Linux Today - Advisories, December 4, 2006

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices

Technology Jobs

LinuxToday Newsletters

Server Daily
IT Management Daily
Subscribe News
Subscribe PR
Subscribe Security

internet.com

Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

Current Newswire:

20 popular Ubuntu Linux apps you may want to try

A Selection of the Very Best Open Source Tutorials and Tools

Android Ice Cream Sandwich ported to x86 tablets, netbooks and notebooks

SECURITY: Google Chrome 17 Improves Security

How to read a CSV file in Perl?

Red Hat Brings Gluster to Amazon Cloud

New Linux kernel fixes power-saving issues

Using Wii remote with Android Device- Taking Gaming to the Next Level

Commercial Support now available for the open-source NGINX Web server

Linux Top 5: Linux's New Fellow

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Post A Job | Post A Resume

:Advisories, December 4, 2006

Advisories, December 4, 2006
Dec 5, 2006, 04 :45 UTC (0 Talkback[s]) (2848 reads)

Debian GNU/Linux

Debian Security Advisory DSA 1224-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
December 3rd, 2006 http://www.debian.org/security/faq

Package : mozilla
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-4310 CVE-2006-5462 CVE-2006-5463 CVE-2006-5464 CVE-2006-5748
CERT advisories: VU#335392 VU#390480 VU#495288 VU#714496
BugTraq IDs : 19678 20957

Several security related problems have been discovered in Mozilla and derived products. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:

CVE-2006-4310

Tomas Kempinsky discovered that malformed FTP server responses could lead to denial of service.

CVE-2006-5462

Ulrich KÃ&fraq14;hn discovered that the correction for a cryptographic flaw in the handling of PKCS-1 certificates was incomplete, which allows the forgery of certificates.

CVE-2006-5463

"shutdown" discovered that modification of JavaScript objects during execution could lead to the execution of arbitrary JavaScript bytecode.

CVE-2006-5464

Jesse Ruderman and Martijn Wargers discovered several crashes in the layout engine, which might also allow execution of arbitrary code.

CVE-2006-5748

Igor Bukanov and Jesse Ruderman discovered several crashes in the JavaScript engine, which might allow execution of arbitrary code.

This update also adresses several crashes, which could be triggered by malicious websites and fixes a regression introduced in the previous Mozilla update.

For the stable distribution (sarge) these problems have been fixed in version 1.7.8-1sarge8.

We recommend that you upgrade your mozilla package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8.dsc
      Size/MD5 checksum: 1124 a6f4c7ddbcb0d9126d4e0a81fda4059a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8.diff.gz
      Size/MD5 checksum: 574770 77a056d9582389d1a31de1136dd7a0a2
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
      Size/MD5 checksum: 30589520 13c0f0331617748426679e8f2e9f537a

Alpha architecture:

AMD64 architecture:

ARM architecture:

HP Precision architecture:

Intel IA-32 architecture:

Intel IA-64 architecture:

Motorola 680x0 architecture:

Big endian MIPS architecture:

Little endian MIPS architecture:

PowerPC architecture:

IBM S/390 architecture:

Sun Sparc architecture:

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 1225-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
December 3rd, 2006 http://www.debian.org/security/faq

Package : mozilla-firefox
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-4310 CVE-2006-5462 CVE-2006-5463 CVE-2006-5464 CVE-2006-5748
CERT advisories: VU#335392 VU#390480 VU#495288 VU#714496
BugTraq IDs : 19678 20957

Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:

CVE-2006-4310

Tomas Kempinsky discovered that malformed FTP server responses could lead to denial of service.

CVE-2006-5462

Ulrich Köhn discovered that the correction for a cryptographic flaw in the handling of PKCS-1 certificates was incomplete, which allows the forgery of certificates.

CVE-2006-5463

"shutdown" discovered that modification of JavaScript objects during execution could lead to the execution of arbitrary JavaScript bytecode.

CVE-2006-5464

Jesse Ruderman and Martijn Wargers discovered several crashes in the layout engine, which might also allow execution of arbitrary code.

CVE-2006-5748

Igor Bukanov and Jesse Ruderman discovered several crashes in the JavaScript engine, which might allow execution of arbitrary code.

This update also adresses several crashes, which could be triggered by malicious websites and fixes a regression introduced in the previous Mozilla update.

For the stable distribution (sarge) these problems have been fixed in version 1.0.4-2sarge13.

For the unstable distribution (sid) these problems have been fixed in the current iceweasel package 2.0+dfsg-1.

