
      Size/MD5 checksum: 271916 4eb6af54a34a4441819248611e2b2ed3
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_powerpc.deb
      Size/MD5 checksum: 42316 5d14ce57ad1b666dbe99301221623d9c

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_s390.deb
      Size/MD5 checksum: 46096 c275b88c86572311c723910cf626305e
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_s390.deb
      Size/MD5 checksum: 213682 96082e599832fb8d0a7e9df202ee411b
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_s390.deb
      Size/MD5 checksum: 465848 c90098e745601ac1409d18144a55d32f
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_s390.deb
      Size/MD5 checksum: 266562 b378324e62843c012a0bf64a24da00d5
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_s390.deb
      Size/MD5 checksum: 40742 eeabd51cc38bb74ede6c5b0c9c7dca78

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_sparc.deb
      Size/MD5 checksum: 45394 3bcb5ac9c212b0aace2c71b8812d5e52
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_sparc.deb
      Size/MD5 checksum: 205236 58f316a2cc2041988b64551a70b45cef
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_sparc.deb
      Size/MD5 checksum: 454594 01c1d5c7d7ee0fa4729a1bfa83fd9273
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_sparc.deb
      Size/MD5 checksum: 257742 b8af195da2e880cbae59826bf84b8d32
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_sparc.deb
      Size/MD5 checksum: 40470 02164452e05683ad474441be7beadb37

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Mandriva Linux

Mandriva Linux Advisory MDKA-2006:023
http://www.mandriva.com/security/

Package : cpio
Date : May 9, 2006
Affected: 10.2

Problem Description:

When using cpio in passthrough mode (i.e.: find dira|cpio -pdmv dirb) symbolic links are replaced with the actual files or directories they point to.

Updated packages have been rebuilt with the correct CPPFLAGS to correct this issue.

References:

http://qa.mandriva.com/show_bug.cgi?id=15913

Updated Packages:

Mandriva Linux 10.2:
2f817a83438add6fad7fe03ee9b7c2f4 10.2/RPMS/cpio-2.6-3.4.102mdk.i586.rpm
8f5622ff7b0e4ef02bbfe7f9761e2213 10.2/SRPMS/cpio-2.6-3.4.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
d3ce0ee2c3fc309b8e2d26fd9a525a36 x86_64/10.2/RPMS/cpio-2.6-3.4.102mdk.x86_64.rpm
8f5622ff7b0e4ef02bbfe7f9761e2213 x86_64/10.2/SRPMS/cpio-2.6-3.4.102mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Mandriva Linux Advisory MDKA-2006:024
http://www.mandriva.com/security/

Package : gzip
Date : May 9, 2006
Affected: 10.2, 2006.0, Corporate 3.0, Multi Network Firewall 2.0

Problem Description:

The zgrep wrapper script does not correctly pass all available options that grep accepts to the grep binary.

Updated packages have been patched to correct this issue.

References:

http://qa.mandriva.com/show_bug.cgi?id=22199

Updated Packages:

Mandriva Linux 10.2:
9a76718b3cfeb74f3deefadf6e780b18 10.2/RPMS/gzip-1.2.4a-14.3.102mdk.i586.rpm
c62ee11495273f4f703d81b49ba73211 10.2/SRPMS/gzip-1.2.4a-14.3.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
83344c46bbe1c3971d7ad6f23130c59f x86_64/10.2/RPMS/gzip-1.2.4a-14.3.102mdk.x86_64.rpm
c62ee11495273f4f703d81b49ba73211 x86_64/10.2/SRPMS/gzip-1.2.4a-14.3.102mdk.src.rpm

Mandriva Linux 2006.0:
4dabfbbff6302ed239c076888e9847ed 2006.0/RPMS/gzip-1.2.4a-15.2.20060mdk.i586.rpm
4d39325b0a0e477b20f1a97892d78725 2006.0/SRPMS/gzip-1.2.4a-15.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
a2746879281e60c8fc2668f6c301bcfb x86_64/2006.0/RPMS/gzip-1.2.4a-15.2.20060mdk.x86_64.rpm
4d39325b0a0e477b20f1a97892d78725 x86_64/2006.0/SRPMS/gzip-1.2.4a-15.2.20060mdk.src.rpm

Corporate 3.0:
95b7f37c3e12db2c4c500d90db2c7155 corporate/3.0/RPMS/gzip-1.2.4a-13.4.C30mdk.i586.rpm
ea79ea7b31fc36808ab1bee83a3875df corporate/3.0/SRPMS/gzip-1.2.4a-13.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
11da38f542af1422ac38bbcc28e4f073 x86_64/corporate/3.0/RPMS/gzip-1.2.4a-13.4.C30mdk.x86_64.rpm
ea79ea7b31fc36808ab1bee83a3875df x86_64/corporate/3.0/SRPMS/gzip-1.2.4a-13.4.C30mdk.src.rpm

Multi Network Firewall 2.0:
60f09696379c1745d1a9deb0b0333050 mnf/2.0/RPMS/gzip-1.2.4a-13.4.M20mdk.i586.rpm
3a85ce3cae0e18f3dd1f50dbb1f2febf mnf/2.0/SRPMS/gzip-1.2.4a-13.4.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Red Hat Linux

Red Hat Security Advisory

Synopsis: Important: libtiff security update
Advisory ID: RHSA-2006:0425-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0425.html
Issue date: 2006-05-09
Updated on: 2006-05-09
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-2024 CVE-2006-2025 CVE-2006-2026 CVE-2006-2120

1. Summary:

Updated libtiff packages that fix several security flaws are now available for Red Hat Enterprise Linux.

This update has been rated as having important security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files.

