Linux Today - Advisories, August 7, 2006

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices

Technology Jobs

LinuxToday Newsletters

Server Daily
IT Management Daily
Subscribe News
Subscribe PR
Subscribe Security

internet.com

Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

Current Newswire:

20 popular Ubuntu Linux apps you may want to try

A Selection of the Very Best Open Source Tutorials and Tools

Android Ice Cream Sandwich ported to x86 tablets, netbooks and notebooks

SECURITY: Google Chrome 17 Improves Security

How to read a CSV file in Perl?

Red Hat Brings Gluster to Amazon Cloud

New Linux kernel fixes power-saving issues

Using Wii remote with Android Device- Taking Gaming to the Next Level

Commercial Support now available for the open-source NGINX Web server

Linux Top 5: Linux's New Fellow

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Post A Job | Post A Resume

:Advisories, August 7, 2006

Advisories, August 7, 2006
Aug 8, 2006, 03 :45 UTC (0 Talkback[s]) (2046 reads)

Debian GNU/Linux

Debian Security Advisory DSA 1144-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
August 7th, 2006 http://www.debian.org/security/faq

Package : chmlib
Vulnerability : missing input sanitising
Problem-Type : local(remote)
Debian-specific: no
CVE ID : CVE-2006-3178

It was discovered that one of the utilities shipped with chmlib, a library for dealing with Microsoft CHM files, performs insufficient sanitising of filenames, which might lead to directory traversal.

For the stable distribution (sarge) this problem has been fixed in version 0.35-6sarge3.

For the unstable distribution (sid) this problem has been fixed in version 0.38-1.

We recommend that you upgrade your chmlib-bin package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3.dsc
      Size/MD5 checksum: 604 bf863d9f219b275c0b773861e981a917
    http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3.diff.gz
      Size/MD5 checksum: 16413 b383820343449d33e4297368568b40bf
    http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35.orig.tar.gz
      Size/MD5 checksum: 368428 8fa0e692b2606a03fb51589f66a82eec

Alpha architecture:

    http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_alpha.deb
      Size/MD5 checksum: 25796 1892260c61070cfb1c265458150a0ceb
    http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_alpha.deb
      Size/MD5 checksum: 18782 ec61ba3873d1952af1d1c10b0fe57a4a
    http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_alpha.deb
      Size/MD5 checksum: 25690 9a5d631b6e977b9c61b731803bbf2d5c

AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_amd64.deb
      Size/MD5 checksum: 23868 40d8f17410a02847577fe894c6617e71
    http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_amd64.deb
      Size/MD5 checksum: 17128 68e0e5e301172ce92648b5cf5efedba2
    http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_amd64.deb
      Size/MD5 checksum: 22710 931565e32ca29f1a515a3ba48a840d0f

ARM architecture:

    http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_arm.deb
      Size/MD5 checksum: 25372 80b7881428f5668208a5ecc06d778f3b
    http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_arm.deb
      Size/MD5 checksum: 16192 7644e42e9130da35ad344e8504f85e5f
    http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_arm.deb
      Size/MD5 checksum: 24128 a9ed0802965ea57ffc2683aad90277b8

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_i386.deb
      Size/MD5 checksum: 25026 e567d12fc2dfcaae17973e2a2da40007
    http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_i386.deb
      Size/MD5 checksum: 16300 d885e6db52cc52a626186869f2e0731b
    http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_i386.deb
      Size/MD5 checksum: 23030 748d269bb7b3d2ebddc4a459e6136573

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_ia64.deb
      Size/MD5 checksum: 28624 8b8baeec6cc8d30cd6eea8529a4df375
    http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_ia64.deb
      Size/MD5 checksum: 19558 c8889fc3a5015d928f0bc8bf3e7a4ba0
    http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_ia64.deb
      Size/MD5 checksum: 27402 24463e0be69ecc330178701bd268364f

HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_hppa.deb
      Size/MD5 checksum: 27870 76c09247988d19755408b16e38f86b5b
    http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_hppa.deb
      Size/MD5 checksum: 18284 bb3013313e96f7f8d4622aad6de21170
    http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_hppa.deb
      Size/MD5 checksum: 24338 18e0e89cc8379d2d606a92286843c79f

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_m68k.deb
      Size/MD5 checksum: 23242 ab3b883d382341b152d5c2e0eceab044
    http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_m68k.deb
      Size/MD5 checksum: 16440 54e7c14b32928eb994943d439d9f5c89
    http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_m68k.deb
      Size/MD5 checksum: 21782 4c03416905d38baadef72f588d1c4aca

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_mips.deb
      Size/MD5 checksum: 26672 36e6ee842cc10c9f76e574a371e51346
    http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_mips.deb
      Size/MD5 checksum: 23296 60188443d09b77e0efa7b4e980b0c7f0
    http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_mips.deb
      Size/MD5 checksum: 25234 a14971f943df4051b55594463016e9dc

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_mipsel.deb
      Size/MD5 checksum: 26694 226831a74cf9df7f38a19e1b06e318b7
    http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_mipsel.deb
      Size/MD5 checksum: 23310 ec018fec09ff44beceb8ac9d7780af5e
    http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_mipsel.deb
      Size/MD5 checksum: 25218 84e07e66e7f4b816336aa383be318b4f

PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_powerpc.deb
      Size/MD5 checksum: 27482 369986825b64b261a961c3ab0588fd71
    http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_powerpc.deb
      Size/MD5 checksum: 22196 ef565ae91a142079e571a156a96f7f73
    http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_powerpc.deb
      Size/MD5 checksum: 23712 b1aecf54941743a972afeec9181ab6a2

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_s390.deb
      Size/MD5 checksum: 26718 05081b1ccf0b27ccfb68b840547a9495
    http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_s390.deb
      Size/MD5 checksum: 17652 23af02d4509dce8542171a498200680b
    http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_s390.deb
      Size/MD5 checksum: 23592 21f1a9e1ce6eafe1e409bfe0d4b30a5c

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_sparc.deb
      Size/MD5 checksum: 24446 b978afe8fa6e453156bd841bb85d9b67
    http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_sparc.deb
      Size/MD5 checksum: 16286 364c3168d21b385ca98cb7c626ad7e2f
    http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_sparc.deb
      Size/MD5 checksum: 22474 870c35d6c7d66e2517f95eb7f6413c5e

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 1145-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
August 8th, 2006 http://www.debian.org/security/faq

Package : freeradius
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2005-4745 CVE-2005-4746

Several remote vulnerabilities have been discovered in freeradius, a high-performance RADIUS server, which may lead to SQL injection or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2005-4745

An SQL injection vulnerability has been discovered in the rlm_sqlcounter module.

CVE-2006-4746

Multiple buffer overflows have been discovered, allowing denial of service.

For the stable distribution (sarge) these problems have been fixed in version 1.0.2-4sarge3.

For the unstable distribution (sid) these problems have been fixed in version 1.0.5-1.

We recommend that you upgrade your freeradius packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge3.dsc
      Size/MD5 checksum: 897 9da78722cf4e8de073f21a0c4a4a5a52
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge3.diff.gz
      Size/MD5 checksum: 17220 e510f92d9152f41801312941409d35ce
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2.orig.tar.gz
      Size/MD5 checksum: 1931715 422a004f2354b2a7364f5b683891a26a

Architecture independent components:

http://security.debian.org/pool/updates/main/f/freeradius/freeradius-dialupadmin_1.0.2-4sarge3_all.deb
Size/MD5 checksum: 111760 02a048b89f5d5bb78f07439de08975b1

Alpha architecture:

    http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge3_alpha.deb
      Size/MD5 checksum: 2234974 d9208f084edcc999b51b20753ee976cd
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge3_alpha.deb
      Size/MD5 checksum: 54254 fc4b23c830ae96c9f83280095d74ac90
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge3_alpha.deb
      Size/MD5 checksum: 55078 23212bf61a381bfbfa00a48f96ff6053
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge3_alpha.deb
      Size/MD5 checksum: 107548 8aaaa457b450ec1c8916340587fef3b1
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge3_alpha.deb
      Size/MD5 checksum: 56028 26cd188ec8106a1bc1d66ab048460a79

AMD64 architecture:

    http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge3_amd64.deb
      Size/MD5 checksum: 1961222 cbb024edb0d5238f989173d89d09d2f4
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge3_amd64.deb
      Size/MD5 checksum: 53108 c35f1f84ae1d8ea8c577378055392f28
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge3_amd64.deb
      Size/MD5 checksum: 53862 00e2095e1f39ae72a5609dd76910034c
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge3_amd64.deb
      Size/MD5 checksum: 99668 5203b88057bbc3de03ecd87755281036
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge3_amd64.deb
      Size/MD5 checksum: 54836 6fd3e759651ea3fe0478547642f4259f

ARM architecture:

    http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge3_arm.deb
      Size/MD5 checksum: 2034340 4fb67c48357f16d7be78b4fbe12587fa
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge3_arm.deb
      Size/MD5 checksum: 51272 2cea05c9dc2706070f58040212b4e799
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge3_arm.deb
      Size/MD5 checksum: 52688 be9cb442fb0f6a90edfe70792217c725
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge3_arm.deb
      Size/MD5 checksum: 96464 9fc105b04bd9ac80c04c75711711f62d
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge3_arm.deb
      Size/MD5 checksum: 53274 4de175712a085a38a02bcff9fbe1cfbd

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge3_i386.deb
      Size/MD5 checksum: 2032516 249932930c67845be5d844cfabbdf431
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge3_i386.deb
      Size/MD5 checksum: 51558 a24eff84d5b737755c2a910d01c8adfe
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge3_i386.deb
      Size/MD5 checksum: 52666 22e5ab99d223ce4a89706a503e6843a6
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge3_i386.deb
      Size/MD5 checksum: 97628 1c4716d249dd1d78cd0938b2319cc64c
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge3_i386.deb
      Size/MD5 checksum: 53400 06cd4c6ad0444000cc3334b89aa74335

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge3_ia64.deb
      Size/MD5 checksum: 2375540 5de9567eaf7e05d715bbcb3c3aec9daa
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge3_ia64.deb
      Size/MD5 checksum: 54054 1cc25baa1f9ded198bd39d553dc4de2b
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge3_ia64.deb
      Size/MD5 checksum: 55240 29860799cd60b08be56a87e5adb9907a
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge3_ia64.deb
      Size/MD5 checksum: 112916 e58adaf4600db74d26a398a2883b8c33
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge3_ia64.deb
      Size/MD5 checksum: 56120 b673bda54099c764f299f2ed5b66f539

HP Precision architecture:

    http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge3_hppa.deb
      Size/MD5 checksum: 2039380 5d798c11b6a85057b9890f79a5021263
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge3_hppa.deb
      Size/MD5 checksum: 54678 57567692624381166e5cf986a2a44fc1
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge3_hppa.deb
      Size/MD5 checksum: 56104 f89a83d37fd8c67ebba7f7f4a2443846
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge3_hppa.deb
      Size/MD5 checksum: 105536 1e2cd25a9acabe755edc90883d91d5b3
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge3_hppa.deb
      Size/MD5 checksum: 56442 674d4f0818c00e37c51b76ac04c68e18

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge3_m68k.deb
      Size/MD5 checksum: 2017794 d7896b5846dfba3e235760c63b1e9f3b
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge3_m68k.deb
      Size/MD5 checksum: 53036 fe09b63d1277f04758f4f57459f9f677
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge3_m68k.deb
      Size/MD5 checksum: 54028 28ed1c4fc7a7e256d3aba575794f6692
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge3_m68k.deb
      Size/MD5 checksum: 95270 df56d263433e5fad7f26d06fcd94f734
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge3_m68k.deb
      Size/MD5 checksum: 54884 40cf80c983717753b090d5a8067b7710

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge3_mips.deb
      Size/MD5 checksum: 2135704 c4b7ae0e080900534351c35d81d26184
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge3_mips.deb
      Size/MD5 checksum: 53292 a0edac9c731434e8103709ebdc8b7ace
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge3_mips.deb
      Size/MD5 checksum: 53758 d7d6aa5dbf5495a84d0e91561cfd7d65
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge3_mips.deb
      Size/MD5 checksum: 98086 eb9bd1ae3273fc85247689d2df492c07
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge3_mips.deb
      Size/MD5 checksum: 55236 bbd094a242c864772cbb03b96944100d

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge3_mipsel.deb
      Size/MD5 checksum: 2102720 b939f831e6c7034b2c79fb4c901fd747
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge3_mipsel.deb
      Size/MD5 checksum: 52156 f48edaa7cfba5f3064eaee9e59076b2f
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge3_mipsel.deb
      Size/MD5 checksum: 52488 775b45cef3ce1022e8634bba4238b5ee
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge3_mipsel.deb
      Size/MD5 checksum: 96592 93366948c99a4f7b9d98444fd803c412
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge3_mipsel.deb
      Size/MD5 checksum: 54040 9ccca0196e836b164d6e1836d2fe323b

PowerPC architecture:

    http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge3_powerpc.deb
      Size/MD5 checksum: 2330454 994519f38a5e70cb3ccb32493e5f8a3a
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge3_powerpc.deb
      Size/MD5 checksum: 58904 89f9e6de1d19aad2ad8643c4f350dbf4
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge3_powerpc.deb
      Size/MD5 checksum: 60094 8670e82842a529a33232db8baf3aa64f
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge3_powerpc.deb
      Size/MD5 checksum: 108932 ea331982f02062fb48f5d0b131985487
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge3_powerpc.deb
      Size/MD5 checksum: 61324 6b6a2716ff73561f0b976a3acda17e2e

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge3_s390.deb
      Size/MD5 checksum: 2581992 24c1f9195295e5e2f0712eaac726402a
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge3_s390.deb
      Size/MD5 checksum: 65738 127d6d9af2c170a7636c050c687194c8
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge3_s390.deb
      Size/MD5 checksum: 66498 27fd6c961e29f61c0ed212ee9d42a8c2
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge3_s390.deb
      Size/MD5 checksum: 122844 6a5a9d8a348d221d8a5a841a246a8438
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge3_s390.deb
      Size/MD5 checksum: 68156 b3ed41eb64c3be68a8db5fda4dc0517e

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge3_sparc.deb
      Size/MD5 checksum: 2080760 3c4d953fa31e51a989ab3c398c673516
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge3_sparc.deb
      Size/MD5 checksum: 52984 690d493600ec99123f98c01f4363bb2b
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge3_sparc.deb
      Size/MD5 checksum: 54074 e87f1fae9eab78e0445ac260e01ce002
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge3_sparc.deb
      Size/MD5 checksum: 98984 c9a0260f3f7610909ad11f46263e3a7e
    http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge3_sparc.deb
      Size/MD5 checksum: 54958 5778e8d3c14371b38248da1ced0b4442

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200608-10

http://security.gentoo.org/

Severity: Normal
Title: pike: SQL injection vulnerability
Date: August 06, 2006
Bugs: #136065
ID: 200608-10

Synopsis

A flaw in the input handling could lead to the execution of arbitrary SQL statements in the underlying PostgreSQL database.

Background

Pike is a general purpose programming language, able to be used for multiple tasks.

Affected packages


     Package        /  Vulnerable  /                        Unaffected

  1  dev-lang/pike      < 7.6.86                             >= 7.6.86

Description

Some input is not properly sanitised before being used in a SQL statement in the underlying PostgreSQL database.

Impact

A remote attacker could provide malicious input to a pike program, which might result in the execution of arbitrary SQL statements.

Workaround

There is no known workaround at this time.

Resolution

All pike users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-lang/pike-7.6.86"

References

[ 1 ] Secunia Advisory SA20494

http://secunia.com/advisories/20494/

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200608-10.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory GLSA 200608-11

http://security.gentoo.org/

Severity: Normal
Title: Webmin, Usermin: File Disclosure
Date: August 06, 2006
Bugs: #138552
ID: 200608-11

Synopsis

Webmin and Usermin are vulnerable to an arbitrary file disclosure through a specially crafted URL.

Background

Webmin is a web-based interface for Unix-like systems. Usermin is a simplified version of Webmin designed for use by normal users rather than system administrators.

Affected packages

Package / Vulnerable / Unaffected

1 app-admin/webmin < 1.290 >= 1.290 2 app-admin/usermin < 1.220 >= 1.220 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures.

Description

A vulnerability in both Webmin and Usermin has been discovered by Kenny Chen, wherein simplify_path is called before the HTML is decoded.

Impact

A non-authenticated user can read any file on the server using a specially crafted URL.

Workaround

For a temporary workaround, IP Access Control can be setup on Webmin and Usermin.

Resolution

All Webmin users should update to the latest stable version:

    # emerge --sync
    # emerge --ask --verbose --oneshot ">=app-admin/webmin-1.290"

All Usermin users should update to the latest stable version:

    # emerge --sync
    # emerge --ask --verbose --oneshot ">=app-admin/usermin-1.220"

References

[ 1 ] CVE-2006-3392

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3392

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200608-11.xml

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory GLSA 200608-12

http://security.gentoo.org/

Severity: High
Title: x11vnc: Authentication bypass in included LibVNCServer code
Date: August 07, 2006
Bugs: #142559
ID: 200608-12

Synopsis

VNC servers created with x11vnc accept insecure protocol types, even when the server does not offer it, resulting in the possibility of unauthorized access to the server.

Background

x11vnc provides VNC servers for X displays.

Affected packages


     Package          /  Vulnerable  /                      Unaffected

  1  x11-misc/x11vnc       < 0.8.1                            >= 0.8.1

Description

x11vnc includes vulnerable LibVNCServer code, which fails to properly validate protocol types effectively letting users decide what protocol to use, such as "Type 1 - None" (GLSA-200608-05). x11vnc will accept this security type, even if it is not offered by the server.

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=x11-misc/x11vnc-0.8.1"

References

[ 1 ] CVE-2006-2450

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2450

[ 2 ] GLSA-200608-05

http://www.gentoo.org/security/en/glsa/glsa-200608-05.xml

No talkbacks posted.

Home | Search Talkbacks | Customize View

Top of Page

Enter your comments below:

All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux, Apache and PHP

Terms of Service | Licensing & Permissions | Privacy Policy
About the Developer.com Network | Advertise

Terms of Service | Licensing & Permissions | Privacy Policy
About the IT Business Edge Network | Advertise

Acceptable Use Policy

Terms of Service | Licensing & Permissions | Privacy Policy
About the Developer.com Network | Advertise

Acceptable Use Policy

Terms of Service | Licensing & Permissions | Privacy Policy
About the IT Business Edge Network | Advertise