We recommend that you upgrade your mozilla-firefox package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13.dsc
      Size/MD5 checksum: 1003 4a8d05c1e9563e6066ca838e7c0b2f53
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13.diff.gz
      Size/MD5 checksum: 450265 46d4bedf12a1e0c92a275ae012d92b5a
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
      Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d

Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_alpha.deb
      Size/MD5 checksum: 11182242 388bf02a94456182cd7a39187886875a
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_alpha.deb
      Size/MD5 checksum: 170908 4cbff185bb88b1c7e11791059cd83142
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_alpha.deb
      Size/MD5 checksum: 62736 f42571aa18001fc521be0f5348eb9511

AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_amd64.deb
      Size/MD5 checksum: 9412474 fcd7ced169a47d7413197a918047036a
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_amd64.deb
      Size/MD5 checksum: 165706 931ebeee155ac01fcecb1467388a2fab
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_amd64.deb
      Size/MD5 checksum: 61276 cf839454fe9e09a0b58641353f9c75c6

ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_arm.deb
      Size/MD5 checksum: 8233670 39a042f6300c805ad372828fd115cab0
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_arm.deb
      Size/MD5 checksum: 157176 873eb90c91c98e1c4168f215b493fd74
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_arm.deb
      Size/MD5 checksum: 56586 c53ca4b95b188684381338eae43603cc

HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_hppa.deb
      Size/MD5 checksum: 10287242 8a7eddef738dfe4eb164bd5e486474a2
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_hppa.deb
      Size/MD5 checksum: 168624 fa195e512062a19cf92018de4009160d
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_hppa.deb
      Size/MD5 checksum: 61736 b0dbfbbce97f954c9487a126d20b9a90

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_i386.deb
      Size/MD5 checksum: 8908194 9cfe0ac430050c7d62066cd3f8beb64f
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_i386.deb
      Size/MD5 checksum: 160902 77a78dd1eac37417b4a5629e745e4391
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_i386.deb
      Size/MD5 checksum: 58124 f82b3d3fc66e1054d5da72a69ab9bd20

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_ia64.deb
      Size/MD5 checksum: 11646376 83d5349be8156e1f95eb75da89beb578
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_ia64.deb
      Size/MD5 checksum: 171244 46ae3d6d9112d31f92407922832e6599
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_ia64.deb
      Size/MD5 checksum: 65934 690969e2e7a865faee22ed6fb8a88384

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_m68k.deb
      Size/MD5 checksum: 8186050 ab9f31d6cbd9ff6c1820c59ef1e44ce7
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_m68k.deb
      Size/MD5 checksum: 159792 69c3cf68fc12fd5fb3929339aa8cd9cb
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_m68k.deb
      Size/MD5 checksum: 57394 14636fe25df3a18c536819129e83e1a0

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_mips.deb
      Size/MD5 checksum: 9943474 75b7796d42079421a151bfac35a17f95
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_mips.deb
      Size/MD5 checksum: 158694 a3c6f1c71947cb5e9c2fc8d8acece832
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_mips.deb
      Size/MD5 checksum: 58386 395683ab3ebb0983e24bc3afde8d28f5

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_mipsel.deb
      Size/MD5 checksum: 9819470 41ecbd5f3543c0b110771e93e2307abc
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_mipsel.deb
      Size/MD5 checksum: 157672 43ca2a353bacf378a2dc7dfa9a7f3a73
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_mipsel.deb
      Size/MD5 checksum: 57634 8d16796108c3a7627ab9654e977277a5

PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_powerpc.deb
      Size/MD5 checksum: 8580222 c2f239d0961911962bea6b7f7bf1cdc1
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_powerpc.deb
      Size/MD5 checksum: 159320 5a5ea9d8a9f7a845bc1898b0c9976112
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_powerpc.deb
      Size/MD5 checksum: 60508 3ce3df0f45aeef3acb1964960bf76406

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_s390.deb
      Size/MD5 checksum: 9650866 9fd3e3788898152580a0ab344112b5ab
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_s390.deb
      Size/MD5 checksum: 166290 70bcea0f67fc9d0288c75bb2ad8e7b36
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_s390.deb
      Size/MD5 checksum: 60696 7d6b7a3cf65fa798f3e41275f4bb9967

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_sparc.deb
      Size/MD5 checksum: 8672090 c32301aeb3eb3ebbad2ff26f56d3e9ee
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_sparc.deb
      Size/MD5 checksum: 159508 7c3fd5b5a0c78c8abf09082dcb06bbfc
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_sparc.deb
      Size/MD5 checksum: 56946 0b154ceb732d771ca492e4d98ea21350

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 1225-2 security@debian.org
http://www.debian.org/security/ Martin Schulze
December 3rd, 2006 http://www.debian.org/security/faq

This update covers packages for the little endian MIPS architecture missing in the original advisory.

CVE-2006-4310

Tomas Kempinsky discovered that malformed FTP server responses could lead to denial of service.

CVE-2006-5462

Ulrich Köhn discovered that the correction for a cryptographic flaw in the handling of PKCS-1 certificates was incomplete, which allows the forgery of certificates.

CVE-2006-5463

"shutdown" discovered that modification of JavaScript objects during execution could lead to the execution of arbitrary JavaScript bytecode.

CVE-2006-5464

Jesse Ruderman and Martijn Wargers discovered several crashes in the layout engine, which might also allow execution of arbitrary code.

CVE-2006-5748

Igor Bukanov and Jesse Ruderman discovered several crashes in the JavaScript engine, which might allow execution of arbitrary code.