An integer overflow flaw was discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-2025)

A double free flaw was discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-2026)

Several denial of service flaws were discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash. (CVE-2006-2024, CVE-2006-2120)

All users are advised to upgrade to these updated packages, which contain backported fixes for these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

189933 - CVE-2006-2024 multiple libtiff issues (CVE-2006-2025, CVE-2006-2026)
189974 - CVE-2006-2120 libtiff DoS

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/libtiff-3.5.7-30.el2.1.src.rpm
87e92d44fcc7ce77758132833ad900cb libtiff-3.5.7-30.el2.1.src.rpm

i386:
f551309d6c28a7116a54634908d57f9d libtiff-3.5.7-30.el2.1.i386.rpm
64aa285808fcd3e1d5e52e9c9c84e712 libtiff-devel-3.5.7-30.el2.1.i386.rpm

ia64:
9274af2e436ec05555f326fc02293756 libtiff-3.5.7-30.el2.1.ia64.rpm
93f02f4b82ab1e9a7d1e088cefc6bf82 libtiff-devel-3.5.7-30.el2.1.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/libtiff-3.5.7-30.el2.1.src.rpm
87e92d44fcc7ce77758132833ad900cb libtiff-3.5.7-30.el2.1.src.rpm

ia64:
9274af2e436ec05555f326fc02293756 libtiff-3.5.7-30.el2.1.ia64.rpm
93f02f4b82ab1e9a7d1e088cefc6bf82 libtiff-devel-3.5.7-30.el2.1.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/libtiff-3.5.7-30.el2.1.src.rpm
87e92d44fcc7ce77758132833ad900cb libtiff-3.5.7-30.el2.1.src.rpm

i386:
f551309d6c28a7116a54634908d57f9d libtiff-3.5.7-30.el2.1.i386.rpm
64aa285808fcd3e1d5e52e9c9c84e712 libtiff-devel-3.5.7-30.el2.1.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/libtiff-3.5.7-30.el2.1.src.rpm
87e92d44fcc7ce77758132833ad900cb libtiff-3.5.7-30.el2.1.src.rpm

i386:
f551309d6c28a7116a54634908d57f9d libtiff-3.5.7-30.el2.1.i386.rpm
64aa285808fcd3e1d5e52e9c9c84e712 libtiff-devel-3.5.7-30.el2.1.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/libtiff-3.5.7-25.el3.1.src.rpm
1490807b5d6fbda4ee076ea8f5680fee libtiff-3.5.7-25.el3.1.src.rpm

i386:
24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.i386.rpm
69f0ef53cb8be5d239048d4b5579b4ca libtiff-debuginfo-3.5.7-25.el3.1.i386.rpm
cfaef3999623396ab3024ebe7e38335b libtiff-devel-3.5.7-25.el3.1.i386.rpm

ia64:
24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.i386.rpm
dcd1eae2ccb0544c5c63643ef51be812 libtiff-3.5.7-25.el3.1.ia64.rpm
69f0ef53cb8be5d239048d4b5579b4ca libtiff-debuginfo-3.5.7-25.el3.1.i386.rpm
009d841f6c5a1e5046e4311b85c294e5 libtiff-debuginfo-3.5.7-25.el3.1.ia64.rpm
091a246db5120a322b0bf562d0b44142 libtiff-devel-3.5.7-25.el3.1.ia64.rpm

ppc:
08d9bfb07060faabdc1eaf9f85557fd9 libtiff-3.5.7-25.el3.1.ppc.rpm
9b6467e3e2ccc62833c17c103e94b3c9 libtiff-3.5.7-25.el3.1.ppc64.rpm
d582d2d6d0b59f5b28363dfe91291783 libtiff-debuginfo-3.5.7-25.el3.1.ppc.rpm
19e0c2648b78f3d2f3a9842a9f709d16 libtiff-debuginfo-3.5.7-25.el3.1.ppc64.rpm
e0b1e68eb2f3cf750ac5d690705735ea libtiff-devel-3.5.7-25.el3.1.ppc.rpm

s390:
b0c32ff31e6d57030137ceea7d62eb6b libtiff-3.5.7-25.el3.1.s390.rpm
8721bf72383f716eee0bc9f358dbe0ba libtiff-debuginfo-3.5.7-25.el3.1.s390.rpm
268f9aceccf4f4436f5b84253abbf340 libtiff-devel-3.5.7-25.el3.1.s390.rpm

s390x:
b0c32ff31e6d57030137ceea7d62eb6b libtiff-3.5.7-25.el3.1.s390.rpm
108dbc6bc9a7c923ec735c64bc52ec71 libtiff-3.5.7-25.el3.1.s390x.rpm
8721bf72383f716eee0bc9f358dbe0ba libtiff-debuginfo-3.5.7-25.el3.1.s390.rpm
1c43093853dca5f9edbfb15ec8257a66 libtiff-debuginfo-3.5.7-25.el3.1.s390x.rpm
a35d361c5b96ecb2fd13d0455294d18a libtiff-devel-3.5.7-25.el3.1.s390x.rpm

x86_64:
24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.i386.rpm
7f9c8bb211fbdb36a0d45f80b4ba3a91 libtiff-3.5.7-25.el3.1.x86_64.rpm
69f0ef53cb8be5d239048d4b5579b4ca libtiff-debuginfo-3.5.7-25.el3.1.i386.rpm
8943e4cfb09742e58c1b407b74b59ddb libtiff-debuginfo-3.5.7-25.el3.1.x86_64.rpm
26133072ae5ea80696b2fdf5241c3d99 libtiff-devel-3.5.7-25.el3.1.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/libtiff-3.5.7-25.el3.1.src.rpm
1490807b5d6fbda4ee076ea8f5680fee libtiff-3.5.7-25.el3.1.src.rpm

i386:
24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.i386.rpm
69f0ef53cb8be5d239048d4b5579b4ca libtiff-debuginfo-3.5.7-25.el3.1.i386.rpm
cfaef3999623396ab3024ebe7e38335b libtiff-devel-3.5.7-25.el3.1.i386.rpm

