:Advisories, August 4, 2006
Advisories, August 4, 2006 0 Talkback[s]
Debian GNU/Linux
Debian Security Advisory DSA 1135-1 security@debian.org http://www.debian.org/security/ Martin Schulzehttp://www.debian.org/security/faq
Package : libtunepimp
Kevin Kofler discovered several stack-based buffer overflows in the
LookupTRM::lookup function in libtunepimp, a MusicBrainz tagging
library, which allows remote attacers to cause a denial of service or
execute arbitrary code.
For the stable distribution (sarge) these problems have been fixed in
version 0.3.0-3sarge2.
For the unstable distribution (sid) these problems have been fixed in
version 0.4.2-4.
We recommend that you upgrade your libtunepimp packages.
Upgrade Instructions
wget url
will fetch the file for you
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp_0.3.0-3sarge2.dsc http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp_0.3.0-3sarge2.diff.gz http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp_0.3.0.orig.tar.gz
Alpha architecture:
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_alpha.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_alpha.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_alpha.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_alpha.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_alpha.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_alpha.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_alpha.deb
AMD64 architecture:
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_amd64.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_amd64.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_amd64.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_amd64.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_amd64.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_amd64.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_amd64.deb
ARM architecture:
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_arm.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_arm.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_arm.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_arm.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_arm.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_arm.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_arm.deb
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_i386.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_i386.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_i386.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_i386.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_i386.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_i386.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_i386.deb
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_ia64.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_ia64.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_ia64.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_ia64.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_ia64.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_ia64.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_ia64.deb
HP Precision architecture:
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_hppa.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_hppa.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_hppa.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_hppa.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_hppa.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_hppa.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_hppa.deb
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_m68k.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_m68k.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_m68k.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_m68k.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_m68k.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_m68k.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_m68k.deb
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_mips.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_mips.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_mips.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_mips.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_mips.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_mips.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_mips.deb
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_mipsel.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_mipsel.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_mipsel.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_mipsel.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_mipsel.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_mipsel.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_mipsel.deb
PowerPC architecture:
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_powerpc.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_powerpc.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_powerpc.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_powerpc.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_powerpc.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_powerpc.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_powerpc.deb
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_s390.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_s390.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_s390.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_s390.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_s390.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_s390.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_s390.deb
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_sparc.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_sparc.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_sparc.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_sparc.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_sparc.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_sparc.deb http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_sparc.deb
These files will probably be moved into the stable distribution on
its next update.
Debian Security Advisory DSA 1136-1 security@debian.org http://www.debian.org/security/ Martin Schulzehttp://www.debian.org/security/faq
Package : gpdf
"infamous41md" and Chris Evans discovered several heap based buffer
overflows in xpdf, the Portable Document Format (PDF) suite, which are
also present in gpdf, the viewer with Gtk bindings, and which can lead
to a denial of service by crashing the application or possibly to the
execution of arbitrary code.
For the stable distribution (sarge) these problems have been fixed in
version 2.8.2-1.2sarge5.
For the unstable distribution (sid) these problems have been fixed in
version 2.10.0-4.
We recommend that you upgrade your gpdf package.
Upgrade Instructions
wget url
will fetch the file for you
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5.dsc http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5.diff.gz http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2.orig.tar.gz
Alpha architecture:
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_alpha.deb
AMD64 architecture:
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_amd64.deb
ARM architecture:
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_arm.deb
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_i386.deb
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_ia64.deb
HP Precision architecture:
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_hppa.deb
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_m68k.deb
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_mips.deb
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_mipsel.deb
PowerPC architecture:
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_powerpc.deb
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_s390.deb
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_sparc.deb
These files will probably be moved into the stable distribution on
its next update.
Debian Security Advisory DSA 1137-1 security@debian.org http://www.debian.org/security/ Martin Schulzehttp://www.debian.org/security/faq
Package : tiff
Tavis Ormandy of the Google Security Team discovered several problems
in the TIFF library. The Common Vulnerabilities and Exposures project
identifies the following issues:
CVE-2006-3459
Several stack-buffer overflows have been discovered.
CVE-2006-3460
A heap overflow vulnerability in the JPEG decoder may overrun a
buffer with more data than expected.
CVE-2006-3461
A heap overflow vulnerability in the PixarLog decoder may allow an
attacker to execute arbitrary code.
CVE-2006-3462
A heap overflow vulnerability has been discovered in the NeXT RLE
decoder.
CVE-2006-3463
An loop was discovered where a 16bit unsigned short was used to
iterate over a 32bit unsigned value so that the loop would never
terminate and continue forever.
CVE-2006-3464
Multiple unchecked arithmetic operations were uncovered, including
a number of the range checking operations designed to ensure the
offsets specified in TIFF directories are legitimate.
CVE-2006-3465
A flaw was also uncovered in libtiffs custom tag support which may
result in abnormal behaviour, crashes, or potentially arbitrary
code execution.
For the stable distribution (sarge) these problems have been fixed in
version 3.7.2-7.
For the unstable distribution (sid) these problems have been fixed in
version 3.8.2-6.
We recommend that you upgrade your libtiff packages.
Upgrade Instructions
wget url
will fetch the file for you
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-7.dsc http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-7.diff.gz http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2.orig.tar.gz
Alpha architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_alpha.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_alpha.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_alpha.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_alpha.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_alpha.deb
AMD64 architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_amd64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_amd64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_amd64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_amd64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_amd64.deb
ARM architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_arm.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_arm.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_arm.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_arm.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_arm.deb
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_i386.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_i386.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_i386.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_i386.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_i386.deb
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_ia64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_ia64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_ia64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_ia64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_ia64.deb
HP Precision architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_hppa.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_hppa.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_hppa.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_hppa.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_hppa.deb
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_m68k.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_m68k.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_m68k.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_m68k.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_m68k.deb
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_mips.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_mips.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_mips.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_mips.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_mips.deb
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_mipsel.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_mipsel.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_mipsel.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_mipsel.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_mipsel.deb
PowerPC architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_powerpc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_powerpc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_powerpc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_powerpc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_powerpc.deb
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_s390.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_s390.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_s390.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_s390.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_s390.deb
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_sparc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_sparc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_sparc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_sparc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_sparc.deb
These files will probably be moved into the stable distribution on
its next update.
Debian Security Advisory DSA 1138-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoffhttp://www.debian.org/security/faq
Package : cfs
Carlo Contavalli discovered an integer overflow in CFS, a cryptographic
filesystem, which allows local users to crash the encryption daemon.
For the stable distribution (sarge) this problem has been fixed in
version 1.4.1-15sarge1.
For the unstable distribution (sid) this problem has been fixed in
version 1.4.1-17.
We recommend that you upgrade your cfs package.
Upgrade Instructions
wget url
will fetch the file for you
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1-15sarge1.dsc http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1-15sarge1.diff.gz http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1.orig.tar.gz
Alpha architecture:
http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1-15sarge1_alpha.deb
AMD64 architecture:
http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1-15sarge1_amd64.deb
ARM architecture:
http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1-15sarge1_arm.deb
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1-15sarge1_i386.deb
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1-15sarge1_ia64.deb
HP Precision architecture:
http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1-15sarge1_hppa.deb
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1-15sarge1_m68k.deb
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1-15sarge1_mips.deb
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1-15sarge1_mipsel.deb
PowerPC architecture:
http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1-15sarge1_powerpc.deb
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1-15sarge1_s390.deb
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1-15sarge1_sparc.deb
These files will probably be moved into the stable distribution on
its next update.
Debian Security Advisory DSA 1139-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoffhttp://www.debian.org/security/faq
Package : ruby1.6
It was discovered that the interpreter for the Ruby language does not
properly maintain "safe levels" for aliasing, directory accesses and
regular expressions, which might lead to a bypass of security
restrictions.
For the stable distribution (sarge) this problem has been fixed in
version 1.6.8-12sarge2.
The unstable distribution (sid) does no longer contain ruby1.6 packages.
We recommend that you upgrade your Ruby packages.
Upgrade Instructions
wget url
will fetch the file for you
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge2.dsc http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge2.diff.gz http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8.orig.tar.gz
Architecture independent components:
http://security.debian.org/pool/updates/main/r/ruby1.6/irb1.6_1.6.8-12sarge2_all.deb http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-elisp_1.6.8-12sarge2_all.deb http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-examples_1.6.8-12sarge2_all.deb
Alpha architecture:
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_alpha.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge2_alpha.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge2_alpha.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge2_alpha.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge2_alpha.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge2_alpha.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge2_alpha.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge2_alpha.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge2_alpha.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge2_alpha.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge2_alpha.deb http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge2_alpha.deb http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge2_alpha.deb
AMD64 architecture:
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_amd64.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge2_amd64.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge2_amd64.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge2_amd64.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge2_amd64.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge2_amd64.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge2_amd64.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge2_amd64.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge2_amd64.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge2_amd64.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge2_amd64.deb http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge2_amd64.deb http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge2_amd64.deb
ARM architecture:
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_arm.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge2_arm.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge2_arm.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge2_arm.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge2_arm.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge2_arm.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge2_arm.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge2_arm.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge2_arm.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge2_arm.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge2_arm.deb http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge2_arm.deb http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge2_arm.deb
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_i386.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge2_i386.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge2_i386.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge2_i386.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge2_i386.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge2_i386.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge2_i386.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge2_i386.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge2_i386.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge2_i386.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge2_i386.deb http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge2_i386.deb http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge2_i386.deb
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_ia64.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge2_ia64.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge2_ia64.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge2_ia64.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge2_ia64.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge2_ia64.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge2_ia64.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge2_ia64.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge2_ia64.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge2_ia64.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge2_ia64.deb http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge2_ia64.deb http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge2_ia64.deb
HP Precision architecture:
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_hppa.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge2_hppa.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge2_hppa.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge2_hppa.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge2_hppa.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge2_hppa.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge2_hppa.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge2_hppa.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge2_hppa.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge2_hppa.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge2_hppa.deb http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge2_hppa.deb http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge2_hppa.deb
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_m68k.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge2_m68k.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge2_m68k.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge2_m68k.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge2_m68k.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge2_m68k.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge2_m68k.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge2_m68k.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge2_m68k.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge2_m68k.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge2_m68k.deb http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge2_m68k.deb http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge2_m68k.deb
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_mips.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge2_mips.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge2_mips.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge2_mips.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge2_mips.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge2_mips.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge2_mips.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge2_mips.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge2_mips.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge2_mips.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge2_mips.deb http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge2_mips.deb http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge2_mips.deb
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_mipsel.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge2_mipsel.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge2_mipsel.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge2_mipsel.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge2_mipsel.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge2_mipsel.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge2_mipsel.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge2_mipsel.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge2_mipsel.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge2_mipsel.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge2_mipsel.deb http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge2_mipsel.deb http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge2_mipsel.deb
PowerPC architecture:
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_powerpc.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge2_powerpc.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge2_powerpc.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge2_powerpc.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge2_powerpc.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge2_powerpc.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge2_powerpc.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge2_powerpc.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge2_powerpc.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge2_powerpc.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge2_powerpc.deb http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge2_powerpc.deb http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge2_powerpc.deb
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_s390.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge2_s390.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge2_s390.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge2_s390.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge2_s390.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge2_s390.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge2_s390.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge2_s390.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge2_s390.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge2_s390.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge2_s390.deb http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge2_s390.deb http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge2_s390.deb
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_sparc.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge2_sparc.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge2_sparc.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge2_sparc.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge2_sparc.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge2_sparc.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge2_sparc.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge2_sparc.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge2_sparc.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge2_sparc.deb http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge2_sparc.deb http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge2_sparc.deb http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge2_sparc.deb
These files will probably be moved into the stable distribution on
its next update.
Debian Security Advisory DSA 1140-1 security@debian.org http://www.debian.org/security/ Martin Schulzehttp://www.debian.org/security/faq
Package : gnupg
Evgeny Legerov discovered that overly large comments can crash gnupg,
the GNU privacy guard - a free PGP replacement.
For the stable distribution (sarge) this problem has been fixed in
version 1.4.1-1.sarge5.
For the unstable distribution (sid) this problem has been fixed in
version 1.4.5-1.
We recommend that you upgrade your gnupg package.
Upgrade Instructions
wget url
will fetch the file for you
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5.dsc http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5.diff.gz http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1.orig.tar.gz
Alpha architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_alpha.deb
AMD64 architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_amd64.deb
ARM architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_arm.deb
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_i386.deb
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_ia64.deb
HP Precision architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_hppa.deb
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_m68k.deb
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_mips.deb
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_mipsel.deb
PowerPC architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_powerpc.deb
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_s390.deb
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_sparc.deb
These files will probably be moved into the stable distribution on
its next update.
http://security.debian.org/ stable/updates mainftp://security.debian.org/debian-security dists/stable/updates/maindebian-security-announce@lists.debian.org http://packages.debian.org/<pkg>
Gentoo Linux
http://security.gentoo.org/
Severity: Normal
The Mozilla Foundation has reported numerous security vulnerabilities
related to Mozilla SeaMonkey.
The Mozilla SeaMonkey project is a community effort to deliver
production-quality releases of code derived from the application
formerly known as "Mozilla Application Suite".
The following vulnerabilities have been reported:
Benjamin Smedberg discovered that chrome URL's could be made to
reference remote files.
Developers in the Mozilla community looked for and fixed several
crash bugs to improve the stability of Mozilla clients, which could
lead to the execution of arbitrary code by a remote attacker.
"shutdown" reports that cross-site scripting (XSS) attacks could be
performed using the construct XPCNativeWrapper(window).Function(...),
which created a function that appeared to belong to the window in
question even after it had been navigated to the target site.
"shutdown" reports that scripts granting the UniversalBrowserRead
privilege can leverage that into the equivalent of the far more
powerful UniversalXPConnect since they are allowed to "read" into a
privileged context.
"moz_bug_r_a4" reports that A malicious Proxy AutoConfig (PAC)
server could serve a PAC script that can execute code with elevated
privileges by setting the required FindProxyForURL function to the
eval method on a privileged object that leaked into the PAC sandbox.
"moz_bug_r_a4" discovered that Named JavaScript functions have a
parent object created using the standard Object() constructor
(ECMA-specified behavior) and that this constructor can be redefined
by script (also ECMA-specified behavior).
Igor Bukanov and shutdown found additional places where an untimely
garbage collection could delete a temporary object that was in active
use.
Georgi Guninski found potential integer overflow issues with long
strings in the toSource() methods of the Object, Array and String
objects as well as string function arguments.
H. D. Moore reported a testcase that was able to trigger a race
condition where JavaScript garbage collection deleted a temporary
variable still being used in the creation of a new Function object.
A malicious page can hijack native DOM methods on a document object
in another domain, which will run the attacker's script when called
by the victim page.
Secunia Research has discovered a vulnerability which is caused due
to an memory corruption error within the handling of simultaneously
happening XPCOM events. This leads to use of a deleted timer object.
An anonymous researcher for TippingPoint and the Zero Day
Initiative showed that when used in a web page Java would reference
properties of the window.navigator object as it started up.
Thilo Girmann discovered that in certain circumstances a JavaScript
reference to a frame or window was not properly cleared when the
referenced content went away.
A user can be enticed to open specially crafted URLs, visit webpages
containing malicious JavaScript or execute a specially crafted script.
These events could lead to the execution of arbitrary code, or the
installation of malware on the user's computer.
There is no known workaround at this time.
All Thunderbird users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.0.3"
[ 1 ] CVE-2006-3113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3113
[ 2 ] CVE-2006-3677
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3677
[ 3 ] CVE-2006-3801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3801
[ 4 ] CVE-2006-3802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3802
[ 5 ] CVE-2006-3803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3803
[ 6 ] CVE-2006-3804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3804
[ 7 ] CVE-2006-3805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3805
[ 8 ] CVE-2006-3806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3806
[ 9 ] CVE-2006-3807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3807
[ 10 ] CVE-2006-3808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3808
[ 11 ] CVE-2006-3809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3809
[ 12 ] CVE-2006-3810
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3810
[ 13 ] CVE-2006-3811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3811
[ 14 ] CVE-2006-3812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3812
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200608-02.xml
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org .
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
http://security.gentoo.org/
Severity: Normal
The Mozilla Foundation has reported numerous security vulnerabilities
related to Mozilla Firefox.
Mozilla Firefox is a redesign of the Mozilla Navigator component. The
goal is to produce a cross-platform stand-alone browser application.
1 www-client/mozilla-firefox < 1.5.0.5 >= 1.5.0.5
2 www-client/mozilla-firefox-bin < 1.5.0.5 >= 1.5.0.5
-------------------------------------------------------------------
2 affected packages on all of their supported architectures.
The following vulnerabilities have been reported:
Benjamin Smedberg discovered that chrome URL's could be made to
reference remote files.
Developers in the Mozilla community looked for and fixed several
crash bugs to improve the stability of Mozilla clients.
"shutdown" reports that cross-site scripting (XSS) attacks could be
performed using the construct XPCNativeWrapper(window).Function(...),
which created a function that appeared to belong to the window in
question even after it had been navigated to the target site.
"shutdown" reports that scripts granting the UniversalBrowserRead
privilege can leverage that into the equivalent of the far more
powerful UniversalXPConnect since they are allowed to "read" into a
privileged context.
"moz_bug_r_a4" reports that A malicious Proxy AutoConfig (PAC)
server could serve a PAC script that can execute code with elevated
privileges by setting the required FindProxyForURL function to the
eval method on a privileged object that leaked into the PAC sandbox.
"moz_bug_r_a4" discovered that Named JavaScript functions have a
parent object created using the standard Object() constructor
(ECMA-specified behavior) and that this constructor can be redefined
by script (also ECMA-specified behavior).
Igor Bukanov and shutdown found additional places where an untimely
garbage collection could delete a temporary object that was in active
use.
Georgi Guninski found potential integer overflow issues with long
strings in the toSource() methods of the Object, Array and String
objects as well as string function arguments.
H. D. Moore reported a testcase that was able to trigger a race
condition where JavaScript garbage collection deleted a temporary
variable still being used in the creation of a new Function object.
A malicious page can hijack native DOM methods on a document object
in another domain, which will run the attacker's script when called
by the victim page.
Secunia Research has discovered a vulnerability which is caused due
to an memory corruption error within the handling of simultaneously
happening XPCOM events. This leads to use of a deleted timer object.
An anonymous researcher for TippingPoint and the Zero Day
Initiative showed that when used in a web page Java would reference
properties of the window.navigator object as it started up.
Thilo Girmann discovered that in certain circumstances a JavaScript
reference to a frame or window was not properly cleared when the
referenced content went away.
A user can be enticed to open specially crafted URLs, visit webpages
containing malicious JavaScript or execute a specially crafted script.
These events could lead to the execution of arbitrary code, or the
installation of malware on the user's computer.
There is no known workaround at this time.
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.5.0.5"
Users of the binary package should upgrade as well:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.5.0.5"
[ 1 ] CVE-2006-3113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3113
[ 2 ] CVE-2006-3677
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3677
[ 3 ] CVE-2006-3801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3801
[ 4 ] CVE-2006-3802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3802
[ 5 ] CVE-2006-3803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3803
[ 6 ] CVE-2006-3805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3805
[ 7 ] CVE-2006-3806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3806
[ 8 ] CVE-2006-3807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3807
[ 9 ] CVE-2006-3808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3808
[ 10 ] CVE-2006-3809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3809
[ 11 ] CVE-2006-3810
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3810
[ 12 ] CVE-2006-3811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3811
[ 13 ] CVE-2006-3812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3812
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200608-03.xml
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org .
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
http://security.gentoo.org/
Severity: Normal
The Mozilla Foundation has reported numerous security vulnerabilities
related to Mozilla Thunderbird.
The Mozilla Thunderbird mail client is a redesign of the Mozilla Mail
component. The goal is to produce a cross-platform stand-alone mail
application using XUL (XML User Interface Language).
1 mozilla-thunderbird < 1.5.0.5 >= 1.5.0.5
2 mozilla-thunderbird-bin < 1.5.0.5 >= 1.5.0.5
-------------------------------------------------------------------
2 affected packages on all of their supported architectures.
The following vulnerabilities have been reported:
Benjamin Smedberg discovered that chrome URLss could be made to
reference remote files.
Developers in the Mozilla community looked for and fixed several
crash bugs to improve the stability of Mozilla clients.
"shutdown" reports that cross-site scripting (XSS) attacks could be
performed using the construct XPCNativeWrapper(window).Function(...),
which created a function that appeared to belong to the window in
question even after it had been navigated to the target site.
"shutdown" reports that scripts granting the UniversalBrowserRead
privilege can leverage that into the equivalent of the far more
powerful UniversalXPConnect since they are allowed to "read" into a
privileged context.
"moz_bug_r_a4" discovered that Named JavaScript functions have a
parent object created using the standard Object() constructor
(ECMA-specified behavior) and that this constructor can be redefined
by script (also ECMA-specified behavior).
Igor Bukanov and shutdown found additional places where an untimely
garbage collection could delete a temporary object that was in active
use.
Georgi Guninski found potential integer overflow issues with long
strings in the toSource() methods of the Object, Array and String
objects as well as string function arguments.
H. D. Moore reported a testcase that was able to trigger a race
condition where JavaScript garbage collection deleted a temporary
variable still being used in the creation of a new Function object.
A malicious page can hijack native DOM methods on a document object
in another domain, which will run the attacker's script when called
by the victim page.
Secunia Research has discovered a vulnerability which is caused due
to an memory corruption error within the handling of simultaneously
happening XPCOM events. This leads to use of a deleted timer object.
A user can be enticed to open specially crafted URLs, visit webpages
containing malicious JavaScript or execute a specially crafted script.
These events could lead to the execution of arbitrary code, or the
installation of malware on the user's computer.
There is no known workaround at this time.
All Mozilla Thunderbird users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-1.5.0.5"
All Mozilla Thunderbird binary users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-1.5.0.5"
[ 1 ] CVE-2006-3113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3113
[ 2 ] CVE-2006-3802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3802
[ 3 ] CVE-2006-3803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3803
[ 4 ] CVE-2006-3804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3804
[ 5 ] CVE-2006-3805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3805
[ 6 ] CVE-2006-3806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3806
[ 7 ] CVE-2006-3807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3807
[ 8 ] CVE-2006-3809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3809
[ 9 ] CVE-2006-3810
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3810
[ 10 ] CVE-2006-3811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3811
[ 11 ] CVE-2006-3812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3812
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200608-04.xml
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org .
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Ubuntu Linux
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
linux-image-2.6.15-26-386 2.6.15-26.46
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.
Please note that Ubuntu 5.04 and 5.10 are also affected by these
flaws. An update is in preparation and will be released shortly.
Details follow:
A Denial of service vulnerability was reported in iptables' SCTP
conntrack module. On computers which use this iptables module, a
remote attacker could expoit this to trigger a kernel crash.
(CVE-2006-2934)
A buffer overflow has been discovered in the dvd_read_bca() function.
By inserting a specially crafted DVD, USB stick, or similar
automatically mounted removable device, a local user could crash the
machine or potentially even execute arbitrary code with full root
privileges. (CVE-2006-2935)
The ftdi_sio driver for serial USB ports did not limit the amount of
pending data to be written. A local user could exploit this to drain
all available kernel memory and thus render the system unusable.
(CVE-2006-2936)
Additionally, this update fixes a range of bugs.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-source-2.6.15_2.6.15-26.46.diff.gz http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-source-2.6.15_2.6.15-26.46.dsc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-source-2.6.15_2.6.15.orig.tar.gz
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-doc-2.6.15_2.6.15-26.46_all.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-kernel-devel_2.6.15-26.46_all.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-source-2.6.15_2.6.15-26.46_all.deb
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/acpi-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fb-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/firewire-core-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/floppy-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/irda-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/jfs-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-26-amd64-generic_2.6.15-26.46_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-26-amd64-k8_2.6.15-26.46_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-26-amd64-server_2.6.15-26.46_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-26-amd64-xeon_2.6.15-26.46_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-26_2.6.15-26.46_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-26-amd64-generic_2.6.15-26.46_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-26-amd64-k8_2.6.15-26.46_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-26-amd64-server_2.6.15-26.46_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-26-amd64-xeon_2.6.15-26.46_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-pcmcia-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-usb-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ntfs-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/parport-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-storage-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/plip-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/sata-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/serial-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/socket-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ufs-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-26-amd64-generic-di_2.6.15-26.46_amd64.udeb
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/acpi-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fb-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/firewire-core-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/floppy-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/irda-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/jfs-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-26-386_2.6.15-26.46_i386.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-26-686_2.6.15-26.46_i386.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-26-k7_2.6.15-26.46_i386.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-26-server-bigiron_2.6.15-26.46_i386.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-26-server_2.6.15-26.46_i386.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-26_2.6.15-26.46_i386.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-26-386_2.6.15-26.46_i386.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-26-686_2.6.15-26.46_i386.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-26-k7_2.6.15-26.46_i386.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-26-server-bigiron_2.6.15-26.46_i386.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-26-server_2.6.15-26.46_i386.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-pcmcia-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-usb-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ntfs-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/parport-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-storage-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/plip-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/sata-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/serial-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/socket-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ufs-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-26-386-di_2.6.15-26.46_i386.udeb
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/affs-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/affs-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fb-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fb-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/firewire-core-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/firewire-core-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/floppy-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/floppy-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fs-common-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fs-common-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/hfs-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/hfs-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/irda-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/irda-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/jfs-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/jfs-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-26-powerpc-smp_2.6.15-26.46_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-26-powerpc64-smp_2.6.15-26.46_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-26-powerpc_2.6.15-26.46_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-26_2.6.15-26.46_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-26-powerpc-smp_2.6.15-26.46_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-26-powerpc64-smp_2.6.15-26.46_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-26-powerpc_2.6.15-26.46_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-pcmcia-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-pcmcia-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-usb-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-usb-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-storage-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-storage-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/sata-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/sata-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/serial-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/serial-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/socket-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/socket-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ufs-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ufs-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-26-powerpc-di_2.6.15-26.46_powerpc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-26-powerpc64-smp-di_2.6.15-26.46_powerpc.udeb
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-26-sparc64-di_2.6.15-26.46_sparc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-26-sparc64-di_2.6.15-26.46_sparc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-26-sparc64-di_2.6.15-26.46_sparc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-26-sparc64-di_2.6.15-26.46_sparc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-26-sparc64-di_2.6.15-26.46_sparc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-26-sparc64-di_2.6.15-26.46_sparc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-26-sparc64-di_2.6.15-26.46_sparc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-26-sparc64-di_2.6.15-26.46_sparc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-26-sparc64-di_2.6.15-26.46_sparc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-26-sparc64-smp_2.6.15-26.46_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-26-sparc64_2.6.15-26.46_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-26_2.6.15-26.46_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-26-sparc64-smp_2.6.15-26.46_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-26-sparc64_2.6.15-26.46_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-26-sparc64-di_2.6.15-26.46_sparc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-26-sparc64-di_2.6.15-26.46_sparc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-26-sparc64-di_2.6.15-26.46_sparc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-26-sparc64-di_2.6.15-26.46_sparc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-26-sparc64-di_2.6.15-26.46_sparc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-26-sparc64-di_2.6.15-26.46_sparc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/parport-modules-2.6.15-26-sparc64-di_2.6.15-26.46_sparc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/plip-modules-2.6.15-26-sparc64-di_2.6.15-26.46_sparc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-26-sparc64-di_2.6.15-26.46_sparc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-26-sparc64-di_2.6.15-26.46_sparc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-26-sparc64-di_2.6.15-26.46_sparc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-26-sparc64-di_2.6.15-26.46_sparc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-26-sparc64-di_2.6.15-26.46_sparc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-26-sparc64-di_2.6.15-26.46_sparc.udeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-26-sparc64-di_2.6.15-26.46_sparc.udeb
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.04:
Ubuntu 5.10:
Ubuntu 6.06 LTS:
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Evgeny Legerov discovered that gnupg did not sufficiently check the
validity of the comment and a control field. Specially crafted GPG
data could cause a buffer overflow. This could be exploited to execute
arbitrary code with the user's privileges if an attacker can trick an
user into processing a malicious encrypted/signed document with gnupg.
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.5.diff.gz http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.5.dsc http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5.orig.tar.gz
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.5_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.5_amd64.udeb
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.5_i386.deb http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.5_i386.udeb
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.5_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.5_powerpc.udeb
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4.diff.gz http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4.dsc http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1.orig.tar.gz
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.4_amd64.udeb
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4_i386.deb http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.4_i386.udeb
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.4_powerpc.udeb
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.4_sparc.udeb
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2.diff.gz http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2.dsc http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2.orig.tar.gz
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.2_amd64.udeb
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2_i386.deb http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.2_i386.udeb
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.2_powerpc.udeb
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.2_sparc.udeb
