dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Debian GNU/Linux Advisories: kernel, zope, perl, logcheck, neon, cvs

Apr 19, 2004, 02:29 (0 Talkback[s])

Debian Security Advisory DSA 491-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
April 17th, 2004 http://www.debian.org/security/faq


Package : kernel-source-2.4.19 kernel-patch-2.4.19-mips
Vulnerability : several vulnerabilities
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178

Several serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.17 for the MIPS architecture. The Common Vulnerabilities and Exposures project identifies the following problems that will be fixed with this update:

CAN-2004-0003

A vulnerability has been discovered in the R128 drive in the Linux kernel which could potentially lead an attacker to gain unauthorised privileges. Alan Cox and Thomas Biege developed a correction for this

CAN-2004-0010

Arjan van de Ven discovered a stack-based buffer overflow in the ncp_lookup function for ncpfs in the Linux kernel, which could lead an attacker to gain unauthorised privileges. Petr Vandrovec developed a correction for this.

CAN-2004-0109

zen-parse discovered a buffer overflow vulnerability in the ISO9660 filesystem component of Linux kernel which could be abused by an attacker to gain unauthorised root access. Sebastian Krahmer and Ernie Petrides developed a correction for this.

CAN-2004-0177

Solar Designer discovered an information leak in the ext3 code of Linux. In a worst case an attacker could read sensitive data such as cryptographic keys which would otherwise never hit disk media. Theodore Ts'o developed a correction for this.

CAN-2004-0178

Andreas Kies discovered a denial of service condition in the Sound Blaster driver in Linux. He also developed a correction for this.

These problems are also fixed by upstream in Linux 2.4.26 and future versions of 2.6.

The following security matrix explains which kernel versions for which architectures are already fixed and which will be removed instead.

Architecture stable (woody) unstable (sid) remove in sid
source 2.4.19-4.woody2 2.4.25-3 2.4.19-11
mips 2.4.19-0.020911.1.woody4 2.4.25-0.040415.1 2.4.19-0.020911.8
We recommend that you upgrade your kernel packages immediately, either with a Debian provided kernel or with a self compiled one.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody2.dsc
Size/MD5 checksum: 672 9860f430fe435100c103a42c7b5dbc66
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody2.diff.gz
Size/MD5 checksum: 47625 cc802c42472c637de501dde07df7cec8
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19.orig.tar.gz
Size/MD5 checksum: 32000211 237896fbb45ae652cc9c5cecc9b746da

http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody4.dsc
Size/MD5 checksum: 792 a21174ff774b45160cf3f714ea1ec226
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody4.tar.gz
Size/MD5 checksum: 1032076 96e1ae069ef39afbdae505edc6f11375

Architecture independent components:

http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-doc-2.4.19_2.4.19-4.woody2_all.deb
Size/MD5 checksum: 1783144 deaa1a0705f5f334ebbc60734b6bc2c7
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody2_all.deb
Size/MD5 checksum: 25895130 f42c8c0b27e644d024e33738a5c87863

http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody4_all.deb
Size/MD5 checksum: 1032600 c7ec4194385c7ee8601c7f4c87490d2f

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-headers-2.4.19_2.4.19-0.020911.1.woody4_mips.deb
Size/MD5 checksum: 3894818 a2277f0f0f386754f129bac5f9f79af9
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r4k-ip22_2.4.19-0.020911.1.woody4_mips.deb
Size/MD5 checksum: 2075552 c47eb88aa359b8b5613e24256d23ce96
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r5k-ip22_2.4.19-0.020911.1.woody4_mips.deb
Size/MD5 checksum: 2075960 a9a95f93c8dacac25dd45878b520ff37
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/mips-tools_2.4.19-0.020911.1.woody4_mips.deb
Size/MD5 checksum: 13114 4b8f0c9fbf91dcc093ac59087b016208

These files will probably be moved into the stable distribution on its next revision.