x86_64:
24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.i386.rpm
7f9c8bb211fbdb36a0d45f80b4ba3a91 libtiff-3.5.7-25.el3.1.x86_64.rpm
69f0ef53cb8be5d239048d4b5579b4ca libtiff-debuginfo-3.5.7-25.el3.1.i386.rpm
8943e4cfb09742e58c1b407b74b59ddb libtiff-debuginfo-3.5.7-25.el3.1.x86_64.rpm
26133072ae5ea80696b2fdf5241c3d99 libtiff-devel-3.5.7-25.el3.1.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/libtiff-3.5.7-25.el3.1.src.rpm
1490807b5d6fbda4ee076ea8f5680fee libtiff-3.5.7-25.el3.1.src.rpm

i386:
24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.i386.rpm
69f0ef53cb8be5d239048d4b5579b4ca libtiff-debuginfo-3.5.7-25.el3.1.i386.rpm
cfaef3999623396ab3024ebe7e38335b libtiff-devel-3.5.7-25.el3.1.i386.rpm

ia64:
24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.i386.rpm
dcd1eae2ccb0544c5c63643ef51be812 libtiff-3.5.7-25.el3.1.ia64.rpm
69f0ef53cb8be5d239048d4b5579b4ca libtiff-debuginfo-3.5.7-25.el3.1.i386.rpm
009d841f6c5a1e5046e4311b85c294e5 libtiff-debuginfo-3.5.7-25.el3.1.ia64.rpm
091a246db5120a322b0bf562d0b44142 libtiff-devel-3.5.7-25.el3.1.ia64.rpm

x86_64:
24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.i386.rpm
7f9c8bb211fbdb36a0d45f80b4ba3a91 libtiff-3.5.7-25.el3.1.x86_64.rpm
69f0ef53cb8be5d239048d4b5579b4ca libtiff-debuginfo-3.5.7-25.el3.1.i386.rpm
8943e4cfb09742e58c1b407b74b59ddb libtiff-debuginfo-3.5.7-25.el3.1.x86_64.rpm
26133072ae5ea80696b2fdf5241c3d99 libtiff-devel-3.5.7-25.el3.1.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/libtiff-3.5.7-25.el3.1.src.rpm
1490807b5d6fbda4ee076ea8f5680fee libtiff-3.5.7-25.el3.1.src.rpm

i386:
24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.i386.rpm
69f0ef53cb8be5d239048d4b5579b4ca libtiff-debuginfo-3.5.7-25.el3.1.i386.rpm
cfaef3999623396ab3024ebe7e38335b libtiff-devel-3.5.7-25.el3.1.i386.rpm

ia64:
24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.i386.rpm
dcd1eae2ccb0544c5c63643ef51be812 libtiff-3.5.7-25.el3.1.ia64.rpm
69f0ef53cb8be5d239048d4b5579b4ca libtiff-debuginfo-3.5.7-25.el3.1.i386.rpm
009d841f6c5a1e5046e4311b85c294e5 libtiff-debuginfo-3.5.7-25.el3.1.ia64.rpm
091a246db5120a322b0bf562d0b44142 libtiff-devel-3.5.7-25.el3.1.ia64.rpm

x86_64:
24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.i386.rpm
7f9c8bb211fbdb36a0d45f80b4ba3a91 libtiff-3.5.7-25.el3.1.x86_64.rpm
69f0ef53cb8be5d239048d4b5579b4ca libtiff-debuginfo-3.5.7-25.el3.1.i386.rpm
8943e4cfb09742e58c1b407b74b59ddb libtiff-debuginfo-3.5.7-25.el3.1.x86_64.rpm
26133072ae5ea80696b2fdf5241c3d99 libtiff-devel-3.5.7-25.el3.1.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libtiff-3.6.1-10.src.rpm
f187e5faa4a9e9217decb8226ab1f320 libtiff-3.6.1-10.src.rpm

i386:
7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.i386.rpm
6cce9331ad86b9d581da80763dcee1d4 libtiff-debuginfo-3.6.1-10.i386.rpm
65b8fe42255d336352887a472a5fb029 libtiff-devel-3.6.1-10.i386.rpm

ia64:
7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.i386.rpm
7c3512460660ced6b5c37cc824bf4f8c libtiff-3.6.1-10.ia64.rpm
6cce9331ad86b9d581da80763dcee1d4 libtiff-debuginfo-3.6.1-10.i386.rpm
66651e14ff0bbdfdb7f6ad0e3034adae libtiff-debuginfo-3.6.1-10.ia64.rpm
fe810c4f0117fff2a78dd12102e0fc5f libtiff-devel-3.6.1-10.ia64.rpm

ppc:
689acd25b3a5e061cfeba66ec7e4bb6b libtiff-3.6.1-10.ppc.rpm
832b748b65e89e395e67a371a4853190 libtiff-3.6.1-10.ppc64.rpm
7a24660f5978fe5cd56911af48eeae09 libtiff-debuginfo-3.6.1-10.ppc.rpm
6d50f111a08a8bf8119b2b8ea55a1d42 libtiff-debuginfo-3.6.1-10.ppc64.rpm
11f03497cc931183e82b9ad134e6014d libtiff-devel-3.6.1-10.ppc.rpm

s390:
e673fb7053252c168b2b107181c466c8 libtiff-3.6.1-10.s390.rpm
a70efd91702f6d8232ed364e811a55f1 libtiff-debuginfo-3.6.1-10.s390.rpm
2df1d55c020d38bbd9c7ffbbf5673404 libtiff-devel-3.6.1-10.s390.rpm

s390x:
e673fb7053252c168b2b107181c466c8 libtiff-3.6.1-10.s390.rpm
241d95f0cdb88ef26399bc7e6d5af764 libtiff-3.6.1-10.s390x.rpm
a70efd91702f6d8232ed364e811a55f1 libtiff-debuginfo-3.6.1-10.s390.rpm
469a968faf3b7bf3f2d078ae2b5ac89a libtiff-debuginfo-3.6.1-10.s390x.rpm
03901241d37afb1c38835838076b34c1 libtiff-devel-3.6.1-10.s390x.rpm

