Linux Today - Advisories, June 11, 2006

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices

Technology Jobs

LinuxToday Newsletters

Server Daily
IT Management Daily
Subscribe News
Subscribe PR
Subscribe Security

internet.com

Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

Current Newswire:

20 popular Ubuntu Linux apps you may want to try

A Selection of the Very Best Open Source Tutorials and Tools

Android Ice Cream Sandwich ported to x86 tablets, netbooks and notebooks

SECURITY: Google Chrome 17 Improves Security

How to read a CSV file in Perl?

Red Hat Brings Gluster to Amazon Cloud

New Linux kernel fixes power-saving issues

Using Wii remote with Android Device- Taking Gaming to the Next Level

Commercial Support now available for the open-source NGINX Web server

Linux Top 5: Linux's New Fellow

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Post A Job | Post A Resume

:Advisories, June 11, 2006

Advisories, June 11, 2006
Jun 12, 2006, 05 :30 UTC (0 Talkback[s]) (3444 reads)

Debian GNU/Linux

Debian Security Advisory DSA 1094-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
June 8th, 2006 http://www.debian.org/security/faq

Package : gforge
Vulnerability : missing input sanitising
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2005-2430
Debian Bug : 328224

Joxean Koret discovered several cross-site scripting vulnerabilities in Gforge, an online collaboration suite for software development, which allow injection of web script code.

The old stable distribution (woody) does not contain gforge packages.

For the stable distribution (sarge) this problem has been fixed in version 3.1-31sarge1.

For the unstable distribution (sid) this problem has been fixed in version 3.1-31sarge1.

We recommend that you upgrade your gforge package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge1.dsc
      Size/MD5 checksum: 868 0452baf77a8669801e5c218405eb4c9e
    http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge1.diff.gz
      Size/MD5 checksum: 288414 97f88bfe5581a40469e05ed66fc54568
    http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1.orig.tar.gz
      Size/MD5 checksum: 1409879 c723b3a9efc016fd5449c4765d5de29c

Architecture independent components:

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 1095-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
June 10th, 2006 http://www.debian.org/security/faq

Package : freetype
Vulnerability : integer overflows
Problem type : local (remote)
Debian-specific: no
CVE IDs : CVE-2006-0747 CVE-2006-1861 CVE-2006-2493 CVE-2006-2661
BugTraq ID : 18034

Several problems have been discovered in the FreeType 2 font engine. The Common vulnerabilities and Exposures project identifies the following problems:

CVE-2006-0747

Several integer underflows have been discovered which could allow remote attackers to cause a denial of service.

CVE-2006-1861

Chris Evans discovered several integer overflows that lead to a denial of service or could possibly even lead to the execution of arbitrary code.

CVE-2006-2493

Several more integer overflows have been discovered which could possibly lead to the execution of arbitrary code.

CVE-2006-2661

A null pointer dereference could cause a denial of service.

For the old stable distribution (woody) these problems have been fixed in version 2.0.9-1woody1.

For the stable distribution (sarge) these problems have been fixed in version 2.1.7-2.5.

For the unstable distribution (sid) these problems will be fixed soon

We recommend that you upgrade your libfreetype packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

    http://security.debian.org/pool/updates/main/f/freetype/freetype_2.0.9-1woody1.dsc
      Size/MD5 checksum: 672 e9f338a6cc7d4f8924ec9df3dd14035a
    http://security.debian.org/pool/updates/main/f/freetype/freetype_2.0.9-1woody1.diff.gz
      Size/MD5 checksum: 17441 8313446b932167b006e7b039c6890821
    http://security.debian.org/pool/updates/main/f/freetype/freetype_2.0.9.orig.tar.gz
      Size/MD5 checksum: 908842 102e1d651fd6404e656e3d1d8a36a4a0

Alpha architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_alpha.deb
      Size/MD5 checksum: 72438 81cf505ba02eb5167141388fedd84177
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_alpha.deb
      Size/MD5 checksum: 244742 599b407104960c51a32c75782ccc6bcb
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_alpha.deb
      Size/MD5 checksum: 598368 f5bb8504b2d91b0af7cd878f661520d4

ARM architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_arm.deb
      Size/MD5 checksum: 38802 0890e233c07cfa17fcf4de4e312ee0cb
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_arm.deb
      Size/MD5 checksum: 211736 c071143fd0bcbba47e3be584dd52c9b5
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_arm.deb
      Size/MD5 checksum: 565936 3ea6b5786fdc1b74c8ce501a83f87b56

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_i386.deb
      Size/MD5 checksum: 37128 55f75b5277bc86e66167bd92019d0dc0
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_i386.deb
      Size/MD5 checksum: 208990 c59dc78191132dcc3db2ad6e529ed872
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_i386.deb
      Size/MD5 checksum: 541294 028c883672af3f15cdea4595e124d12d

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_ia64.deb
      Size/MD5 checksum: 91606 34dd0d964ef7f5471a9d8aca9204eae6
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_ia64.deb
      Size/MD5 checksum: 314490 f277129e151512f5f40f7dac92bd70ca
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_ia64.deb
      Size/MD5 checksum: 661156 2da5eeaec642e9ad417f05d556042654

HP Precision architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_hppa.deb
      Size/MD5 checksum: 65954 01f070e5a891f294673ecc02746e2a3e
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_hppa.deb
      Size/MD5 checksum: 243240 3ce3f6c9c81f475e8f5025d891c6baa3
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_hppa.deb
      Size/MD5 checksum: 581982 2cd9bf66c5fa0900b2bbd892cb4fe27e

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_m68k.deb
      Size/MD5 checksum: 35004 9fb250326a6ec18855b526881bff1971
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_m68k.deb
      Size/MD5 checksum: 202382 b914d6dca81b0a0bbcd51b41f14d285b
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_m68k.deb
      Size/MD5 checksum: 533332 99c58bfb00e2eec28605797281ba7d91

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_mips.deb
      Size/MD5 checksum: 65994 d095a3147f7bf29601a633e0981812ef
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_mips.deb
      Size/MD5 checksum: 227602 a0bb3a1ec9f4d199b592e83e1f96cc62
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_mips.deb
      Size/MD5 checksum: 585274 70ee8753fbc279405f51aa3f85c9277a

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_mipsel.deb
      Size/MD5 checksum: 66068 4252d63c5c6fc9c2073a3c4f9a2c94b3
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_mipsel.deb
      Size/MD5 checksum: 224940 cd715fcea79690133890d1ac51c897d5
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_mipsel.deb
      Size/MD5 checksum: 582886 95ab06bdb92195b369f4b1394caace23

PowerPC architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_powerpc.deb
      Size/MD5 checksum: 40060 11ce0afd84b3b6d72aeb6ad65f46d20b
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_powerpc.deb
      Size/MD5 checksum: 220220 f3e618b284f001fb1aca10f09153580c
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_powerpc.deb
      Size/MD5 checksum: 562794 1f79591fa630cc0c1843a5877782fa5b

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_s390.deb
      Size/MD5 checksum: 39878 f4349eae5c74098119905d368c7b0e2e
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_s390.deb
      Size/MD5 checksum: 217756 f025a5c14fd3c2c115076095565628a5
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_s390.deb
      Size/MD5 checksum: 550812 667c68d66e3055fdc01ff3a028f5b065

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_sparc.deb
      Size/MD5 checksum: 49750 6c536054e3247e79bef317c60ca6b3b1
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_sparc.deb
      Size/MD5 checksum: 212828 cab02000c53126f833994914024f057f
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_sparc.deb
      Size/MD5 checksum: 549646 206cb2d25dd696a438e54c188bf83b2c

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7-2.5.dsc
      Size/MD5 checksum: 677 89163a31332f8fd9602ee070e736db56
    http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7-2.5.diff.gz
      Size/MD5 checksum: 56830 e44f23774c76ec8744556393d1a67155
    http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7.orig.tar.gz
      Size/MD5 checksum: 1245623 991ff86e88b075ba363e876f4ea58680

Alpha architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_alpha.deb
      Size/MD5 checksum: 88168 43fe03488f5298535877f31e514af2b5
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_alpha.deb
      Size/MD5 checksum: 422428 ca66e5f4c34fe72139aec143d2267638
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_alpha.deb
      Size/MD5 checksum: 784362 87d5c43d63e83523ed20051640b702c8

AMD64 architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_amd64.deb
      Size/MD5 checksum: 76236 3352ce99b2a88ca07d88f04c91b3dc3e
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_amd64.deb
      Size/MD5 checksum: 389884 7262b08b4199214f93165ae412c9f467
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_amd64.deb
      Size/MD5 checksum: 723734 fb33e8413b560d7afaeb02e59a76cf09

ARM architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_arm.deb
      Size/MD5 checksum: 58730 55df9efbd4eb664f1783ee82a38f1844
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_arm.deb
      Size/MD5 checksum: 352562 7abf762b31898aaca08668d0a96b6f2f
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_arm.deb
      Size/MD5 checksum: 714506 954e50736413bdef43b26230c639de88

