Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Advisories, June 4, 2006:

Jun 05, 2006, 05:30 (0 Talkback[s])

Debian Security Advisory DSA 1086-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
June 2nd, 2006 http://www.debian.org/security/faq


Package : xmcd
Vulnerability : design flaw
Problem type : local
Debian-specific: no
CVE ID : CVE-2006-2542
Debian Bug : 366816

The xmcdconfig creates directories world-writeable allowing local users to fill the /usr and /var partition and hence cause a denial of service. This problem has been half-fixed since version 2.3-1.

For the old stable distribution (woody) this problem has been fixed in version 2.6-14woody1.

For the stable distribution (sarge) this problem has been fixed in version 2.6-17sarge1.

For the unstable distribution (sid) this problem has been fixed in version 2.6-18.

We recommend that you upgrade your xmcd package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1.dsc
      Size/MD5 checksum: 619 42038224877b80e57969e82e14a6ee5a
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1.diff.gz
      Size/MD5 checksum: 19169 3144b9f7dc78b1a0a668eff06ded3b08
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6.orig.tar.gz
      Size/MD5 checksum: 553934 ce3208e21d8e37059e44ce9310d08f5f

Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_alpha.deb
      Size/MD5 checksum: 65648 d4beba33b15cdef57c315666e9dbeaf3
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_alpha.deb
      Size/MD5 checksum: 458520 da2013cefff5009ed770397ea7cf23fe

ARM architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_arm.deb
      Size/MD5 checksum: 60464 2a9f06c9a2f888ea56ac62bdfe2eb05e
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_arm.deb
      Size/MD5 checksum: 378038 932f832766a947aac29d9b40f2f8a026

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_i386.deb
      Size/MD5 checksum: 58970 506435aef6b9a12c0715e73dea67eefd
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_i386.deb
      Size/MD5 checksum: 324960 2eba0f70812dada62ec2fb3f3b054318

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_ia64.deb
      Size/MD5 checksum: 66140 6d3eff9fdf1d9c6052c9554bc4dd584a
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_ia64.deb
      Size/MD5 checksum: 543700 dce5ff73c754b4425fe642117a52f5fa

HP Precision architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_hppa.deb
      Size/MD5 checksum: 60954 f48d59a10a2891bdb1842da42fe0b0f4
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_hppa.deb
      Size/MD5 checksum: 406294 2b12245768fce9c5f57cc4a8818ea1be

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_m68k.deb
      Size/MD5 checksum: 58890 ce57236e978ed6310d23cf1cfede3224
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_m68k.deb
      Size/MD5 checksum: 309832 0de1924af1c4981505849da8e6b8c7af

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_mips.deb
      Size/MD5 checksum: 61476 8a4dcea7adbfb4a1c3294a2622e05d15
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_mips.deb
      Size/MD5 checksum: 377170 91d622c19970fe0dcda24f63e85c7350

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_mipsel.deb
      Size/MD5 checksum: 61436 27eaa3e4c2365f2e4b49c526acc3df00
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_mipsel.deb
      Size/MD5 checksum: 378122 c9b63596911f83c72a4c9b7fbd01abf0

PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_powerpc.deb
      Size/MD5 checksum: 60998 74e9b62e02f69db4dfedab57100904dd
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_powerpc.deb
      Size/MD5 checksum: 364402 28547836494d0142a84c2bf58888c6bf

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_s390.deb
      Size/MD5 checksum: 59818 8d3d1ca6ff1fd1ceb32c42b73d4fe3bb
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_s390.deb
      Size/MD5 checksum: 347966 dd3cc13ee026156516f315b77cb1f06b

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_sparc.deb
      Size/MD5 checksum: 62724 597ddc3fe6e1c56a3ecb78e2b46c7fd4
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_sparc.deb
      Size/MD5 checksum: 361214 e93e33fe714c4b5429eb7a2bce8ba0ea

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1.dsc
      Size/MD5 checksum: 619 25a530a0383c4ab2cbc2d23a6c95d5f2
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1.diff.gz
      Size/MD5 checksum: 20482 d9ce89eebe6f068df0c1d49eacc0bb4b
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6.orig.tar.gz
      Size/MD5 checksum: 553934 ce3208e21d8e37059e44ce9310d08f5f

Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_alpha.deb
      Size/MD5 checksum: 62480 d99e5ad3da64edbfbc6a9e5c610683e1
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_alpha.deb
      Size/MD5 checksum: 452252 19bf881ff9a11a1d398d97ef2158f07c

AMD64 architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_amd64.deb
      Size/MD5 checksum: 60974 d14a6718ad2f95983d0af699aa585df2
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_amd64.deb
      Size/MD5 checksum: 375978 1064343cbef2794c637ce6431935280b

ARM architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_arm.deb
      Size/MD5 checksum: 60052 870eb636eb62c6b3d5fc310d82e9ae2c
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_arm.deb
      Size/MD5 checksum: 363752 cf23e90fa86d845a66c297a12de2c887

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_i386.deb
      Size/MD5 checksum: 59976 95f0064a7b485df46d6275e3ba98b28e
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_i386.deb
      Size/MD5 checksum: 347032 2e5dfd037ca6a7d7e7ef77fa5b3cdd6a

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_ia64.deb
      Size/MD5 checksum: 64146 9cf8c9c4c9aa5a6bf8da06ff9079e4df
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_ia64.deb
      Size/MD5 checksum: 521072 6759905bab7f05d9cba71fa19b7b971d

HP Precision architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_hppa.deb
      Size/MD5 checksum: 61618 578d619050afd48ba63fbb103a443673
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_hppa.deb
      Size/MD5 checksum: 399428 b7c61aa93ff2efd42cb4375940b675df

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_m68k.deb
      Size/MD5 checksum: 59428 a95f8b6d48635de344faf79d8dce01f5
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_m68k.deb
      Size/MD5 checksum: 311534 313f9f8e4db059b0c58bc37ef61fe6cd

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_mips.deb
      Size/MD5 checksum: 61656 35c929f75f4ab0989ab7fe94afe08a3d
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_mips.deb
      Size/MD5 checksum: 379520 57b63417bfb1d07afb79767268e56022

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_mipsel.deb
      Size/MD5 checksum: 61688 63b48f033d11adeb78d933e36ad0a904
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_mipsel.deb
      Size/MD5 checksum: 381286 0e05464ae0243e4c6abfa50d21bf032c

PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_powerpc.deb
      Size/MD5 checksum: 60740 5bfc0950afeb05321af3623f90b015e4
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_powerpc.deb
      Size/MD5 checksum: 372902 e1706bbfe5c2e920465f339824c3639a

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_s390.deb
      Size/MD5 checksum: 60742 95dcd70b6713309c6f0d57017b024ed7
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_s390.deb
      Size/MD5 checksum: 364676 0e28c9bf8c98276469af3b7a906f9c39

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_sparc.deb
      Size/MD5 checksum: 59944 6057d32cd180068884fa63923163cc92
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_sparc.deb
      Size/MD5 checksum: 354052 51387f66a75f9ab56fa036b970ace931

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 1087-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
June 3rd, 2006 http://www.debian.org/security/faq


Package : postgresql
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-2313 CVE-2006-2314

Several encoding problems have been discovered in PostgreSQL, a popular SQL database. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-2313

Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of invalidly-encoded multibyte text data which could allow an attacker to inject arbitrary SQL commands.

CVE-2006-2314

A similar problem exists in client-side encodings (such as SJIS, BIG5, GBK, GB18030, and UHC) which contain valid multibyte characters that end with the backslash character. An attacker could supply a specially crafted byte sequence that is able to inject arbitrary SQL commands.

This issue does not affect you if you only use single-byte (like SQL_ASCII or the ISO-8859-X family) or unaffected multibyte (like UTF-8) encodings.

psycopg and python-pgsql use the old encoding for binary data and may have to be updated.

The old stable distribution (woody) is affected by these problems but we're unable to correct the package.

For the stable distribution (sarge) these problems have been fixed in version 7.4.7-6sarge2.

For the unstable distribution (sid) these problems have been fixed in version 7.4.13-1.

We recommend that you upgrade your postgresql packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2.dsc
      Size/MD5 checksum: 985 78d63a976c27999c86bbd57f70eae80d
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2.diff.gz
      Size/MD5 checksum: 189611 577fb231aac4f86692e935b6a30eb1f4
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7.orig.tar.gz
      Size/MD5 checksum: 9952102 d193c58aef02a745e8657c48038587ac

Architecture independent components:

    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-doc_7.4.7-6sarge2_all.deb
      Size/MD5 checksum: 2266882 86068a0b0bd5f3353746555933d29317

Alpha architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_alpha.deb
      Size/MD5 checksum: 239980 bb173b640c9f206c320d20b554d724fa
    http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_alpha.deb
      Size/MD5 checksum: 104826 0d4a8d8aea91799bc70617f9e47b5b29
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_alpha.deb
      Size/MD5 checksum: 82408 f4a3dad48412573e5b993c4d9e7400f1
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_alpha.deb
      Size/MD5 checksum: 61972 7cc403fea81613636d180358568638ca
    http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_alpha.deb
      Size/MD5 checksum: 139496 bede365b3e3505f79cb734747744fd5e
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_alpha.deb
      Size/MD5 checksum: 4153162 86740fcfb886861702c8bccbcfb7a8be
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_alpha.deb
      Size/MD5 checksum: 614270 16108bc1a5cc9d7d51337597e2f5090c
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_alpha.deb
      Size/MD5 checksum: 701704 de550242e2d5cbbf0d9c24aad75a4977
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_alpha.deb
      Size/MD5 checksum: 546150 d9c95cc8ac6e21509b13640d0589c46c

AMD64 architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_amd64.deb
      Size/MD5 checksum: 210208 602e081a5b8ef164d0d7114cfbb002e2
    http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_amd64.deb
      Size/MD5 checksum: 96442 ecdcbc5b59750b9871d49e3319a18fb8
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_amd64.deb
      Size/MD5 checksum: 79380 ca54542f754ac5da8c992f5889c12cc9
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_amd64.deb
      Size/MD5 checksum: 56212 364aaa1ac5a22e12262b90314f060d33
    http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_amd64.deb
      Size/MD5 checksum: 131638 82fcd52b9cb9c93afb1e9545df89ee28
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_amd64.deb
      Size/MD5 checksum: 3887452 f408a28bc585b4f98e72e343813316be
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_amd64.deb
      Size/MD5 checksum: 559516 2b31c9a4fc43ab7ca0d9dd2f55dd1bb9
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_amd64.deb
      Size/MD5 checksum: 654962 0b5970688a0f4ed4476ea80196b3e33d
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_amd64.deb
      Size/MD5 checksum: 519740 b291ff79aa9dcf4c94b4f544222b6e3c

ARM architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_arm.deb
      Size/MD5 checksum: 216872 60267ccd42ebc905fbed60faf15ce7c8
    http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_arm.deb
      Size/MD5 checksum: 92170 6f866dbf0695c4857d73dbd9c538caa7
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_arm.deb
      Size/MD5 checksum: 76290 53279156767dd6b03ebde6a1a7a6e9d5
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_arm.deb
      Size/MD5 checksum: 56338 14809b9f1149cc9a09b2b7f65efffd07
    http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_arm.deb
      Size/MD5 checksum: 124098 72f5fa7ae580925a88a2d3dd8fc96c3d
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_arm.deb
      Size/MD5 checksum: 3789942 b819ecda4f08a2f321942e6efd760e35
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_arm.deb
      Size/MD5 checksum: 534538 b1cd2927aaf7a59ebe9274e9d88beff9
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_arm.deb
      Size/MD5 checksum: 628216 a94c9d9207b560b6eed5fd823bdd5406
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_arm.deb
      Size/MD5 checksum: 518454 db9f0c0c6ab0c0c3a504c5a1faf93d54

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_i386.deb
      Size/MD5 checksum: 207204 aafafd90bea915cfce42e4cc8997a7ae
    http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_i386.deb
      Size/MD5 checksum: 95146 fbccb71b54ddae5b4f0100262e546edd
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_i386.deb
      Size/MD5 checksum: 78032 c2199f8932f9af670103bae577da7928
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_i386.deb
      Size/MD5 checksum: 55678 ba9771127582d3c4d041d0ebd54714f8
    http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_i386.deb
      Size/MD5 checksum: 128310 fcdcfa9995f3929c4af97fa75540fdf8
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_i386.deb
      Size/MD5 checksum: 3799030 0d851c1ad83ba723ca81009464c69f71
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_i386.deb
      Size/MD5 checksum: 539660 c3511e4e1935e5e741e630b33828492f
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_i386.deb
      Size/MD5 checksum: 625940 32bb7a6139270dd119f72a7b708a6c54
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_i386.deb
      Size/MD5 checksum: 516050 9aa8818dec80c8830fde3b0d6849d310

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_ia64.deb
      Size/MD5 checksum: 250406 02e0cd73738b871e12fe07d435f502e8
    http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_ia64.deb
      Size/MD5 checksum: 117496 0b12feda47694da718abaa8b82e3a7df
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_ia64.deb
      Size/MD5 checksum: 91804 c75fd48f53fa84033593c5000c4e2ba1
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_ia64.deb
      Size/MD5 checksum: 60582 c81d60f2b9fcafc17bf2c890f62a67af
    http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_ia64.deb
      Size/MD5 checksum: 152570 657268cc59f43720a4fbcd7401f68a51
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_ia64.deb
      Size/MD5 checksum: 4408476 6b9c54e4e402f7f2dd0bab017b53b066
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_ia64.deb
      Size/MD5 checksum: 682300 919925ab2e1e3f0214223ec4d557198f
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_ia64.deb
      Size/MD5 checksum: 776054 17a52e7ee887815ea0eca17db214e143
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_ia64.deb
      Size/MD5 checksum: 543558 304d71b16b2de34209431a6e4f5f47b4

HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_hppa.deb
      Size/MD5 checksum: 217744 7ea61b426c2ead22a87d8e6b2b8cbc06
    http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_hppa.deb
      Size/MD5 checksum: 104378 cb8adb9c1dd2bc415a6157fa12f928e5
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_hppa.deb
      Size/MD5 checksum: 83740 3799d1cfececc128d9a6a790c08a86c7
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_hppa.deb
      Size/MD5 checksum: 58682 3caab961a85db146b0d37f982af37622
    http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_hppa.deb
      Size/MD5 checksum: 134686 5a730cd2793948c69aacb82d00124259
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_hppa.deb
      Size/MD5 checksum: 4263326 56aa2f4f1caab2fddf15b8c0c960c426
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_hppa.deb
      Size/MD5 checksum: 572462 2989c44d3ed16aff10af1bbdfee973f8
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_hppa.deb
      Size/MD5 checksum: 686150 ad186c53d5cf30ec79bd5f7a8de97a7c
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_hppa.deb
      Size/MD5 checksum: 523900 eb948f532e5cfdebe504925a73103c9d

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_m68k.deb
      Size/MD5 checksum: 194254 60cb0f51cdb1e8c270bf5092b8d8255c
    http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_m68k.deb
      Size/MD5 checksum: 89926 557536dec7b52d56abd80da0e3395204
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_m68k.deb
      Size/MD5 checksum: 76946 8d5b8aaaad2faef72647dab6bf74a706
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_m68k.deb
      Size/MD5 checksum: 53920 d8a7c7dfde0b9848c9b820b1b021013b
    http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_m68k.deb
      Size/MD5 checksum: 125348 e2a9707ad1ac5f7fe1c1f2455242bc2c
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_m68k.deb
      Size/MD5 checksum: 3974176 da72953d869784679784c9753972128f
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_m68k.deb
      Size/MD5 checksum: 510460 0c3be055f6a3e09377c5669e25ee6cc3
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_m68k.deb
      Size/MD5 checksum: 608894 52181b4b31ca796c2a67737706c2d732
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_m68k.deb
      Size/MD5 checksum: 507366 b47589dc8e2cba5f2484136ae1360bd8

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_mips.deb
      Size/MD5 checksum: 209612 24ecb0017cc2d0213c9ae14def963f7c
    http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_mips.deb
      Size/MD5 checksum: 95740 7bc16022786a15ce296cc450bad14690
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_mips.deb
      Size/MD5 checksum: 80856 4ae6337bf3f0749e5646398025b4ca3a
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_mips.deb
      Size/MD5 checksum: 56260 32e7db2cc80977c8202f4dd11e4d37c0
    http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_mips.deb
      Size/MD5 checksum: 128346 19627a5e0dab29be81b092ef9a064f1c
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_mips.deb
      Size/MD5 checksum: 4171356 e97e1b50aa6ce9f1b3963d9ab20eeacc
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_mips.deb
      Size/MD5 checksum: 582144 804d77b5e1089b5b39e57eb228836aca
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_mips.deb
      Size/MD5 checksum: 641800 4b006574dbeda3bcedc514ca12433b10
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_mips.deb
      Size/MD5 checksum: 521302 8d1b8b6bc9bc640761909527c425083a

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_mipsel.deb
      Size/MD5 checksum: 207620 1b974ad276e845a8b9da8afb88b20118
    http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_mipsel.deb
      Size/MD5 checksum: 95932 06b9e5d8fd2e82c622febe7faf7b2be7
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_mipsel.deb
      Size/MD5 checksum: 80612 7a2d7bbd54b8f08aa09c2cd307d3d2be
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_mipsel.deb
      Size/MD5 checksum: 56322 22475b9bc5de36f15ad8560795455133
    http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_mipsel.deb
      Size/MD5 checksum: 128422 f6fbc5968a69601bcf94d71ad0f88532
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_mipsel.deb
      Size/MD5 checksum: 3862226 e4424c77620f0c30beb7d8ac0e253d9f
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_mipsel.deb
      Size/MD5 checksum: 581426 ed5a9b2a615bdfcc7036287667502038
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_mipsel.deb
      Size/MD5 checksum: 641240 dc49d2bcf81a25280664c73b1af8797b
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_mipsel.deb
      Size/MD5 checksum: 521720 5ff500cb5542403582240c7e37bbcdda

PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_powerpc.deb
      Size/MD5 checksum: 210904 48e1dd207b4b025e80b35406d75b43ee
    http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_powerpc.deb
      Size/MD5 checksum: 100428 901be88d71fc0e06ccf3e50fb4151b93
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_powerpc.deb
      Size/MD5 checksum: 84596 72fbac10fd10eedcc4ef1673e5ad57b2
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_powerpc.deb
      Size/MD5 checksum: 55326 96fcce34e09b75e683c09e63d94b0ac2
    http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_powerpc.deb
      Size/MD5 checksum: 129898 6467b522f8bcf577a5a5eac47e695e5f
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_powerpc.deb
      Size/MD5 checksum: 4203052 1f019762641079d46b162b4ad2837458
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_powerpc.deb
      Size/MD5 checksum: 565430 a305cd9acfcec0d648edb56eaae2f605
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_powerpc.deb
      Size/MD5 checksum: 686040 3d34c6d9faf50a6c88c736364895cbdf
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_powerpc.deb
      Size/MD5 checksum: 516676 c2e91f20faa7669ab94fae166f94cac5

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_s390.deb
      Size/MD5 checksum: 208296 1ceaec0962943f05b7cb930c5a8ec5f0
    http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_s390.deb
      Size/MD5 checksum: 97814 73b521d57581888ffa97f4c519aa2b78
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_s390.deb
      Size/MD5 checksum: 80456 704e9ef41e3f89e610f7400c998ce88c
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_s390.deb
      Size/MD5 checksum: 56994 b135a1197a5b47a4070a07ffceb33348
    http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_s390.deb
      Size/MD5 checksum: 133966 f80f2bfb7a971fd9ff4f3266c9fdddcd
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_s390.deb
      Size/MD5 checksum: 4161698 8dac213b26c2f64b394ead91cf796c8e
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_s390.deb
      Size/MD5 checksum: 549568 a82366bd7a49ca2e2c3f84a0f99b61b2
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_s390.deb
      Size/MD5 checksum: 665482 6d7faf109031c6f295966e65bd69ed79
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_s390.deb
      Size/MD5 checksum: 520664 3ebbbcd84b599632d3b74a6aa5cfbd9e

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_sparc.deb
      Size/MD5 checksum: 205870 9fe5eac55d9ecb77cde27081e43fa2e2
    http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_sparc.deb
      Size/MD5 checksum: 93606 1ef27ddd79e25a9de9f65673076ccbed
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_sparc.deb
      Size/MD5 checksum: 77926 525d22dd799578af00d5ee3e09718dbd
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_sparc.deb
      Size/MD5 checksum: 56150 07daedfabe9931672c7fced5ef515708
    http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_sparc.deb
      Size/MD5 checksum: 127594 e488f86dcbce2df62c3dbfe56766d1c2
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_sparc.deb
      Size/MD5 checksum: 4091222 6c3cbbb9965d35a5813ea78abac52645
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_sparc.deb
      Size/MD5 checksum: 535876 f914be88ee8da6b67cc3af31db4ef42b
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_sparc.deb
      Size/MD5 checksum: 633208 f23620f4d6708b1946e85349372e3048
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_sparc.deb
      Size/MD5 checksum: 514344 6d8417121070e1faa09936e6ac9b943f

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 1088-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
June 3rd, 2006 http://www.debian.org/security/faq


Package : centericq
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2005-3863
BugTraq ID : 15600
Debian Bug : 340959

Mehdi Oudad and Kevin Fernandez discovered a buffer overflow in the ktools library which is used in centericq, a text-mode multi-protocol instant messenger client, which may lead local or remote attackers to execute arbitrary code.

For the old stable distribution (woody) this problem has been fixed in version 4.5.1-1.1woody2.

For the stable distribution (sarge) this problem has been fixed in version 4.20.0-1sarge4.

For the unstable distribution (sid) this problem has been fixed in version 4.21.0-6.

We recommend that you upgrade your centericq package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2.dsc
      Size/MD5 checksum: 603 792e9548d8f6d540c26fa0fdbdd1df57
    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2.diff.gz
      Size/MD5 checksum: 3827 dc51504b36a05b003de1d22c2c879223
    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1.orig.tar.gz
      Size/MD5 checksum: 680625 e50121ea43a54140939b7bec8efdefe0

Alpha architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_alpha.deb
      Size/MD5 checksum: 868742 1e533bd67111dbaca069ec6a7e9122ec

ARM architecture:

    http://security.debian.org/pool/updates/main/c/cent