Linux Today - Advisories, December 10, 2006

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices

Technology Jobs

LinuxToday Newsletters

Server Daily
IT Management Daily
Subscribe News
Subscribe PR
Subscribe Security

internet.com

Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

Current Newswire:

20 popular Ubuntu Linux apps you may want to try

A Selection of the Very Best Open Source Tutorials and Tools

Android Ice Cream Sandwich ported to x86 tablets, netbooks and notebooks

SECURITY: Google Chrome 17 Improves Security

How to read a CSV file in Perl?

Red Hat Brings Gluster to Amazon Cloud

New Linux kernel fixes power-saving issues

Using Wii remote with Android Device- Taking Gaming to the Next Level

Commercial Support now available for the open-source NGINX Web server

Linux Top 5: Linux's New Fellow

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Post A Job | Post A Resume

:Advisories, December 10, 2006

Advisories, December 10, 2006
Dec 11, 2006, 05 :30 UTC (0 Talkback[s]) (3175 reads)

Debian GNU/Linux

Debian Security Advisory DSA-1230-1 security@debian.org
http://www.debian.org/security/ Steve Kemp
December 08, 2006

Package : l2tpns (2.0.14-1sarge1)
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2006-5873
Debian Bug : 401742

Rhys Kidd discovered a vulnerability in l2tpns, a layer 2 tunnelling protocol network server, which could be triggered by a remote user to execute arbitary code.

For the stable distribution (sarge), this problem has been fixed in version 2.0.14-1sarge1.

For the unstable distribution (sid) this problem has been fixed in version 2.1.21-1

We recommend that you upgrade your l2tpns package.

Upgrade instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian 3.1 (stable)

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

    http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14.orig.tar.gz
      Size/MD5 checksum: 149672 462bca675b5e27f40f5e5f92918911cb
    http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1.diff.gz
      Size/MD5 checksum: 2760 21dd07043e996a6deb282ad9318ff523
    http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1.dsc
      Size/MD5 checksum: 585 16faad913601881770b688f2fc8e8357

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_alpha.deb
Size/MD5 checksum: 195906 4d8481e9bf411cd71b3439fba8c65f4d

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_amd64.deb
Size/MD5 checksum: 152440 164d2205b4cd8fc99bc4763fb7ac9b38

arm architecture (ARM)

http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_arm.deb
Size/MD5 checksum: 151706 317794e1cbd89bf03a5276a5e0e6e946

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_hppa.deb
Size/MD5 checksum: 169062 80e4b651500315e6cfeae09cbd990cca

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_i386.deb
Size/MD5 checksum: 144584 4a447fcc5dae3781f84f21bc8a262937

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_ia64.deb
Size/MD5 checksum: 227898 e14fc8e036271566d4a9178e10650ad3

m68k architecture (Motorola Mc680x0)

http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_m68k.deb
Size/MD5 checksum: 128076 e30c757e00a9914890caeab4da5e364d

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_mips.deb
Size/MD5 checksum: 165256 c5eadfb746ff587e557241fcea756011

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_mipsel.deb
Size/MD5 checksum: 168406 b11641d83e799878de35512edb09dbfa

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_powerpc.deb
Size/MD5 checksum: 168706 9b4038dbfaa5fe14ac7df25857cc0e7f

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_s390.deb
Size/MD5 checksum: 155020 d4a196ecf8b13ae8d0830e45571cc29d

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_sparc.deb
Size/MD5 checksum: 160188 ab36083d96a6d5ca028d93032eccdec0

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 1231-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
December 9th, 2006 http://www.debian.org/security/faq

Package : gnupg
Vulnerability : several
Problem-Type : local(remote)
Debian-specific: no
CVE ID : CVE-2006-6169 CVE-2006-6235
Debian Bug : 401894 401898 401914

Several remote vulnerabilities have been discovered in the GNU privacy, a free PGP replacement, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-6169

Werner Koch discovered that a buffer overflow in a sanitising function may lead to execution of arbitrary code when running gnupg interactively.