-



Debian Security Advisory DSA 490-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
April 17th, 2004 http://www.debian.org/security/faq


Package : zope
Vulnerability : arbitrary code execution
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2002-0688

A vulnerability has been discovered in the index support of the ZCatalog plug-in in Zope, an open source web application server. A flaw in the security settings of ZCatalog allows anonymous users to call arbitrary methods of catalog indexes. The vulnerability also allows untrusted code to do the same.

For the stable distribution (woody) this problem has been fixed in version 2.5.1-1woody1.

For the unstable distribution (sid) this problem has been fixed in version 2.6.0-0.1 and higher.

We recommend that you upgrade your zope package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1.dsc
Size/MD5 checksum: 684 bae9669b048bb73ff0fb4de1cba378d4
http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1.diff.gz
Size/MD5 checksum: 88172 d8461358bc98af430ed32dd89a45dbcb
http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1.orig.tar.gz
Size/MD5 checksum: 2165141 65d502b2acf986693576decad6b837cf

Alpha architecture:

http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_alpha.deb
Size/MD5 checksum: 2236994 a0eb7df5046ae357d760d18ef8a2619e

ARM architecture:

http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_arm.deb
Size/MD5 checksum: 2148088 dba70d7c78d850557783603038bc9947

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_i386.deb
Size/MD5 checksum: 2130316 5172bd775bcd0ae107242525cf67b443

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_ia64.deb
Size/MD5 checksum: 2388054 51c1ad0503162c4f0e152f233a45b3ca

HP Precision architecture:

http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_hppa.deb
Size/MD5 checksum: 2240312 bbac2d795c157069d27e63ffaf0f3b5c

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_m68k.deb
Size/MD5 checksum: 2133690 1662a0ece415a56d4e25ad6f31576b9f

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_mips.deb
Size/MD5 checksum: 2172370 5f127d8ac54046e75c6ab9bbfe9224c1

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_mipsel.deb
Size/MD5 checksum: 2170856 f57b6a66116df5b30f499f5e4cdab6aa

PowerPC architecture:

http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_powerpc.deb
Size/MD5 checksum: 2168352 2b66d671fe1cb86a84df066902c503d0

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_s390.deb
Size/MD5 checksum: 2153234 97df94cbfc71001ce67d6f02e6dde798

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_sparc.deb
Size/MD5 checksum: 2212970 5a660d1befe3b8ba2be26439eb1d1b21

These files will probably be moved into the stable distribution on its next update.

-



Debian Security Advisory DSA 489-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
April 17th, 2004 http://www.debian.org/security/faq


Package : kernel-source-2.4.17 kernel-patch-2.4.17-mips
Vulnerability : several vulnerabilities
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178

Several serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.17 for the PowerPC/apus and S/390 architectures. The Common Vulnerabilities and Exposures project identifies the following problems that will be fixed with this update:

CAN-2004-0003

A vulnerability has been discovered in the R128 drive in the Linux kernel which could potentially lead an attacker to gain unauthorised privileges. Alan Cox and Thomas Biege developed a correction for this

CAN-2004-0010

Arjan van de Ven discovered a stack-based buffer overflow in the ncp_lookup function for ncpfs in the Linux kernel, which could lead an attacker to gain unauthorised privileges. Petr Vandrovec developed a correction for this.

CAN-2004-0109

zen-parse discovered a buffer overflow vulnerability in the ISO9660 filesystem component of Linux kernel which could be abused by an attacker to gain unauthorised root access. Sebastian Krahmer and Ernie Petrides developed a correction for this.

CAN-2004-0177

Solar Designer discovered an information leak in the ext3 code of Linux. In a worst case an attacker could read sensitive data such as cryptographic keys which would otherwise never hit disk media. Theodore Ts'o developed a correction for this.

CAN-2004-0178

Andreas Kies discovered a denial of service condition in the Sound Blaster driver in Linux. He also developed a correction for this.

These problems are also fixed by upstream in Linux 2.4.26 and future versions of 2.6.

The following security matrix explains which kernel versions for which architectures are already fixed and which will be removed instead.