x86_64:
7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.i386.rpm
e390b83c9f71ffedab52f7e53fe09827 libtiff-3.6.1-10.x86_64.rpm
6cce9331ad86b9d581da80763dcee1d4 libtiff-debuginfo-3.6.1-10.i386.rpm
822c2954bd85ba2d835b9944a8a02fb1 libtiff-debuginfo-3.6.1-10.x86_64.rpm
562f7e95d243e4d69cbe123eb14bf947 libtiff-devel-3.6.1-10.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libtiff-3.6.1-10.src.rpm
f187e5faa4a9e9217decb8226ab1f320 libtiff-3.6.1-10.src.rpm

i386:
7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.i386.rpm
6cce9331ad86b9d581da80763dcee1d4 libtiff-debuginfo-3.6.1-10.i386.rpm
65b8fe42255d336352887a472a5fb029 libtiff-devel-3.6.1-10.i386.rpm

x86_64:
7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.i386.rpm
e390b83c9f71ffedab52f7e53fe09827 libtiff-3.6.1-10.x86_64.rpm
6cce9331ad86b9d581da80763dcee1d4 libtiff-debuginfo-3.6.1-10.i386.rpm
822c2954bd85ba2d835b9944a8a02fb1 libtiff-debuginfo-3.6.1-10.x86_64.rpm
562f7e95d243e4d69cbe123eb14bf947 libtiff-devel-3.6.1-10.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libtiff-3.6.1-10.src.rpm
f187e5faa4a9e9217decb8226ab1f320 libtiff-3.6.1-10.src.rpm

i386:
7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.i386.rpm
6cce9331ad86b9d581da80763dcee1d4 libtiff-debuginfo-3.6.1-10.i386.rpm
65b8fe42255d336352887a472a5fb029 libtiff-devel-3.6.1-10.i386.rpm

ia64:
7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.i386.rpm
7c3512460660ced6b5c37cc824bf4f8c libtiff-3.6.1-10.ia64.rpm
6cce9331ad86b9d581da80763dcee1d4 libtiff-debuginfo-3.6.1-10.i386.rpm
66651e14ff0bbdfdb7f6ad0e3034adae libtiff-debuginfo-3.6.1-10.ia64.rpm
fe810c4f0117fff2a78dd12102e0fc5f libtiff-devel-3.6.1-10.ia64.rpm

x86_64:
7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.i386.rpm
e390b83c9f71ffedab52f7e53fe09827 libtiff-3.6.1-10.x86_64.rpm
6cce9331ad86b9d581da80763dcee1d4 libtiff-debuginfo-3.6.1-10.i386.rpm
822c2954bd85ba2d835b9944a8a02fb1 libtiff-debuginfo-3.6.1-10.x86_64.rpm
562f7e95d243e4d69cbe123eb14bf947 libtiff-devel-3.6.1-10.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libtiff-3.6.1-10.src.rpm
f187e5faa4a9e9217decb8226ab1f320 libtiff-3.6.1-10.src.rpm

i386:
7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.i386.rpm
6cce9331ad86b9d581da80763dcee1d4 libtiff-debuginfo-3.6.1-10.i386.rpm
65b8fe42255d336352887a472a5fb029 libtiff-devel-3.6.1-10.i386.rpm

ia64:
7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.i386.rpm
7c3512460660ced6b5c37cc824bf4f8c libtiff-3.6.1-10.ia64.rpm
6cce9331ad86b9d581da80763dcee1d4 libtiff-debuginfo-3.6.1-10.i386.rpm
66651e14ff0bbdfdb7f6ad0e3034adae libtiff-debuginfo-3.6.1-10.ia64.rpm
fe810c4f0117fff2a78dd12102e0fc5f libtiff-devel-3.6.1-10.ia64.rpm

x86_64:
7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.i386.rpm
e390b83c9f71ffedab52f7e53fe09827 libtiff-3.6.1-10.x86_64.rpm
6cce9331ad86b9d581da80763dcee1d4 libtiff-debuginfo-3.6.1-10.i386.rpm
822c2954bd85ba2d835b9944a8a02fb1 libtiff-debuginfo-3.6.1-10.x86_64.rpm
562f7e95d243e4d69cbe123eb14bf947 libtiff-devel-3.6.1-10.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2120
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.

Red Hat Security Advisory

Synopsis: Moderate: ruby security update
Advisory ID: RHSA-2006:0427-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0427.html
Issue date: 2006-05-09
Updated on: 2006-05-09
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-1931

1. Summary:

Updated ruby packages that fix a denial of service issue are now available.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Ruby is an interpreted scripting language for object-oriented programming.

A bug was found in the way Ruby creates its xmlrpc and http servers. The servers use a non blocking socket, which enables a remote user to cause a denial of service condition if they are able to transmit a large volume of information from the network server. (CVE-2006-1931)

Users of Ruby should update to these erratum packages, which contain a backported patch and are not vulnerable to this issue.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