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_i386.deb
      Size/MD5 checksum: 63194 cb8a719a9a774729d66008d9027e51e6
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_i386.deb
      Size/MD5 checksum: 363860 db9690836e2cec4d75d72e21fa3454b2
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_i386.deb
      Size/MD5 checksum: 693456 413e7c3ac3cbe875565583e4d715e9f9

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_ia64.deb
      Size/MD5 checksum: 102602 33a1531632b9b99c8dddaf3db4bf5b76
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_ia64.deb
      Size/MD5 checksum: 493270 d5c7f28e477780047c923279b96b3e4a
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_ia64.deb
      Size/MD5 checksum: 843896 72048488bde93d3630b6b9da079e69e9

HP Precision architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_hppa.deb
      Size/MD5 checksum: 80762 42a0bfccfaac7473755699a843e24a47
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_hppa.deb
      Size/MD5 checksum: 406960 0c4175c2dd0e48b799e09d2afc12690f
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_hppa.deb
      Size/MD5 checksum: 734430 89b01eb71ca9666bfda516a81b42279c

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_m68k.deb
      Size/MD5 checksum: 43850 8c48fb2db89bd539888bee4b5e96bc9f
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_m68k.deb
      Size/MD5 checksum: 359290 8d0540203484407b5e3ac0caa6a17a76
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_m68k.deb
      Size/MD5 checksum: 678740 6a4a245d16be00bfb42c4c95bc46c33b

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_mips.deb
      Size/MD5 checksum: 91802 edb71b520cad9ee3325f1ab6c9aba2e1
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_mips.deb
      Size/MD5 checksum: 384104 a3a2b6850b6ad4fa58b26e4f87c99bc1
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_mips.deb
      Size/MD5 checksum: 742462 1622c7ed6976c080c191bf4355a39bcf

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_mipsel.deb
      Size/MD5 checksum: 91530 b5f2884e0a60f941472f73e5bb4ed36a
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_mipsel.deb
      Size/MD5 checksum: 376154 44ecb1dd13695505127605383ba08550
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_mipsel.deb
      Size/MD5 checksum: 735808 5be48a87080982898270d5d3872d23a1

PowerPC architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_powerpc.deb
      Size/MD5 checksum: 81984 1947fae668eea39c6547b5f7223b161b
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_powerpc.deb
      Size/MD5 checksum: 379112 ba3fcf9e41fb86ffb942f62da564e443
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_powerpc.deb
      Size/MD5 checksum: 730110 abef79b7c668f78ac1824d28871d12e5

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_s390.deb
      Size/MD5 checksum: 76224 cad554cfd04bc4d3a95b2a2ec2fdc0d5
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_s390.deb
      Size/MD5 checksum: 399662 a0b113ed1c25426c878a88fa3709eab9
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_s390.deb
      Size/MD5 checksum: 752436 294913dbf3d5371ea9bb20f44a03d5c0

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_sparc.deb
      Size/MD5 checksum: 68422 5c7b16ad44271621f8d5212ddcedefe9
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_sparc.deb
      Size/MD5 checksum: 363802 64e8b09bf5e357b284c23b284e5c13cc
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_sparc.deb
      Size/MD5 checksum: 699974 ef249a5e5d11b534e55f1e942ef29cef

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Gentoo Linux

Gentoo Linux Security Advisory [ERRATA UPDATE] GLSA 200604-10:02

http://security.gentoo.org/

Severity: Normal
Title: zgv: Heap overflow
Date: April 21, 2006
Updated: June 10, 2006
Bugs: #127008
ID: 200604-10:02

Errata

The fixed zgv ebuild proposed in the initial version of this Security Advisory did not address all the vulnerabilities of the zgv package.

The corrected sections appear below.

Affected packages

The corrected list of affected packages is as follows:

Package / Vulnerable / Unaffected

1 media-gfx/xzgv < 0.8-r2 >= 0.8-r2 2 media-gfx/zgv < 5.9 >= 5.9 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures.

Resolution

All zgv users should also upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-gfx/zgv-5.9"

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200604-10.xml

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory GLSA 200606-07

http://security.gentoo.org/

Severity: High
Title: Vixie Cron: Privilege Escalation
Date: June 09, 2006
Bugs: #134194
ID: 200606-07

Synopsis

Vixie Cron allows local users to execute programs as root.

Background

Vixie Cron is a command scheduler with extended syntax over cron.

Affected packages


     Package                 /  Vulnerable  /               Unaffected

  1  sys-process/vixie-cron      < 4.1-r9                    >= 4.1-r9

Description

Roman Veretelnikov discovered that Vixie Cron fails to properly check whether it can drop privileges accordingly if setuid() in do_command.c fails due to a user exceeding assigned resource limits.

Impact

Local users can execute code with root privileges by deliberately exceeding their assigned resource limits and then starting a command through Vixie Cron. This requires resource limits to be in place on the machine.

Workaround

There is no known workaround at this time.

Resolution

All Vixie Cron users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=sys-process/vixie-cron-4.1-r9"

References

[ 1 ] CVE-2006-2607

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2607

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200606-07.xml

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory GLSA 200606-08

http://security.gentoo.org/

Severity: High
Title: WordPress: Arbitrary command execution
Date: June 09, 2006
Bugs: #134397
ID: 200606-08

Synopsis

WordPress fails to sufficiently check the format of cached username data.

Background

WordPress is a PHP and MySQL based content management and publishing system.

Affected packages


     Package             /  Vulnerable  /                   Unaffected

  1  www-apps/wordpress       < 2.0.3                         >= 2.0.3

Description

rgod discovered that WordPress insufficiently checks the format of cached username data.

Impact

An attacker could exploit this vulnerability to execute arbitrary commands by sending a specially crafted username. As of Wordpress 2.0.2 the user data cache is disabled as the default.

Workaround

There are no known workarounds at this time.

Resolution

All WordPress users should upgrade to the latest available version:

    # emerge --sync

    # emerge --ask --oneshot --verbose ">=www-apps/wordpress-2.0.3"

References

[ 1 ] CVE-2006-2667

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2667

[ 2 ] CVE-2006-2702

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2702

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200606-08.xml

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Red Hat Linux

Red Hat Security Advisory

Synopsis: Moderate: mailman security update
Advisory ID: RHSA-2006:0486-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0486.html
Issue date: 2006-06-09
Updated on: 2006-06-09
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-0052

1. Summary:

An updated mailman package that fixes a denial of service flaw is now available for Red Hat Enterprise Linux 3 and 4.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Mailman is software to help manage email discussion lists.

A flaw was found in the way Mailman handles MIME multipart messages. An attacker could send a carefully crafted MIME multipart email message to a mailing list run by Mailman which would cause that particular mailing list to stop working. (CVE-2006-0052)

Users of Mailman should upgrade to this updated package, which contains backported patches to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

187420 - CVE-2006-0052 Mailman DoS

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mailman-2.1.5.1-25.rhel3.5.src.rpm
864b23ce9d7bb6ec67e1925e727b00a1 mailman-2.1.5.1-25.rhel3.5.src.rpm

i386:
1f8675edb008914d72c17ac208778ce8 mailman-2.1.5.1-25.rhel3.5.i386.rpm
5591118fdeb23c8f7ab773ecc89b2d64 mailman-debuginfo-2.1.5.1-25.rhel3.5.i386.rpm

ia64:
dea1f57a4cab00421c7e733abce56d0a mailman-2.1.5.1-25.rhel3.5.ia64.rpm
d626620c55ce2d6be83ede96d2b52b2a mailman-debuginfo-2.1.5.1-25.rhel3.5.ia64.rpm

ppc:
28603ff74e71bf42a65a642219ac2c12 mailman-2.1.5.1-25.rhel3.5.ppc.rpm
2092db336ea3383b409ae08b72805c3c mailman-debuginfo-2.1.5.1-25.rhel3.5.ppc.rpm

s390:
8b71da905859dda6df957227d7813f73 mailman-2.1.5.1-25.rhel3.5.s390.rpm
750eb1cb63a4bb4e10fc43b0c13df8e4 mailman-debuginfo-2.1.5.1-25.rhel3.5.s390.rpm

s390x:
0d6b38a5ba6d707bf7be2c97e5d5f697 mailman-2.1.5.1-25.rhel3.5.s390x.rpm
dd4ba23b250a06c22b92cf944de05021 mailman-debuginfo-2.1.5.1-25.rhel3.5.s390x.rpm

x86_64:
cb3afd6302189d2141198f6569405ab2 mailman-2.1.5.1-25.rhel3.5.x86_64.rpm
b599a1cc3684547547eafca41c4f0aed mailman-debuginfo-2.1.5.1-25.rhel3.5.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mailman-2.1.5.1-25.rhel3.5.src.rpm
864b23ce9d7bb6ec67e1925e727b00a1 mailman-2.1.5.1-25.rhel3.5.src.rpm

i386:
1f8675edb008914d72c17ac208778ce8 mailman-2.1.5.1-25.rhel3.5.i386.rpm
5591118fdeb23c8f7ab773ecc89b2d64 mailman-debuginfo-2.1.5.1-25.rhel3.5.i386.rpm

x86_64:
cb3afd6302189d2141198f6569405ab2 mailman-2.1.5.1-25.rhel3.5.x86_64.rpm
b599a1cc3684547547eafca41c4f0aed mailman-debuginfo-2.1.5.1-25.rhel3.5.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mailman-2.1.5.1-25.rhel3.5.src.rpm
864b23ce9d7bb6ec67e1925e727b00a1 mailman-2.1.5.1-25.rhel3.5.src.rpm

i386:
1f8675edb008914d72c17ac208778ce8 mailman-2.1.5.1-25.rhel3.5.i386.rpm
5591118fdeb23c8f7ab773ecc89b2d64 mailman-debuginfo-2.1.5.1-25.rhel3.5.i386.rpm

ia64:
dea1f57a4cab00421c7e733abce56d0a mailman-2.1.5.1-25.rhel3.5.ia64.rpm
d626620c55ce2d6be83ede96d2b52b2a mailman-debuginfo-2.1.5.1-25.rhel3.5.ia64.rpm

x86_64:
cb3afd6302189d2141198f6569405ab2 mailman-2.1.5.1-25.rhel3.5.x86_64.rpm
b599a1cc3684547547eafca41c4f0aed mailman-debuginfo-2.1.5.1-25.rhel3.5.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mailman-2.1.5.1-25.rhel3.5.src.rpm
864b23ce9d7bb6ec67e1925e727b00a1 mailman-2.1.5.1-25.rhel3.5.src.rpm

i386:
1f8675edb008914d72c17ac208778ce8 mailman-2.1.5.1-25.rhel3.5.i386.rpm
5591118fdeb23c8f7ab773ecc89b2d64 mailman-debuginfo-2.1.5.1-25.rhel3.5.i386.rpm

ia64:
dea1f57a4cab00421c7e733abce56d0a mailman-2.1.5.1-25.rhel3.5.ia64.rpm
d626620c55ce2d6be83ede96d2b52b2a mailman-debuginfo-2.1.5.1-25.rhel3.5.ia64.rpm

x86_64:
cb3afd6302189d2141198f6569405ab2 mailman-2.1.5.1-25.rhel3.5.x86_64.rpm
b599a1cc3684547547eafca41c4f0aed mailman-debuginfo-2.1.5.1-25.rhel3.5.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mailman-2.1.5.1-34.rhel4.3.src.rpm
710bda1e3e2d327750b2e173e4f26ade mailman-2.1.5.1-34.rhel4.3.src.rpm

i386:
d9ef371fe0bbfd5088458a66252fc85a mailman-2.1.5.1-34.rhel4.3.i386.rpm
d845b291a05886a7e2747d69cd92c787 mailman-debuginfo-2.1.5.1-34.rhel4.3.i386.rpm

ia64:
e6f69b07fa7bcda1bd243c0ee9fc625f mailman-2.1.5.1-34.rhel4.3.ia64.rpm
1fa4545391bdebbb8a2756f475534341 mailman-debuginfo-2.1.5.1-34.rhel4.3.ia64.rpm

ppc:
aac7cd4291f95b603ca1318844b8aa67 mailman-2.1.5.1-34.rhel4.3.ppc.rpm
83cdd5e4b505ce46fd720dcfb6a629b4 mailman-debuginfo-2.1.5.1-34.rhel4.3.ppc.rpm

s390:
fb24bfc7f51ce6078c0f2918485aa88f mailman-2.1.5.1-34.rhel4.3.s390.rpm
00ad62057a06e026111c877ad93c8b7f mailman-debuginfo-2.1.5.1-34.rhel4.3.s390.rpm

s390x:
d193fd7597c5f871f819865674c13c15 mailman-2.1.5.1-34.rhel4.3.s390x.rpm
f8dcab2a9ffd04fc13f4441035111406 mailman-debuginfo-2.1.5.1-34.rhel4.3.s390x.rpm

x86_64:
bff48be8cc1ca2adc29e50d80c274973 mailman-2.1.5.1-34.rhel4.3.x86_64.rpm
d0a2ba73d5d845a9799d0d86634dc866 mailman-debuginfo-2.1.5.1-34.rhel4.3.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mailman-2.1.5.1-34.rhel4.3.src.rpm
710bda1e3e2d327750b2e173e4f26ade mailman-2.1.5.1-34.rhel4.3.src.rpm

i386:
d9ef371fe0bbfd5088458a66252fc85a mailman-2.1.5.1-34.rhel4.3.i386.rpm
d845b291a05886a7e2747d69cd92c787 mailman-debuginfo-2.1.5.1-34.rhel4.3.i386.rpm

x86_64:
bff48be8cc1ca2adc29e50d80c274973 mailman-2.1.5.1-34.rhel4.3.x86_64.rpm
d0a2ba73d5d845a9799d0d86634dc866 mailman-debuginfo-2.1.5.1-34.rhel4.3.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mailman-2.1.5.1-34.rhel4.3.src.rpm
710bda1e3e2d327750b2e173e4f26ade mailman-2.1.5.1-34.rhel4.3.src.rpm

i386:
d9ef371fe0bbfd5088458a66252fc85a mailman-2.1.5.1-34.rhel4.3.i386.rpm
d845b291a05886a7e2747d69cd92c787 mailman-debuginfo-2.1.5.1-34.rhel4.3.i386.rpm

ia64:
e6f69b07fa7bcda1bd243c0ee9fc625f mailman-2.1.5.1-34.rhel4.3.ia64.rpm
1fa4545391bdebbb8a2756f475534341 mailman-debuginfo-2.1.5.1-34.rhel4.3.ia64.rpm

x86_64:
bff48be8cc1ca2adc29e50d80c274973 mailman-2.1.5.1-34.rhel4.3.x86_64.rpm
d0a2ba73d5d845a9799d0d86634dc866 mailman-debuginfo-2.1.5.1-34.rhel4.3.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mailman-2.1.5.1-34.rhel4.3.src.rpm
710bda1e3e2d327750b2e173e4f26ade mailman-2.1.5.1-34.rhel4.3.src.rpm

i386:
d9ef371fe0bbfd5088458a66252fc85a mailman-2.1.5.1-34.rhel4.3.i386.rpm
d845b291a05886a7e2747d69cd92c787 mailman-debuginfo-2.1.5.1-34.rhel4.3.i386.rpm

ia64:
e6f69b07fa7bcda1bd243c0ee9fc625f mailman-2.1.5.1-34.rhel4.3.ia64.rpm
1fa4545391bdebbb8a2756f475534341 mailman-debuginfo-2.1.5.1-34.rhel4.3.ia64.rpm

x86_64:
bff48be8cc1ca2adc29e50d80c274973 mailman-2.1.5.1-34.rhel4.3.x86_64.rpm
d0a2ba73d5d845a9799d0d86634dc866 mailman-debuginfo-2.1.5.1-34.rhel4.3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0052
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Red Hat Security Advisory

Synopsis: Important: mysql security update
Advisory ID: RHSA-2006:0544-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0544.html
Issue date: 2006-06-09
Updated on: 2006-06-09
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-0903 CVE-2006-1516 CVE-2006-1517
CVE-2006-2753

1. Summary:

Updated mysql packages that fix multiple security flaws are now available.

This update has been rated as having important security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries.

A flaw was found in the way the MySQL mysql_real_escape() function escaped strings when operating in a multibyte character encoding. An attacker could provide an application a carefully crafted string containing invalidly-encoded characters which may be improperly escaped, leading to the injection of malicious SQL commands. (CVE-2006-2753)

An information disclosure flaw was found in the way the MySQL server processed malformed usernames. An attacker could view a small portion of server memory by supplying an anonymous login username which was not null terminated. (CVE-2006-1516)

An information disclosure flaw was found in the way the MySQL server executed the COM_TABLE_DUMP command. An authenticated malicious user could send a specially crafted packet to the MySQL server which returned random unallocated memory. (CVE-2006-1517)

A log file obfuscation flaw was found in the way the mysql_real_query() function creates log file entries. An attacker with the the ability to call the mysql_real_query() function against a mysql server can obfuscate the entry the server will write to the log file. However, an attacker needed to have complete control over a server in order to attempt this attack. (CVE-2006-0903)

This update also fixes numerous non-security-related flaws, such as intermittent authentication failures.

All users of mysql are advised to upgrade to these updated packages containing MySQL version 4.1.20, which is not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

183260 - CVE-2006-0903 Mysql log file obfuscation
183277 - Client error in mysql on updates when high concurrency
190743 - CVE-2006-1517 Mysql information leak
190863 - CVE-2006-1516 mysql anonymous login information leak
193827 - CVE-2006-2753 MySQL improper multibyte string escaping

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mysql-4.1.20-1.RHEL4.1.src.rpm
a2f3a2d4debf79880185121dbbe44046 mysql-4.1.20-1.RHEL4.1.src.rpm

i386:
08a2cb1c1b6d0a017d1dd8b0e146d753 mysql-4.1.20-1.RHEL4.1.i386.rpm
4c64c56cf7cd7e51b8af1ddc0d7f9927 mysql-bench-4.1.20-1.RHEL4.1.i386.rpm
96ba397daa68548bb295892e42b09e33 mysql-debuginfo-4.1.20-1.RHEL4.1.i386.rpm
c8b580d2a1a92a11a2f493dba2b96159 mysql-devel-4.1.20-1.RHEL4.1.i386.rpm
8aa0d5a1d3600ff7896d82d69935aed3 mysql-server-4.1.20-1.RHEL4.1.i386.rpm

ia64:
08a2cb1c1b6d0a017d1dd8b0e146d753 mysql-4.1.20-1.RHEL4.1.i386.rpm
31f495c09ada1272043c2f20d51da60f mysql-4.1.20-1.RHEL4.1.ia64.rpm
dd14f3e7d79bcb43249ac4ac8e1f0e94 mysql-bench-4.1.20-1.RHEL4.1.ia64.rpm
96ba397daa68548bb295892e42b09e33 mysql-debuginfo-4.1.20-1.RHEL4.1.i386.rpm
e620639f885eaf3be8c6c1d40c1940de mysql-debuginfo-4.1.20-1.RHEL4.1.ia64.rpm
645a30fe7523fabb1dad211122c91696 mysql-devel-4.1.20-1.RHEL4.1.ia64.rpm
862dc1e3420a5701a6cfba70637b9fb0 mysql-server-4.1.20-1.RHEL4.1.ia64.rpm

ppc:
73930f1ecacdf0104a5fa0eb26991af5 mysql-4.1.20-1.RHEL4.1.ppc.rpm
fb6cd06215f42871c55040072bef98de mysql-4.1.20-1.RHEL4.1.ppc64.rpm
324850079285509d584b626966f89843 mysql-bench-4.1.20-1.RHEL4.1.ppc.rpm
0f80ce0a2b0891a0aab431d9c5588d42 mysql-debuginfo-4.1.20-1.RHEL4.1.ppc.rpm
d26e8999933c2bc912a6527b787cc299 mysql-debuginfo-4.1.20-1.RHEL4.1.ppc64.rpm
217f143cc4e238fab9be84224e224635 mysql-devel-4.1.20-1.RHEL4.1.ppc.rpm
9030e10ce11abc622e8199a3b4556a98 mysql-server-4.1.20-1.RHEL4.1.ppc.rpm

s390:
ffcae0f612254941d5ad5456f0ac01ad mysql-4.1.20-1.RHEL4.1.s390.rpm
4e73c481e7694d273855f11008297075 mysql-bench-4.1.20-1.RHEL4.1.s390.rpm
cd366cc29ed9e1a0ccbee71ff87e5885 mysql-debuginfo-4.1.20-1.RHEL4.1.s390.rpm
0c8cf2d8bbb3a612448715678ffdcd8d mysql-devel-4.1.20-1.RHEL4.1.s390.rpm
dac602ffe37660b8e3c01ecfeb910337 mysql-server-4.1.20-1.RHEL4.1.s390.rpm

s390x:
ffcae0f612254941d5ad5456f0ac01ad mysql-4.1.20-1.RHEL4.1.s390.rpm
63bae1479ea4798b2d0baa5478819402 mysql-4.1.20-1.RHEL4.1.s390x.rpm
739d66b027e6ba5a7826e7b039bc7060 mysql-bench-4.1.20-1.RHEL4.1.s390x.rpm
cd366cc29ed9e1a0ccbee71ff87e5885 mysql-debuginfo-4.1.20-1.RHEL4.1.s390.rpm
cba045f8922ce1337e6bebca5de72d9c mysql-debuginfo-4.1.20-1.RHEL4.1.s390x.rpm
3463483049e38a6fbd4ee34f427ac869 mysql-devel-4.1.20-1.RHEL4.1.s390x.rpm
20870248905a1c3af1bf6b17688b5843 mysql-server-4.1.20-1.RHEL4.1.s390x.rpm

x86_64:
08a2cb1c1b6d0a017d1dd8b0e146d753 mysql-4.1.20-1.RHEL4.1.i386.rpm
3c3d997209f94f16c296ec9022f0ae56 mysql-4.1.20-1.RHEL4.1.x86_64.rpm
9247f09ee8067fb2e233948399c2ee19 mysql-bench-4.1.20-1.RHEL4.1.x86_64.rpm
96ba397daa68548bb295892e42b09e33 mysql-debuginfo-4.1.20-1.RHEL4.1.i386.rpm
9b83df74fbedf9922bfea831c7442e00 mysql-debuginfo-4.1.20-1.RHEL4.1.x86_64.rpm
6dd062482cf41bf37c426dbb7d5d19f7 mysql-devel-4.1.20-1.RHEL4.1.x86_64.rpm
3dc3e127614cc1d015ec43d34e5f66dd mysql-server-4.1.20-1.RHEL4.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mysql-4.1.20-1.RHEL4.1.src.rpm
a2f3a2d4debf79880185121dbbe44046 mysql-4.1.20-1.RHEL4.1.src.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mysql-4.1.20-1.RHEL4.1.src.rpm
a2f3a2d4debf79880185121dbbe44046 mysql-4.1.20-1.RHEL4.1.src.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mysql-4.1.20-1.RHEL4.1.src.rpm
a2f3a2d4debf79880185121dbbe44046 mysql-4.1.20-1.RHEL4.1.src.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0903
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2753
http://lists.mysql.com/announce/364
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Trustix Secure Linux

Trustix Secure Linux Security Advisory #2006-0034

Package names: binutils, mysql, spamassassin
Summary: Multiple vulnerabilities
Date: 2006-06-09
Affected versions: Trustix Secure Linux 2.2 Trustix Secure Linux 3.0 Trustix Operating System - Enterprise Server 2

Package description:
binutils
Binutils is a collection of utilities necessary for compiling programs. It includes the assembler and linker, as well as a number of other miscellaneous programs for dealing with executable formats.

mysql
MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries.

spamassassin
SpamAssassin provides you with a way to reduce, if not completely eliminate, Unsolicited Bulk Email (or "spam") from your incoming email. It can be invoked by a MDA such as sendmail or postfix, or can be called from a procmail script, .forward file, etc. It uses a genetic-algorithm-evolved scoring system to identify messages which look spammy, then adds headers to the message so they can be filtered by the user's mail reading software. This distribution includes the spamd/spamc components which considerably speeds processing of mail.

Problem description:
binutils < TSL 3.0 > < TSL 2.2 > < TSEL 2 >

SECURITY Fix: A vulnerability has been identified which could be exploited by attackers to execute arbitrary code or cause a denial of service. This flaw is due to a buffer overflow error in the libbfd library ["bfd/tekhex.c"] when processing a file containing malformed a Tektronix Hex Format (TekHex) record, which could be exploited by attackers to crash an affected application or compromise a vulnerable system via a malicious file.

The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2006-2362 to this issue.

mysql < TSL 3.0 > < TSL 2.2 >

SECURITY Fix: A vulnerability has been reported in MySQL caused due to an error within the server when parsing a query string that is escaped with the "mysql_real_escape_string()" function. This can potentially be exploited in an environment that uses multi-byte character encoding to bypass SQL injection escaping.

The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2006-2753 to this issue.

spamassassin < TSL 3.0 > < TSL 2.2 >

SECURITY Fix: A vulnerability has been reported in SpamAssassin, which can be exploited by malicious people to compromise a vulnerable system. SpamAssassin when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.

The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2006-2447 to this issue.

Action:
We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system.

Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>

About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater.

Automatic updates:
Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'.

Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>

Verification:
This advisory along with all Trustix packages are signed with the TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>

The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.2/> and
<URI:http://www.trustix.org/errata/trustix-3.0/>
or directly at
<URI:http://www.trustix.org/errata/2006/0034/>

MD5sums of the packages:

e5d36360dfbfa074e1480dc1f20f060a 3.0/rpms/binutils-2.15-9tr.i586.rpm
ae7a7ac7b28361e0b4866fbb14b4fe85 3.0/rpms/mysql-4.1.15-3tr.i586.rpm
d1c5361b148fbc225cdc2fe5083477d8 3.0/rpms/mysql-bench-4.1.15-3tr.i586.rpm
376598136637b4b04efe505366a1c515 3.0/rpms/mysql-client-4.1.15-3tr.i586.rpm
834102be2e1ef0941e553b9627aa6806 3.0/rpms/mysql-devel-4.1.15-3tr.i586.rpm
2202c240e186908fae14fae836bfa60b 3.0/rpms/mysql-libs-4.1.15-3tr.i586.rpm
2f1c1541d60670f804252ced853b80f8 3.0/rpms/mysql-shared-4.1.15-3tr.i586.rpm
e09e7ff8bd1fe45e6d1a3f676873a9b0 3.0/rpms/perl-mail-spamassassin-3.0.4-4tr.i586.rpm
af3f9a1d10e36d28ad0ba368007fb1b7 3.0/rpms/spamassassin-3.0.4-4tr.i586.rpm
b894444c51725cc13ac2a2dd0def953f 3.0/rpms/spamassassin-tools-3.0.4-4tr.i586.rpm

4138d728aef7d2bb5c116bc8a08f7ae7 2.2/rpms/binutils-2.14-5tr.i586.rpm
0faa12b1394f4a1269f0da709a82fad7 2.2/rpms/mysql-4.1.15-3tr.i586.rpm
3d9378b316813244009cc1ac58dcd1dd 2.2/rpms/mysql-bench-4.1.15-3tr.i586.rpm
637fd6a197d6d6eedea6c4fb921bfad2 2.2/rpms/mysql-client-4.1.15-3tr.i586.rpm
5ad3e585a25ee8856edb5cb2afcdbd89 2.2/rpms/mysql-devel-4.1.15-3tr.i586.rpm
65bf216cd847eca7164903b2cb65bc3c 2.2/rpms/mysql-libs-4.1.15-3tr.i586.rpm
02ce609f25f24220156e1ccc0dfa6c93 2.2/rpms/mysql-shared-4.1.15-3tr.i586.rpm
c2306f4beb6eaeee01e30b43cfeec9eb 2.2/rpms/perl-mail-spamassassin-3.0.4-4tr.i586.rpm
c77a38e270702bc7f31f2281c11ff649 2.2/rpms/spamassassin-3.0.4-4tr.i586.rpm
ffe6baa13507c9d93b0f1d14c8d98f18 2.2/rpms/spamassassin-tools-3.0.4-4tr.i586.rpm

Trustix Security Team

Ubuntu Linux

Ubuntu Security Notice USN-288-2 June 09, 2006
postgresql-8.1 vulnerabilities
CVE-2006-2313, CVE-2006-2314

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS:

libpq-dev 8.1.4-0ubuntu1
libpq4 8.1.4-0ubuntu1
postgresql-8.1 8.1.4-0ubuntu1
postgresql-client-8.1 8.1.4-0ubuntu1
postgresql-contrib-8.1 8.1.4-0ubuntu1

After a standard system upgrade you need to restart all services that use PostgreSQL to effect the necessary changes. If you can afford it, rebooting the computer is the easiest way of ensuring that all running services use the updated client library.

Details follow:

USN-288-1 fixed two vulnerabilities in Ubuntu 5.04 and Ubuntu 5.10. This update fixes the same vulnerabilities for Ubuntu 6.06 LTS.

For reference, these are the details of the original USN:

CVE-2006-2313:
Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of invalidly-encoded multibyte text data. If a client application processed untrusted input without respecting its encoding and applied standard string escaping techniques, the PostgreSQL server could interpret the resulting string in a way that allowed an attacker to inject arbitrary SQL commands into the resulting SQL query. The PostgreSQL server has been modified to reject such invalidly encoded strings now, which completely fixes the problem for some 'safe' multibyte encodings like UTF-8.

CVE-2006-2314:
However, there are some less popular and client-only multibyte encodings (such as SJIS, BIG5, GBK, GB18030, and UHC) which contain valid multibyte characters that end with the byte 0x5c, which is the representation of the backslash character in ASCII. Many client libraries and applications use the non-standard, but popular way of escaping the ' character by replacing all occurences of it with '. If a client application uses one of the affected encodings and does not interpret multibyte characters, and an attacker supplies a specially crafted byte sequence as an input string parameter, this escaping method would then produce a validly-encoded character and an excess ' character which would end the string. All subsequent characters would then be interpreted as SQL code, so the attacker could execute arbitrary SQL commands.

To fix this vulnerability end-to-end, client-side applications must be fixed to properly interpret multibyte encodings and use ' instead of '. However, as a precautionary measure, the sequence ' is now regarded as invalid when one of the affected client encodings is in use. If you depend on the previous behaviour, you can restore it by setting 'backslash_quote = on' in postgresql.conf. However, please be aware that this could render you vulnerable again.

This issue does not affect you if you only use single-byte (like SQL_ASCII or the ISO-8859-X family) or unaffected multibyte (like UTF-8) encodings.

Please see http://www.postgresql.org/docs/techdocs.50 for further details.

Updated packages for Ubuntu 6.06 LTS:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1.diff.gz
      Size/MD5: 23774 50475bf9e83adaa54956b32fbeedbdca
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1.dsc
      Size/MD5: 1111 e1b77d64f44d3293f650b126ff624565
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4.orig.tar.gz
      Size/MD5: 11312643 c6554a0ef948ab2b18b617954e1788fe

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-doc-8.1_8.1.4-0ubuntu1_all.deb
Size/MD5: 1440630 81de1288298a0b1540b995db84d639db

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

i386 architecture (x86 compatible Intel/AMD)

powerpc architecture (Apple Macintosh G3/G4/G5)

Ubuntu Security Notice USN-288-3 June 09, 2006
dovecot, exim4, postfix vulnerabilities
CVE-2006-2314, CVE-2006-2753

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.04:

dovecot-common 0.99.13-3ubuntu0.1
exim4-daemon-heavy 4.34-10ubuntu0.1
postfix-pgsql 2.1.5-9ubuntu3.1

Ubuntu 5.10:

dovecot-common 0.99.14-1ubuntu1.1
exim4-daemon-heavy 4.52-1ubuntu0.1
postfix-pgsql 2.2.4-1ubuntu2.1

Ubuntu 6.06 LTS:

dovecot-common 1.0.beta3-3ubuntu5.1
exim4-daemon-heavy 4.60-3ubuntu3.1
postfix-pgsql 2.2.10-1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

USN-288-1 described a PostgreSQL client vulnerability in the way the ' character is escaped in SQL queries. It was determined that the PostgreSQL backends of Exim, Dovecot, and Postfix used this unsafe escaping method.

For reference, these are the details of the original USN:

CVE-2006-2313:
Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of invalidly-encoded multibyte text data. If a client application processed untrusted input without respecting its encoding and applied standard string escaping techniques (such as replacing a single quote ' with ' or '), the PostgreSQL server could interpret the resulting string in a way that allowed an attacker to inject arbitrary SQL commands into the resulting SQL query. The PostgreSQL server has been modified to reject such invalidly encoded strings now, which completely fixes the problem for some 'safe' multibyte encodings like UTF-8.

This issue does not affect you if you only use single-byte (like SQL_ASCII or the ISO-8859-X family) or unaffected multibyte (like UTF-8) encodings.

Please see http://www.postgresql.org/docs/techdocs.50 for further details.

Updated packages for Ubuntu 5.04:

Source archives:

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_0.99.13-3ubuntu0.1_all.deb
      Size/MD5: 7144 308256cb6d3eff54e7fbe5478b59904b
    http://security.ubuntu.com/ubuntu/pool/main/e/exim4/exim4-config_4.34-10ubuntu0.1_all.deb
      Size/MD5: 210038 816e14a8bd771630af9c95bfd376227c
    http://security.ubuntu.com/ubuntu/pool/universe/e/exim4/exim4_4.34-10ubuntu0.1_all.deb
      Size/MD5: 1210 4a8339d0904183740be4e7d36204e97c
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-dev_2.1.5-9ubuntu3.1_all.deb
      Size/MD5: 99246 8e829a7b7773c3636444671161d19282
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-doc_2.1.5-9ubuntu3.1_all.deb
      Size/MD5: 645018 2b5566dfe962de20ec7a424b593243a9

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

i386 architecture (x86 compatible Intel/AMD)

powerpc architecture (Apple Macintosh G3/G4/G5)

Updated packages for Ubuntu 5.10:

Source archives:

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_0.99.14-1ubuntu1.1_all.deb
      Size/MD5: 7742 28bab2e1fc9cc14c9b7069e0acd11bca
    http://security.ubuntu.com/ubuntu/pool/main/e/exim4/exim4-config_4.52-1ubuntu0.1_all.deb
      Size/MD5: 247598 18b47b93e49ee693b5895b463660b4cc
    http://security.ubuntu.com/ubuntu/pool/universe/e/exim4/exim4_4.52-1ubuntu0.1_all.deb
      Size/MD5: 1134 fc09d2b941ef5feecfd36422f3e7dfcc
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-dev_2.2.4-1ubuntu2.1_all.deb
      Size/MD5: 109476 9f7b821fe18085c83e0397117673cc23
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-doc_2.2.4-1ubuntu2.1_all.deb
      Size/MD5: 655600 8f736baf9008c0e95b895a84e31d2c6f

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

i386 architecture (x86 compatible Intel/AMD)

powerpc architecture (Apple Macintosh G3/G4/G5)

Updated packages for Ubuntu 6.06 LTS:

Source archives:

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/e/exim4/exim4-config_4.60-3ubuntu3.1_all.deb
      Size/MD5: 262974 be5938c58c4bdc5b5edc9a42d72c1c13
    http://security.ubuntu.com/ubuntu/pool/main/e/exim4/exim4_4.60-3ubuntu3.1_all.deb
      Size/MD5: 1578 bb0518f1659df1557048b770abdad1b0
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-dev_2.2.10-1ubuntu0.1_all.deb
      Size/MD5: 110882 c6bb3f33e3e13d8dfb025ea6726fb054
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-doc_2.2.10-1ubuntu0.1_all.deb
      Size/MD5: 665714 7890ffba13c8d8cf34a6734f06589084

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

i386 architecture (x86 compatible Intel/AMD)

powerpc architecture (Apple Macintosh G3/G4/G5)

Ubuntu Security Notice USN-289-1 June 08, 2006
tiff vulnerabilities
CVE-2006-2193, CVE-2006-2656

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.04:
libtiff-tools 3.6.1-5ubuntu0.5

Ubuntu 5.10:
libtiff-tools 3.7.3-1ubuntu1.4

Ubuntu 6.06 LTS:
libtiff-tools 3.7.4-1ubuntu3.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

A buffer overflow has been found in the tiff2pdf utility. By tricking an user into processing a specially crafted TIF file with tiff2pdf, this could potentially be exploited to execute arbitrary code with the privileges of the user. (CVE-2006-2193)

Alejandro HernÃ¡ndez discovered a buffer overflow in the tiffsplit utility. By calling tiffsplit with specially crafted long arguments, an user can execute arbitrary code. If tiffsplit is used in e. g. a web-based frontend or similar automated system, this could lead to remote arbitary code execution with the privileges of that system. (In normal interactive command line usage this is not a vulnerability.) (CVE-2006-2656)

Updated packages for Ubuntu 5.04:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.5.diff.gz
      Size/MD5: 26319 e6f75f611b9c77ce07cb2cf513f654ad
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.5.dsc
      Size/MD5: 681 57c2c112da454d86f49d8bf2e8e16d9b
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1.orig.tar.gz
      Size/MD5: 848760 bd252167a20ac7910ab3bd2b3ee9e955

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.5_amd64.deb
      Size/MD5: 172880 e890e7578915c4613cd7a74b184445bd
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.5_amd64.deb
      Size/MD5: 459208 8817f18ad3ae963b4a74c716cf7bf0b8
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.5_amd64.deb
      Size/MD5: 112968 5646656fd78c0ff663866e74977bf78e

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.5_i386.deb
      Size/MD5: 155968 27e009d03b6a5d9a93eabde478dc9b1c
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.5_i386.deb
      Size/MD5: 440508 f484f7e00cb7240a9c6f860ec5de9ade
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.5_i386.deb
      Size/MD5: 103886 0388682d81cc301ef2b83a4f4438a05c

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.5_powerpc.deb
      Size/MD5: 188188 6316125bd4d1a540957aa0cc9c60fa8d
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.5_powerpc.deb
      Size/MD5: 463674 8f080f57ffc4cb3a0f116ce7c353c381
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.5_powerpc.deb
      Size/MD5: 114370 971a6be7879aaf5d92b55951b7cdd141

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3-1ubuntu1.4.diff.gz
      Size/MD5: 11378 17db8270668b8b0eefceb0d27e14bd11
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3-1ubuntu1.4.dsc
      Size/MD5: 756 218a54ab0966c1b6204b27343b916093
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3.orig.tar.gz
      Size/MD5: 1268182 48fbef3d76a6253699f28f49c8f25a8b

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.4_amd64.deb
      Size/MD5: 48184 eed2ddb6187b1717db2de95dbc590ec6
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.4_amd64.deb
      Size/MD5: 219688 79d9cf71f16a3a95c54b481bca648eab
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.4_amd64.deb
      Size/MD5: 281702 b5b1b261be7c047c3be3eeb2f8398b8a
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.4_amd64.deb
      Size/MD5: 472142 9cac886846d30589b05802fcc6e01f67
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.4_amd64.deb
      Size/MD5: 43014 1b71df913359a6b0bdd8d6ebb3e33d7a

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.4_i386.deb
      Size/MD5: 47562 0e08f054ec20d4e82d3d3f67cd384e69
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.4_i386.deb
      Size/MD5: 204690 278bc83c4fcc7701a7a25719b96a0a8d
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.4_i386.deb
      Size/MD5: 258346 46cff7452dbef76566b49220634f5d49
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.4_i386.deb
      Size/MD5: 458214 e0920dc944d05da1b010137cf0e4ed2f
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.4_i386.deb
      Size/MD5: 43012 749bfc0eeccb0b2b610751163b3cda3d

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.4_powerpc.deb
      Size/MD5: 49880 6697a3b6fd7a52042a85b527951c2b1a
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.4_powerpc.deb
      Size/MD5: 239116 8dd87fa3c6922a4e3a3fb5bf8317af09
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.4_powerpc.deb
      Size/MD5: 286920 4531728171c4d58b730d84cd2999ddba
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.4_powerpc.deb
      Size/MD5: 472346 b9bbe1b684162fada01c1487876da1ba
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.4_powerpc.deb
      Size/MD5: 45220 17c2240ce41c10b277c19e01772890c4

Updated packages for Ubuntu 6.06 LTS:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.1.diff.gz
      Size/MD5: 12974 fc61d9c72ecb96537be551c94930d3af
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.1.dsc
      Size/MD5: 758 5c352bc41e1f36e30a94796f3b7e5275
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4.orig.tar.gz
      Size/MD5: 1280113 02cf5c3820bda83b35bb35b45ae27005

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.1_amd64.deb
      Size/MD5: 49204 f890a4aee050bd6c6f2269a2a10c4d2b
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.1_amd64.deb
      Size/MD5: 220242 67ffe0fd5e4177ae4311e104aa4289f6
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.1_amd64.deb
      Size/MD5: 281250 531b751daf7c8de4a36348cd5d31470e
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.1_amd64.deb
      Size/MD5: 474526 2178dafc48f6b0c1ba6a5f3e90b9cf18
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.1_amd64.deb
      Size/MD5: 44028 57b10b963a838167afe05560e5e9383c

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.1_i386.deb
      Size/MD5: 48540 5fd2f13e2a14134972184510f3a950dc
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.1_i386.deb
      Size/MD5: 205404 5cfc943a4a57e4cb0153ed48473b9df4
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.1_i386.deb
      Size/MD5: 258232 72693e8e7380f6695e87d018fdae226f
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.1_i386.deb
      Size/MD5: 461020 ede882cb7fb44f1cdd9687a04848a84c
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.1_i386.deb
      Size/MD5: 44004 58311b623d1ea6b310000d9d7fbe21e5

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.1_powerpc.deb
      Size/MD5: 50872 17e2bb09736146f292e96c19ab060318
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.1_powerpc.deb
      Size/MD5: 239234 041cf71b96800bb76911a2d95368bfaa
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.1_powerpc.deb
      Size/MD5: 286828 de92f288acdd45cc520e03d81c400258
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.1_powerpc.deb
      Size/MD5: 474980 1227b281cff931e95fd712ad4ce7a308
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.1_powerpc.deb
      Size/MD5: 46232 a2c442bed73a4008acd5d4bd3db9858a

Ubuntu Security Notice USN-292-1 June 09, 2006
binutils vulnerability
CVE-2006-2362

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.04:

binutils 2.15-5ubuntu2.3
binutils-dev 2.15-5ubuntu2.3

Ubuntu 5.10:

binutils 2.16.1-2ubuntu6.1
binutils-dev 2.16.1-2ubuntu6.1

Ubuntu 6.06 LTS:

binutils 2.16.1cvs20060117-1ubuntu2.1
binutils-dev 2.16.1cvs20060117-1ubuntu2.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

CVE-2006-2362

Jesus Olmos Gonzalez discovered a buffer overflow in the Tektronix Hex Format (TekHex) backend of the BFD library, such as used by the 'strings' utility. By tricking an user or automated system into processing a specially crafted file with 'strings' or a vulnerable third-party application using the BFD library, this could be exploited to crash the application, or possibly even execute arbitrary code with the privileges of the user.

Updated packages for Ubuntu 5.04:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.3.diff.gz
      Size/MD5: 42485 80c80af3cabf28f2d94c8050141c1799
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.3.dsc
      Size/MD5: 781 3193a91375ca923cd096d67e1baf5f70
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15.orig.tar.gz
      Size/MD5: 15134701 ea140e23ae50a61a79902aa67da5214e

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-doc_2.15-5ubuntu2.3_all.deb
Size/MD5: 434164 afd17f5f5fda5ac8bfb51e5f28d2aabe

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.15-5ubuntu2.3_amd64.deb
      Size/MD5: 2839664 45f59cff5b54b4bc490a5d1a19c6edfb
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.15-5ubuntu2.3_amd64.deb
      Size/MD5: 8021638 5cff900484834c17832a5e4153d52bea
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.3_amd64.deb
      Size/MD5: 1368978 5181ad2ba9bc81d3425a40ddd5b7c8b3

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.15-5ubuntu2.3_i386.deb
      Size/MD5: 2795808 58a177d7b22d4cac79f4aa0e6fce19d8
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.15-5ubuntu2.3_i386.deb
      Size/MD5: 7868360 0421358316d31dd7eed8e6501b513b1f
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.3_i386.deb
      Size/MD5: 1323786 d0b38cac43404b4ab990cb8c91297a31

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.15-5ubuntu2.3_powerpc.deb
      Size/MD5: 3470818 22a23835d8c87e5138f049a1366f8d72
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.15-5ubuntu2.3_powerpc.deb
      Size/MD5: 9385376 bc2b248edc473e43e5f6e79c07f16f2b
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.3_powerpc.deb
      Size/MD5: 1464932 4555df0ac5ec08900a699561b18af0ef

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-2ubuntu6.1.diff.gz
      Size/MD5: 40719 cc66e2e40734ba885e2ba5aa2fdfefe8
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-2ubuntu6.1.dsc
      Size/MD5: 892 cab651309c26e9d0836244566c3b531a
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1.orig.tar.gz
      Size/MD5: 16378360 818bd33cc45bfe3d5b4b2ddf288ecdea

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-doc_2.16.1-2ubuntu6.1_all.deb
Size/MD5: 459696 5ee7d462a7ceb5556696786d77bc35c3

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.16.1-2ubuntu6.1_amd64.deb
      Size/MD5: 2359248 228b915e78af33a0a55a22d9bc5c0d97
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.16.1-2ubuntu6.1_amd64.deb
      Size/MD5: 7202130 40b75a560600b1875856d4fd0269d7a7
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-udeb_2.16.1-2ubuntu6.1_amd64.udeb
      Size/MD5: 605800 e8f46421823b202b41d28fa04689faea
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_2.16.1-2ubuntu6.1_amd64.deb
      Size/MD5: 631796 1d81a54c83f2c36a808ab2bbf76847db
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-2ubuntu6.1_amd64.deb
      Size/MD5: 1553476 e33280cc3782d5c49b8e791b853798f7

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.16.1-2ubuntu6.1_i386.deb
      Size/MD5: 2219870 4583274706b566f0b793437b0911c38a
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.16.1-2ubuntu6.1_i386.deb
      Size/MD5: 6748662 b2410965d5b12bfb90c661ade957f36c
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-udeb_2.16.1-2ubuntu6.1_i386.udeb
      Size/MD5: 500856 a47952adc1115e616c9ced5f017b3b01
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_2.16.1-2ubuntu6.1_i386.deb
      Size/MD5: 526550 c5e7b75387de923d1587e16f47a6c2f8
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-2ubuntu6.1_i386.deb
      Size/MD5: 1469762 22f41b9c30f6b5eb5ea65bac4d7181ac

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.16.1-2ubuntu6.1_powerpc.deb
      Size/MD5: 2836630 d52475018822448eca341ca8e72aa2a2
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.16.1-2ubuntu6.1_powerpc.deb
      Size/MD5: 8204686 fd095eff270a158450a698378748c1de
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-udeb_2.16.1-2ubuntu6.1_powerpc.udeb
      Size/MD5: 619146 d28e2c16bf584aa5796182425cc2cb59
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_2.16.1-2ubuntu6.1_powerpc.deb
      Size/MD5: 645000 5c7ed7ef9ce1862bcc423b0a1c8ed482
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-2ubuntu6.1_powerpc.deb
      Size/MD5: 1653150 9306e61c255a357b24eb42a156072e45

Updated packages for Ubuntu 6.06 LTS:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1cvs20060117-1ubuntu2.1.diff.gz
      Size/MD5: 109962 b95a8854158a925d13d215178af9e486
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1cvs20060117-1ubuntu2.1.dsc
      Size/MD5: 935 37392e8f2fe4d5d5236bc316fe23c6ff
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1cvs20060117.orig.tar.gz
      Size/MD5: 15861156 07e4b34aad2c87c8dd1760bf31f07d19

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-doc_2.16.1cvs20060117-1ubuntu2.1_all.deb
Size/MD5: 472476 6855cfbfad68ff0d65645b496b01f47e

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.16.1cvs20060117-1ubuntu2.1_amd64.deb
      Size/MD5: 2526846 12fc9c07d960944cc7a84116c2935bca
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.16.1cvs20060117-1ubuntu2.1_amd64.deb
      Size/MD5: 7623950 a090a6a8eb5338e56a30b4f487746a5a
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-udeb_2.16.1cvs20060117-1ubuntu2.1_amd64.udeb
      Size/MD5: 619416 8330c3d630ad9b92f244025d5f12e9b8
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_2.16.1cvs20060117-1ubuntu2.1_amd64.deb
      Size/MD5: 646188 416a1c716fafbf927962ea1234982b29
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1cvs20060117-1ubuntu2.1_amd64.deb
      Size/MD5: 1563528 48102b51587abae5aa01220f03be3eae

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.16.1cvs20060117-1ubuntu2.1_i386.deb
      Size/MD5: 2378764 88f5684031a424e739297aeecef1339c
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.16.1cvs20060117-1ubuntu2.1_i386.deb
      Size/MD5: 7088902 2312578ed334da7c4b86f505cae6efba
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-udeb_2.16.1cvs20060117-1ubuntu2.1_i386.udeb
      Size/MD5: 509156 4e94095ce26b880568592830603fc70c
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_2.16.1cvs20060117-1ubuntu2.1_i386.deb
      Size/MD5: 536126 704f32352d39feaea0fe1634669b43c0
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1cvs20060117-1ubuntu2.1_i386.deb
      Size/MD5: 1406670 4499747cec6bb1463f7b85144d59f466

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.16.1cvs20060117-1ubuntu2.1_powerpc.deb
      Size/MD5: 3037336 fb0166dc0ae77d7bdd697aef77627ddf
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.16.1cvs20060117-1ubuntu2.1_powerpc.deb
      Size/MD5: 8637182 ed2cc2d8bb12a76afa57795dce320cdd
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-udeb_2.16.1cvs20060117-1ubuntu2.1_powerpc.udeb
      Size/MD5: 633678 01f1fecbd32a6b6b034b8b15426b2f0b
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_2.16.1cvs20060117-1ubuntu2.1_powerpc.deb
      Size/MD5: 660370 15875532d9a87a7c4ecf2f861d536f8b
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1cvs20060117-1ubuntu2.1_powerpc.deb
      Size/MD5: 1599984 4d9b62d36d5de26639506e7b1f29bdb8

Ubuntu Security Notice USN-293-1 June 09, 2006
gdm vulnerability
CVE-2006-2452

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.10:
gdm 2.8.0.5-0ubuntu1.2

Ubuntu 6.06 LTS:
gdm 2.14.6-0ubuntu2.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

If the admin configured a gdm theme that provided an user list, any user could activate the gdm setup program by first choosing the setup option from the menu, clicking on the user list and entering his own (instead of root's) password. This allowed normal users to configure potentially dangerous features like remote or automatic login.

Please note that this does not affect a default Ubuntu installation, since the default theme does not provide an user list. In Ubuntu 6.06 you additionally have to have the "ConfigAvailable" setting enabled in gdm.conf to be vulnerable (it is disabled by default).

Ubuntu 5.04 is not affected by this flaw.

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.8.0.5-0ubuntu1.2.diff.gz
      Size/MD5: 67128 33be1f0d249e20f26a71853429faecef
    http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.8.0.5-0ubuntu1.2.dsc
      Size/MD5: 820 a27629124864eceb8b7bde6d3bc5fce9
    http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.8.0.5.orig.tar.gz
      Size/MD5: 4226618 349b76492113ab814f2732d4ce3a49c2

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.8.0.5-0ubuntu1.2_amd64.deb
Size/MD5: 1618282 de5b62fce24232a5f46c930cd719740d

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.8.0.5-0ubuntu1.2_i386.deb
Size/MD5: 1559904 34f918ecf92c03d0ab4befa70d735670

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.8.0.5-0ubuntu1.2_powerpc.deb
Size/MD5: 1571650 2a8967304c094d4a0e79a0c9018fff4d

Updated packages for Ubuntu 6.06 LTS:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.14.6-0ubuntu2.1.diff.gz
      Size/MD5: 75736 c0235a8f490d5b383b07365d7643da5e
    http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.14.6-0ubuntu2.1.dsc
      Size/MD5: 885 670690837f6ee2692adfea92d71dd901
    http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.14.6.orig.tar.gz
      Size/MD5: 4681313 6e0e99eb405a9a8e04ff81122723aae5

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.14.6-0ubuntu2.1_amd64.deb
Size/MD5: 1779088 d9c3c3cf9c4aebe8f797fafbd8f8e135

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.14.6-0ubuntu2.1_i386.deb
Size/MD5: 1714272 78f75e07fc5950e5f61c80ca0188ebaf

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.14.6-0ubuntu2.1_powerpc.deb
Size/MD5: 1762968 38d342e8408ad7cd6c613b8aa82e6458

Ubuntu Security Notice USN-294-1 June 09, 2006

courier vulnerability
CVE-2006-2659

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.04:
courier-mta 0.47-3ubuntu1.5

Ubuntu 5.10:
courier-mta 0.47-3ubuntu7.2

Ubuntu 6.06 LTS:
courier-mta 0.47-13ubuntu5.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

A Denial of Service vulnerability has been found in the function for encoding email addresses. Addresses containing a '=' before the '@' character caused the Courier to hang in an endless loop, rendering the service unusable.

Updated packages for Ubuntu 5.04:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier_0.47-3ubuntu1.5.diff.gz
      Size/MD5: 108704 54427ae8946f3393309424c67b434294
    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier_0.47-3ubuntu1.5.dsc
      Size/MD5: 1204 0740cd77bb282a9a6446b0ce0de80419
    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier_0.47.orig.tar.gz
      Size/MD5: 6350808 361a84e497148ce557c150d3576ec24b

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-doc_0.47-3ubuntu1.5_all.deb
Size/MD5: 370652 20507345daea36580119b02989159a76

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

i386 architecture (x86 compatible Intel/AMD)

powerpc architecture (Apple Macintosh G3/G4/G5)

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier_0.47-3ubuntu7.2.diff.gz
      Size/MD5: 108939 fd3ab8a3d053a4eca7d7836fe4b0c7f3
    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier_0.47-3ubuntu7.2.dsc
      Size/MD5: 1199 5f74cc3226655a3eb051bc10229c263f
    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier_0.47.orig.tar.gz
      Size/MD5: 6350808 361a84e497148ce557c150d3576ec24b

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-doc_0.47-3ubuntu7.2_all.deb
Size/MD5: 370916 bfec826fcee3f5d1d535f68600345365

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

i386 architecture (x86 compatible Intel/AMD)

powerpc architecture (Apple Macintosh G3/G4/G5)

Updated packages for Ubuntu 6.06 LTS:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier_0.47-13ubuntu5.1.diff.gz
      Size/MD5: 116523 146fc19da7f97c3f7672a2e96af8be9d
    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier_0.47-13ubuntu5.1.dsc
      Size/MD5: 1203 45c1569f8032c2dbf39220b141719963
    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier_0.47.orig.tar.gz
      Size/MD5: 6350808 361a84e497148ce557c150d3576ec24b

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-doc_0.47-13ubuntu5.1_all.deb
Size/MD5: 372304 41a9b83101e94a4f153c54b2c8fc0590

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

i386 architecture (x86 compatible Intel/AMD)

powerpc architecture (Apple Macintosh G3/G4/G5)

Ubuntu Security Notice USN-295-1 June 09, 2006
xine-lib vulnerability
CVE-2006-2802

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.04:
libxine1 1.0-1ubuntu3.7

Ubuntu 5.10:
libxine1c2 1.0.1-1ubuntu10.3

Ubuntu 6.06 LTS:
libxine-main1 1.1.1+ubuntu2-7.1

In general, a standard system upgrade is sufficient to effect the necessary changes.
XXX OR XXX
After a standard system upgrade you need to reboot your computer to effect the necessary changes.

Details follow:

Federico L. Bossi Bonin discovered a buffer overflow in the HTTP input module. By tricking an user into opening a malicious remote media location, a remote attacker could exploit this to crash Xine library frontends (like totem-xine, gxine, or xine-ui) and possibly even execute arbitrary code with the user's privileges.

Updated packages for Ubuntu 5.04:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.7.diff.gz
      Size/MD5: 4636 5cc6919bd457df6beae53e9a84e9e503
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.7.dsc
      Size/MD5: 1070 1a862dac447d52ecfb8bcdcbb24cf5de
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.orig.tar.gz
      Size/MD5: 7384258 96e5195c366064e7778af44c3e71f43a

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.7_amd64.deb
      Size/MD5: 106846 edbbcd4d032bb0e3ff692ac7138fe2fb
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.7_amd64.deb
      Size/MD5: 3567510 0d1ba9ac491e5482d82acb2f776f21bb

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.7_i386.deb
      Size/MD5: 106822 86c3f51b3200996f96131c8c53c67506
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.7_i386.deb
      Size/MD5: 3750458 eff585a1e98695ae4146cd97c7560fcf

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.7_powerpc.deb
      Size/MD5: 106850 9097246c8357d5a04139bcee0ddbb7b8
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.7_powerpc.deb
      Size/MD5: 3925536 8d2576a78270fb2806a18e011a18921a

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.3.diff.gz
      Size/MD5: 9453 2a3b01a6d858e8623a89e5cce831d392
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.3.dsc
      Size/MD5: 1186 47fb3762575e25d037c3e6ba2d3d6744
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
      Size/MD5: 7774954 9be804b337c6c3a2e202c5a7237cb0f8

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.3_amd64.deb
      Size/MD5: 108858 8081b6beb283dfefeda7aa0a81d5008e
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.3_amd64.deb
      Size/MD5: 3611122 99e0979785b3c7c7001d33ddd5e8bb96

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.3_i386.deb
      Size/MD5: 108864 7dfd068cc168dcc55993d70277901b3d
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.3_i386.deb
      Size/MD5: 4004210 156188682cd24dbfa922b94d66d2dd63

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.3_powerpc.deb
      Size/MD5: 108866 1489e831ed6bb874756e0f2f4a44ecca
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.3_powerpc.deb
      Size/MD5: 3849668 6fdbbe888f1c7ee821af81e16352d61b

Updated packages for Ubuntu 6.06 LTS:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.1.diff.gz
      Size/MD5: 17494 e751ca0a9c5b41b7c4027bef6ace5c06
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.1.dsc
      Size/MD5: 1115 6bce2e7e1451f9466a8b18592622257b
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2.orig.tar.gz
      Size/MD5: 6099365 5d0f3988e4d95f6af6f3caf2130ee992

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.1_amd64.deb
      Size/MD5: 115446 eb614aa1d1e7c0233edd761caf964102
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.1_amd64.deb
      Size/MD5: 2614692 52e2b9167da0175dc15432ca3cdf6838

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.1_i386.deb
      Size/MD5: 115424 f1339e03fa540de1824dc930d8e30bf8
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.1_i386.deb
      Size/MD5: 2933916 9868711b9c0dfddc8e91bdf5a28dd223

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.1_powerpc.deb
      Size/MD5: 115436 e54d0fff77fb6fb9c7f9cbc5454d2c36
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.1_powerpc.deb
      Size/MD5: 2724444 294c1ac85f65238d39695fe77ccb38cc

Ubuntu Security Notice USN-296-1 June 09, 2006
firefox vulnerabilities
CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786, CVE-2006-2787, CVE-2006-2788

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS:
firefox 1.5.dfsg+1.5.0.4-0ubuntu6.06

After a standard system upgrade you need to restart Firefox to effect the necessary changes.

Please note that Firefox 1.0.8 in Ubuntu 5.10 and Ubuntu 5.04 are also affected by these problems. Updates for these Ubuntu releases will be delayed due to upstream dropping support for this Firefox version. We strongly advise that you disable JavaScript to disable the attack vectors for most vulnerabilities if you use one of these Ubuntu versions.

Details follow:

Jonas Sicking discovered that under some circumstances persisted XUL attributes are associated with the wrong URL. A malicious web site could exploit this to execute arbitrary code with the privileges of the user. (MFSA 2006-35, CVE-2006-2775)

Paul Nickerson discovered that content-defined setters on an object prototype were getting called by privileged UI code. It was demonstrated that this could be exploited to run arbitrary web script with full user privileges (MFSA 2006-37, CVE-2006-2776). A similar attack was discovered by moz_bug_r_a4 that leveraged SelectionObject notifications that were called in privileged context. (MFSA 2006-43, CVE-2006-2777)

Mikolaj Habryn discovered a buffer overflow in the crypto.signText() function. By tricking a user to visit a site with an SSL certificate with specially crafted optional Certificate Authority name arguments, this could potentially be exploited to execute arbitrary code with the user's privileges. (MFSA 2006-38, CVE-2006-2778)

The Mozilla developer team discovered several bugs that lead to crashes with memory corruption. These might be exploitable by malicious web sites to execute arbitrary code with the privileges of the user. (MFSA 2006-32, CVE-2006-2779, CVE-2006-2780, CVE-2006-2788)

Chuck McAuley reported that the fix for CVE-2006-1729 (file stealing by changing input type) was not sufficient to prevent all variants of exploitation. (MFSA 2006-41, CVE-2006-2782)

Masatoshi Kimura found a way to bypass web input sanitizers which filter out JavaScript. By inserting 'Unicode Byte-order-Mark (BOM)' characters into the HTML code (e. g. '<scr[BOM]ipt>'), these filters might not recognize the tags anymore; however, Firefox would still execute them since BOM markers are filtered out before processing the page. (MFSA 2006-42, CVE-2006-2783)

Paul Nickerson noticed that the fix for CVE-2005-0752 (JavaScript privilege escalation on the plugins page) was not sufficient to prevent all variants of exploitation. (MFSA 2006-36, CVE-2006-2784)

Paul Nickerson demonstrated that if an attacker could convince a user to right-click on a broken image and choose "View Image" from the context menu then he could get JavaScript to run on a site of the attacker's choosing. This could be used to steal login cookies or other confidential information from the target site. (MFSA 2006-34, CVE-2006-2785)

Kazuho Oku discovered various ways to perform HTTP response smuggling when used with certain proxy servers. Due to different interpretation of nonstandard HTTP headers in Firefox and the proxy server, a malicious web site can exploit this to send back two responses to one request. The second response could be used to steal login cookies or other sensitive data from another opened web site. (MFSA 2006-33, CVE-2006-2786)

Updated packages for Ubuntu 6.06 LTS:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.4-0ubuntu6.06.diff.gz
      Size/MD5: 167298 f47b780d96935c7ec982abf3d1cb23fa
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.4-0ubuntu6.06.dsc
      Size/MD5: 1109 af86fe956f6cbe2d03bdac43920e8f67
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.4.orig.tar.gz
      Size/MD5: 42942490 2ac9d43529710e49b06ad6c358716ea4

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.4-0ubuntu6.06_all.deb
      Size/MD5: 48814 29b5ce2c38dae8510506cbe2d10f9cd3
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.4-0ubuntu6.06_all.deb
      Size/MD5: 49706 26c239c98e4ecd26f1b25cb3a9111b02

amd64 architecture (Athlon64, Opteron, EM64T Xeon)