Architecture stable (woody) unstable (sid) remove in sid
source 2.4.17-1woody3 2.4.25-3 2.4.19-11
mips 2.4.17-0.020226.2.woody6 fixed soon 2.4.19-0.020911.8
mipsel 2.4.17-0.020226.2.woody6 2.4.25-0.040415.1 2.4.19-0.020911.9

We recommend that you upgrade your kernel packages immediately, either with a Debian provided kernel or with a self compiled one.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody3.dsc
Size/MD5 checksum: 690 222d67d058984eef34ef3af56ad82720
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody3.diff.gz
Size/MD5 checksum: 41918 dce13eeca598d548e390a72fed76728f
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17.orig.tar.gz
Size/MD5 checksum: 29445154 d5de2a4dc49e32c37e557ef856d5d132

http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody6.dsc
Size/MD5 checksum: 805 2076a7b98736825eb39bf5bc8eba23d2
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody6.tar.gz

Architecture independent components:

http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-doc-2.4.17_2.4.17-1woody3_all.deb
Size/MD5 checksum: 1720294 3b6e8a510996bebd066d1cda8bac41eb
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody3_all.deb
Size/MD5 checksum: 23880582 542792a28d1fc90844f9b51abe84f90e

http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody6_all.deb
Size/MD5 checksum: 1149360 9e6755113b2f9aa136cb7a661ff17953

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody6_mips.deb
Size/MD5 checksum: 3475460 5fd4b0778c297c49009ece259b417f22
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-ip22_2.4.17-0.020226.2.woody6_mips.deb
Size/MD5 checksum: 2042058 a15d8dad4f6d3a0ca8f32bca87a153b3
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r5k-ip22_2.4.17-0.020226.2.woody6_mips.deb
Size/MD5 checksum: 2042102 f9cc1ae2e4d53f0a017a842580823a34

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody6_mipsel.deb
Size/MD5 checksum: 3474878 26731e041b80cfeb5bc609cf6f2b20a1
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r3k-kn02_2.4.17-0.020226.2.woody6_mipsel.deb
Size/MD5 checksum: 2197528 b2cefc4f87ee78a1c146a4e428b2d44c
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-kn04_2.4.17-0.020226.2.woody6_mipsel.deb
Size/MD5 checksum: 2193620 0cf8429a531c6eb29cdc34b4e343d9ac
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/mips-tools_2.4.17-0.020226.2.woody6_mipsel.deb
Size/MD5 checksum: 15394 7f2ad07ae6daa9de0db7d45cdc83ee59

These files will probably be moved into the stable distribution on its next revision.



Debian Security Advisory DSA 431-2 security@debian.org
http://www.debian.org/security/ Matt Zimmerman
April 16th, 2004 http://www.debian.org/security/faq


Package : perl
Vulnerability : information leak
Problem-Type : local
Debian-specific: no
CVE Ids : CAN-2003-0618

Paul Szabo discovered a number of similar bugs in suidperl, a helper program to run perl scripts with setuid privileges. By exploiting these bugs, an attacker could abuse suidperl to discover information about files (such as testing for their existence and some of their permissions) that should not be accessible to unprivileged users.

DSA 431-1 incorporated a partial fix for this problem. This advisory includes a more complete fix which corrects some additional cases.

For the current stable distribution (woody) this problem has been fixed in version 5.6.1-8.7.

For the unstable distribution, this problem has been fixed in version 5.8.3-3.

We recommend that you update your perl package if you have the "perl-suid" package installed.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7.dsc
Size/MD5 checksum: 687 a991455e0aceb15577058550a4e7a58b
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7.diff.gz
Size/MD5 checksum: 157187 c4142d9553724963475e3ac83b7cfa75
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1.orig.tar.gz
Size/MD5 checksum: 5983695 ec1ff15464809b562aecfaa2e65edba6

Architecture independent components:

http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.6.1-8.7_all.deb
Size/MD5 checksum: 30986 605d678c5351a04c559eb91c92224330
http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.6.1-8.7_all.deb
Size/MD5 checksum: 3892174 622ee5f4426479eac9923ce8a615f8bb
http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.6.1-8.7_all.deb
Size/MD5 checksum: 1284502 c502b6581cddcbec73603365ba2b3c91

