Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Advisories, August 6, 2006

Aug 07, 2006, 04:30 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 1141-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 4th, 2006 http://www.debian.org/security/faq


Package : gnupg2
Vulnerability : integer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-3746
BugTraq ID : 19110
Debian Bug : 381204

Evgeny Legerov discovered that overly large comments can crash gnupg, the GNU privacy guard - a free PGP replacement, which is also present in the development branch.

For the stable distribution (sarge) this problem has been fixed in version 1.9.15-6sarge2.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your gnupg2 package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2.dsc
      Size/MD5 checksum: 854 2c392bb08b77bcb9995be4fbf2c58283
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2.diff.gz
      Size/MD5 checksum: 1860310 f465fe72762f514831d87583ca399bd5
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15.orig.tar.gz
      Size/MD5 checksum: 5454978 ee3885e2c74a9c1ae539d6f12091c30b

Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_alpha.deb
      Size/MD5 checksum: 112370 a119a0b8c191e3689d42c9a213dd4f76
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_alpha.deb
      Size/MD5 checksum: 886302 4c5c70dd431e4ccc591a87d068ac9553
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_alpha.deb
      Size/MD5 checksum: 453490 eec6ae4af73ba7a7ccef13d4e36b003e

AMD64 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_amd64.deb
      Size/MD5 checksum: 98516 fa8437eba6bda3ad2162d43a30195c8e
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_amd64.deb
      Size/MD5 checksum: 774640 30b1e6d048ba60c0e073c0c180bc686b
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_amd64.deb
      Size/MD5 checksum: 385744 72d4e6b41160959caec8301b23032897

ARM architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_arm.deb
      Size/MD5 checksum: 87376 ea0c54b9a3556192db52aa1178866d96
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_arm.deb
      Size/MD5 checksum: 712774 9b7ba34e952f1b860bafeaeba2178c82
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_arm.deb
      Size/MD5 checksum: 339734 78250a052bd3784f942045470fa118aa

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_i386.deb
      Size/MD5 checksum: 90114 918515e91219ed74277a53abdfafe943
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_i386.deb
      Size/MD5 checksum: 731710 253c2259991935b0318465e6b9eb8219
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_i386.deb
      Size/MD5 checksum: 351978 67b70918cb89760a02e53a5776ad39b6

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_ia64.deb
      Size/MD5 checksum: 130350 b00f67ed9488c494e38b2e4e29266174
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_ia64.deb
      Size/MD5 checksum: 1026420 5a988d46cbf0a5934cf348d731ca1a15
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_ia64.deb
      Size/MD5 checksum: 539966 515877cf2dd350361ff10a0c58ea11a9

HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_hppa.deb
      Size/MD5 checksum: 100620 f5f9366786672079f327f365385425f4
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_hppa.deb
      Size/MD5 checksum: 794818 dcbed566a023e7e67e00898c07af70af
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_hppa.deb
      Size/MD5 checksum: 394016 71252acf652b07008f09442d0231df51

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_m68k.deb
      Size/MD5 checksum: 82194 50c0f479584c5e461c3f19fa0f2b15cb
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_m68k.deb
      Size/MD5 checksum: 669558 8ef059958304096b34a6afc28dc90211
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_m68k.deb
      Size/MD5 checksum: 312018 6a268cb889f3d63100eab8556e747126

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_mips.deb
      Size/MD5 checksum: 100550 e8d48a649076e96490fbc5312840d4a7
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_mips.deb
      Size/MD5 checksum: 788684 7bce8a4ac745fb31edbd36ac30952e14
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_mips.deb
      Size/MD5 checksum: 395128 b146bb25bd370d3b291bb09ea030f777

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_mipsel.deb
      Size/MD5 checksum: 101030 fb640cb9e3e11c780689e73c6e3a634b
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_mipsel.deb
      Size/MD5 checksum: 790182 a787aa68ea3e88ea41772e75627e15c1
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_mipsel.deb
      Size/MD5 checksum: 396312 821572bca6b813b65e72017f38c0a367

PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_powerpc.deb
      Size/MD5 checksum: 95628 cf88406807fc6743022e9c3da4d29bad
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_powerpc.deb
      Size/MD5 checksum: 769376 4311b23a564c3964a9a96cb13923a5be
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_powerpc.deb
      Size/MD5 checksum: 377396 9918891d1cd6d307cd0b1772b3c698da

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_s390.deb
      Size/MD5 checksum: 98758 c728d9ae54f35867e0739b316f09f301
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_s390.deb
      Size/MD5 checksum: 766466 3b996b477a5c82a7b4b828daa931cb3e
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_s390.deb
      Size/MD5 checksum: 384794 e6a36afdcc54605336195929ac7fd715

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_sparc.deb
      Size/MD5 checksum: 89600 18af0a390ff51141947be8186a7579b1
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_sparc.deb
      Size/MD5 checksum: 721000 e8133a5b950115c89e0d702161c76ec9
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_sparc.deb
      Size/MD5 checksum: 345248 2b2d8a191d7832d570fb0ea8bb4a4eb1

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 1142-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 4th, 2006 http://www.debian.org/security/faq


Package : freeciv
Vulnerability : missing bouncary checks
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-3913
BugTraq ID : 19117
Debian Bug : 381378

Luigi Auriemma discovered missing boundary checks in freeciv, a clone of the well known Civilisation game, which can be exploited by remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.

For the stable distribution (sarge) these problems have been fixed in version 2.0.1-1sarge2.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your freeciv package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/f/freeciv/freeciv_2.0.1-1sarge2.dsc
      Size/MD5 checksum: 997 18498d24b54250ab8af555d1d37a58f8
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv_2.0.1-1sarge2.diff.gz
      Size/MD5 checksum: 45177 f4ec2a9e5c535f8575f82da1acb31786
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv_2.0.1.orig.tar.gz
      Size/MD5 checksum: 11086541 2deea98d258138325f590ec52d530a96

Architecture independent components:

    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-data_2.0.1-1sarge2_all.deb
      Size/MD5 checksum: 3843642 7549950e9a2603c30dea3996d90a501b
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-gtk_2.0.1-1sarge2_all.deb
      Size/MD5 checksum: 11486 2eb9487aa46c184425c2ee753aeea408
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-xaw3d_2.0.1-1sarge2_all.deb
      Size/MD5 checksum: 11488 b76ae39e8da49198ea7b4f22fc4d4d61
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv_2.0.1-1sarge2_all.deb
      Size/MD5 checksum: 11476 313b69df56d17e4b4ce355828a4931bc

Alpha architecture:

    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_alpha.deb
      Size/MD5 checksum: 590380 3a46c7102fb7720c6b22c9260bd6e0e0
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_alpha.deb
      Size/MD5 checksum: 514700 a61852b93a19a6081529c52592a2c01d
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_alpha.deb
      Size/MD5 checksum: 591250 6489e88abf589ae4c551197f00ed2a76

AMD64 architecture:

    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_amd64.deb
      Size/MD5 checksum: 476452 88e8b7db6194537fa688d17942bcdae2
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_amd64.deb
      Size/MD5 checksum: 409102 c0f9a3698267f94f2549844c039cb28e
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_amd64.deb
      Size/MD5 checksum: 465952 17f7e28d44dd3e92419fd3c7b421581c

ARM architecture:

    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_arm.deb
      Size/MD5 checksum: 423188 b18cb6fa46ab087b9f40192262864d6a
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_arm.deb
      Size/MD5 checksum: 361720 38d5539132b1353c9936a8712ff02a52
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_arm.deb
      Size/MD5 checksum: 419792 7c93feca1fe53d90b021322c7682d111

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_i386.deb
      Size/MD5 checksum: 440948 3702e9ac054ba9ec5a92447622bc01ac
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_i386.deb
      Size/MD5 checksum: 366832 7a3ec68f830307fb2cba056fa32e370b
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_i386.deb
      Size/MD5 checksum: 430298 981b279b36cabff252e6a91d22573bb4

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_ia64.deb
      Size/MD5 checksum: 659204 c74609605998269044046cbf22542a15
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_ia64.deb
      Size/MD5 checksum: 582314 0dc7ef5486694446014b99950c1dca4e
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_ia64.deb
      Size/MD5 checksum: 684488 ff9b193af4be8186cb15e6baba922b59

HP Precision architecture:

    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_hppa.deb
      Size/MD5 checksum: 497434 9f26b32389fa0202d95e8deae0af5684
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_hppa.deb
      Size/MD5 checksum: 430048 5bb2ab51d5df4d835c153dedd37d141e
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_hppa.deb
      Size/MD5 checksum: 491856 bea4c5a866f2c438a02ff0e31cfaf4ae

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_m68k.deb
      Size/MD5 checksum: 373434 c09262a7902569f53880ea08f33a8676
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_m68k.deb
      Size/MD5 checksum: 306794 8889d4409be406bbbd12fec876f9b363
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_m68k.deb
      Size/MD5 checksum: 355074 c2cb934868408d9e65abf96d8545f943

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_mips.deb
      Size/MD5 checksum: 454590 bea2a98c3167d1edf978dce16d21201d
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_mips.deb
      Size/MD5 checksum: 425812 57f82500284148e5339f9c356b801bb2
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_mips.deb
      Size/MD5 checksum: 479602 4adeaeeda8106e690a5ff98139f756a6

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_mipsel.deb
      Size/MD5 checksum: 453720 6c3b76369a22f49b72e7c137391cc6ac
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_mipsel.deb
      Size/MD5 checksum: 424618 c5ddd9950387d3df225781e161c26e6d
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_mipsel.deb
      Size/MD5 checksum: 481472 9a016d4dbaa24ff2de7413450da9e4cc

PowerPC architecture:

    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_powerpc.deb
      Size/MD5 checksum: 456204 50e3f85bdda583cf075555a833c06ad6
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_powerpc.deb
      Size/MD5 checksum: 393738 7bb561e2df36d0435f392168a100d64d
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_powerpc.deb
      Size/MD5 checksum: 460074 8a5c403853f1a953249430b8a09e40ed

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_s390.deb
      Size/MD5 checksum: 460912 de810a4e95df7e151c14fee404a8450c
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_s390.deb
      Size/MD5 checksum: 395748 ee388ca83a3ff6e97e13e605983eea8b
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_s390.deb
      Size/MD5 checksum: 448188 3e104b06fe2de82396bb7e0148a10e78

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_sparc.deb
      Size/MD5 checksum: 423448 332e72e600c0dd5b8c2278b239654a6f
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_sparc.deb
      Size/MD5 checksum: 360112 2ea0092164c79b2eb235fa26ee93dadd
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_sparc.deb
      Size/MD5 checksum: 421234 1f0355398a7737cb6b04a07978417415

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 1143-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 4th, 2006 http://www.debian.org/security/faq


Package : dhcp
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-3122
Debian Bug : 380273

Justin Winschief and Andrew Steets discovered a bug in dhcp, the DHCP server for automatic IP address assignment, which causes the server to unexpectedly exit.

For the stable distribution (sarge) this problem has been fixed in version 2.0pl5-19.1sarge2.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your dhcp package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2.dsc
      Size/MD5 checksum: 687 f73fef2e9996c07f813e8b44cf058fed
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2.diff.gz
      Size/MD5 checksum: 86660 931619c25909dde0f8278502d089a509
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5.orig.tar.gz
      Size/MD5 checksum: 294909 ab22f363a7aff924e2cc9d1019a21498

Alpha architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_alpha.deb
      Size/MD5 checksum: 123178 1d36fdc0bdee24e63ddd68290de55d42
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_alpha.deb
      Size/MD5 checksum: 115486 bf17b3f6d1d23a4f24f63dc8dee47c4f
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_alpha.deb
      Size/MD5 checksum: 80526 c23b5a983212426881e79e42abb08103

AMD64 architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_amd64.deb
      Size/MD5 checksum: 116010 53d3be3b942892ff1a0cc641152a7c0b
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_amd64.deb
      Size/MD5 checksum: 108676 99eaef8f0c56b81b28e09bf2040dbfe5
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_amd64.deb
      Size/MD5 checksum: 75952 170a4701d80b295679e605cfc56fb955

ARM architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_arm.deb
      Size/MD5 checksum: 114428 e220cadbd5250f55e7a88a8df95ea487
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_arm.deb
      Size/MD5 checksum: 107212 3a73115a056708b9a6190cbda179ce18
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_arm.deb
      Size/MD5 checksum: 74422 fdfdb05b69c11736c16a6aea1d8c0aa4

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_i386.deb
      Size/MD5 checksum: 109440 ca711b93042d11f8b5c853c3f648242a
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_i386.deb
      Size/MD5 checksum: 102220 558d78e22d1f4f909b718c46baa09cc4
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_i386.deb
      Size/MD5 checksum: 71330 6d5c42ff7f481df025b687b3969a6c25

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_ia64.deb
      Size/MD5 checksum: 144842 fe2d7f0eb45fba721e616f25dcdf29bb
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_ia64.deb
      Size/MD5 checksum: 136910 2ab43f384602792ae905ed00ee0b3465
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_ia64.deb
      Size/MD5 checksum: 92922 c87307ed1d553b3309c9d8f5b9a71783

HP Precision architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_hppa.deb
      Size/MD5 checksum: 116134 49852e02e411112adb6ad7acdee24c31
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_hppa.deb
      Size/MD5 checksum: 109042 6c117a4f8bb1cb0cf74f3e92baaf20e1
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_hppa.deb
      Size/MD5 checksum: 76740 6cc2f2822a7aa36b18eaaaae453d96a9

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_m68k.deb
      Size/MD5 checksum: 108782 fb3680aa3ea521fb4e77642cc47ac102
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_m68k.deb
      Size/MD5 checksum: 101672 9d6d600f9eecb2cda48c5f632e06bdf1
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_m68k.deb
      Size/MD5 checksum: 71418 79acf1203e75efb88a6216a8ed8d7a5b

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_mips.deb
      Size/MD5 checksum: 118566 c1b9855f7bb152ef9e8086a9631a4759
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_mips.deb
      Size/MD5 checksum: 111614 b22335a1a584a6e03622f92672d564af
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_mips.deb
      Size/MD5 checksum: 78014 cd698721ca4b076f4021c38e555301c1

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_mipsel.deb
      Size/MD5 checksum: 118140 0b08da85c43ad35c296a1554bbea0040
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_mipsel.deb
      Size/MD5 checksum: 111074 bf434314d3726fc72f1ba520019ad3e5
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_mipsel.deb
      Size/MD5 checksum: 77664 65e41b021840dd87d5cc776076ca5f92

PowerPC architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_powerpc.deb
      Size/MD5 checksum: 112540 0b83ec51591c3d2fc892cef08c25658d
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_powerpc.deb
      Size/MD5 checksum: 105446 e80540790b43f62d39d8e8ecccf06196
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_powerpc.deb
      Size/MD5 checksum: 73954 ae82323f9af86e64f809cb07165df9c4

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_s390.deb
      Size/MD5 checksum: 116578 45547a0804c240a48f90087d19e79b7a
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_s390.deb
      Size/MD5 checksum: 109366 8915a41a56e4d96080f937ec4e253381
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_s390.deb
      Size/MD5 checksum: 76834 55b285d1b7fa0cf81f3869441d576f16

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_sparc.deb
      Size/MD5 checksum: 113842 3800bc8307455eff6a3b38e820c5409f
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_sparc.deb
      Size/MD5 checksum: 106432 921b89e0c14344507cdf3272bc1e0c96
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_sparc.deb
      Size/MD5 checksum: 74860 312464adc38738ae26352b79c270109d

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200608-05

http://security.gentoo.org/


Severity: High
Title: LibVNCServer: Authentication bypass
Date: August 04, 2006
Bugs: #136916
ID: 200608-05


Synopsis

VNC servers created with LibVNCServer accept insecure protocol types, even when the server does not offer it, resulting in unauthorized access to the server.

Background

LibVNCServer is a GPL'ed library for creating VNC servers.

Affected packages


     Package                /  Vulnerable  /                Unaffected

  1  net-libs/libvncserver       < 0.8.2                      >= 0.8.2

Description

LibVNCServer fails to properly validate protocol types effectively letting users decide what protocol to use, such as "Type 1 - None". LibVNCServer will accept this security type, even if it is not offered by the server.

Impact

An attacker could use this vulnerability to gain unauthorized access with the privileges of the user running the VNC server.

Workaround

There is no known workaround at this time.

Resolution

All LibVNCServer users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-libs/libvncserver-0.8.2"

References

[ 1 ] CVE-2006-2450

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2450

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200608-05.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


Gentoo Linux Security Advisory GLSA 200608-06

http://security.gentoo.org/


Severity: Normal
Title: Courier MTA: Denial of Service vulnerability
Date: August 04, 2006
Bugs: #135005
ID: 200608-06


Synopsis

Courier MTA has fixed a DoS issue related to usernames containing a "=" character.

Background

Courier MTA is an integrated mail and groupware server based on open protocols.

Affected packages


     Package           /  Vulnerable  /                     Unaffected

  1  mail-mta/courier      < 0.53.2                          >= 0.53.2

Description

Courier MTA has fixed a security issue relating to usernames containing the "=" character, causing high CPU utilization.

Impact

An attacker could exploit this vulnerability by sending a specially crafted email to a mail gateway running a vulnerable version of Courier MTA.

Workaround

There is no known workaround at this time.

Resolution

All Courier MTA users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=mail-mta/courier-0.53.2"

References

[ 1 ] CVE-2006-2659

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2659

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200608-06.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


Gentoo Linux Security Advisory GLSA 200608-07

http://security.gentoo.org/


Severity: Normal
Title: libTIFF: Multiple vulnerabilities
Date: August 04, 2006
Bugs: #142383
ID: 200608-07


Synopsis

libTIFF contains several vulnerabilities that could result in arbitrary code execution.

Background

libTIFF provides support for reading and manipulating TIFF images.

Affected packages


     Package          /  Vulnerable  /                      Unaffected

  1  media-libs/tiff     < 3.8.2-r2                        >= 3.8.2-r2

Description

Tavis Ormandy of the Google Security Team discovered several heap and stack buffer overflows and other flaws in libTIFF. The affected parts include the TIFFFetchShortPair(), TIFFScanLineSize() and EstimateStripByteCounts() functions, and the PixarLog and NeXT RLE decoders.

Impact

A remote attacker could entice a user to open a specially crafted TIFF file, resulting in the possible execution of arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All libTIFF users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.8.2-r2"

References

[ 1 ] CVE-2006-3459

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459

[ 2 ] CVE-2006-3460

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460

[ 3 ] CVE-2006-3461

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3461

[ 4 ] CVE-2006-3462

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3462

[ 5 ] CVE-2006-3463

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3463

[ 6 ] CVE-2006-3464

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3464

[ 7 ] CVE-2006-3465

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3465

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200608-07.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


Gentoo Linux Security Advisory GLSA 200608-08

http://security.gentoo.org/


Severity: High
Title: GnuPG: Integer overflow vulnerability
Date: August 05, 2006
Bugs: #142248
ID: 200608-08


Synopsis

GnuPG is vulnerable to an integer overflow that could lead to the execution of arbitrary code.

Background

The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software.

Affected packages


     Package          /  Vulnerable  /                      Unaffected

  1  app-crypt/gnupg       < 1.4.5                            >= 1.4.5

Description

Evgeny Legerov discovered a vulnerability in GnuPG that when certain packets are handled an integer overflow may occur.

Impact

By sending a specially crafted email to a user running an affected version of GnuPG, a remote attacker could possibly execute arbitrary code with the permissions of the user running GnuPG.

Workaround

There is no known workaround at this time.

Resolution

All GnuPG users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-crypt/gnupg-1.4.5"

References

[ 1 ] CVE-2006-3746

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3746

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200608-08.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Slackware Linux

[slackware-security] php (SSA:2006-217-01)

New php packages are available for Slackware 10.2 and -current to fix security and other issues.

More details about these issues may be found on the PHP website:

http://www.php.net

Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/php-4.4.3-i486-1_slack10.2.tgz:
Upgraded to php-4.4.3.
From the announcement of the release:
The security issues resolved include the following:
* Disallow certain characters in session names.
* Fixed a buffer overflow inside the wordwrap() function.
* Prevent jumps to parent directory via the 2nd parameter of the tempnam() function.
* Improved safe_mode check for the error_log() function.
* Fixed cross-site scripting inside the phpinfo() function.
The PHP 4.4.3 release announcement may be found on their web site:
    http://www.php.net
(* Security fix *)
+--------------------------+

Where to find the new packages:

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/php-4.4.3-i486-1_slack10.2.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-4.4.3-i486-1.tgz

MD5 signatures:

Slackware 10.2 package:
417d976f97a53240868e5c715f1ba00b php-4.4.3-i486-1_slack10.2.tgz

Slackware -cu