Advisories, September 10, 2006

Sep 11, 2006, 04:30 (0 Talkback[s])

Debian GNU/Linux

Debian Security Advisory DSA 1159-2 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 8th, 2006 http://www.debian.org/security/faq

Package : mozilla-thunderbird
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-2779 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808 CVE-2006-3809 CVE-2006-3810
CERT advisories: VU#466673 VU#655892 VU#687396 VU#876420 VU#911004
BugTraq IDs : 18228 19181

The latest security updates of Mozilla Thunderbird introduced a regression that led to a disfunctional attachment panel which warrants a correction to fix this issue. For reference please find below the original advisory text:

Several security related problems have been discovered in Mozilla and derived products such as Mozilla Thunderbird. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:

CVE-2006-2779

Mozilla team members discovered several crashes during testing of the browser engine showing evidence of memory corruption which may also lead to the execution of arbitrary code. The last bit of this problem will be corrected with the next update. You can prevent any trouble by disabling Javascript. [MFSA-2006-32]

CVE-2006-3805

The Javascript engine might allow remote attackers to execute arbitrary code. [MFSA-2006-50]

CVE-2006-3806

Multiple integer overflows in the Javascript engine might allow remote attackers to execute arbitrary code. [MFSA-2006-50]

CVE-2006-3807

Specially crafted Javascript allows remote attackers to execute arbitrary code. [MFSA-2006-51]

CVE-2006-3808

Remote AutoConfig (PAC) servers could execute code with elevated privileges via a specially crafted PAC script. [MFSA-2006-52]

CVE-2006-3809

Scripts with the UniversalBrowserRead privilege could gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data. [MFSA-2006-53]

CVE-2006-3810

A cross-site scripting vulnerability allows remote attackers to inject arbitrary web script or HTML. [MFSA-2006-54]

For the stable distribution (sarge) these problems have been fixed in version 1.0.2-2.sarge1.0.8b.2.

For the unstable distribution (sid) these problems have been fixed in version 1.5.0.5-1.

We recommend that you upgrade your mozilla-thunderbird package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2.dsc
      Size/MD5 checksum: 1003 359853df29b29253164e9aef34d18066 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2.diff.gz
      Size/MD5 checksum: 486593 3759fe23473ecb6cee532cb47cdd4e63 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
      Size/MD5 checksum: 33288906 806175393a226670aa66060452d31df4

Alpha architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_alpha.deb
      Size/MD5 checksum: 12849016 fdf32dcb741195378d9079231aba21cd http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_alpha.deb
      Size/MD5 checksum: 3279426 879ae924d100517f98ee7f39a84e1bb2 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_alpha.deb
      Size/MD5 checksum: 151696 dd6911608eb54bebc7fbcdb58e5d63bb http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_alpha.deb
      Size/MD5 checksum: 33138 9581f8f0be21162692672e55d5f00640 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_alpha.deb
      Size/MD5 checksum: 89106 06a2f4752c619fb6a80d15d8fd1741de

AMD64 architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_amd64.deb
      Size/MD5 checksum: 12255346 0ef80084b8dc8f3aeab523b3ce03009e http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_amd64.deb
      Size/MD5 checksum: 3280646 de3c980f39e86509f62348d39ffb65f5 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_amd64.deb
      Size/MD5 checksum: 150662 369341b36fb2a2bcf3178c5bf788c72c http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_amd64.deb
      Size/MD5 checksum: 33132 42ef7496ee17221749feff905c1eb3ce http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_amd64.deb
      Size/MD5 checksum: 88892 15554699cf57f756e7e615910c36e705

ARM architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_arm.deb
      Size/MD5 checksum: 10343074 0716c5639dc5b76dfee6f2aac33378f1 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_arm.deb
      Size/MD5 checksum: 3271558 0df9cfaf413911576ab6cbda7a366dc5 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_arm.deb
      Size/MD5 checksum: 142846 59248b09ddba4eea5c15f3a8e441c8b8 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_arm.deb
      Size/MD5 checksum: 33160 e0292cee475239b5660a1db8a60e9599 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_arm.deb
      Size/MD5 checksum: 80938 12eae1b21352bdbe21499d74f2ee3bc7

HP Precision architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_hppa.deb
      Size/MD5 checksum: 13564760 ac59239f3cd97d1ae63616335e86b755 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_hppa.deb
      Size/MD5 checksum: 3284788 9c9ed05edb7b5d15c444347f27d997b6 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_hppa.deb
      Size/MD5 checksum: 152898 39997b48bfa96256946015464c4cabb9 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_hppa.deb
      Size/MD5 checksum: 33144 9f7a34db227b65158d2907e7030c0a35 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_hppa.deb
      Size/MD5 checksum: 97012 3b4cf017d74aa8a47d723b4c2f196735

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_i386.deb
      Size/MD5 checksum: 11564254 30581baff08ebcf78cb7a805078238c3 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_i386.deb
      Size/MD5 checksum: 3507668 46a7e9a8d982b9df0a3ac2c0d0f2f9e6 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_i386.deb
      Size/MD5 checksum: 146348 b8c2a88b083683e63ee7e83846aff346 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_i386.deb
      Size/MD5 checksum: 33150 5f56019ede768d9132def0798ea1c1fb http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_i386.deb
      Size/MD5 checksum: 87708 c51a3dc04f9bcba7fdfd486474d63966

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_ia64.deb
      Size/MD5 checksum: 14624280 55e21c6d9b9590b7b02646071e3d4881 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_ia64.deb
      Size/MD5 checksum: 3291092 d6cfb0e457c509cfd558b41d6db45e61 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_ia64.deb
      Size/MD5 checksum: 155048 12b7efd38b79c5e152757c1ae2861344 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_ia64.deb
      Size/MD5 checksum: 33144 b941a4303b34f97550744026b347e711 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_ia64.deb
      Size/MD5 checksum: 106840 e5e09e738134c8a7494a2b15e95c40df

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_m68k.deb
      Size/MD5 checksum: 10791360 246f9f51609b2848c2d54f3183e07d5d http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_m68k.deb
      Size/MD5 checksum: 3271086 ad5796c388daa8f0965fdb8a353ba90d http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_m68k.deb
      Size/MD5 checksum: 144660 486d2b72286e105a670c40c4982857fd http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_m68k.deb
      Size/MD5 checksum: 33174 feca51e39ec459f867e412e788308687 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_m68k.deb
      Size/MD5 checksum: 82198 a2252137e94259eb8e699bf4d7a84ab7

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_mips.deb
      Size/MD5 checksum: 11943666 7d1fc9df6d4bb496bbed6b5f10353db3 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_mips.deb
      Size/MD5 checksum: 3278862 02a47eea657b6d287a860f98bb54c11e http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_mips.deb
      Size/MD5 checksum: 147602 07157e5a5dd3af8d299f7b4e060b357e http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_mips.deb
      Size/MD5 checksum: 33146 1d945a5ae87a049a5d12f604f5ecf83f http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_mips.deb
      Size/MD5 checksum: 84410 53d48b348d8d62b2aa2a2f03cf92e84d

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_mipsel.deb
      Size/MD5 checksum: 11811276 e8b1890107fb3c3e9410d396dd6fee51 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_mipsel.deb
      Size/MD5 checksum: 3279782 c0daeff4c21f2bc5a47731cb06ae51aa http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_mipsel.deb
      Size/MD5 checksum: 147156 f240918563f055e8da73d60aff27b63f http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_mipsel.deb
      Size/MD5 checksum: 33132 7d1aa8886a3d0b7857298944b03a55ba http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_mipsel.deb
      Size/MD5 checksum: 84270 74cbaa157220d3012e421f9427041216

PowerPC architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_powerpc.deb
      Size/MD5 checksum: 10908472 a7120c11e497b2e280562b3611e0ba55 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_powerpc.deb
      Size/MD5 checksum: 3269516 58f62e16cbcc5988ef169c44b746e51a http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_powerpc.deb
      Size/MD5 checksum: 144672 a62727479a514dbde5394e455a9bf055 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_powerpc.deb
      Size/MD5 checksum: 33136 b839ba3f926ac102c3c322e4e140e40f http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_powerpc.deb
      Size/MD5 checksum: 81046 9251eb44207d2610bef616e409951937

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_s390.deb
      Size/MD5 checksum: 12702008 ce1773912bae44fdb1473a86b31ffddf http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_s390.deb
      Size/MD5 checksum: 3280008 d20c17b61ae08aacb9bcf2578ffd2d03 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_s390.deb
      Size/MD5 checksum: 150980 a7936545066775c99d0cec4cff187ba2 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_s390.deb
      Size/MD5 checksum: 33140 8389760a91f3444c6170d5ed32867bd1 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_s390.deb
      Size/MD5 checksum: 88926 d237c5c35347449b6695f352f25b112a

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_sparc.deb
      Size/MD5 checksum: 11176470 9d792595c891df352238de0e1b4f7639 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_sparc.deb
      Size/MD5 checksum: 3275230 164f9abf5ca1a11a2ca5d0a69cc4a93f http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_sparc.deb
      Size/MD5 checksum: 144318 e79b826ed1d778023f567fee90730446 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_sparc.deb
      Size/MD5 checksum: 33148 7d029003df1ee859d52ceacd8ba1142f http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_sparc.deb
      Size/MD5 checksum: 82746 b308910b4e9c4025b0488d44424b85f3

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 1171-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
September 7th, 2006 http://www.debian.org/security/faq

Package : ethereal
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-4333 CVE-2005-3241 CVE-2005-3242 CVE-2005-3243 CVE-2005-3244 CVE-2005-3246 CVE-2005-3248
Debian Bug : 384528 334880

Several remote vulnerabilities have been discovered in the Ethereal network scanner, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-4333

It was discovered that the Q.2391 dissector is vulnerable to denial of service caused by memory exhaustion.

CVE-2005-3241

It was discovered that the FC-FCS, RSVP and ISIS-LSP dissectors are vulnerable to denial of service caused by memory exhaustion.

CVE-2005-3242

It was discovered that the IrDA and SMB dissectors are vulnerable to denial of service caused by memory corruption.

CVE-2005-3243

It was discovered that the SLIMP3 and AgentX dissectors are vulnerable to code injection caused by buffer overflows.

CVE-2005-3244

It was discovered that the BER dissector is vulnerable to denial of service caused by an infinite loop.

CVE-2005-3246

It was discovered that the NCP and RTnet dissectors are vulnerable to denial of service caused by a null pointer dereference.

CVE-2005-3248

It was discovered that the X11 dissector is vulnerable denial of service caused by a division through zero.

This update also fixes a 64 bit-specific regression in the ASN.1 decoder, which has been introduced in a previous DSA.

For the stable distribution (sarge) these problems have been fixed in version 0.10.10-2sarge8.

For the unstable distribution (sid) these problems have been fixed in version 0.99.2-5.1 of wireshark, the network sniffer formerly known as ethereal.

We recommend that you upgrade your ethereal packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8.dsc Size/MD5 checksum: 855 159309d848ffa90cb5ae336582a8e7d4 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz Size/MD5 checksum: 7411510 e6b74468412c17bb66cd459bfb61471c http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8.diff.gz Size/MD5 checksum: 177921 ee1ce43eb48106f1fc0b75bc9ff3c241

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_alpha.deb Size/MD5 checksum: 5476146 cf5b01f923e68a3f07d0080ef69f2b57 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_alpha.deb Size/MD5 checksum: 154566 615069b5905d6c2aec9a357eb0dd1306 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_alpha.deb Size/MD5 checksum: 106250 cfe9461049fc5e1997d68cbd1a6d6b78 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_alpha.deb Size/MD5 checksum: 543034 5c9eaadae44224a002902c4196847aa0

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_amd64.deb Size/MD5 checksum: 154556 67cfc697c120e54c489e1552b1a58b6e http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_amd64.deb Size/MD5 checksum: 99542 09093de7c28ec1741106dac694ffcae3 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_amd64.deb Size/MD5 checksum: 486502 addeab1c3d70537c088574f9f68e6e6d http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_amd64.deb Size/MD5 checksum: 5334616 1700b3e18c2b45594cbb80ef2ea58019

arm architecture (ARM)

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_arm.deb Size/MD5 checksum: 95616 39dbfe3ac08048f95b19d74c644b780c http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_arm.deb Size/MD5 checksum: 154596 209d45b3ebf7ba313bb7db0c00a095bd http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_arm.deb Size/MD5 checksum: 472996 5f0d04db811734c1f1c8c814c93ceaaa http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_arm.deb Size/MD5 checksum: 4687892 5b2737d93a7e3673630e96744f648b51

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_hppa.deb Size/MD5 checksum: 5787290 f36dc8ae6a78acb2d6a8fa71b18af9cc http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_hppa.deb Size/MD5 checksum: 154576 5ce456fee2af8fb5b4f19d786166faf6 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_hppa.deb Size/MD5 checksum: 489292 71832119d10ab77eb4547840cf7d3504 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_hppa.deb Size/MD5 checksum: 98452 94aae2f351900a65edfddcae9e880bf6

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_i386.deb Size/MD5 checksum: 443646 f830051bf5920e2999a8ef9bab332ed2 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_i386.deb Size/MD5 checksum: 4529156 4f6c8ec5448ea7b6aa826fce639a5781 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_i386.deb Size/MD5 checksum: 90878 45f09d9fe820e537fd9e140fbe86de07 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_i386.deb Size/MD5 checksum: 154556 a1a78549f0981eb9aa0f77fdd9ce612b

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_ia64.deb Size/MD5 checksum: 6630098 82fc3ba6dd822ee192c2050dc6f38dcf http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_ia64.deb Size/MD5 checksum: 674420 9b84646b4f81e1c9415656768f6dc687 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_ia64.deb Size/MD5 checksum: 129156 c3deca896916d3a3d1c1065f5e2717c8 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_ia64.deb Size/MD5 checksum: 154554 e8a6435b4e1287af4ebfe3cb606c74af

m68k architecture (Motorola Mc680x0)

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_m68k.deb Size/MD5 checksum: 90904 ab21fa89ad4a12f8e0c579872a1c07c4 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_m68k.deb Size/MD5 checksum: 154614 b384ae036ab5c2b85f62af368b689a04 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_m68k.deb Size/MD5 checksum: 447752 6a8378ecb8337071ef8b1199529700be http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_m68k.deb Size/MD5 checksum: 5565186 647220c660fd8546c9ca4a18e9d7a792

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_mips.deb Size/MD5 checksum: 154572 434928f40a6b3e4bf2d7dce6beb72edb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_mips.deb Size/MD5 checksum: 94736 4eb62077c31de2ac2ec10a760199b9eb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_mips.deb Size/MD5 checksum: 4723218 9c827aab812bef7a58d5429ee8287d74 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_mips.deb Size/MD5 checksum: 462746 fa7d8236f1407836dcc601317afa8df2

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_mipsel.deb Size/MD5 checksum: 94650 7f64290882d7c8c579818fdc1c7e215b http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_mipsel.deb Size/MD5 checksum: 154584 934dc675944e857216c72fc29ec46a55 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_mipsel.deb Size/MD5 checksum: 458030 487ea6f3a1fd7620b4ae33f4d5e8c8c3 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_mipsel.deb Size/MD5 checksum: 4460700 e0062d687a84b9782e645b0d72cbb248

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_powerpc.deb Size/MD5 checksum: 455716 a203882270b251513b2269b688d59256 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_powerpc.deb Size/MD5 checksum: 5068470 7976f110d32b6bb83c00afa49fd75493 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_powerpc.deb Size/MD5 checksum: 154570 7622c3b6ca781d622cb305e9a485f447 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_powerpc.deb Size/MD5 checksum: 94320 5e5391b1f1dc2bc4992582930e28f2a3

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_s390.deb Size/MD5 checksum: 5621642 092cf076ce4e6fd479ea09fdb14d6e87 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_s390.deb Size/MD5 checksum: 154566 f3dae98783c87fb3ff088be62608aef7 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_s390.deb Size/MD5 checksum: 479662 e4b854e30aa801eb67a33d1077eb1e9b http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_s390.deb Size/MD5 checksum: 99904 0516f4694b47ae4637b09e82d321eecc

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_sparc.deb Size/MD5 checksum: 5130234 44a97eeb06a2d82bbbcfba2712700792 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_sparc.deb Size/MD5 checksum: 93828 4f44e9be92792058641044db66993758 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_sparc.deb Size/MD5 checksum: 465390 42670783f2750c3d5f426fe76bd17696 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_sparc.deb Size/MD5 checksum: 154566 6f25990f50443c48e802e29881ddc3ff

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 1172-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 9th, 2006 http://www.debian.org/security/faq

Package : bind9
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-4095 CVE-2006-4096
CERT advisories: VU#697164 VU#915404

Two vulnerabilities have been discovered in BIND9, the Berkeley Internet Name Domain server. The first relates to SIG query processing and the second relates to a condition that can trigger an INSIST failure, both lead to a denial of service.

For the stable distribution (sarge) these problems have been fixed in version 9.2.4-1sarge1.

For the unstable distribution (sid) these problems have been fixed in version 9.3.2-P1-1.

We recommend that you upgrade your bind9 package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge1.dsc
      Size/MD5 checksum: 742 1c1f68802373715b71c85df3a4e42959 http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge1.diff.gz
      Size/MD5 checksum: 91537 dccd8daf65751535821c1d5feb007782 http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4.orig.tar.gz
      Size/MD5 checksum: 4564219 2ccbddbab59aedd6b8711b628b5472bd

Architecture independent components:

http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.2.4-1sarge1_all.deb
Size/MD5 checksum: 156816 df36851fe572ba9372f51c42225434e8

Alpha architecture:

AMD64 architecture:

ARM architecture:

HP Precision architecture:

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge1_i386.deb
Size/MD5 checksum: 276354 3ec077a470e860620a5fa9c1c7b24723 http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge1_i386.deb
Size/MD5 checksum: 93592 739a962713e9c79947979ab0d7127275

Top White Papers

Subscribe to Our Daily Newsletter

Current Newswire:

More on LinuxToday

Advisories, September 10, 2006

Debian GNU/Linux