Alpha architecture:

http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_alpha.deb
Size/MD5 checksum: 620294 07e38c51c8ca20102b088fdce1fab354
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_alpha.deb
Size/MD5 checksum: 435786 ecadd53c15edb37aa6919210dfa71a7d
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_alpha.deb
Size/MD5 checksum: 1217702 66bbe713ab6017e91dd050d2bc3a3626
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_alpha.deb
Size/MD5 checksum: 208726 98fb9debca3d28a7b92454a03fba23da
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_alpha.deb
Size/MD5 checksum: 2826500 8998d4bb47b35558e302cddce343a79a
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_alpha.deb
Size/MD5 checksum: 34570 b706eb26f78cc37ebc1d037301a98160

ARM architecture:

http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_arm.deb
Size/MD5 checksum: 516692 c767fd61532053e819d860b59120adfc
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_arm.deb
Size/MD5 checksum: 362950 17996f407fec576584b7f57c13d335f9
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_arm.deb
Size/MD5 checksum: 1164306 b94f9f79d1cfc369146d13ce87d5b13a
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_arm.deb
Size/MD5 checksum: 545424 ef03138c3fbf6e4814d9bfcec3c3778a
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_arm.deb
Size/MD5 checksum: 2307408 962e45a6371c99305a9fb9a5ab9a4ec2
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_arm.deb
Size/MD5 checksum: 29204 8f1fb543b1889960bb621af8fcbd7ddf

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_i386.deb
Size/MD5 checksum: 424654 0ad393b304d64b7c952ac84f237aca52
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_i386.deb
Size/MD5 checksum: 347984 150e94da2d527462997f519a09bd6299
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_i386.deb
Size/MD5 checksum: 1159654 3d9f6212d155543e9386b51a63254f51
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_i386.deb
Size/MD5 checksum: 497374 f23b673fab7977a06c4b683c47abbd4d
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_i386.deb
Size/MD5 checksum: 2119098 d811ed3c32389f4b7f96af510c60b2ca
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_i386.deb
Size/MD5 checksum: 28424 8050f765f6e6c1d2846f1ecffea46410

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_ia64.deb
Size/MD5 checksum: 703800 98b9613a766899236656b3d14f853cad
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_ia64.deb
Size/MD5 checksum: 599440 5884023305567e2154cf21db04ad4a4d
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_ia64.deb
Size/MD5 checksum: 1266508 805f604c9e913eacc63b81b1063cfa64
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_ia64.deb
Size/MD5 checksum: 226492 21d55eaeb321baa8b18ceac3bc5d1a82
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_ia64.deb
Size/MD5 checksum: 3312646 55a3421d9a6077cb6bbcb896227818f2
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_ia64.deb
Size/MD5 checksum: 44934 469d65c1903c6e5dbb7b2d379967f36a

HP Precision architecture:

http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_hppa.deb
Size/MD5 checksum: 623292 e8cc3a186195903aa19161c483418525
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_hppa.deb
Size/MD5 checksum: 473744 c1c09e61b138d2e2c5ebab4cc6f02e82
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_hppa.deb
Size/MD5 checksum: 1211678 f594b871f8d8893b1122f4baf41bf738
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_hppa.deb
Size/MD5 checksum: 208596 fc67aeda5dbe15ad3fd2e8a63c8bd78d
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_hppa.deb
Size/MD5 checksum: 2288234 9c6cc1afd6d73db52950bbacdf6f1b21
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_hppa.deb
Size/MD5 checksum: 33806 488f0b0c06014c6965ebc37c23a31c97

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_m68k.deb
Size/MD5 checksum: 399780 2ee914f94573b737c0ec2960f5b6021b
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_m68k.deb
Size/MD5 checksum: 332258 d82a12ead7f31eb08297dcf297f11ac3
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_m68k.deb
Size/MD5 checksum: 1149542 e0d91210417e01baee9daecbd2bf9d08
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_m68k.deb
Size/MD5 checksum: 192322 80b9769f249667bb5a8497f408b4f1ca
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_m68k.deb
Size/MD5 checksum: 2131942 662fc5f69355ab54808eb3e202d362db
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_m68k.deb
Size/MD5 checksum: 27486 86f8f0d96fbada9634ab44d85c88a266