CVE-2006-6235

Tavis Ormandy discovered that parsing a carefully crafted OpenPGP packet may lead to the execution of arbitrary code, as a function pointer of an internal structure may be controlled through the decryption routines.

For the stable distribution (sarge) these problems have been fixed in version 1.4.1-1.sarge6.

For the upcoming stable distribution (etch) these problems have been fixed in version 1.4.6-1.

For the unstable distribution (sid) these problems have been fixed in version 1.4.6-1.

We recommend that you upgrade your gnupg packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6.dsc
      Size/MD5 checksum: 680 f99d9936fdb3d87b37f719d4f507702a
    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6.diff.gz
      Size/MD5 checksum: 22889 219b13435d4594c530614638590b65d3
    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1.orig.tar.gz
      Size/MD5 checksum: 4059170 1cc77c6943baaa711222e954bbd785e5

Alpha architecture:

http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_alpha.deb
Size/MD5 checksum: 2156230 950520b2391eb6444593c66a8e96d6c3

AMD64 architecture:

http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_amd64.deb
Size/MD5 checksum: 1963738 589ab9ab433e000e919a38f558f54f5e

ARM architecture:

http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_arm.deb
Size/MD5 checksum: 1899822 158ed8fe21da9e2b8c730b3b2acce9a8

HP Precision architecture:

http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_hppa.deb
Size/MD5 checksum: 2004374 9daff80c38cf65bb299fb5ee370d44d6

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_i386.deb
Size/MD5 checksum: 1909194 8752d3578b55a7fd1535bba18ca0770c

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_ia64.deb
Size/MD5 checksum: 2325806 38fa7bb8def3d1a296aa6aa3432561a3

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_m68k.deb
Size/MD5 checksum: 1811222 f51182d8badb7c2b0ef42b78c71be16d

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_mips.deb
Size/MD5 checksum: 2001184 cc087abacd572bed64a2ab191d863946

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_mipsel.deb
Size/MD5 checksum: 2007888 c42342dd898361ed9fcee1bdc8edc3e2

PowerPC architecture:

http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_powerpc.deb
Size/MD5 checksum: 1958036 ff8ee1d008561ce87732847e895024ec

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_s390.deb
Size/MD5 checksum: 1967406 693212d3c1b12bf7f6f204daa0531f6a

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_sparc.deb
Size/MD5 checksum: 1897740 3821e5e9e69241324d781fe78ed1ace7

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 1232-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
December 9th, 2006 http://www.debian.org/security/faq

Package : clamav
Vulnerability : missing sanity checks
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-5874

Stephen Gran discovered that malformed base64-encoded MIME attachments can lead to denial of service through a null pointer dereference.

For the stable distribution (sarge) this problem has been fixed in version 0.84-2.sarge.12.

For the upcoming stable distribution (etch) this problem has been fixed in version 0.86-1.

For the unstable distribution (sid) this problem has been fixed in version 0.86-1.

We recommend that you upgrade your clamav package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.12.dsc
      Size/MD5 checksum: 874 5b916037233c2d9d181ea83f1d42d712
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.12.diff.gz
      Size/MD5 checksum: 177238 a782b435ee944e318fc88c4a0cdb67b2
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
      Size/MD5 checksum: 4006624 c43213da01d510faf117daa9a4d5326c

Architecture independent components:

    http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.12_all.deb
      Size/MD5 checksum: 154928 b32d2d2ece27947abc7b7c6330abf2b1
    http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.12_all.deb
      Size/MD5 checksum: 694464 eb184049df134a9006667e6785c24c25
    http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.12_all.deb
      Size/MD5 checksum: 123944 62365dceb1d3080f1164ce0a972fdf25

Alpha architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.12_alpha.deb
      Size/MD5 checksum: 74764 be1106a34f9f141c035e5944b515d698
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.12_alpha.deb
      Size/MD5 checksum: 48832 16c19937df6b1e662518667bf0d0ee6f
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.12_alpha.deb
      Size/MD5 checksum: 2176478 42c9a257d406924bd2fcac05be372969
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.12_alpha.deb
      Size/MD5 checksum: 42112 19cf2cd6d553eba10a02ff592c12c94a
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.12_alpha.deb
      Size/MD5 checksum: 255854 038f4ce242d6db3705a8baf832e0e12f
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.12_alpha.deb
      Size/MD5 checksum: 285746 c0d001b91c29d95bd53737b2d7b5c547

AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.12_amd64.deb
      Size/MD5 checksum: 68848 c0e28ed5358d1f5ebff13d61d6eb1eb4
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.12_amd64.deb
      Size/MD5 checksum: 44184 c88134266b22681595f3c7ed12334a4f
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.12_amd64.deb
      Size/MD5 checksum: 2173274 64577d98f3d80cfc1e6e74ff4d81fcd5
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.12_amd64.deb
      Size/MD5 checksum: 39996 b463aded3ec3448e8a577674cc257c31
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.12_amd64.deb
      Size/MD5 checksum: 176586 eeb2004aab6cc21d10384e5ca036a87c
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.12_amd64.deb
      Size/MD5 checksum: 259932 870f959c30fe9e7bcf48deac7fd6759b

ARM architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.12_arm.deb
      Size/MD5 checksum: 63922 29edcdab52e56c2b72af6af97ca0c768
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.12_arm.deb
      Size/MD5 checksum: 39584 a8afdb2046b166a1b1f5b8a3e9b82e5e
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.12_arm.deb
      Size/MD5 checksum: 2171286 d8537b008fbb7bf022af9c388fd3e4ac
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.12_arm.deb
      Size/MD5 checksum: 37322 fd8f26bcf782fefba3c5a0530dcf2ec2
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.12_arm.deb
      Size/MD5 checksum: 174942 4e3f425067940ad951c5db80bedb1bde
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.12_arm.deb
      Size/MD5 checksum: 249834 941fa21a688be04473a079fca7e8a3b4

HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.12_hppa.deb
      Size/MD5 checksum: 68282 2fb841851035efd52fefa7e724d590be
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.12_hppa.deb
      Size/MD5 checksum: 43280 d3c20fdeb6f4aebaa0dbe8ae90a5d184
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.12_hppa.deb
      Size/MD5 checksum: 2173744 4d0ea408992b3b0f96e7d17ff167a729
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.12_hppa.deb
      Size/MD5 checksum: 39452 c9c873ee637518fa15725c8490bf09bc
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.12_hppa.deb
      Size/MD5 checksum: 202738 457a65fb73cd55814e01dc86fe4e09d8
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.12_hppa.deb
      Size/MD5 checksum: 283560 80e6985db13798376fa0bd037180347b

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.12_i386.deb
      Size/MD5 checksum: 65210 e77f2ea59853a44c9de70078084818f7
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.12_i386.deb
      Size/MD5 checksum: 40316 a6277fe555ed016b66e31a8f12ae5900
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.12_i386.deb
      Size/MD5 checksum: 2171600 04bed8cc7a6fce37fadb00e7c3de0158
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.12_i386.deb
      Size/MD5 checksum: 38040 8f2f1d793f711032130b79374a3fe92d
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.12_i386.deb
      Size/MD5 checksum: 159766 ed10728241f21d9ca16958b69ef2835e
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.12_i386.deb
      Size/MD5 checksum: 254628 7a3362570c412ce45fef6af9836dc5a9

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.12_ia64.deb
      Size/MD5 checksum: 81826 d6ce185e7548aca1a6d9d5076dd02c62
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.12_ia64.deb
      Size/MD5 checksum: 55238 2048e4d1efbd87de9ab0bb0af1aad258
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.12_ia64.deb
      Size/MD5 checksum: 2180260 a2609594a563da9abfa754d24417a9c2
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.12_ia64.deb
      Size/MD5 checksum: 49194 017e5a956c866dfbf3fb25ac9ae9af92
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.12_ia64.deb
      Size/MD5 checksum: 252232 beb80dffdfc1bc355437f40b4694d783
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.12_ia64.deb
      Size/MD5 checksum: 317956 006317c527eac48b0328d53dab68863f

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.12_m68k.deb
      Size/MD5 checksum: 62522 7cbb98367bf49fcaaa4e17d740353fa1
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.12_m68k.deb
      Size/MD5 checksum: 38214 23b7e1072c74ead32b3c4de2732d90a6
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.12_m68k.deb
      Size/MD5 checksum: 2170512 24a34375e8aa0391b57695751778563c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.12_m68k.deb
      Size/MD5 checksum: 35076 0a65ea328e6f2a9b6682dd5124dea45d
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.12_m68k.deb
      Size/MD5 checksum: 146374 257c0624826096b041dadfc21a722244
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.12_m68k.deb
      Size/MD5 checksum: 250616 6e80c1cf4c8bb7289e277c74d415e187

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.12_mips.deb
      Size/MD5 checksum: 67954 d241687159539050660a0b26e65ce420
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.12_mips.deb
      Size/MD5 checksum: 43788 464b8562f10bcb127cebd37192daaac9
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.12_mips.deb
      Size/MD5 checksum: 2173044 97ebd82f119d09500a4ff5ccd8c21cef
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.12_mips.deb
      Size/MD5 checksum: 37672 f39f4ff08d44f7e7994faf23b439af96
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.12_mips.deb
      Size/MD5 checksum: 195606 a206da343265cb7e8c780544036bd491
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.12_mips.deb
      Size/MD5 checksum: 257714 3d81be01bbdb7c0d48b4c97c8657c112

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.12_mipsel.deb
      Size/MD5 checksum: 67560 589421e196e11eb3536a2a8874af7d71
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.12_mipsel.deb
      Size/MD5 checksum: 43588 4822a893c5c7f476b9991ed8ff9930e1
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.12_mipsel.deb
      Size/MD5 checksum: 2173000 05c596728ad5d423d841522e5957e6e8
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.12_mipsel.deb
      Size/MD5 checksum: 37962 432ecd8c78aaa8ce80cd385ad5a4f0d8
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.12_mipsel.deb
      Size/MD5 checksum: 192076 77ab2250c971bb5f2a787cf904dc1176
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.12_mipsel.deb
      Size/MD5 checksum: 255302 b2806442ee7af4103edec95f86ed4bec

PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.12_powerpc.deb
      Size/MD5 checksum: 69294 f737048437ce5bfc2843d757005bf902
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.12_powerpc.deb
      Size/MD5 checksum: 44670 fc9c04bd42f2b377c85e1ca40c2889ba
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.12_powerpc.deb
      Size/MD5 checksum: 2173674 a4b694e07e459765d2ba80471b83ef28
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.12_powerpc.deb
      Size/MD5 checksum: 38876 0af124304eac3624be255d4e92dbc32b
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.12_powerpc.deb
      Size/MD5 checksum: 187746 7b632f5ce2a16725010d83847031c992
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.12_powerpc.deb
      Size/MD5 checksum: 265086 a81c89ca24d3fba3204278ec33ee3f2e

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.12_s390.deb
      Size/MD5 checksum: 67892 9c6d6f8d31cfe729b0f14dc91f0111ed
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.12_s390.deb
      Size/MD5 checksum: 43564 8f0b63348907e2a45b905c6c631a53a4
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.12_s390.deb
      Size/MD5 checksum: 2172966 ac148963f872e961a99bda672d38bde4
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.12_s390.deb
      Size/MD5 checksum: 38910 f9bc46b646faacf26f825aac7afd35f5
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.12_s390.deb
      Size/MD5 checksum: 182718 cdce561be2f6cb23b1b29d834b2abac7
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.12_s390.deb
      Size/MD5 checksum: 269694 168fdcd3e7231fac67facaffdbd30744

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.12_sparc.deb
      Size/MD5 checksum: 64428 fc678da4d6ff9a60f1d0118857025c34
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.12_sparc.deb
      Size/MD5 checksum: 39472 59309047f49d149d61dcaa64a7c1d261
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.12_sparc.deb
      Size/MD5 checksum: 2171188 793f229374c70ed9f945effccaf4e18e
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.12_sparc.deb
      Size/MD5 checksum: 36854 24fa5876984aa5e633781edf408dcda1
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.12_sparc.deb
      Size/MD5 checksum: 175978 2fb86e8253a0f9a3da3bf1101f70168e
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.12_sparc.deb
      Size/MD5 checksum: 265034 2a31297ba3c110c4398c1dd09377e24e

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 1233-1 security@debian.org
http://www.debian.org/security/ Dann Frazier
v December 10th, 2006 http://www.debian.org/security/faq

Package : kernel-source-2.6.8
Vulnerability : several
Problem-Type : local/remote
Debian-specific: no
CVE ID : CVE-2006-3741 CVE-2006-4538 CVE-2006-4813 CVE-2006-4997 CVE-2006-5174 CVE-2006-5619 CVE-2006-5649 CVE-2006-5751 CVE-2006-5871

Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-3741

Stephane Eranian discovered a local DoS (Denial of Service) vulnerability on the ia64 architecture. A local user could exhaust the available file descriptors by exploiting a counting error in the permonctl() system call.

CVE-2006-4538

Kirill Korotaev reported a local DoS (Denial of Service) vulnerability on the ia64 and sparc architectures. A user could cause the system to crash by executing a malformed ELF binary due to insufficient verification of the memory layout.

CVE-2006-4813

Dmitriy Monakhov reported a potential memory leak in the __block_prepare_write function. __block_prepare_write does not properly sanitize kernel buffers during error recovery, which could be exploited by local users to gain access to sensitive kernel memory.

CVE-2006-4997

ADLab Venustech Info Ltd reported a potential remote DoS (Denial of Service) vulnerability in the IP over ATM subsystem. A remote system could cause the system to crash by sending specially crafted packets that would trigger an attempt to free an already-freed pointer resulting in a system crash.

CVE-2006-5174

Martin Schwidefsky reported a potential leak of sensitive information on s390 systems. The copy_from_user function did not clear the remaining bytes of the kernel buffer after receiving a fault on the userspace address, resulting in a leak of uninitialized kernel memory. A local user could exploit this by appending to a file from a bad address.

CVE-2006-5619

James Morris reported a potential local DoS (Denial of Service) vulnerability that could be used to hang or oops a system. The seqfile handling for /proc/net/ip6_flowlabel has a flaw that can be exploited to cause an infinite loop by reading this file after creating a flowlabel.

CVE-2006-5649

Fabio Massimo Di Nitto reported a potential remote DoS (Denial of Service) vulnerability on powerpc systems. The alignment exception only checked the exception table for -EFAULT, not for other errors. This can be exploited by a local user to cause a system crash (panic).

CVE-2006-5751

Eugene Teo reported a vulnerability in the get_fdb_entries function that could potentially be exploited to allow arbitrary code execution with escalated priveleges.

CVE-2006-5871

Bill Allombert reported that various mount options are ignored by smbfs when UNIX extensions are enabled. This includes the uid, gid and mode options. Client systems would silently use the server-provided settings instead of honoring these options, changing the security model. This update includes a fix from Haroldo Gamal that forces the kernel to honor these mount options. Note that, since the current versions of smbmount always pass values for these options to the kernel, it is not currently possible to activate unix extensions by omitting mount options. However, this behavior is currently consistent with the current behavior of the next Debian release, 'etch'.

The following matrix explains which kernel version for which architecture fix the problems mentioned above:

Debian 3.1 (sarge)

Source 2.6.8-16sarge6

Alpha architecture 2.6.8-16sarge6

AMD64 architecture 2.6.8-16sarge6

HP Precision architecture 2.6.8-6sarge6

Intel IA-32 architecture 2.6.8-16sarge6

Intel IA-64 architecture 2.6.8-14sarge6

Motorola 680x0 architecture 2.6.8-4sarge6

PowerPC architecture 2.6.8-12sarge6

IBM S/390 architecture 2.6.8-5sarge6

Sun Sparc architecture 2.6.8-15sarge6

The following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update:

Debian 3.1 (sarge)

fai-kernels 1.9.1sarge5

We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

Architecture independent components:

    http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-doc-2.6.8_2.6.8-16sarge6_all.deb
      Size/MD5 checksum: 6192778 9c16bf9ab5f0ecf6551812f3e0e693ac
    http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-patch-debian-2.6.8_2.6.8-16sarge6_all.deb
      Size/MD5 checksum: 1116726 3156984be3fc859f717a4253bd0ea462
    http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge6_all.deb
      Size/MD5 checksum: 34943318 4b4ecbf67cb066043d0d9447b5238d28
    http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-tree-2.6.8_2.6.8-16sarge6_all.deb
      Size/MD5 checksum: 36670 67ed3f0138673fdf06494239a3531972
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-patch-2.6.8-s390_2.6.8-5sarge6_all.deb
      Size/MD5 checksum: 12640 482b528f209c1c2cae844c28d6b18ae3

Alpha architecture:

    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-3_2.6.8-16sarge6_alpha.deb
      Size/MD5 checksum: 2761698 83f1d28bc308bc26af3d17abacfdd30f
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-3-generic_2.6.8-16sarge6_alpha.deb
      Size/MD5 checksum: 233604 4043f87dd5ae9112e28a72094bea4a86
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-3-smp_2.6.8-16sarge6_alpha.deb
      Size/MD5 checksum: 228886 02018d26ea8bfd1e0b8af7580ba05113
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-3-generic_2.6.8-16sarge6_alpha.deb
      Size/MD5 checksum: 20237958 816d6775108cf3e9515b5605849d3051
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-3-smp_2.6.8-16sarge6_alpha.deb
      Size/MD5 checksum: 20097652 e66a50b7968d11f9a1951d544134ebd0

AMD64 architecture:

Intel IA-32 architecture:

HP Precision architecture:

Intel IA-64 architecture:

Motorola 680x0 architecture:

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-headers-2.6.8-3_2.6.8-5sarge6_s390.deb
      Size/MD5 checksum: 5088210 67913b4030c03602ab7b995e18a61ff0
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-3-s390_2.6.8-5sarge6_s390.deb
      Size/MD5 checksum: 2983156 f075548343f44a55fa86950ab1acfd4e
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-3-s390-tape_2.6.8-5sarge6_s390.deb
      Size/MD5 checksum: 1145348 c985c3054acf6d23de65e2b1e8abceb1
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-3-s390x_2.6.8-5sarge6_s390.deb
      Size/MD5 checksum: 3190572 3761b55bbeebbb0f95ead41ed1c63645

Sun Sparc architecture:

PowerPC architecture:

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200612-02

http://security.gentoo.org/

Severity: Normal
Title: xine-lib: Buffer overflow
Date: December 09, 2006
Bugs: #156645
ID: 200612-02

Synopsis

xine-lib is vulnerable to a buffer overflow in the Real Media input plugin, which could lead to the execution of arbitrary code.

Background

xine is a portable and reusable multimedia playback engine. xine-lib is xine's core engine.

Affected packages


     Package              /  Vulnerable  /                  Unaffected

  1  media-libs/xine-lib     < 1.1.2-r3                    >= 1.1.2-r3

Description

A possible buffer overflow has been reported in the Real Media input plugin.

Impact

An attacker could exploit this vulnerability by enticing a user into loading a specially crafted stream with xine or an application using xine-lib. This can lead to a Denial of Service and possibly the execution of arbitrary code with the rights of the user running the application.

Workaround

There is no known workaround at this time.

Resolution

All xine-lib users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.2-r3"

References

[ 1 ] CVE-2006-6172

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6172

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200612-02.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Trustix Secure Linux

Trustix Secure Linux Security Advisory #2006-0070

Package names: gnupg, proftpd
Summary: Multiple vulnerabilities
Date: 2006-12-08
Affected versions: Trustix Secure Linux 2.2 Trustix Secure Linux 3.0 Trustix Operating System - Enterprise Server 2

Package description:
gnupg
GnuPG is a complete and free replacement for PGP. Because it does not use IDEA it can be used without any restrictions. GnuPG is in compliance with the OpenPGP specification (RFC2440).

proftpd
ProFTPd is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory visibility.

Problem description:
gnupg < TSL 3.0 > < TSL 2.2 > < TSEL 2 >

New Upstream.
SECURITY Fix: Tavis Ormandy has reported a vulnerability in GnuPG, caused due to an error within the decryption of malformed OpenPGP messages. This can be exploited to corrupt memory when decrypting a specially crafted OpenPGP message.

The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2006-6235 to this issue.

proftpd < TSL 3.0 > < TSL 2.2 > < TSEL 2 >

New upstream.
SECURITY Fix: Stack-based buffer overflow in the sreplace function allows remote attackers to cause a denial of service, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."

The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2006-5815 to this issue.

NOTE: In November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from an initial vague disclosure. Correct CVE: CVE-2006-6171.

Action:
We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system.

Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>

About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater.

Automatic updates:
Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'.

Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>

Verification:
This advisory along with all Trustix packages are signed with the TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>

The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.2/> and
<URI:http://www.trustix.org/errata/trustix-3.0/>
or directly at
<URI:http://www.trustix.org/errata/2006/0070/>

MD5sums of the packages:

ee2eef6713179355672262613d3403da 3.0/rpms/gnupg-1.4.6-1tr.i586.rpm
23d7fab414ea6fa3845a64769d4d2a32 3.0/rpms/gnupg-utils-1.4.6-1tr.i586.rpm
9df93256a549caaea20d633f94e58b7a 3.0/rpms/proftpd-1.3.0a-1tr.i586.rpm

502a38c702fc23c6276881cc94e58c25 2.2/rpms/gnupg-1.2.6-6tr.i586.rpm
889af38ab3db8e0108c7182741dad2ef 2.2/rpms/gnupg-utils-1.2.6-6tr.i586.rpm
05d9558463b738c5afb827d33e349b22 2.2/rpms/proftpd-1.2.10-12tr.i586.rpm

Trustix Security Team

Ubuntu

Ubuntu Security Notice USN-393-2 December 07, 2006
gnupg2 vulnerabilities
CVE-2006-6169, CVE-2006-6235

A security issue affects the following Ubuntu releases:

Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.10:
gnupg2 1.9.21-0ubuntu5.2

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

USN-389-1 and USN-393-1 fixed vulnerabilities in gnupg. This update provides the corresponding updates for gnupg2.

Original advisory details:

A buffer overflow was discovered in GnuPG. By tricking a user into running gpg interactively on a specially crafted message, an attacker could execute arbitrary code with the user's privileges. This vulnerability is not exposed when running gpg in batch mode. (CVE-2006-6169)

Tavis Ormandy discovered that gnupg was incorrectly using the stack. If a user were tricked into processing a specially crafted message, an attacker could execute arbitrary code with the user's privileges. (CVE-2006-6235)

Updated packages for Ubuntu 6.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_1.9.21-0ubuntu5.2.diff.gz
      Size/MD5: 39057 24885457e44f2061c1a2ef98047357d4
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_1.9.21-0ubuntu5.2.dsc
      Size/MD5: 839 5786619a42c6768da183ec2c39d70541
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_1.9.21.orig.tar.gz
      Size/MD5: 2290952 5a609db8ecc661fb299c0dccd84ad503

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg-agent_1.9.21-0ubuntu5.2_amd64.deb
      Size/MD5: 193748 57618f27a79f42a3e9f66705ed0ab151
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg2_1.9.21-0ubuntu5.2_amd64.deb
      Size/MD5: 787166 9641af8af591a9d61c3d9d77144aa320
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gpgsm_1.9.21-0ubuntu5.2_amd64.deb
      Size/MD5: 333002 a6d5f35e4fc7dc4c6a837862b269ddc1

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg-agent_1.9.21-0ubuntu5.2_i386.deb
      Size/MD5: 176170 3dc1e0b862fbf76905b61b20132812de
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg2_1.9.21-0ubuntu5.2_i386.deb
      Size/MD5: 737818 ab6d004d7fbf1b0850e6f6f4f09771d4
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gpgsm_1.9.21-0ubuntu5.2_i386.deb
      Size/MD5: 304798 1d6b309f0690685ffa95d219750033dc

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg-agent_1.9.21-0ubuntu5.2_powerpc.deb
      Size/MD5: 190614 16cd71ed4d92b1203806ba50e638e9e0
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg2_1.9.21-0ubuntu5.2_powerpc.deb
      Size/MD5: 773762 56903ee4d39929254b3a4ac06a56a2c5
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gpgsm_1.9.21-0ubuntu5.2_powerpc.deb
      Size/MD5: 324332 6b9152bd5753f974161c298d6fd6f894

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg-agent_1.9.21-0ubuntu5.2_sparc.deb
      Size/MD5: 174144 2e5e21144005113345e3abeef2b50496
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg2_1.9.21-0ubuntu5.2_sparc.deb
      Size/MD5: 726244 5dc2d8b804a2a5276344b151a46e1346
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gpgsm_1.9.21-0ubuntu5.2_sparc.deb
      Size/MD5: 297640 5c27421fb28c63abac748419a05220bb

Ubuntu Security Notice USN-394-1 December 08, 2006
ruby1.8 vulnerability
CVE-2006-6303

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.10:
libruby1.8 1.8.2-9ubuntu1.4

Ubuntu 6.06 LTS:
libruby1.8 1.8.4-1ubuntu1.3

Ubuntu 6.10:
libruby1.8 1.8.4-5ubuntu1.2

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

An error was found in Ruby's CGI library that did not correctly quote the boundary of multipart MIME requests. Using a crafted HTTP request, a remote user could cause a denial of service, where Ruby CGI applications would end up in a loop, monopolizing a CPU.

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/ruby1.8_1.8.2-9ubuntu1.4.diff.gz
      Size/MD5: 895120 147af555104a6a38cd084bb2d6829b43
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/ruby1.8_1.8.2-9ubuntu1.4.dsc
      Size/MD5: 1030 f29857c00e806eb5e998893728594634
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/ruby1.8_1.8.2.orig.tar.gz
      Size/MD5: 3623780 4bc5254bec262d18cf1ceef03aae8bdf

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/irb1.8_1.8.2-9ubuntu1.4_all.deb
      Size/MD5: 179094 52c8adf6c346b23e5f29486541dac125
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/rdoc1.8_1.8.2-9ubuntu1.4_all.deb
      Size/MD5: 244146 8767914c75697629e39e84359d19e16a
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/ri1.8_1.8.2-9ubuntu1.4_all.deb
      Size/MD5: 719294 94aa64e938b6b5ac37b08880a5eaa427
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/ruby1.8-elisp_1.8.2-9ubuntu1.4_all.deb
      Size/MD5: 154454 0bb00f14f9fead6309e1662b25233d06
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/ruby1.8-examples_1.8.2-9ubuntu1.4_all.deb
      Size/MD5: 189130 a527d4eb777f700072ec1f5ca978f483

amd64 architecture (Athlon64, Opteron, EM64T Xeon)