189539 - CVE-2006-1931 Ruby http/xmlrpc server DoS

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ruby-1.8.1-7.EL4.3.src.rpm
653a25c251b54bb0cdab2daa45f3f66e ruby-1.8.1-7.EL4.3.src.rpm

i386:
965760c2d4e817bf3cee4613eae9b9be irb-1.8.1-7.EL4.3.i386.rpm
4369042fbaf2a27666d098230c8f9f96 ruby-1.8.1-7.EL4.3.i386.rpm
f188f2387d9e63eb82b8028055d94f05 ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
3d0287f5e5565136d12d02c6744a31fe ruby-devel-1.8.1-7.EL4.3.i386.rpm
1784aa362805586d55de06b042f123fd ruby-docs-1.8.1-7.EL4.3.i386.rpm
ec380c0cbd972232ecf94554b31d026a ruby-libs-1.8.1-7.EL4.3.i386.rpm
e5a5d4e524595e7e8d15fef85e88d4a8 ruby-mode-1.8.1-7.EL4.3.i386.rpm
d84e73c7299a19c13738b45e0ff80898 ruby-tcltk-1.8.1-7.EL4.3.i386.rpm

ia64:
c964f8b9e1ce1031788c1d1600a1a572 irb-1.8.1-7.EL4.3.ia64.rpm
a49f9116a26e5d81f2554a8116f5830b ruby-1.8.1-7.EL4.3.ia64.rpm
f188f2387d9e63eb82b8028055d94f05 ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
e1de852e5017803d1b95c8b51bff5abf ruby-debuginfo-1.8.1-7.EL4.3.ia64.rpm
9f6b30a53ad4938631b642e8e534a7e2 ruby-devel-1.8.1-7.EL4.3.ia64.rpm
3a3e0adb1589e8f5b8a0cbc90838b872 ruby-docs-1.8.1-7.EL4.3.ia64.rpm
ec380c0cbd972232ecf94554b31d026a ruby-libs-1.8.1-7.EL4.3.i386.rpm
b67cbfcfb8224eb3e8c89087a6f0f0a3 ruby-libs-1.8.1-7.EL4.3.ia64.rpm
9dd5ff9e735d68d79af9a1e9934fd536 ruby-mode-1.8.1-7.EL4.3.ia64.rpm
9cf533ae16f4e82bffe48c9111debbe6 ruby-tcltk-1.8.1-7.EL4.3.ia64.rpm

ppc:
bea620261b0af06529cdf2d1124fc8a6 irb-1.8.1-7.EL4.3.ppc.rpm
5f5ee447b8d90a6bfa5b354ec8604d8c ruby-1.8.1-7.EL4.3.ppc.rpm
553539f0498fb1727b5e5bd7f355b013 ruby-debuginfo-1.8.1-7.EL4.3.ppc.rpm
0c977fa3aad5ee71904842ab49614780 ruby-debuginfo-1.8.1-7.EL4.3.ppc64.rpm
73c2381e5ed944ef7339ffe84926008a ruby-devel-1.8.1-7.EL4.3.ppc.rpm
4926c07e3bfc925099a4f96f1afb4f71 ruby-docs-1.8.1-7.EL4.3.ppc.rpm
592b474a7bf78c112ad1c414cb9ecd85 ruby-libs-1.8.1-7.EL4.3.ppc.rpm
321a623d248798d6121da50974c3593c ruby-libs-1.8.1-7.EL4.3.ppc64.rpm
71b8adb69b5eaedc1e76cf3b9f50ed90 ruby-mode-1.8.1-7.EL4.3.ppc.rpm
a8ed517aecc2fcca259d60d7dd9ddaaa ruby-tcltk-1.8.1-7.EL4.3.ppc.rpm

s390:
ce4768ffb0efbedebbc8faa82bb9a950 irb-1.8.1-7.EL4.3.s390.rpm
be0c3720fbd14665f8419641af6bf8f7 ruby-1.8.1-7.EL4.3.s390.rpm
1788a394d268747e0311a68dfc047a75 ruby-debuginfo-1.8.1-7.EL4.3.s390.rpm
2f9bd8f8619a4dbea43f7b0a40a3ddcb ruby-devel-1.8.1-7.EL4.3.s390.rpm
93a5456a841377c92b1a62ef86acac30 ruby-docs-1.8.1-7.EL4.3.s390.rpm
7a9f928a01cbef840f94295fcca9c2f9 ruby-libs-1.8.1-7.EL4.3.s390.rpm
2ef87351b42fd0a87ebc76771ee98a13 ruby-mode-1.8.1-7.EL4.3.s390.rpm
f2959cd2f0ee556a05de8312be9bb4e1 ruby-tcltk-1.8.1-7.EL4.3.s390.rpm

s390x:
d6b4ebe6e7d64cf6aaf98ff139fe6443 irb-1.8.1-7.EL4.3.s390x.rpm
8c65a4fa6898aa183ca17cf4e0038156 ruby-1.8.1-7.EL4.3.s390x.rpm
1788a394d268747e0311a68dfc047a75 ruby-debuginfo-1.8.1-7.EL4.3.s390.rpm
9c7d46b40d71816723dc3c7c248b5a5c ruby-debuginfo-1.8.1-7.EL4.3.s390x.rpm
8abb6ce53809a7b24aca56ffdd5506c3 ruby-devel-1.8.1-7.EL4.3.s390x.rpm
685e8ba0a0dd5a1f23d000c5529ed9a5 ruby-docs-1.8.1-7.EL4.3.s390x.rpm
7a9f928a01cbef840f94295fcca9c2f9 ruby-libs-1.8.1-7.EL4.3.s390.rpm
3d313397d89a8a2c8c53eaeb11289a44 ruby-libs-1.8.1-7.EL4.3.s390x.rpm
cd3a5c108175ecc83c0e818a7115d687 ruby-mode-1.8.1-7.EL4.3.s390x.rpm
a8e2519df238343b7994e7371ae39db4 ruby-tcltk-1.8.1-7.EL4.3.s390x.rpm

x86_64:
0db700aca9a5de3e603e2b2382c84b72 irb-1.8.1-7.EL4.3.x86_64.rpm
b671345549b1d43e01a0cd7bc521a5f9 ruby-1.8.1-7.EL4.3.x86_64.rpm
f188f2387d9e63eb82b8028055d94f05 ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
67f0ad7ae939a8eb46776361e581e379 ruby-debuginfo-1.8.1-7.EL4.3.x86_64.rpm
d9d6001d8e77eeab21e886bf498b17f4 ruby-devel-1.8.1-7.EL4.3.x86_64.rpm
3a17c58b912257a21268e04f980235aa ruby-docs-1.8.1-7.EL4.3.x86_64.rpm
ec380c0cbd972232ecf94554b31d026a ruby-libs-1.8.1-7.EL4.3.i386.rpm
9a8600d4d97ff9883d81b053d795819b ruby-libs-1.8.1-7.EL4.3.x86_64.rpm
6d84bb6f10c1b398c248ec13e3d95ec8 ruby-mode-1.8.1-7.EL4.3.x86_64.rpm
2b8be83c1998dce62170cdf22c947dbf ruby-tcltk-1.8.1-7.EL4.3.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ruby-1.8.1-7.EL4.3.src.rpm
653a25c251b54bb0cdab2daa45f3f66e ruby-1.8.1-7.EL4.3.src.rpm

i386:
965760c2d4e817bf3cee4613eae9b9be irb-1.8.1-7.EL4.3.i386.rpm
4369042fbaf2a27666d098230c8f9f96 ruby-1.8.1-7.EL4.3.i386.rpm
f188f2387d9e63eb82b8028055d94f05 ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
3d0287f5e5565136d12d02c6744a31fe ruby-devel-1.8.1-7.EL4.3.i386.rpm
1784aa362805586d55de06b042f123fd ruby-docs-1.8.1-7.EL4.3.i386.rpm
ec380c0cbd972232ecf94554b31d026a ruby-libs-1.8.1-7.EL4.3.i386.rpm
e5a5d4e524595e7e8d15fef85e88d4a8 ruby-mode-1.8.1-7.EL4.3.i386.rpm
d84e73c7299a19c13738b45e0ff80898 ruby-tcltk-1.8.1-7.EL4.3.i386.rpm

x86_64:
0db700aca9a5de3e603e2b2382c84b72 irb-1.8.1-7.EL4.3.x86_64.rpm
b671345549b1d43e01a0cd7bc521a5f9 ruby-1.8.1-7.EL4.3.x86_64.rpm
f188f2387d9e63eb82b8028055d94f05 ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
67f0ad7ae939a8eb46776361e581e379 ruby-debuginfo-1.8.1-7.EL4.3.x86_64.rpm
d9d6001d8e77eeab21e886bf498b17f4 ruby-devel-1.8.1-7.EL4.3.x86_64.rpm
3a17c58b912257a21268e04f980235aa ruby-docs-1.8.1-7.EL4.3.x86_64.rpm
ec380c0cbd972232ecf94554b31d026a ruby-libs-1.8.1-7.EL4.3.i386.rpm
9a8600d4d97ff9883d81b053d795819b ruby-libs-1.8.1-7.EL4.3.x86_64.rpm
6d84bb6f10c1b398c248ec13e3d95ec8 ruby-mode-1.8.1-7.EL4.3.x86_64.rpm
2b8be83c1998dce62170cdf22c947dbf ruby-tcltk-1.8.1-7.EL4.3.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ruby-1.8.1-7.EL4.3.src.rpm
653a25c251b54bb0cdab2daa45f3f66e ruby-1.8.1-7.EL4.3.src.rpm

i386:
965760c2d4e817bf3cee4613eae9b9be irb-1.8.1-7.EL4.3.i386.rpm
4369042fbaf2a27666d098230c8f9f96 ruby-1.8.1-7.EL4.3.i386.rpm
f188f2387d9e63eb82b8028055d94f05 ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
3d0287f5e5565136d12d02c6744a31fe ruby-devel-1.8.1-7.EL4.3.i386.rpm
1784aa362805586d55de06b042f123fd ruby-docs-1.8.1-7.EL4.3.i386.rpm
ec380c0cbd972232ecf94554b31d026a ruby-libs-1.8.1-7.EL4.3.i386.rpm
e5a5d4e524595e7e8d15fef85e88d4a8 ruby-mode-1.8.1-7.EL4.3.i386.rpm
d84e73c7299a19c13738b45e0ff80898 ruby-tcltk-1.8.1-7.EL4.3.i386.rpm

ia64:
c964f8b9e1ce1031788c1d1600a1a572 irb-1.8.1-7.EL4.3.ia64.rpm
a49f9116a26e5d81f2554a8116f5830b ruby-1.8.1-7.EL4.3.ia64.rpm
f188f2387d9e63eb82b8028055d94f05 ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
e1de852e5017803d1b95c8b51bff5abf ruby-debuginfo-1.8.1-7.EL4.3.ia64.rpm
9f6b30a53ad4938631b642e8e534a7e2 ruby-devel-1.8.1-7.EL4.3.ia64.rpm
3a3e0adb1589e8f5b8a0cbc90838b872 ruby-docs-1.8.1-7.EL4.3.ia64.rpm
ec380c0cbd972232ecf94554b31d026a ruby-libs-1.8.1-7.EL4.3.i386.rpm
b67cbfcfb8224eb3e8c89087a6f0f0a3 ruby-libs-1.8.1-7.EL4.3.ia64.rpm
9dd5ff9e735d68d79af9a1e9934fd536 ruby-mode-1.8.1-7.EL4.3.ia64.rpm
9cf533ae16f4e82bffe48c9111debbe6 ruby-tcltk-1.8.1-7.EL4.3.ia64.rpm

x86_64:
0db700aca9a5de3e603e2b2382c84b72 irb-1.8.1-7.EL4.3.x86_64.rpm
b671345549b1d43e01a0cd7bc521a5f9 ruby-1.8.1-7.EL4.3.x86_64.rpm
f188f2387d9e63eb82b8028055d94f05 ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
67f0ad7ae939a8eb46776361e581e379 ruby-debuginfo-1.8.1-7.EL4.3.x86_64.rpm
d9d6001d8e77eeab21e886bf498b17f4 ruby-devel-1.8.1-7.EL4.3.x86_64.rpm
3a17c58b912257a21268e04f980235aa ruby-docs-1.8.1-7.EL4.3.x86_64.rpm
ec380c0cbd972232ecf94554b31d026a ruby-libs-1.8.1-7.EL4.3.i386.rpm
9a8600d4d97ff9883d81b053d795819b ruby-libs-1.8.1-7.EL4.3.x86_64.rpm
6d84bb6f10c1b398c248ec13e3d95ec8 ruby-mode-1.8.1-7.EL4.3.x86_64.rpm
2b8be83c1998dce62170cdf22c947dbf ruby-tcltk-1.8.1-7.EL4.3.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ruby-1.8.1-7.EL4.3.src.rpm
653a25c251b54bb0cdab2daa45f3f66e ruby-1.8.1-7.EL4.3.src.rpm

i386:
965760c2d4e817bf3cee4613eae9b9be irb-1.8.1-7.EL4.3.i386.rpm
4369042fbaf2a27666d098230c8f9f96 ruby-1.8.1-7.EL4.3.i386.rpm
f188f2387d9e63eb82b8028055d94f05 ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
3d0287f5e5565136d12d02c6744a31fe ruby-devel-1.8.1-7.EL4.3.i386.rpm
1784aa362805586d55de06b042f123fd ruby-docs-1.8.1-7.EL4.3.i386.rpm
ec380c0cbd972232ecf94554b31d026a ruby-libs-1.8.1-7.EL4.3.i386.rpm
e5a5d4e524595e7e8d15fef85e88d4a8 ruby-mode-1.8.1-7.EL4.3.i386.rpm
d84e73c7299a19c13738b45e0ff80898 ruby-tcltk-1.8.1-7.EL4.3.i386.rpm

ia64:
c964f8b9e1ce1031788c1d1600a1a572 irb-1.8.1-7.EL4.3.ia64.rpm
a49f9116a26e5d81f2554a8116f5830b ruby-1.8.1-7.EL4.3.ia64.rpm
f188f2387d9e63eb82b8028055d94f05 ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
e1de852e5017803d1b95c8b51bff5abf ruby-debuginfo-1.8.1-7.EL4.3.ia64.rpm
9f6b30a53ad4938631b642e8e534a7e2 ruby-devel-1.8.1-7.EL4.3.ia64.rpm
3a3e0adb1589e8f5b8a0cbc90838b872 ruby-docs-1.8.1-7.EL4.3.ia64.rpm
ec380c0cbd972232ecf94554b31d026a ruby-libs-1.8.1-7.EL4.3.i386.rpm
b67cbfcfb8224eb3e8c89087a6f0f0a3 ruby-libs-1.8.1-7.EL4.3.ia64.rpm
9dd5ff9e735d68d79af9a1e9934fd536 ruby-mode-1.8.1-7.EL4.3.ia64.rpm
9cf533ae16f4e82bffe48c9111debbe6 ruby-tcltk-1.8.1-7.EL4.3.ia64.rpm

x86_64:
0db700aca9a5de3e603e2b2382c84b72 irb-1.8.1-7.EL4.3.x86_64.rpm
b671345549b1d43e01a0cd7bc521a5f9 ruby-1.8.1-7.EL4.3.x86_64.rpm
f188f2387d9e63eb82b8028055d94f05 ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
67f0ad7ae939a8eb46776361e581e379 ruby-debuginfo-1.8.1-7.EL4.3.x86_64.rpm
d9d6001d8e77eeab21e886bf498b17f4 ruby-devel-1.8.1-7.EL4.3.x86_64.rpm
3a17c58b912257a21268e04f980235aa ruby-docs-1.8.1-7.EL4.3.x86_64.rpm
ec380c0cbd972232ecf94554b31d026a ruby-libs-1.8.1-7.EL4.3.i386.rpm
9a8600d4d97ff9883d81b053d795819b ruby-libs-1.8.1-7.EL4.3.x86_64.rpm
6d84bb6f10c1b398c248ec13e3d95ec8 ruby-mode-1.8.1-7.EL4.3.x86_64.rpm
2b8be83c1998dce62170cdf22c947dbf ruby-tcltk-1.8.1-7.EL4.3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1931
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.

Slackware Linux

[slackware-security] Apache httpd (SSA:2006-129-01)

New Apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues.

More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352

In addition, new mod_ssl packages for Apache 1.3.35 are available for all of these versions of Slackware, and new versions of PHP are available for Slackware -current. These additional packages do not fix security issues, but may be required on your system depending on your Apache setup.

One more note about this round of updates: the packages have been given build versions that indicate which version of Slackware they are meant to patch, such as -1_slack8.1, or -1_slack9.0, etc. This should help to avoid some of the issues with automatic upgrade tools by providing a unique package name when the same fix is deployed across multiple Slackware versions. Only patches applied to -current will have the simple build number, such as -1.

Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/apache-1.3.35-i486-1_slack10.2.tgz:
Upgraded to apache-1.3.35.
From the official announcement:
Of particular note is that 1.3.35 addresses and fixes 1 potential
security issue: CVE-2005-3352 (cve.mitre.org/)

mod_imap: Escape untrusted referer header before outputting in HTML to avoid potential cross-site scripting. Change also made to ap_escape_html so we escape quotes. Reported by JPCERT

For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352
(* Security fix *)
patches/packages/mod_ssl-2.8.26_1.3.35-i486-1_slack10.2.tgz:
Upgraded to mod_ssl-2.8.26-1.3.35.
This is an updated version designed for Apache 1.3.35.
+--------------------------+

Where to find the new packages:

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/apache-1.3.35-i386-1_slack8.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/mod_ssl-2.8.26_1.3.35-i386-1_slack8.1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/apache-1.3.35-i386-1_slack9.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/mod_ssl-2.8.26_1.3.35-i386-1_slack9.0.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/apache-1.3.35-i486-1_slack9.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/mod_ssl-2.8.26_1.3.35-i486-1_slack9.1.tgz

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/apache-1.3.35-i486-1_slack10.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mod_ssl-2.8.26_1.3.35-i486-1_slack10.0.tgz

Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/apache-1.3.35-i486-1_slack10.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/mod_ssl-2.8.26_1.3.35-i486-1_slack10.1.tgz

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/apache-1.3.35-i486-1_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mod_ssl-2.8.26_1.3.35-i486-1_slack10.2.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/apache-1.3.35-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/mod_ssl-2.8.26_1.3.35-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-4.4.2-i486-4.tgz

MD5 signatures:

Slackware 8.1 packages:
208bbe94a46f8d05e15f1ccdb38f9a91 apache-1.3.35-i386-1_slack8.1.tgz
9172a6d347df033d024a7ba786c47bfe mod_ssl-2.8.26_1.3.35-i386-1_slack8.1.tgz

Slackware 9.0 packages:
0482ca192a7b94c254421c717634e628 apache-1.3.35-i386-1_slack9.0.tgz
913763c2e12d6d2a101ce4a539f060f3 mod_ssl-2.8.26_1.3.35-i386-1_slack9.0.tgz

Slackware 9.1 packages:
d96044932ab33623425c328862a3750f apache-1.3.35-i486-1_slack9.1.tgz
ae58ab559c60a475330514dca689d735 mod_ssl-2.8.26_1.3.35-i486-1_slack9.1.tgz

Slackware 10.0 packages:
2beb7c88f4f28adbe61e13d79889a27e apache-1.3.35-i486-1_slack10.0.tgz
403f1297bcc9cff0df3f9afcb16d69b6 mod_ssl-2.8.26_1.3.35-i486-1_slack10.0.tgz

Slackware 10.1 packages:
4a0b68ddf002a300e536e584c3eb2923 apache-1.3.35-i486-1_slack10.1.tgz
f24d6776f221cc61f2b0b98cd1fc1ae9 mod_ssl-2.8.26_1.3.35-i486-1_slack10.1.tgz

Slackware 10.2 packages:
bbaed7e942e5f1c7380b3def44d54d74 apache-1.3.35-i486-1_slack10.2.tgz
e70a300f5c4333ae1d31e8d852b89dc3 mod_ssl-2.8.26_1.3.35-i486-1_slack10.2.tgz

Slackware -current packages:
b662f564f048ace17eaafc7e50bed7b2 apache-1.3.35-i486-1.tgz
c7d403fc891e210d1f1a71c559939cd5 mod_ssl-2.8.26_1.3.35-i486-1.tgz
fb78ce30aece8d8718ed722be319dd2b php-4.4.2-i486-4.tgz

Installation instructions:

First, stop apache:

# apachectl stop

Then, upgrade the apache package:

# upgradepkg apache-1.3.35-i486-1_slack10.2.tgz

If you use mod_ssl, you'll also need to upgrade that package. The upgrade should save the important config files for mod_ssl, nevertheless it's a good idea to backup any keys/certificates you wish to save for mod_ssl (in /etc/apache/ssl.*), then upgrade mod_ssl:

# upgradepkg mod_ssl-2.8.26_1.3.35-i486-1_slack10.2.tgz

If necessary, restore any mod_ssl config files.

If you are using PHP on Slackware -current, upgrade the PHP package.

Finally, restart apache:

# apachectl start

Or, if you use mod_ssl:

# apachectl startssl

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

[slackware-security] mysql (SSA:2006-129-02)

New mysql packages are available for Slackware 10.2 and -current to fix security issues. The MySQL package shipped with Slackware 10.2 may possibly leak sensitive information found in uninitialized memory to authenticated users. The MySQL package previously in Slackware -current also suffered from these flaws, but an additional overflow could allow arbitrary code execution.

Since the vulnerabilities require a valid login and/or access to the database server, the risk is moderate. Slackware does not provide network access to a MySQL database by default.

More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database.
Issues that affect both Slackware 10.2 and -current:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517

An issue affecting only Slackware -current:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1518

Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/mysql-4.1.19-i486-1.tgz:
Upgraded to mysql-4.1.19.
This fixes some minor security issues with possible information leakage. Note that the information leakage bugs require that the attacker have access to an account on the database. Also note that by default, Slackware's rc.mysqld script does not allow access to the database through the outside network (it uses the --skip-networking option). If you've enabled network access to MySQL, it is a good idea to filter the port (3306) to prevent access from unauthorized machines. For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517
(* Security fix *)
+--------------------------+

Here are the details from the Slackware -current ChangeLog:
+--------------------------+
ap/mysql-5.0.21-i486-1.tgz: Upgraded to mysql-5.0.21.
This fixes some security issues, including possible information leakage, and execution of arbitrary code. Note that the information leakage bugs require that the attacker have access to an account on the database. Also note that by default, Slackware's rc.mysqld script does not allow access to the database through the outside network (it uses the --skip-networking option). If you've enabled network access to MySQL, it is a good idea to filter the port (3306) to prevent access from unauthorized machines.
For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1518
(* Security fix *)
+--------------------------+

Where to find the new packages:

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mysql-4.1.19-i486-1.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/mysql-5.0.21-i486-1.tgz

MD5 signatures:

Slackware 10.2 package:
c229e19d782404da119be46355a170d2 mysql-4.1.19-i486-1.tgz

Slackware -current package:
51008b23954c0d82c2670290476d0249 mysql-5.0.21-i486-1.tgz

Installation instructions:

Upgrade the package as root:
# upgradepkg mysql-4.1.19-i486-1.tgz

Then, restart the database server:
# sh /etc/rc.d/rc.mysqld restart

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com



No talkbacks posted.
  Home | Search Talkbacks | Customize View    Top of Page  



Enter your comments below:

* Your Name:

* Your Email Address:

* Subject:

CC: [will also send this talkback to an E-Mail address]

* Comments:

Tags allowed:<I>,<B> and <U>. See our talkback-policy for more about talkback content.

Fields marked with * are required!

..............................




All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux, Apache and PHP