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_mips.deb
Size/MD5 checksum: 522852 39a821b855c5f94f1880238f08dbd157
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_mips.deb
Size/MD5 checksum: 364940 9e3d5a5fc15458565a4f1b73bba170a2
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_mips.deb
Size/MD5 checksum: 1159180 84fc705de28814be8ea604250e817889
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_mips.deb
Size/MD5 checksum: 185938 0e50a8c0f01a1f1543f9cae137eb4dd5
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_mips.deb
Size/MD5 checksum: 2408720 1c16ad8df71d2d0dc6f3406945e7c452
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_mips.deb
Size/MD5 checksum: 28782 972d38da8c32efe69a873fe672f46b4d

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_mipsel.deb
Size/MD5 checksum: 516598 46517edcc8756a1cf8ab9da1c33dac22
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_mipsel.deb
Size/MD5 checksum: 361580 bb8f03ff7a601a26f700b1cf0cceb730
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_mipsel.deb
Size/MD5 checksum: 1160358 3b6d35a5fe4e99fd2d11c8bad52175d5
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_mipsel.deb
Size/MD5 checksum: 185442 71c02babd3baf6aa2e8f0e307263dde6
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_mipsel.deb
Size/MD5 checksum: 2265660 136f94b40250507788f57bbb2bde6f13
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_mipsel.deb
Size/MD5 checksum: 28352 48eb4a7ee90f6f9d811a03e943241119

PowerPC architecture:

http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_powerpc.deb
Size/MD5 checksum: 567782 150087235609b5db08d25ea73d1a4f8c
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_powerpc.deb
Size/MD5 checksum: 400802 1dfaa93883376741b2fb3b8d16084eee
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_powerpc.deb
Size/MD5 checksum: 1183410 e6b36359842d16b760f211b768ffcfdb
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_powerpc.deb
Size/MD5 checksum: 202314 14355f64ccdf27a760445291895aa4ed
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_powerpc.deb
Size/MD5 checksum: 2301236 f3c8a582a29b1fe1a92a783c03129f33
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_powerpc.deb
Size/MD5 checksum: 30570 8651038ad39122fc271cdfdbd70baec0

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_s390.deb
Size/MD5 checksum: 456344 c152e120efd8b83ddb067b2baa12d661
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_s390.deb
Size/MD5 checksum: 405160 379d96724db8ef0489449b6d6c75d650
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_s390.deb
Size/MD5 checksum: 1168056 80c3d6a9f7c9669f8a641264f1543165
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_s390.deb
Size/MD5 checksum: 191384 b2cca1f491a3e5c9a353092aa1f59b08
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_s390.deb
Size/MD5 checksum: 2210640 d475d03fbcdfb8e6a92552ded1243806
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_s390.deb
Size/MD5 checksum: 32538 fff120c1e5282e999e318f801cd2cafd

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_sparc.deb
Size/MD5 checksum: 529134 116cf6d1c774077ef118cfac42af6779
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_sparc.deb
Size/MD5 checksum: 404524 6568c1e828c1dcae39ceabe381d75b0b
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_sparc.deb
Size/MD5 checksum: 1191856 f6dac34265d1772e6cfd3c1224fa6f37
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_sparc.deb
Size/MD5 checksum: 211210 7d978926ebb4f1de043559ec13edcb50
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_sparc.deb
Size/MD5 checksum: 2285564 a852621df3ac940ee6cc769af2ec4f14
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_sparc.deb
Size/MD5 checksum: 30718 28588a5423729c87f2f7865228ad20dd

These files will probably be moved into the stable distribution on its next revision.

-



Debian Security Advisory DSA 488-1 security@debian.org
http://www.debian.org/security/ Matt Zimmerman
April 16th, 2004 http://www.debian.org/security/faq


Package : logcheck
Vulnerability : insecure temporary directory
Problem-Type : local
Debian-specific: no
CVE Ids : CAN-2004-0404

Christian Jaeger reported a bug in logcheck which could potentially be exploited by a local user to overwrite files with root privileges. logcheck utilized a temporary directory under /var/tmp without taking security precautions. While this directory is created when logcheck is installed, and while it exists there is no vulnerability, if at any time this directory is removed, the potential for exploitation exists.

For the current stable distribution (woody) this problem has been fixed in version 1.1.1-13.1woody1.

For the unstable distribution (sid), this problem has been fixed in version 1.1.1-13.2.

We recommend that you update your logcheck package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/l/logcheck/logcheck_1.1.1-13.1woody1.dsc
Size/MD5 checksum: 613 8e01951f551f262ad2ca57543f8e365a
http://security.debian.org/pool/updates/main/l/logcheck/logcheck_1.1.1-13.1woody1.diff.gz
Size/MD5 checksum: 24812 e4e98736893194d3d59d01ba34e2f3e7
http://security.debian.org/pool/updates/main/l/logcheck/logcheck_1.1.1.orig.tar.gz
Size/MD5 checksum: 29998 51c91fff337e30958df368c648911647

Architecture independent components:

http://security.debian.org/pool/updates/main/l/logcheck/logcheck-database_1.1.1-13.1woody1_all.deb
Size/MD5 checksum: 16450 f14aed68d079c1a64651c6c75ef1ab14
http://security.debian.org/pool/updates/main/l/logcheck/logcheck_1.1.1-13.1woody1_all.deb
Size/MD5 checksum: 25146 c6f1446b5d520e42384ffb3408da864e
http://security.debian.org/pool/updates/main/l/logcheck/logtail_1.1.1-13.1woody1_all.deb
Size/MD5 checksum: 9338 5bfca1c9d03ee43a18d54df1be5891d9

These files will probably be moved into the stable distribution on its next revision.

-



Debian Security Advisory DSA 487-1 security@debian.org
http://www.debian.org/security/ Matt Zimmerman
April 16th, 2004 http://www.debian.org/security/faq


Package : neon
Vulnerability : format string
Problem-Type : remote
Debian-specific: no
CVE Ids : CAN-2004-0179

Multiple format string vulnerabilities were discovered in neon, an HTTP and WebDAV client library. These vulnerabilities could potentially be exploited by a malicious WebDAV server to execute arbitrary code with the privileges of the process using libneon.

For the current stable distribution (woody) these problems have been fixed in version 0.19.3-2woody3.

For the unstable distribution (sid), these problems have been fixed in version 0.24.5-1.

We recommend that you update your neon package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/n/neon/neon_0.19.3-2woody3.dsc
Size/MD5 checksum: 582 4753d19632b3ba69e7d97f61b21da8b1
http://security.debian.org/pool/updates/main/n/neon/neon_0.19.3-2woody3.diff.gz
Size/MD5 checksum: 4081 6ed8f310baae56db47a34f3affdf0dd5
http://security.debian.org/pool/updates/main/n/neon/neon_0.19.3.orig.tar.gz
Size/MD5 checksum: 499574 9dbb8c276e5fc58a707b6e908abdce63

Alpha architecture:

http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_alpha.deb
Size/MD5 checksum: 122054 f8455a4aca0ad0eed97b8635f7552ecc
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_alpha.deb
Size/MD5 checksum: 77894 12283440f135e0b68b328151c78d5240

ARM architecture:

http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_arm.deb
Size/MD5 checksum: 100820 6ac65c11b484429f9f388ae0bab9136c
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_arm.deb
Size/MD5 checksum: 70256 d16830700754df93ec06fcc72d952be6

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_i386.deb
Size/MD5 checksum: 94820 7a7f0c168b101390a619ffde40f9efc3
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_i386.deb
Size/MD5 checksum: 65780 b72a10b0dbcbfb149b36b3053627a9d2