This update also adresses several crashes, which could be triggered by malicious websites and fixes a regression introduced in the previous Mozilla update.

For the stable distribution (sarge) these problems have been fixed in version 1.0.4-2sarge13.

For the unstable distribution (sid) these problems have been fixed in the current iceweasel package 2.0+dfsg-1.

We recommend that you upgrade your mozilla-firefox package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_mipsel.deb
      Size/MD5 checksum: 9820186 7823ac933179f566597b7bd4e3810fcb
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_mipsel.deb
      Size/MD5 checksum: 158272 950a04ca3dfd4870b30d5d8c6ae536ee
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_mipsel.deb
      Size/MD5 checksum: 58218 0dad036900c189fc233a5fe25c2edd3a

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 1226-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
December 3rd, 2006 http://www.debian.org/security/faq

Package : links
Vulnerability : insufficient escaping
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-5925
Debian Bug : 399187

Teemu Salmela discovered that the links character mode web browser performs insufficient sanitising of smb:// URIs, which might lead to the execution of arbitrary shell commands.

For the stable distribution (sarge) this problem has been fixed in version 0.99+1.00pre12-1sarge1.

For the upcoming stable distribution (etch) this problem has been fixed in version 0.99+1.00pre12-1.1.

For the unstable distribution (sid) this problem has been fixed in version 0.99+1.00pre12-1.1.

We recommend that you upgrade your links package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1.dsc
      Size/MD5 checksum: 628 a1ac1c1549a102a35398b6453df8cf03
    http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1.diff.gz
      Size/MD5 checksum: 8329 5898f75988aba793e9559295996289ef
    http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12.orig.tar.gz
      Size/MD5 checksum: 597848 c262b08c822a582bbc992e3730f43336

Architecture independent components:

http://security.debian.org/pool/updates/main/l/links/links-ssl_0.99+1.00pre12-1sarge1_all.deb
Size/MD5 checksum: 5460 d983ff06f50743eefc590e13b881c649

Alpha architecture:

http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_alpha.deb
Size/MD5 checksum: 441038 6d3f4dbcdb63455d1a7c6c573c0a2cb0

AMD64 architecture:

http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_amd64.deb
Size/MD5 checksum: 396200 13443385aff64d07c142561684d3698d

ARM architecture:

http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_arm.deb
Size/MD5 checksum: 376692 90dc38882cee571a605ea4c1b312101f

HP Precision architecture:

http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_hppa.deb
Size/MD5 checksum: 416286 1a0e7cd0c9885a5a47f89feecdeea13a

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_i386.deb
Size/MD5 checksum: 385186 a99be183941d62c33bd7d0f49c1856cb

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_ia64.deb
Size/MD5 checksum: 524446 e68877303d408b3b730e703c6d78f709

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_m68k.deb
Size/MD5 checksum: 343786 51765dbe4d8788b4f4219c6f71461579

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_mips.deb
Size/MD5 checksum: 412208 f3272fc9e06d0ad0bed4c2d2816502fe

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_mipsel.deb
Size/MD5 checksum: 408254 70f5c450fd225ea6a82befeb3d6aeeab

PowerPC architecture:

http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_powerpc.deb
Size/MD5 checksum: 396926 b0cbccacc3632be2d3eb97cea74ea6d8

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_s390.deb
Size/MD5 checksum: 390546 2def4e695f30d34bb03a0592f5deee5b

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_sparc.deb
Size/MD5 checksum: 379836 be1bae25603d4a50cf854a6b6b075960

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 1227-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
December 4th, 2006 http://www.debian.org/security/faq

Package : mozilla-thunderbird
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-4310 CVE-2006-5462 CVE-2006-5463 CVE-2006-5464 CVE-2006-5748

CERT advisories: VU#335392 VU#390480 VU#495288 VU#714496 BugTraq IDs : 19678 20957

Several security related problems have been discovered in Mozilla and derived products such as Mozilla Thunderbird. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:

CVE-2006-4310

Tomas Kempinsky discovered that malformed FTP server responses could lead to denial of service.

CVE-2006-5462

Ulrich Köhn discovered that the correction for a cryptographic flaw in the handling of PKCS-1 certificates was incomplete, which allows the forgery of certificates.

CVE-2006-5463

"shutdown" discovered that modification of JavaScript objects during execution could lead to the execution of arbitrary JavaScript bytecode.

CVE-2006-5464

Jesse Ruderman and Martijn Wargers discovered several crashes in the layout engine, which might also allow execution of arbitrary code.

CVE-2006-5748

Igor Bukanov and Jesse Ruderman discovered several crashes in the JavaScript engine, which might allow execution of arbitrary code.

This update also adresses several crashes, which could be triggered by malicious websites and fixes a regression introduced in the previous Mozilla update.

For the stable distribution (sarge) these problems have been fixed in version 1.0.4-2sarge13.

For the unstable distribution (sid) these problems have been fixed in the current icedove package 1.5.0.8.

We recommend that you upgrade your mozilla-thunderbird package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1.dsc
      Size/MD5 checksum: 1003 6c5f746adeacacdf3127e17cb2aa8bee
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1.diff.gz
      Size/MD5 checksum: 529889 28823ccf3573c2dd660fd9d9e3e22b09
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
      Size/MD5 checksum: 33288906 806175393a226670aa66060452d31df4

Alpha architecture:

AMD64 architecture:

ARM architecture:

HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_hppa.deb
      Size/MD5 checksum: 13571836 d5c2bbb909b9d6be2ca180f14c307f1e
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_hppa.deb
      Size/MD5 checksum: 3285646 5c9f816a25d33453f59179991ea74d0d
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_hppa.deb
      Size/MD5 checksum: 153926 4f22d429a7781c9f09b4edb68816c853
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_hppa.deb
      Size/MD5 checksum: 34134 cae400c43c5f0f5e0e276a047dbdab20
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_hppa.deb
      Size/MD5 checksum: 97998 bf0c11bb906656980cc4e5744eb464bd

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_i386.deb
      Size/MD5 checksum: 11549564 41a015e8acb35a566e733d5e3efbd26f
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_i386.deb
      Size/MD5 checksum: 3279334 7f4340a3a8a8194a7e99bd818866c57e
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_i386.deb
      Size/MD5 checksum: 147232 ad62baa206ff857d41db06fc9985881e
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_i386.deb
      Size/MD5 checksum: 34122 463263b2b57ed86dcde4f3bb458d0cf7
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_i386.deb
      Size/MD5 checksum: 88704 427bbd7d9754931c19829bc21096553d

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_ia64.deb
      Size/MD5 checksum: 14632100 53cd255c1673064d35138b4ddd9a00dd
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_ia64.deb
      Size/MD5 checksum: 3291608 e4d9bf2df8ae5a7ca3730f12409fe836
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_ia64.deb
      Size/MD5 checksum: 156062 a264399ce67bcfef3823da09effe603f
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_ia64.deb
      Size/MD5 checksum: 34120 beeb92a784afcee38f2ea9c5a5747a8c
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_ia64.deb
      Size/MD5 checksum: 107826 ce5eb8ae242c1e3ae2de7b2dd4638086

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_m68k.deb
      Size/MD5 checksum: 10795348 67b697071cc0d1f5667c6ed7464e90f7
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_m68k.deb
      Size/MD5 checksum: 3272426 d1a76c3cc4d53d311d4fa2933fa241aa
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_m68k.deb
      Size/MD5 checksum: 145646 bb4e9eed4d5639080ad0f40d4b9ccd3e
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_m68k.deb
      Size/MD5 checksum: 34148 7a167f58be69a5f87ae0b6ff696c195b
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_m68k.deb
      Size/MD5 checksum: 83168 00b7c01b14e69d3de5b716a97b531135

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_mips.deb
      Size/MD5 checksum: 11949608 9ec9db79429dda4d407ccf88ccdcd432
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_mips.deb
      Size/MD5 checksum: 3280190 9c5196972a3cf0c2c526f858aca2466e
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_mips.deb
      Size/MD5 checksum: 148640 5797fb7d9315c3143f3764f6b6f85c25
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_mips.deb
      Size/MD5 checksum: 34124 cb575700d4f03213414e5723de4f71e3
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_mips.deb
      Size/MD5 checksum: 85368 0ac0335d952db222dd2cabb47aebaf93

Little endian MIPS architecture:

PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_powerpc.deb
      Size/MD5 checksum: 10913258 2b2bc733b1a9c582846a35e09f790792
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_powerpc.deb
      Size/MD5 checksum: 3270832 f0971f53b8576629a543e31b13b5fc82
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_powerpc.deb
      Size/MD5 checksum: 145640 b0f543ffae409f9c2ed5feb623d9ccc9
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_powerpc.deb
      Size/MD5 checksum: 34126 d00d244fff67496236b40c606eb2b068
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_powerpc.deb
      Size/MD5 checksum: 82090 08904221a4f22160c5448adc5e584892

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_s390.deb
      Size/MD5 checksum: 12706338 9cff7d191572124759121b992f9fcbbe
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_s390.deb
      Size/MD5 checksum: 3281302 32b6910f4a3352602eb5f2fba6496b5c
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_s390.deb
      Size/MD5 checksum: 152014 b85e247ddc89da9251bc96237bc496cb
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_s390.deb
      Size/MD5 checksum: 34118 34fa6f63472be37d37e23ce669dc9ae3
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_s390.deb
      Size/MD5 checksum: 89892 c8e4543a63614010de56776b5b597006

Sun Sparc architecture:

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Mandriva Linux

Mandriva Linux Security Advisory MDKSA-2006:214-1
http://www.mandriva.com/security/

Package : gv
Date : December 4, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0

Problem Description:

Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header.

Packages have been patched to correct this issue.

Update:

The patch used in the previous update still left the possibility of causing X to consume unusual amounts of memory if gv is used to view a carefully crafted image designed to exploit CVE-2006-5864. This update uses an improved patch to address this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5864

Updated Packages:

Mandriva Linux 2006.0:
7226199941b3c2bae9d572fa18287cec 2006.0/i586/gv-3.6.1-4.3.20060mdk.i586.rpm
cf07ebfa4c2b7b71a12e001ba72074cf 2006.0/SRPMS/gv-3.6.1-4.3.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
2b6d68c47a6774c8b27ad8263ff89f96 2006.0/x86_64/gv-3.6.1-4.3.20060mdk.x86_64.rpm
cf07ebfa4c2b7b71a12e001ba72074cf 2006.0/SRPMS/gv-3.6.1-4.3.20060mdk.src.rpm

Mandriva Linux 2007.0:
63a4fc9774e298c2c6904ffcce648216 2007.0/i586/gv-3.6.1-7.2mdv2007.0.i586.rpm
17718d7117787714553282997268e4d6 2007.0/SRPMS/gv-3.6.1-7.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
c8c9f156f94c083597a18476760df046 2007.0/x86_64/gv-3.6.1-7.2mdv2007.0.x86_64.rpm
17718d7117787714553282997268e4d6 2007.0/SRPMS/gv-3.6.1-7.2mdv2007.0.src.rpm

Corporate 3.0:
7c282139a275fa0886e284649fe84549 corporate/3.0/i586/gv-3.5.8-31.2.C30mdk.i586.rpm
ac4f70a00ad3a619a3be53d8f83b3325 corporate/3.0/SRPMS/gv-3.5.8-31.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
0844488c9a53873554e7d092ec372889 corporate/3.0/x86_64/gv-3.5.8-31.2.C30mdk.x86_64.rpm
ac4f70a00ad3a619a3be53d8f83b3325 corporate/3.0/SRPMS/gv-3.5.8-31.2.C30mdk.src.rpm

Corporate 4.0:
09d1689d5390bf63c927b3cce7d5ffa6 corporate/4.0/i586/gv-3.6.1-4.3.20060mlcs4.i586.rpm
c5784a887c2c4bce4db77939e2625a01 corporate/4.0/SRPMS/gv-3.6.1-4.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
0ee8389a3bdcddc68f8814e36924ee09 corporate/4.0/x86_64/gv-3.6.1-4.3.20060mlcs4.x86_64.rpm
c5784a887c2c4bce4db77939e2625a01 corporate/4.0/SRPMS/gv-3.6.1-4.3.20060mlcs4.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu/ 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

rPath Linux

rPath Security Advisory: 2006-0211-2
Published: 2006-11-15
Updated: 2006-12-04 added doxygen to advisory Products: rPath Linux 1
Rating: Minor
Exposure Level Classification: Indirect Deterministic Denial of Service Updated Versions: libpng=/conary.rpath.com@rpl:devel//1/1.2.13-0.1-1
doxygen=/conary.rpath.com@rpl:devel//1/1.4.3-6.2-1

References:

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793
    https://issues.rpath.com/browse/RPL-790
    https://issues.rpath.com/browse/RPL-824

Description:

Previous versions of the libpng package are vulnerable to a denial of service attack when an application that uses libpng attempts to decode certain malformed PNG files.

4 December 2006 Update: previous versions of the doxygen package include internal copies of the libpng and zlib libraries, and the libpng library contained multiple vulnerabilities. The doxygen package has been modified to use system shared libraries for libpng and zlib, resolving these vulnerabilities for doxygen.

Ubuntu

Ubuntu Security Notice USN-391-1 December 04, 2006
libgsf vulnerability
CVE-2006-4514

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.10:
libgsf-1 1.12.3-3ubuntu3.1

Ubuntu 6.06 LTS:
libgsf-1-113 1.13.99-0ubuntu2.1

Ubuntu 6.10:
libgsf-1-114 1.14.1-2ubuntu1.1

After a standard system upgrade you need to restart your desktop session to effect the necessary changes.

Details follow:

A heap overflow was discovered in the OLE processing code in libgsf. If a user were tricked into opening a specially crafted OLE document, an attacker could execute arbitrary code with the user's privileges.

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf_1.12.3-3ubuntu3.1.diff.gz
      Size/MD5: 27753 80621e2ac15a13b5287615a1be6b607c
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf_1.12.3-3ubuntu3.1.dsc
      Size/MD5: 850 e4f4a30353ddd96a4b0fb9c2609f6175
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf_1.12.3.orig.tar.gz
      Size/MD5: 693033 976b3563b39d22d303b912a7dd336e50

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dbg_1.12.3-3ubuntu3.1_amd64.deb
      Size/MD5: 93916 e3f251d2a19dd04508b3fd70118fea9b
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dev_1.12.3-3ubuntu3.1_amd64.deb
      Size/MD5: 224874 cf37dac4ff14f771d8a282dfeced02d9
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1_1.12.3-3ubuntu3.1_amd64.deb
      Size/MD5: 127156 d7c0a9ba1e3aa0ad9d0fa3cd9eb15a9b
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dbg_1.12.3-3ubuntu3.1_amd64.deb
      Size/MD5: 10806 ec1d092fc45eb5d0fb1253f427f38a5c
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dev_1.12.3-3ubuntu3.1_amd64.deb
      Size/MD5: 56998 9ead84cd7f21f16afede42b7bc5641fd
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1_1.12.3-3ubuntu3.1_amd64.deb
      Size/MD5: 49902 6dccb6462809ec7c3a1df450141e4999

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dbg_1.12.3-3ubuntu3.1_i386.deb
      Size/MD5: 86528 7ba7b433ee55244de36652d87256e2c1
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dev_1.12.3-3ubuntu3.1_i386.deb
      Size/MD5: 208374 76524689f50ffe03b125c504c4898ca0
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1_1.12.3-3ubuntu3.1_i386.deb
      Size/MD5: 119320 adeca028c0d161f4ef51861ca3f1ca4a
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dbg_1.12.3-3ubuntu3.1_i386.deb
      Size/MD5: 9882 0a768d6ea600c3522cce25a0a90d5928
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dev_1.12.3-3ubuntu3.1_i386.deb
      Size/MD5: 56072 911ec2cfba647e50a653b75e69024e04
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1_1.12.3-3ubuntu3.1_i386.deb
      Size/MD5: 49386 194b149dfe80139285ed17e07df361bc

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dbg_1.12.3-3ubuntu3.1_powerpc.deb
      Size/MD5: 96010 c6bd3befc34850dbb2c2878508af0df5
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dev_1.12.3-3ubuntu3.1_powerpc.deb
      Size/MD5: 230668 e65c9f0e97d2a57087367364f5dd6255
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1_1.12.3-3ubuntu3.1_powerpc.deb
      Size/MD5: 129918 72f74656095359513b5d4a08d488ac75
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dbg_1.12.3-3ubuntu3.1_powerpc.deb
      Size/MD5: 12526 84cd66738f8722663f33d2b3aed58ace
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dev_1.12.3-3ubuntu3.1_powerpc.deb
      Size/MD5: 57162 b05d543c92c391f0c6ddd2e100baa99c
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1_1.12.3-3ubuntu3.1_powerpc.deb
      Size/MD5: 51180 dd8d3a43ff9885747e4e6f524cb1c5e2

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dbg_1.12.3-3ubuntu3.1_sparc.deb
      Size/MD5: 90552 767d0cdc300d3c4a7f208f510abb96ab
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dev_1.12.3-3ubuntu3.1_sparc.deb
      Size/MD5: 217050 58be4ccddce2a59201686b95f3dd95bd
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1_1.12.3-3ubuntu3.1_sparc.deb
      Size/MD5: 124138 67a412538e0325c2e5281bcb72d5e773
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dbg_1.12.3-3ubuntu3.1_sparc.deb
      Size/MD5: 9734 105ed044c45d9fd15140f0197151b561
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dev_1.12.3-3ubuntu3.1_sparc.deb
      Size/MD5: 56502 dc87b8a235afa899b731dd802b258190
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1_1.12.3-3ubuntu3.1_sparc.deb
      Size/MD5: 49386 77bee1354c91c61874f28a059f029016

Updated packages for Ubuntu 6.06 LTS:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf_1.13.99-0ubuntu2.1.diff.gz
      Size/MD5: 9363 b1c523b8d8d38c7304441f4911a45358
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf_1.13.99-0ubuntu2.1.dsc
      Size/MD5: 893 40e98355919e234ae2d344b35033b6c5
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf_1.13.99.orig.tar.gz
      Size/MD5: 740978 dfd0c75b75066c4f30d484c79c045a62

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-common_1.13.99-0ubuntu2.1_all.deb
Size/MD5: 44520 1e5736725ef753e9ce8ae592d8d6d77e

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-1-113-dbg_1.13.99-0ubuntu2.1_amd64.deb
      Size/MD5: 100194 1c1f61eb471bdacebb9b560ab6de14c2
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-113_1.13.99-0ubuntu2.1_amd64.deb
      Size/MD5: 129670 6d6e52bde88de0d68949c1fbba6c3165
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dev_1.13.99-0ubuntu2.1_amd64.deb
      Size/MD5: 240642 b6e5163afb458255e6672bb91363ea93
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-bin_1.13.99-0ubuntu2.1_amd64.deb
      Size/MD5: 51230 804d35ba7f4878b06ae14c01b2d21fea
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-gnome-1-113-dbg_1.13.99-0ubuntu2.1_amd64.deb
      Size/MD5: 10744 82daa38d026b93f917e312199c018b08
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-113_1.13.99-0ubuntu2.1_amd64.deb
      Size/MD5: 52686 701b5d256a00525c6d4b40fba6841e20
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dev_1.13.99-0ubuntu2.1_amd64.deb
      Size/MD5: 60278 68d31197c6ae7124ae04f711b15ba5b4

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-1-113-dbg_1.13.99-0ubuntu2.1_i386.deb
      Size/MD5: 92654 bcb9d24b9016e846f894edda0fcfd876
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-113_1.13.99-0ubuntu2.1_i386.deb
      Size/MD5: 121370 2fe82e4c0194aa74dd63c24d0b594872
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dev_1.13.99-0ubuntu2.1_i386.deb
      Size/MD5: 222942 46e3a01f6c482e1915ab0189490a9ce9
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-bin_1.13.99-0ubuntu2.1_i386.deb
      Size/MD5: 51108 3e5126f0dac4a1dd275ba0226c0cd9bb
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-gnome-1-113-dbg_1.13.99-0ubuntu2.1_i386.deb
      Size/MD5: 9812 770fa769202ea9f386ed8e80e95e23f7
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-113_1.13.99-0ubuntu2.1_i386.deb
      Size/MD5: 52160 16bf0d5d03d01dc71c3a55fed9e5e036
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dev_1.13.99-0ubuntu2.1_i386.deb
      Size/MD5: 59356 ac80966bdca86c14889eb1695a156472

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-1-113-dbg_1.13.99-0ubuntu2.1_powerpc.deb
      Size/MD5: 101980 53744f68ed423a7fe66d503915a10e24
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-113_1.13.99-0ubuntu2.1_powerpc.deb
      Size/MD5: 130764 291a79c8ef5da7d71014b8e4c4aa3ae1
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dev_1.13.99-0ubuntu2.1_powerpc.deb
      Size/MD5: 247112 9ae3b0a2cacdc9434ab69b002a51ba1d
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-bin_1.13.99-0ubuntu2.1_powerpc.deb
      Size/MD5: 52914 6e2cffd5f173e5d607c9848642ee6131
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-gnome-1-113-dbg_1.13.99-0ubuntu2.1_powerpc.deb
      Size/MD5: 12420 ca70e82767500f48de7f322b160a706b
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-113_1.13.99-0ubuntu2.1_powerpc.deb
      Size/MD5: 53986 37edad0daf13f5735c02aa19865e9558
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dev_1.13.99-0ubuntu2.1_powerpc.deb
      Size/MD5: 60458 f0807524a5015359301e881e2bd60db0

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-1-113-dbg_1.13.99-0ubuntu2.1_sparc.deb
      Size/MD5: 96218 be46011a498d119d834e286f43b77278
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-113_1.13.99-0ubuntu2.1_sparc.deb
      Size/MD5: 125986 85ea3ce9588a52019a8e5e2f8be298bd
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dev_1.13.99-0ubuntu2.1_sparc.deb
      Size/MD5: 231860 6820fff8de91dd44e6bbaa4cbb01b165
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-bin_1.13.99-0ubuntu2.1_sparc.deb
      Size/MD5: 51246 f31f57b09a465c1bdf250b55ac6a5a5d
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-gnome-1-113-dbg_1.13.99-0ubuntu2.1_sparc.deb
      Size/MD5: 9652 ed2eba00c8360233cdb9574d878aea37
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-113_1.13.99-0ubuntu2.1_sparc.deb
      Size/MD5: 52142 78de48d6c9602c35e0ce831895310462
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dev_1.13.99-0ubuntu2.1_sparc.deb
      Size/MD5: 59762 8e0f17ca33004cf4061d01217a6f631e

Updated packages for Ubuntu 6.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf_1.14.1-2ubuntu1.1.diff.gz
      Size/MD5: 9276 bb8529ca4bbca6befd63abf9d5ee6bd3
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf_1.14.1-2ubuntu1.1.dsc
      Size/MD5: 886 8a360c2db8e5f18d3ff10150a678bf66
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf_1.14.1.orig.tar.gz
      Size/MD5: 736910 bf918b450a946a365719f78a957700bf

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-common_1.14.1-2ubuntu1.1_all.deb
Size/MD5: 45716 1cf2b68bb59e6c99406718d95e85b51b

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-114-dbg_1.14.1-2ubuntu1.1_amd64.deb
      Size/MD5: 101202 2fc4818219dd2eec12be797f9694e2d1
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-114_1.14.1-2ubuntu1.1_amd64.deb
      Size/MD5: 132190 4919dee1959bd79ef9b9e687e05faccb
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dev_1.14.1-2ubuntu1.1_amd64.deb
      Size/MD5: 241188 254fef90bced7a4c7af377534b3abbf0
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-bin_1.14.1-2ubuntu1.1_amd64.deb
      Size/MD5: 53160 07c590ffa9b4678b415dd2f43705f5c9
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-114-dbg_1.14.1-2ubuntu1.1_amd64.deb
      Size/MD5: 10768 5fbf90f0eecda7b4b5ff445aeecd41f0
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-114_1.14.1-2ubuntu1.1_amd64.deb
      Size/MD5: 54292 d2278a4d4e1b3adfae427c40416c038d
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dev_1.14.1-2ubuntu1.1_amd64.deb
      Size/MD5: 61232 ead489a5ea7dd59be1958e5ad9b9dce1

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-114-dbg_1.14.1-2ubuntu1.1_i386.deb
      Size/MD5: 97614 a581f24e84734643739425a131e16b35
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-114_1.14.1-2ubuntu1.1_i386.deb
      Size/MD5: 127752 48371720e8b5a76b30be2a57cbb6e3fc
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dev_1.14.1-2ubuntu1.1_i386.deb
      Size/MD5: 226382 b74f367c699e81dca2cbfa83d90cf2d5
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-bin_1.14.1-2ubuntu1.1_i386.deb
      Size/MD5: 52754 1baf5e199555747eeeb9059c443ace50
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-114-dbg_1.14.1-2ubuntu1.1_i386.deb
      Size/MD5: 10158 3d73aa4297945362a562b3b24b345c95
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-114_1.14.1-2ubuntu1.1_i386.deb
      Size/MD5: 53642 161a02edd48a803d3d088a6bb592e0e4
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dev_1.14.1-2ubuntu1.1_i386.deb
      Size/MD5: 60252 05fb5a2706802e46a7fed8639537d377

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-114-dbg_1.14.1-2ubuntu1.1_powerpc.deb
      Size/MD5: 103532 bf47b7789302ef795e12d7539b89f561
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-114_1.14.1-2ubuntu1.1_powerpc.deb
      Size/MD5: 133352 6b66a2247fb20df145507c05fb68f12c
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dev_1.14.1-2ubuntu1.1_powerpc.deb
      Size/MD5: 247112 7215b6cfc282fbc2b6f87c44ee10629b
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-bin_1.14.1-2ubuntu1.1_powerpc.deb
      Size/MD5: 54614 7ae855105d1039b60a396d5279bbb37f
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-114-dbg_1.14.1-2ubuntu1.1_powerpc.deb
      Size/MD5: 12586 9d6fd3c99baae16902b57be2e0f55b66
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-114_1.14.1-2ubuntu1.1_powerpc.deb
      Size/MD5: 55228 fe64dd66a2dbfd43ddb2ca8d5ec59388
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dev_1.14.1-2ubuntu1.1_powerpc.deb
      Size/MD5: 61102 5afa1603f0189763620b0d50b1a114eb

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-114-dbg_1.14.1-2ubuntu1.1_sparc.deb
      Size/MD5: 97862 deeb1a4f46bf418ef9d21942d433102c
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-114_1.14.1-2ubuntu1.1_sparc.deb
      Size/MD5: 128736 f243a563faa9be216fdd8715137ef7b0
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dev_1.14.1-2ubuntu1.1_sparc.deb
      Size/MD5: 232330 0a425b8e18460919255522d84238a4f2
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-bin_1.14.1-2ubuntu1.1_sparc.deb
      Size/MD5: 52886 ba50b41aa260d9a8fe163d1a6cfeddda
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-114-dbg_1.14.1-2ubuntu1.1_sparc.deb
      Size/MD5: 9702 f96c8d050d8d50e32f5e75906c902ae3
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-114_1.14.1-2ubuntu1.1_sparc.deb
      Size/MD5: 53318 6cdd39d0eaf62737cb0818c2d8deca05
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dev_1.14.1-2ubuntu1.1_sparc.deb
      Size/MD5: 60388 2368454dd6d4020d95871f8abd5c7a0a

Ubuntu Security Notice USN-392-1 December 04, 2006
xine-lib vulnerability
CVE-2006-6172

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.10:
libxine1c2 1.0.1-1ubuntu10.7

Ubuntu 6.06 LTS:
libxine-main1 1.1.1+ubuntu2-7.5

Ubuntu 6.10:
libxine1 1.1.2+repacked1-0ubuntu3.2

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

A buffer overflow was discovered in the Real Media input plugin in xine-lib. If a user were tricked into loading a specially crafted stream from a malicious server, the attacker could execute arbitrary code with the user's privileges.

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.7.diff.gz
      Size/MD5: 11946 ea5e6e40994f219ea88ee46def12b536
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.7.dsc
      Size/MD5: 1187 2a4db66f12bce54bfa453e49c4cec531
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
      Size/MD5: 7774954 9be804b337c6c3a2e202c5a7237cb0f8

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.7_amd64.deb
      Size/MD5: 109216 0130ccfcc467dfd0bd25886db806c377
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.7_amd64.deb
      Size/MD5: 3611828 233e2ab263ec680c67b794d0689d27ee

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.7_i386.deb
      Size/MD5: 109210 f2a3fdf298acaa78b74bec58a7090d53
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.7_i386.deb
      Size/MD5: 4005142 576a8b340ba09c9241a018ab46cf44e4

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.7_powerpc.deb
      Size/MD5: 109230 2719c275e06f4215d7f1b36900ca6411
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.7_powerpc.deb
      Size/MD5: 3850402 ff0041a720565876bce10d7a250c1469

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.7_sparc.deb
      Size/MD5: 109224 b628e6801a7c0def40d01234a547b07e
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.7_sparc.deb
      Size/MD5: 3695786 55a326fd10cc11aed4bdf090b4fdb3fb

Updated packages for Ubuntu 6.06 LTS: