Advisories, July 26, 2006
Jul 27, 2006, 03:45 (0 Talkback[s])
Debian GNU/Linux
Debian Security Advisory DSA 1111-2 security@debian.org
http://www.debian.org/security/
Dann Frazier
July 26th, 2006 http://www.debian.org/security/faq
Package : kernel-source-2.6.8 et. al.
Vulnerability : race condition
Problem-Type : local
Debian-specific: no
CVE ID : CVE-2006-3625
It was discovered that a race condition in the process
filesystem can lead to privilege escalation.
The following matrix explains which kernel version for which
architecture fixes the problem mentioned above:
| |
Debian 3.1 (sarge) |
| Source |
2.6.8-16sarge4 |
| Alpha architecture |
2.6.8-16sarge4 |
| AMD64 architecture |
2.6.8-12sarge4 |
| Intel IA-32 architecture |
2.6.8-16sarge4 |
| Intel IA-64 architecture |
2.6.8-14sarge4 |
| PowerPC architecture |
2.6.8-12sarge4 |
| Sun Sparc architecture |
2.6.8-15sarge4 |
| IBM S/390 |
2.6.8-5sarge4 |
| Motorola 680x0 |
2.6.8-4sarge4 |
| HP Precision |
2.6.8-6sarge3 |
| FAI |
1.9.1sarge3 |
The initial advisory lacked builds for the IBM S/390, Motorola
680x0 and HP Precision architectures, which are now provided. Also,
the kernels for the FAI installer have been updated.
We recommend that you upgrade your kernel package immediately
and reboot the machine. If you have built a custom kernel from the
kernel source package, you will need to rebuild to take advantage
of these fixes.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-alpha_2.6.8-16sarge4.dsc
Size/MD5 checksum: 812
ff4792fd28cadb6774ae4310ce38e301
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-alpha_2.6.8-16sarge4.tar.gz
Size/MD5 checksum: 38839
e4d527c319269df165cc23fd6fb54a68
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-amd64_2.6.8-16sarge4.dsc
Size/MD5 checksum: 1103
7dc33f6d9079af9d79b05d6ece3dfdc5
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-amd64_2.6.8-16sarge4.tar.gz
Size/MD5 checksum: 75714
264ee72864b022045cc4b0820fe062db
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-ia64_2.6.8-14sarge4.dsc
Size/MD5 checksum: 1191
0fb79cfacfc5581263710440357ed5ce
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-ia64_2.6.8-14sarge4.tar.gz
Size/MD5 checksum: 64204
02b5b536eebb207995ef3a754de1c87e
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-i386_2.6.8-16sarge4.dsc
Size/MD5 checksum: 1047
62f42ea9f118d911a8f215af2f3e586d
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-i386_2.6.8-16sarge4.tar.gz
Size/MD5 checksum: 90861
885cb72bd69153dcd6512db147caa173
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-sparc_2.6.8-15sarge4.dsc
Size/MD5 checksum: 1036
00d330ff015d713c4652ea05c5555f91
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-sparc_2.6.8-15sarge4.tar.gz
Size/MD5 checksum: 24447
393b640388a78dd98c727a08f972214c
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge4.dsc
Size/MD5 checksum: 1002
bca4e80e8a10ba3c0884e3fab032772b
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge4.diff.gz
Size/MD5 checksum: 1044761
b6675f6ac09f5d31f780650798c5609c
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8.orig.tar.gz
Size/MD5 checksum: 43929719
0393c05ffa4770c3c5178b74dc7a4282
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-patch-powerpc-2.6.8_2.6.8-12sarge4.dsc
Size/MD5 checksum: 1071
4bb132bef3f8f2a220ad9e74ab76500e
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-patch-powerpc-2.6.8_2.6.8-12sarge4.tar.gz
Size/MD5 checksum: 27031
59fb7f129abc85794829e1e777b540a0
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-hppa_2.6.8-6sarge3.dsc
Size/MD5 checksum: 1008
6fa522a94872155497a0e057a05f8b61
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-hppa_2.6.8-6sarge3.tar.gz
Size/MD5 checksum: 67361
863b56c6386182f58fda2054099e9e52
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-s390_2.6.8-5sarge4.dsc
Size/MD5 checksum: 854
02502b2a0a20b3c3277c4716b064493b
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-s390_2.6.8-5sarge4.tar.gz
Size/MD5 checksum: 13028
f2c4811558b8521b7e8f8182e563eae5
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-amd64_2.6.8-16sarge4.dsc
Size/MD5 checksum: 1103
7dc33f6d9079af9d79b05d6ece3dfdc5
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-amd64_2.6.8-16sarge4.tar.gz
Size/MD5 checksum: 75714
264ee72864b022045cc4b0820fe062db
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-m68k_2.6.8-4sarge4.dsc
Size/MD5 checksum: 874
c77cba81264972f7218a0e437af63455
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-m68k_2.6.8-4sarge4.tar.gz
Size/MD5 checksum: 15540
cc4d54680654c23f0e98d3f1b19ae123
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge3.dsc
Size/MD5 checksum: 621
8d3a27d75726ae30d121464d790cfb5d
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge3.tar.gz
Size/MD5 checksum: 26396
cb33c5aa317e8a64e93374a55a1d6a08
Architecture independent components:
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-doc-2.6.8_2.6.8-16sarge4_all.deb
Size/MD5 checksum: 6183402
a4efe296e5fd14d33c6b1ae1f40265c3
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-patch-debian-2.6.8_2.6.8-16sarge4_all.deb
Size/MD5 checksum: 1081512
562d408fa5cd936f557eceb74621bff2
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge4_all.deb
Size/MD5 checksum: 34943124
7b65a57ca6a2376d8042143244b8f5ab
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-tree-2.6.8_2.6.8-16sarge4_all.deb
Size/MD5 checksum: 35134
80f1a94b1542bf3f89bd77d0a69c67c4
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-patch-2.6.8-s390_2.6.8-5sarge4_all.deb
Size/MD5 checksum: 10998
c1ec5e030bf9c8f80ce8ddf68f36f74f
Alpha architecture:
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-3_2.6.8-16sarge4_alpha.deb
Size/MD5 checksum: 2759858
310b0ddfee56412d0fdf827fbb53ad04
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-3-generic_2.6.8-16sarge4_alpha.deb
Size/MD5 checksum: 232256
264fb1d8c9107950918e02b3c8d1b2c5
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-3-smp_2.6.8-16sarge4_alpha.deb
Size/MD5 checksum: 227366
3c43da6bd0a369e67be02af8e3498d60
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-3-generic_2.6.8-16sarge4_alpha.deb
Size/MD5 checksum: 20220764
714e37e85c5387ef44ef8ca96608934a
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-3-smp_2.6.8-16sarge4_alpha.deb
Size/MD5 checksum: 20073926
24005f33bb551a3dec6cdbbdae45efdf
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12_2.6.8-16sarge4_i386.deb
Size/MD5 checksum: 2722664
c435fecd5d9cbda8f337c3cd86fc0dca
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-generic_2.6.8-16sarge4_i386.deb
Size/MD5 checksum: 226110
94d5814aed329864cad5d1584a5d44e2
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-k8_2.6.8-16sarge4_i386.deb
Size/MD5 checksum: 225244
d8128cc1a753402d41ce2b7ddcee875a
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-k8-smp_2.6.8-16sarge4_i386.deb
Size/MD5 checksum: 221102
76161094b4af81690b489010912ad94d
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-em64t-p4_2.6.8-16sarge4_i386.deb
Size/MD5 checksum: 223202
89d8a6a610eccf151bdbd38f7467731c
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-em64t-p4-smp_2.6.8-16sarge4_i386.deb
Size/MD5 checksum: 219462
9eb4bace25ae262ac51c45617661f3be
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-generic_2.6.8-16sarge4_i386.deb
Size/MD5 checksum: 12561704
c3ffffed8671d53630c176618d12fbc9
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-k8_2.6.8-16sarge4_i386.deb
Size/MD5 checksum: 13257210
a4d1fac79a380edbe4284659428f7623
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-k8-smp_2.6.8-16sarge4_i386.deb
Size/MD5 checksum: 13219086
a578d5400499044678959c16e8839153
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-em64t-p4_2.6.8-16sarge4_i386.deb
Size/MD5 checksum: 13217374
1b4965fe7b97de4e24075ea3541a21fd
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-em64t-p4-smp_2.6.8-16sarge4_i386.deb
Size/MD5 checksum: 13190288
417cafc0fc4dd74032fc9f184ecb8659
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3_2.6.8-16sarge4_i386.deb
Size/MD5 checksum: 2779472
3c3d561576b2bbcae74806518f2d526f
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-386_2.6.8-16sarge4_i386.deb
Size/MD5 checksum: 258572
b6ef0ead4cbbd2f4700613fae13ecad6
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-686_2.6.8-16sarge4_i386.deb
Size/MD5 checksum: 256372
3bcb4f79630757e495377f140c055c5a
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-686-smp_2.6.8-16sarge4_i386.deb
Size/MD5 checksum: 253422
fd1d4a2ff14ea852098b41435a8dd8f2
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-k7_2.6.8-16sarge4_i386.deb
Size/MD5 checksum: 256716
9369c6b0c81fe61fe0640fbbb5d295a3
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-k7-smp_2.6.8-16sarge4_i386.deb
Size/MD5 checksum: 253512
027cb58c47a72a2fb0303d98988e5ec0
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-386_2.6.8-16sarge4_i386.deb
Size/MD5 checksum: 14063498
847b68ff55485cd1cfdef9b951a27639
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-686_2.6.8-16sarge4_i386.deb
Size/MD5 checksum: 15536232
d3974ee45e891069362eed6af842bcfd
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-686-smp_2.6.8-16sarge4_i386.deb
Size/MD5 checksum: 15346658
a52d56df265fe38bb822e3a09ce627e4
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-k7_2.6.8-16sarge4_i386.deb
Size/MD5 checksum: 15261024
8e67b0d239fc9ca47db18ed49b42a083
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-k7-smp_2.6.8-16sarge4_i386.deb
Size/MD5 checksum: 15124402
16d13d0ef23a03258fdca8dffeae8cc6
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge3_i386.deb
Size/MD5 checksum: 11992870
803f90720a5afa363bfb36c3c5388371
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-itanium_2.6.8-14sarge4_ia64.deb
Size/MD5 checksum: 6678
75fdf84848419b73b504cf440bb89030
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-itanium-smp_2.6.8-14sarge4_ia64.deb
Size/MD5 checksum: 6750
0583066225780439bc152d5067de73fd
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-mckinley_2.6.8-14sarge4_ia64.deb
Size/MD5 checksum: 6706
b9daa129196ea166ccfdd1bfc5528aae
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-mckinley-smp_2.6.8-14sarge4_ia64.deb
Size/MD5 checksum: 6776
816a81ea2af11666807310e001413ca2
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3_2.6.8-14sarge4_ia64.deb
Size/MD5 checksum: 3098892
53c416f0b21d13d97b9cafdaf53335fe
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-itanium_2.6.8-14sarge4_ia64.deb
Size/MD5 checksum: 200088
a13df28d82aea874f7f2f7624964a180
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-itanium-smp_2.6.8-14sarge4_ia64.deb
Size/MD5 checksum: 199418
0c89142d3f9bd9dc9bc0945c2c5a5252
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-mckinley_2.6.8-14sarge4_ia64.deb
Size/MD5 checksum: 199864
1627d34ecce889ab7feeb079e5e786a5
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-mckinley-smp_2.6.8-14sarge4_ia64.deb
Size/MD5 checksum: 199352
1f8fbb0f499928da9afad963240a2a5a
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-itanium_2.6.8-14sarge4_ia64.deb
Size/MD5 checksum: 6676
863e6dbb301810732ca5b967d1348b1d
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-itanium-smp_2.6.8-14sarge4_ia64.deb
Size/MD5 checksum: 6750
a0be1dbee3890815491446c70292af6b
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-mckinley_2.6.8-14sarge4_ia64.deb
Size/MD5 checksum: 6702
55fe56f2f3de36221c8c00826e6eca6c
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-mckinley-smp_2.6.8-14sarge4_ia64.deb
Size/MD5 checksum: 6774
b00877ca52331c964323b12056cd1f70
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-itanium_2.6.8-14sarge4_ia64.deb
Size/MD5 checksum: 21476370
c9a52f35220d0e3bc61b1f507b7dc716
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-itanium-smp_2.6.8-14sarge4_ia64.deb
Size/MD5 checksum: 22136612
9d6f06b3203fec64ef280bb2147b60ae
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-mckinley_2.6.8-14sarge4_ia64.deb
Size/MD5 checksum: 21409268
2a5e1b20baa1a668304e4c6c0ee96f77
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-mckinley-smp_2.6.8-14sarge4_ia64.deb
Size/MD5 checksum: 22154522
dd8e2bab100e8447434428d8c3d0cd33
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-build-2.6.8-3_2.6.8-15sarge4_sparc.deb
Size/MD5 checksum: 5270
d9d8a08c7d95af660ddb27b2bdf3edb2
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-3_2.6.8-15sarge4_sparc.deb
Size/MD5 checksum: 2890614
25a5f93a494d583f533d8a8b6afc5811
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-3-sparc32_2.6.8-15sarge4_sparc.deb
Size/MD5 checksum: 110050
ef8055368116c6de685e2e5fb3eb7bc9
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-3-sparc64_2.6.8-15sarge4_sparc.deb
Size/MD5 checksum: 144772
3c49e410afa9020cfb0ed6e7daa1197a
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-3-sparc64-smp_2.6.8-15sarge4_sparc.deb
Size/MD5 checksum: 145386
b5f7c0add8b7f5709235a9a3108b0752
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-3-sparc32_2.6.8-15sarge4_sparc.deb
Size/MD5 checksum: 4551130
87c9d50a7693e0f049ee47e32e1b07ff
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-3-sparc64_2.6.8-15sarge4_sparc.deb
Size/MD5 checksum: 7430922
eceb79d6f7dd483ce5188e7934d1c506
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-3-sparc64-smp_2.6.8-15sarge4_sparc.deb
Size/MD5 checksum: 7628714
3a3dddddba19f112f7b3b93ba5d44642
PowerPC architecture:
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-power3_2.6.8-12sarge4_powerpc.deb
Size/MD5 checksum: 407398
e05e6f4cc9db78fb380752ffbdeb5da8
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-power3-smp_2.6.8-12sarge4_powerpc.deb
Size/MD5 checksum: 407328
e8a001c81e071b8e20ae1c231a4c6995
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-power4_2.6.8-12sarge4_powerpc.deb
Size/MD5 checksum: 406710
77a65238ea24808cffd01963a1fc1f63
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-power4-smp_2.6.8-12sarge4_powerpc.deb
Size/MD5 checksum: 406636
bbc4a48430c0b9b8e65adb9acb8d7898
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-powerpc_2.6.8-12sarge4_powerpc.deb
Size/MD5 checksum: 407600
1369ada43ac7d75f21463e4d2f1c2f24
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-powerpc-smp_2.6.8-12sarge4_powerpc.deb
Size/MD5 checksum: 406756
958b261e91d96f980704c0f3f82b8e6a
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-headers-2.6.8-3_2.6.8-12sarge4_powerpc.deb
Size/MD5 checksum: 5147646
bf6d33036a5a150d791b09e021154206
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-power3_2.6.8-12sarge4_powerpc.deb
Size/MD5 checksum: 13576992
151c64d944a5ba0f812596ec3c0d87c2
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-power3-smp_2.6.8-12sarge4_powerpc.deb
Size/MD5 checksum: 13929732
a53f72b2554445b5753b905b5306bb90
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-power4_2.6.8-12sarge4_powerpc.deb
Size/MD5 checksum: 13560758
ba215f514c5707a0eade2cc11f2bb0ff
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-power4-smp_2.6.8-12sarge4_powerpc.deb
Size/MD5 checksum: 13921224
0fab2af9083ebfc6d70d09c1d35affc2
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-powerpc_2.6.8-12sarge4_powerpc.deb
Size/MD5 checksum: 13595362
6dc1b4542ce1738258d3529900c16b5d
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-powerpc-smp_2.6.8-12sarge4_powerpc.deb
Size/MD5 checksum: 13847816
9f0c9b62f6ef32fc3c16263db5a6c988
HP Precision architecture:
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3_2.6.8-6sarge3_hppa.deb
Size/MD5 checksum: 2802244
f82eaa9411813bbdee2e0c268a067c81
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3-32_2.6.8-6sarge3_hppa.deb
Size/MD5 checksum: 211350
c221830c715cfebb1acb383d8f7c6a8a
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3-32-smp_2.6.8-6sarge3_hppa.deb
Size/MD5 checksum: 210570
96c096a16a6291f4b40716ac939bd063
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3-64_2.6.8-6sarge3_hppa.deb
Size/MD5 checksum: 210220
fc6c20856e898e4bd881711e6392d4e9
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3-64-smp_2.6.8-6sarge3_hppa.deb
Size/MD5 checksum: 209468
6a00248dcf25809f02f7ab585429f27b
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-3-32_2.6.8-6sarge3_hppa.deb
Size/MD5 checksum: 16029232
665d462c1fae45714ff948289c8a3457
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-3-32-smp_2.6.8-6sarge3_hppa.deb
Size/MD5 checksum: 16927312
a69c9e976ab6810bf7043a15daa1dd29
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-3-64_2.6.8-6sarge3_hppa.deb
Size/MD5 checksum: 17480298
66e35e40e7e2d82370f7ccba7544a59a
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-3-64-smp_2.6.8-6sarge3_hppa.deb
Size/MD5 checksum: 18306822
88ade3c07fc414c82bf589def0bda600
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-headers-2.6.8-3_2.6.8-5sarge4_s390.deb
Size/MD5 checksum: 5086492
86f40387b635bb06a1b8fddef2533d7b
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-3-s390_2.6.8-5sarge4_s390.deb
Size/MD5 checksum: 2977982
d3a4e0bf0b13cbaa5dfe13bcd423e66a
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-3-s390-tape_2.6.8-5sarge4_s390.deb
Size/MD5 checksum: 1142392
9d00d5a3260cbb78ed2660426c64bb87
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-3-s390x_2.6.8-5sarge4_s390.deb
Size/MD5 checksum: 3186958
d9db19c0b59de9298db549aae01fbd2d
AMD64 architecture:
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12_2.6.8-16sarge4_amd64.deb
Size/MD5 checksum: 2722720
86cfc5515201938d0af2b4d4ca2934a9
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-generic_2.6.8-16sarge4_amd64.deb
Size/MD5 checksum: 226146
472ae19b4f01446e591fffb99d303a03
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-k8_2.6.8-16sarge4_amd64.deb
Size/MD5 checksum: 225172
2606feea8b1b53c3f462f4bde29ca50f
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-k8-smp_2.6.8-16sarge4_amd64.deb
Size/MD5 checksum: 221340
21083c991ca038e65e621597cd89e283
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-em64t-p4_2.6.8-16sarge4_amd64.deb
Size/MD5 checksum: 223036
f92fab1e3cac4af84282e9022d1f4083
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-em64t-p4-smp_2.6.8-16sarge4_amd64.deb
Size/MD5 checksum: 219492
07b11cfbe292e455a0330759d80e4031
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-generic_2.6.8-16sarge4_amd64.deb
Size/MD5 checksum: 12561876
3ad41a31435a0902c141c0dacefb7bb4
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-k8_2.6.8-16sarge4_amd64.deb
Size/MD5 checksum: 13257410
d4deb7152e3ca561e72547902d924c29
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-k8-smp_2.6.8-16sarge4_amd64.deb
Size/MD5 checksum: 13219310
4b1556331313be26e139aafc301dc012
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-em64t-p4_2.6.8-16sarge4_amd64.deb
Size/MD5 checksum: 13064412
fe60134197725132c910a9295ea5be5e
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-em64t-p4-smp_2.6.8-16sarge4_amd64.deb
Size/MD5 checksum: 13045818
506e85208e4491d55815aa47879f30aa
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-amiga_2.6.8-4sarge4_m68k.deb
Size/MD5 checksum: 3305596
22eec174b095bf0035fbf0c3bb30a117
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-atari_2.6.8-4sarge4_m68k.deb
Size/MD5 checksum: 3101840
db050e19cc44523c672f99db6a78e589
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-bvme6000_2.6.8-4sarge4_m68k.deb
Size/MD5 checksum: 3014484
32d5da3bf37508dc15bee231f4e7cf13
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-hp_2.6.8-4sarge4_m68k.deb
Size/MD5 checksum: 2986870
b9d45ccbcc4c89a5e920eb8f85ebe2ca
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mac_2.6.8-4sarge4_m68k.deb
Size/MD5 checksum: 3173474
ca08a4603d7187d9980596fa329f0047
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mvme147_2.6.8-4sarge4_m68k.deb
Size/MD5 checksum: 2978626
a328056e30ac4616ed97a650d73b3f2b
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mvme16x_2.6.8-4sarge4_m68k.deb
Size/MD5 checksum: 3047726
03daf7306616f9eb1d3a92795280772a
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-q40_2.6.8-4sarge4_m68k.deb
Size/MD5 checksum: 3108506
2ff9d63a6c4172e2eb7acc4b7a159859
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-sun3_2.6.8-4sarge4_m68k.deb
Size/MD5 checksum: 2992168
014bc94320e7af5d18a90422c74d141d
These files will probably be moved into the stable distribution
on its next update.
For apt-get: deb
http://security.debian.org/
stable/updates main
For dpkg-ftp:
ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list:
debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and
http://packages.debian.org/<pkg>
Ubuntu Linux
Ubuntu Security Notice USN-297-3 July 26, 2006
mozilla-thunderbird vulnerabilities
CVE-2006-2775, CVE-2006-2776, CVE-2006-2778, CVE-2006-2779,
CVE-2006-2780, CVE-2006-2781, CVE-2006-2783, CVE-2006-2784,
CVE-2006-2787
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.04:
mozilla-thunderbird 1.0.8-0ubuntu05.04.1
Ubuntu 5.10:
mozilla-thunderbird 1.0.8-0ubuntu05.10.2
After a standard system upgrade you need to restart Thunderbird
to effect the necessary changes.
Details follow:
USN-297-1 fixed several vulnerabilities in Thunderbird for the
Ubuntu 6.06 LTS release. This update provides the corresponding
fixes for Ubuntu 5.04 and Ubuntu 5.10.
For reference, these are the details of the original USN:
Jonas Sicking discovered that under some circumstances persisted
XUL attributes are associated with the wrong URL. A malicious web
site could exploit this to execute arbitrary code with the
privileges of the user. (MFSA 2006-35, CVE-2006-2775)
Paul Nickerson discovered that content-defined setters on an
object prototype were getting called by privileged UI code. It was
demonstrated that this could be exploited to run arbitrary web
script with full user privileges (MFSA 2006-37, CVE-2006-2776).
Mikolaj Habryn discovered a buffer overflow in the
crypto.signText() function. By sending an email with malicious
JavaScript to an user, and that user enabled JavaScript in
Thunderbird (which is not the default and not recommended), this
could potentially be exploited to execute arbitrary code with the
user's privileges. (MFSA 2006-38, CVE-2006-2778)
The Mozilla developer team discovered several bugs that lead to
crashes with memory corruption. These might be exploitable by
malicious web sites to execute arbitrary code with the privileges
of the user. (MFSA 2006-32, CVE-2006-2779, CVE-2006-2780)
Masatoshi Kimura discovered a memory corruption (double-free)
when processing a large VCard with invalid base64 characters in it.
By sending a maliciously crafted set of VCards to a user, this
could potentially be exploited to execute arbitrary code with the
user's privileges. (MFSA 2006-40, CVE-2006-2781)
Masatoshi Kimura found a way to bypass web input sanitizers
which filter out JavaScript. By inserting 'Unicode Byte-order-Mark
(BOM)' characters into the HTML code (e. g. '<scr[BOM]ipt>'),
these filters might not recognize the tags anymore; however,
Thunderbird would still execute them since BOM markers are filtered
out before processing a mail containing JavaScript. (MFSA 2006-42,
CVE-2006-2783)
Kazuho Oku discovered various ways to perform HTTP response
smuggling when used with certain proxy servers. Due to different
interpretation of nonstandard HTTP headers in Thunderbird and the
proxy server, a malicious HTML email can exploit this to send back
two responses to one request. The second response could be used to
steal login cookies or other sensitive data from another opened web
site. (MFSA 2006-33, CVE-2006-2786)
It was discovered that JavaScript run via EvalInSandbox() can
escape the sandbox. Malicious scripts received in emails containing
JavaScript could use these privileges to execute arbitrary code
with the user's privileges. (MFSA 2006-31, CVE-2006-2787)
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.04.1.diff.gz
Size/MD5: 98300
a4dffa1705bd280224188e7bbc7781dd
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.04.1.dsc
Size/MD5: 946
7eebd4d62af685dd0ce74d5ff741c92c
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8.orig.tar.gz
Size/MD5: 32849510
ae345f1b722d8f3a977af4fd358d27b0
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.8-0ubuntu05.04.1_amd64.deb
Size/MD5: 3347854
519c296b742dc6e6d5c308b0b6c5a433
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.8-0ubuntu05.04.1_amd64.deb
Size/MD5: 145244
9a8d5c4ade62afdb187022df1b188099
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.8-0ubuntu05.04.1_amd64.deb
Size/MD5: 27718
aa28f71d2133d0810bbf166d86c68dc7
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.8-0ubuntu05.04.1_amd64.deb
Size/MD5: 82728
55ede40f0e71d287cfabe73492b3a71a
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.04.1_amd64.deb
Size/MD5: 11959242
c6acc1fa0785193f037fb35a14f7505e
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.8-0ubuntu05.04.1_i386.deb
Size/MD5: 3341642
18916c1156df514eb6b538ec63737a8d
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.8-0ubuntu05.04.1_i386.deb
Size/MD5: 140326
b2f8c499a4b160e6131d2fb2278e54b5
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.8-0ubuntu05.04.1_i386.deb
Size/MD5: 27724
6bab59d8db842eee01a411c256b64cd8
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.8-0ubuntu05.04.1_i386.deb
Size/MD5: 80468
114885d918a10761414adafc506be2e5
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.04.1_i386.deb
Size/MD5: 10911294
67ab1c44fe9a3d164e0c79755365e2bf
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.8-0ubuntu05.04.1_powerpc.deb
Size/MD5: 3337162
85e96f1fe254dc69170d3fc814110cd2