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_ia64.deb
Size/MD5 checksum: 131246 dda199f3b1d6598bb8aa2f6ba37521d4
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_ia64.deb
Size/MD5 checksum: 96250 043f6b4d3eb394bcaa2b7dda6a78b676

HP Precision architecture:

http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_hppa.deb
Size/MD5 checksum: 118574 d7904398181654ebc8eab408a2d96cec
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_hppa.deb
Size/MD5 checksum: 80776 fdb1f1e337ee50318cbccfeeda0ec32f

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_m68k.deb
Size/MD5 checksum: 93110 7993e9e642cbefb27ea6a7085615bb55
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_m68k.deb
Size/MD5 checksum: 67668 fc37364b5b44454a637b69b591ce8c04

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_mips.deb
Size/MD5 checksum: 110704 3fbe497c5ac44aee13457fcfe9b785cf
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_mips.deb
Size/MD5 checksum: 68644 29c7188a9dfe0da26a218eea6714997b

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_mipsel.deb
Size/MD5 checksum: 110502 73eb5e6338f9ce6f5fd0c0cd27cbac48
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_mipsel.deb
Size/MD5 checksum: 68626 f85bcdab3e2957d53f00569966eaa3b6

PowerPC architecture:

http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_powerpc.deb
Size/MD5 checksum: 107168 c1994dba85b7e2150b1419fd4da44a14
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_powerpc.deb
Size/MD5 checksum: 71544 5e1812c5242835b7567d3549a334d9d8

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_s390.deb
Size/MD5 checksum: 96930 022ad2200a279efc9ab1482e599b47d3
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_s390.deb
Size/MD5 checksum: 70958 632017c6cd495f5a35a3ced63f2bab88

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_sparc.deb
Size/MD5 checksum: 102406 d3e5c72b6de6f90f2272c62d4ee3c88c
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_sparc.deb
Size/MD5 checksum: 70812 c36ba230074c19cb6a58b76da986767d

These files will probably be moved into the stable distribution on its next revision.

-



Debian Security Advisory DSA 486-1 security@debian.org
http://www.debian.org/security/ Matt Zimmerman
April 16th, 2004 http://www.debian.org/security/faq


Package : cvs
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE Ids : CAN-2004-0180 CAN-2004-0405

Two vulnerabilities have been discovered and fixed in CVS:

CAN-2004-0180 - Sebastian Krahmer discovered a vulnerability whereby a malicious CVS pserver could create arbitary files on the client system during an update or checkout operation, by supplying absolute pathnames in RCS diffs.

CAN-2004-0405 - Derek Robert Price discovered a vulnerability whereby a CVS pserver could be abused by a malicious client to view the contents of certain files outside of the CVS root directory using relative pathnames containing "../".

For the current stable distribution (woody) these problems have been fixed in version 1.11.1p1debian-9woody2.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you update your cvs package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2.dsc
Size/MD5 checksum: 693 28b69f2fb8220898ca67c01315100f34
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2.diff.gz
Size/MD5 checksum: 52099 91792f8108528075bcf13b065875b4db
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian.orig.tar.gz
Size/MD5 checksum: 2621658 500965ab9702b31605f8c58aa21a6205

Alpha architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_alpha.deb
Size/MD5 checksum: 1178632 ad23bcdf83e3ce5253e0f1d7741600b8

ARM architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_arm.deb
Size/MD5 checksum: 1105142 143e7fd0c40a86cf34ec5a6b174fcd18

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_i386.deb
Size/MD5 checksum: 1094930 20f380681501e6a2da820404e0198d05

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_ia64.deb
Size/MD5 checksum: 1270908 c84aeccd424b890744f8aade97965b3f

HP Precision architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_hppa.deb
Size/MD5 checksum: 1147238 600d2778f0e8ab62f8194bc3fed09b23

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_m68k.deb
Size/MD5 checksum: 1065546 7199eddc8e0cb9e2e6a62e041d7257dd

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_mips.deb
Size/MD5 checksum: 1129628 c193b5312150906f08e5f0f9f262a053

Little endian MIPS architecture: