dcsimg
Linux Today: Linux News On Internet Time.





More on LinuxToday


Security Digest: January 10, 2005

Jan 11, 2005, 04:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 631-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 10th, 2005 http://www.debian.org/security/faq


Package : kdelibs
Vulnerability : unsanitised input
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1165
BugTraq ID : 11827
Debian Bug : 287201

Thiago Macieira discovered a vulnerability in the kioslave library, which is part of kdelibs, which allows a remote attacker to execute arbitrary FTP commands via an ftp:// URL that contains an URL-encoded newline before the FTP command.

For the stable distribution (woody) this problem has been fixed in version 2.2.2-13.woody.13.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your kdelibs3 package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.13.dsc
Size/MD5 checksum: 1355 9f1e4e8b1a72437dc747d3bfe888c666
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.13.diff.gz
Size/MD5 checksum: 60430 c3a698d55e20f3728b4bbe97e9526811
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2.orig.tar.gz
Size/MD5 checksum: 6396699 7a9277a2e727821338f751855c2ce5d3

Architecture independent components:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-doc_2.2.2-13.woody.13_all.deb
Size/MD5 checksum: 2564706 9a50557f2f62784657a6e1e32082ecf2

Alpha architecture:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.13_alpha.deb
Size/MD5 checksum: 757688 dd6923238a88caa78044bd52a2f98d57
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.13_alpha.deb
Size/MD5 checksum: 7533272 9f5b2429c330a0782646085a95908fd3
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.13_alpha.deb
Size/MD5 checksum: 137604 277dc86087dc4403c675317bdb3cf32b
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.13_alpha.deb
Size/MD5 checksum: 202192 208698d6df409f737b5d489115790783
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.13_alpha.deb
Size/MD5 checksum: 1022456 f13b1bf9a0de99922522976a4f0c05c6
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.13_alpha.deb
Size/MD5 checksum: 1029340 4e6fb0ab7e3ba765617dbd860d910faa
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.13_alpha.deb
Size/MD5 checksum: 198392 0e8b5d5b1e4874744faee948d58435c9
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.13_alpha.deb
Size/MD5 checksum: 174916 c1f73f9648de0fa7c35dc88f6976a87b
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.13_alpha.deb
Size/MD5 checksum: 178366 fd3e1407968bd90f3ca32c1bd3e61bd6
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.13_alpha.deb
Size/MD5 checksum: 37414 c08246070fb2f52ae94c59b50f82cbf9

ARM architecture:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.13_arm.deb
Size/MD5 checksum: 743962 47723eb9417b084a049b13824d5f0da9
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.13_arm.deb
Size/MD5 checksum: 6590134 d19e19217d361c4ca229186ce794c213
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.13_arm.deb
Size/MD5 checksum: 104794 a80c15dd83aceecf6d05fb01a381a582
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.13_arm.deb
Size/MD5 checksum: 186800 2de874daa00f8b17807f5efa95ccdac2
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.13_arm.deb
Size/MD5 checksum: 651944 df001c3bba12297757812caa0bcb676a
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.13_arm.deb
Size/MD5 checksum: 655556 05b24ff6a055b8fbe6ba3f1795631533
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.13_arm.deb
Size/MD5 checksum: 155864 f9268cec205df73dc25602d64738c356
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.13_arm.deb
Size/MD5 checksum: 125018 60de0c401b10157b45f24c4f34c4d23c
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.13_arm.deb
Size/MD5 checksum: 128128 ff5f7f66cc6e4ff8079c18499b5bb8c0
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.13_arm.deb
Size/MD5 checksum: 37410 b3e2a7b2faae47b21929bc35eb2c98d5

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.13_i386.deb
Size/MD5 checksum: 743254 4caa9cdefd22a558a2030b806e150717
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.13_i386.deb
Size/MD5 checksum: 6639808 cb49d4526e939979a05b820663551b5c
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.13_i386.deb
Size/MD5 checksum: 106324 4799aeee22a9732ff2549010f3350b2b
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.13_i386.deb
Size/MD5 checksum: 183322 2a63cc241cbe10822f37d1733cca114b
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.13_i386.deb
Size/MD5 checksum: 625464 c98c7031a878f758d226cebe1887eeab
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.13_i386.deb
Size/MD5 checksum: 629712 0e9c222aa4251970a69546d3c8e28c75
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.13_i386.deb
Size/MD5 checksum: 155900 d539482e4f19dd555ef4fc57727747f8
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.13_i386.deb
Size/MD5 checksum: 123712 41ed509e764c68c082e73262c21ce332
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.13_i386.deb
Size/MD5 checksum: 126790 df83febebfe326d760530ad5f9a79f51
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.13_i386.deb
Size/MD5 checksum: 37414 0d24cd4d03f4c8dbde9254bbde84232d

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.13_ia64.deb
Size/MD5 checksum: 768116 91c03e1b564a015d5e92d01ead2f6451
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.13_ia64.deb
Size/MD5 checksum: 8843460 69c19168154f704047d64dd88847c70b
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.13_ia64.deb
Size/MD5 checksum: 153932 7ece8356ca3962b7196f15519114038a
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.13_ia64.deb
Size/MD5 checksum: 257512 2058f03f33ccfcc118d8fe302aeea3b1
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.13_ia64.deb
Size/MD5 checksum: 1045706 c394fc1bd3a8cc10657a573376056cfa
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.13_ia64.deb
Size/MD5 checksum: 1051150 876d795e349b5eb87fd981c206c0e17c
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.13_ia64.deb
Size/MD5 checksum: 199694 960281cc920bb56c6ae22cb8501c45ab
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.13_ia64.deb
Size/MD5 checksum: 185712 2cfd9e82757cd6155bdfb8622762db66
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.13_ia64.deb
Size/MD5 checksum: 191226 a7ff1986e0d54c69083a519bb41414ce
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.13_ia64.deb
Size/MD5 checksum: 37408 f03bc5824688ae2188d915c02bd35001

HP Precision architecture:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.13_hppa.deb
Size/MD5 checksum: 750044 bf9e9538ff0ae4f04d314d0e190ba87f
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.13_hppa.deb
Size/MD5 checksum: 7345290 90e867caf7837b8b2b863c53d1d821bb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.13_hppa.deb
Size/MD5 checksum: 117690 8f68f3e418000d803ce8dece02af15b6
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.13_hppa.deb
Size/MD5 checksum: 218160 bc41b54ce12b2db6adb6a35547a7bd16
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.13_hppa.deb
Size/MD5 checksum: 1111924 4667cefbe0056a23f337884436c09510
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.13_hppa.deb
Size/MD5 checksum: 1115514 2c04bec4f2a6e242321b6edaedea0686
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.13_hppa.deb
Size/MD5 checksum: 207908 91c9bc6d622888c0ede43ecba31bcb77
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.13_hppa.deb
Size/MD5 checksum: 172218 7d5d280cf79772917ce0ab9896b9f361
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.13_hppa.deb
Size/MD5 checksum: 176358 8b1cf4d1a479f7e1cea419f2dc1098ab
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.13_hppa.deb
Size/MD5 checksum: 37408 69293e3f4b104c85adef4521df7d07fd

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.13_m68k.deb
Size/MD5 checksum: 740368 2a77fccf3f8a342946575065373dbd62
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.13_m68k.deb
Size/MD5 checksum: 6484976 d315d8f12097fa3dbaa08dcb0be67e1f
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.13_m68k.deb
Size/MD5 checksum: 103834 f03d0a40602fd442df45a229df3dbea6
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.13_m68k.deb
Size/MD5 checksum: 178722 d26c0f719886747d1709c110ad034b16
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.13_m68k.deb
Size/MD5 checksum: 628884 cd8c249abf5f1724b34d4800404dd62b
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.13_m68k.deb
Size/MD5 checksum: 633404 41ed2c1f76d4d2bc26f98b8bf2fdd895
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.13_m68k.deb
Size/MD5 checksum: 151352 d98fe7855c9794fb39dbb46980a632ab
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.13_m68k.deb
Size/MD5 checksum: 120964 21aa4fa0c572cf37083b7a90ea8fc00b
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.13_m68k.deb
Size/MD5 checksum: 123888 413e21f67c36c46ad05c0824656db826
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.13_m68k.deb
Size/MD5 checksum: 37418 ff5766f8588e2c08c95002efc6860e70

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.13_mips.deb
Size/MD5 checksum: 740170 9867121e6108bfdbb5f4b7ca1d6454b8
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.13_mips.deb
Size/MD5 checksum: 6284608 1bff0261be6c8eea8c4cf4cc63f57f8c
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.13_mips.deb
Size/MD5 checksum: 107108 ec5433a58078b3f07658563dd2c46dc9
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.13_mips.deb
Size/MD5 checksum: 161238 4e686e5be67f47c5fda98d3dddef7330
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.13_mips.deb
Size/MD5 checksum: 621128 dd49b6b852e069e1013f492573ee6313
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.13_mips.deb
Size/MD5 checksum: 625454 71a7a6d2b8840be6fc85d3a9561d33c0
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.13_mips.deb
Size/MD5 checksum: 176112 a83da928b5e671bb91b4b948483301a3
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.13_mips.deb
Size/MD5 checksum: 124514 55d3861410c4197ed62d038f6b0e0174
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.13_mips.deb
Size/MD5 checksum: 127520 d0ed4fa232f26c2614e409b63dcbb404
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.13_mips.deb
Size/MD5 checksum: 37416 d50528b065c60365fce0f4f547fa1081

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.13_mipsel.deb
Size/MD5 checksum: 739504 9c820274c13b065fd07f70a7aeb1d76c
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.13_mipsel.deb
Size/MD5 checksum: 6190780 c94de3b327a3ea6e6da8ac924f0c95b8
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.13_mipsel.deb
Size/MD5 checksum: 106116 d3e01486a63d316c7e810c918f552f89
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.13_mipsel.deb
Size/MD5 checksum: 159470 708f7419e7159ee0c9379e21893cb012
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.13_mipsel.deb
Size/MD5 checksum: 613928 d4432e95d2ecf4d27e57addf221290c3
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.13_mipsel.deb
Size/MD5 checksum: 617482 0949980c00dc4c0e4e2230e7564c79ed
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.13_mipsel.deb
Size/MD5 checksum: 175278 69d9f9e674c087d21cac575a3b719366
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.13_mipsel.deb
Size/MD5 checksum: 123532 efc8d3c2537bedf25efd48f1ebd36a8b
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.13_mipsel.deb
Size/MD5 checksum: 126502 2e3592fb492f5d378f98ba2a4780d57c
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.13_mipsel.deb
Size/MD5 checksum: 37416 9909601d093c5724f16bef19159f3f86

PowerPC architecture:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.13_powerpc.deb
Size/MD5 checksum: 741200 72157542a537a782a753d20377791f70
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.13_powerpc.deb
Size/MD5 checksum: 6743390 7b96545e5ae4ec6072bc4cc9a5614d0a
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.13_powerpc.deb
Size/MD5 checksum: 106234 b216558d8fae124b2ef7b84e00e23e2a
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.13_powerpc.deb
Size/MD5 checksum: 182866 efa1b57fdc82602a9e0115ba5da5f98b
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.13_powerpc.deb
Size/MD5 checksum: 691294 bb4194b02266ce96725464dadb914964
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.13_powerpc.deb
Size/MD5 checksum: 694974 48baf346a6a343e5dcdb71c072a7ff35
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.13_powerpc.deb
Size/MD5 checksum: 154106 597dcec6c1576357d49307bff5caeeb0
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.13_powerpc.deb
Size/MD5 checksum: 127836 706d72cd9a65dfad671376aec0e05af5
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.13_powerpc.deb
Size/MD5 checksum: 130734 30bf40e7f6082cf1deb935296aab00d1
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.13_powerpc.deb
Size/MD5 checksum: 37418 2d5ef75c2333eb45f6d220705d1a4bde

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.13_s390.deb
Size/MD5 checksum: 742686 d4287af872c4190ea497fa17d1208760
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.13_s390.deb
Size/MD5 checksum: 6743956 3d20d186ccc54d960a61a2b8448f5705
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.13_s390.deb
Size/MD5 checksum: 110756 f8a793df44bd3fa43ebd336955b1c5db
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.13_s390.deb
Size/MD5 checksum: 177228 0b9b04cd294b5f67a2962e5148dee8d9
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.13_s390.deb
Size/MD5 checksum: 642566 f25a3ebbfef855b98e23695ee9cf4b8a
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.13_s390.deb
Size/MD5 checksum: 647584 6865ea6583be755372d292f58b975e7e
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.13_s390.deb
Size/MD5 checksum: 151696 8c465cb74fa93c4cc22b55e32cfff3c4
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.13_s390.deb
Size/MD5 checksum: 130184 f3d7293b8c5b615ae5ac87cd3f163ef8
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.13_s390.deb
Size/MD5 checksum: 133604 77fc9edf6261076d1b966cf41a2da7ec
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.13_s390.deb
Size/MD5 checksum: 37414 9ee65840380742736c9c84196efc8a24

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.13_sparc.deb
Size/MD5 checksum: 742052 769ed2038e89a752099b76b3e7013762
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.13_sparc.deb
Size/MD5 checksum: 6580508 77bbc933d96d8f445ac1b33d9fe07a89
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.13_sparc.deb
Size/MD5 checksum: 118032 b5803cc83bfa18ca4ceebc2775ae2a2d
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.13_sparc.deb
Size/MD5 checksum: 184454 4623c000bb8bca53541a70313c117702
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.13_sparc.deb
Size/MD5 checksum: 665306 d97b8aa08520060e4b34c52bde2c30b8
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.13_sparc.deb
Size/MD5 checksum: 669144 5fa5d0c77445e60b8f9729f571d7e802
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.13_sparc.deb
Size/MD5 checksum: 152112 6371ee88e1c46bd41ddbc7bbb7ec3100
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.13_sparc.deb
Size/MD5 checksum: 128956 79ecddc9557a7f31a7395d4aa551cc3b
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.13_sparc.deb
Size/MD5 checksum: 131662 01919846b6cc30d473eb87022fed41a2
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.13_sparc.deb
Size/MD5 checksum: 37412 f66c9283e94542c62f125701f6d99178

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 632-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 10th, 2005 http://www.debian.org/security/faq


Package : linpopup
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1282
Debian Bug : 287044

Stephen Dranger discovered a buffer overflow in linpopup, an X11 port of winpopup, running over Samba, that could lead to the execution of arbitrary code when displaying a maliciously crafted message.

For the stable distribution (woody) this problem has been fixed in version 1.2.0-2woody1.

For the unstable distribution (sid) this problem has been fixed in version 1.2.0-7.

We recommend that you upgrade your linpopup package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1.dsc
Size/MD5 checksum: 577 b5272d2427beb92f9572337c3907f7bf
http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1.diff.gz
Size/MD5 checksum: 14771 346c0d8fc894eb9660cbc945f53d7a48
http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0.orig.tar.gz
Size/MD5 checksum: 145628 26503ac44971e334cbbb0a79dd796d93

Alpha architecture:

http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_alpha.deb
Size/MD5 checksum: 84980 bd4cc7b95e42ae85891826fdd9345e5d

ARM architecture:

http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_arm.deb
Size/MD5 checksum: 74870 b80b3706d1edb463b4d7ef0f56c87e79

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_i386.deb
Size/MD5 checksum: 74384 2f4379854819b565ccccd7b12a6c49de

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_ia64.deb
Size/MD5 checksum: 92484 04b4b1b3708af2b60c06e9f71f01713e

HP Precision architecture:

http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_hppa.deb
Size/MD5 checksum: 79440 7f77468ea23f65fc9a8ffdb8f46cdea9

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_m68k.deb
Size/MD5 checksum: 74278 d796fa11bf939e3fd5bcbe1f4e2a4d13

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_mips.deb
Size/MD5 checksum: 76782 55cfe5ccdd97d3cda45195adaf881149

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_mipsel.deb
Size/MD5 checksum: 75740 0437ce2cd5f7eac82c53d093d3705e3e

PowerPC architecture:

http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_powerpc.deb
Size/MD5 checksum: 76628 141d3f2f5ea14033380407ba5f947f5e

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_s390.deb
Size/MD5 checksum: 76724 741b61e7ba6bbe691b717a7e426ed3e5

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_sparc.deb
Size/MD5 checksum: 76130 a316e43db286b9ae298481d0bbe6fd29

These files will probably be moved into the stable distribution on its next update.


Debian Security Advisory DSA 630-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 10th, 2005 http://www.debian.org/security/faq


Package : lintian
Vulnerability : insecure temporary directory Problem-Type : local
Debian-specific: yes
CVE ID : CAN-2004-1000
Debian Bug : 286681

Jeroen van Wolffelaar discovered a problem in lintian, the Debian package checker. The program removes the working directory even if it wasn't created at program start, removing an unrelated file or directory a malicious user inserted via a symlink attack.

For the stable distribution (woody) this problem has been fixed in version 1.20.17.1.

For the unstable distribution (sid) this problem has been fixed in version 1.23.6.

We recommend that you upgrade your lintian package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/l/lintian/lintian_1.20.17.1.dsc
Size/MD5 checksum: 505 03d54a4d67f1c784cbee0fdac29fd9d6
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.20.17.1.tar.gz
Size/MD5 checksum: 198277 886c05fe72a348ca3db23856c59bf8af

Architecture independent components:

http://security.debian.org/pool/updates/main/l/lintian/lintian_1.20.17.1_all.deb
Size/MD5 checksum: 171384 bc968e0eeebad128e743d716e4bc10e7

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

SUSE Linux


SUSE Security Announcement

Package: libtiff/tiff
Announcement-ID: SUSE-SA:2005:001
Date: Monday, Jan 10th 2005 11:30 MET
Affected products: 8.1, 8.2, 9.0, 9.1, 9.2 SUSE Linux Desktop 1.0 SUSE Linux Enterprise Server 8, 9 Novell Linux Desktop 9
Vulnerability Type: remote system compromise
Severity (1-10): 8
SUSE default package: yes
Cross References: CAN-2004-1183 CAN-2004-1308

Content of this advisory:

  1. security vulnerability resolved:
    • integer overflow
    • buffer overflow problem description
  2. solution/workaround
  3. special instructions and notes
  4. package location and checksums
  5. pending vulnerabilities, solutions, workarounds:
  6. standard appendix (further information)

1) problem description, brief discussion

Libtiff supports reading, writing, and manipulating of TIFF image files. iDEFENSE reported an integer overflow in libtiff that can be exploited by specific TIFF images to trigger a heap-based buffer overflow afterwards.

This bug can be used by external attackers to execute arbitrary code over the network by placing special image files on web-pages and alike.

Additionally a buffer overflow in tiffdump was fixed.

2) solution/workaround

There is no workaround known.

3) special instructions and notes

It is needed that all processes using libtiff are restarted. If you use GUI applications please close your X/GDM/KDM session(s) and log in again.

4) package location and checksums

Download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update.
Our maintenance customers are being notified individually. The packages are being offered for installation from the maintenance web.

x86 Platform:

    SUSE Linux 9.2:
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/libtiff-3.6.1-47.4.i586.rpm       8d0c9a4295719b7b659d33b311932cce
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/libtiff-devel-3.6.1-47.4.i586.rpm       bbdfe23b8390265f62c5e800551eca7d
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/tiff-3.6.1-47.4.i586.rpm       79d0b122103b619b795872ed70a7feaa
    patch rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/libtiff-3.6.1-47.4.i586.patch.rpm       dd18c32e661a59dfda88e5318ecfb825
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/libtiff-devel-3.6.1-47.4.i586.patch.rpm       a161f078c72920fde4f95f0f229e07fb
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/tiff-3.6.1-47.4.i586.patch.rpm       b66e77ac565b375555f9b980145a9442
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/tiff-3.6.1-47.4.src.rpm       953f00dd4f98223d270db6e2c662e370

    SUSE Linux 9.1:
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/libtiff-3.6.1-38.14.i586.rpm       bc883989e3deeecbc0dfb47a9daa23ff
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/tiff-3.6.1-38.14.i586.rpm       46a598e4914836b7e4e90094625e1587
    patch rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/libtiff-3.6.1-38.14.i586.patch.rpm       ec8d13d5b0bb4bedb2796db800ec8821
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/tiff-3.6.1-38.14.i586.patch.rpm       8bfef59cd1946f889f9eb3b8f441e61a
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/tiff-3.6.1-38.14.src.rpm       59218891e1c096ee376aec6906dbbc1c

    SUSE Linux 9.0:
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/libtiff-3.5.7-379.i586.rpm       339b3bbc318cc6298e07a65e82a1e07d
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/tiff-3.5.7-379.i586.rpm       6fe1432237f589dc73e348e1cdbc9068
    patch rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/libtiff-3.5.7-379.i586.patch.rpm       867a5a98a2ac68071be51a2426992bd9
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/tiff-3.5.7-379.i586.patch.rpm       a185bec3b9a4a79590561d2bd7d19243
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/tiff-3.5.7-379.src.rpm       a4857a276db37e3a6d4fc6df2bebd230

    SUSE Linux 8.2:
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/libtiff-3.5.7-379.i586.rpm       aab8d95cf757c5520830e0bed74e2d5f
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/tiff-3.5.7-379.i586.rpm       5ded8ffdd7633ce5a68a231d637f6247
    patch rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/libtiff-3.5.7-379.i586.patch.rpm       566e39a22033284c1266c52eac7320d3
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/tiff-3.5.7-379.i586.patch.rpm       40521831ae56bdabde85ee92473697c5
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/tiff-3.5.7-379.src.rpm       f407a1cfca26d9618d19848b087983ee

    SUSE Linux 8.1:
    ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/libtiff-3.5.7-379.i586.rpm       36ec66df028b5d24f8373282a32f1440
    ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/tiff-3.5.7-379.i586.rpm       7e5b60fd51d14eac8312474f2d43cda0
    patch rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/libtiff-3.5.7-379.i586.patch.rpm       41959759027005e272103b07054c6e26
    ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/tiff-3.5.7-379.i586.patch.rpm       0ae11b9367fe84085aacd6ed1b586bff
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/tiff-3.5.7-379.src.rpm       b9d1ac1c51f9f935ca78628d8d2adc3e

    x86-64 Platform:

    SUSE Linux 9.2:
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/libtiff-32bit-9.2-200501041820.x86_64.rpm       d22303573664d8ef0170c1da81a65232
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/libtiff-32bit-9.2-200501041820.x86_64.rpm       d22303573664d8ef0170c1da81a65232
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/libtiff-devel-3.6.1-47.4.x86_64.rpm       27a98a68b4bda3096f6263998c41d29d
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/tiff-3.6.1-47.4.x86_64.rpm       d9f2938c822fa2131a3b2a1c4b471376
    patch rpm(s):
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/libtiff-32bit-9.2-200501041820.x86_64.patch.rpm       f52f8c1a562151373ee98c14e22a6107
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/libtiff-32bit-9.2-200501041820.x86_64.patch.rpm       f52f8c1a562151373ee98c14e22a6107
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/libtiff-devel-3.6.1-47.4.x86_64.patch.rpm       cb8f1590ecc0b7ef89eeca271ab7a5c7
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/tiff-3.6.1-47.4.x86_64.patch.rpm       e49a2d960381dea99758b7c8d34df07f
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/src/tiff-3.6.1-47.4.src.rpm       953f00dd4f98223d270db6e2c662e370

    SUSE Linux 9.1:
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/libtiff-3.6.1-38.14.x86_64.rpm       01f564b510e02b71ed23146358b6488a
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/tiff-3.6.1-38.14.x86_64.rpm       b9fbc56e9f2250ec222c87f8a3805252

    patch rpm(s):
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/libtiff-3.6.1-38.14.x86_64.patch.rpm       813bcb747d11c80ddc30c9de98dbd344
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/tiff-3.6.1-38.14.x86_64.patch.rpm       2a6c5c2923d9709904cdef560c996fb9
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/tiff-3.6.1-38.14.src.rpm       506ec05d53f1bc266263aa76086d8af9

    SUSE Linux 9.0:
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/libtiff-3.5.7-379.x86_64.rpm       29e8cfa5fd6725ea02d66e43a2abeafb
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/tiff-3.5.7-379.x86_64.rpm       b5bccb1560f75b5fd9dd827bdc2f6424
    patch rpm(s):
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/libtiff-3.5.7-379.x86_64.patch.rpm       e64cdac3e6a86404d17807e12c4f7098
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/tiff-3.5.7-379.x86_64.patch.rpm       9e5eb1bfc586805c8e1f65002b82234c
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/tiff-3.5.7-379.src.rpm       b406b3a976b892afb572be9907ab2df0


5) pending vulnerabilities in SUSE Distributions and Workarounds:

Please read our next summary report for more information.


6) standard appendix: authenticity verification, additional information

  • Package authenticity verification:

    SUSE update packages are available on many mirror ftp servers all over the world. While this service is being considered valuable and important to the free and open source software community, many users wish to be sure about the origin of the package and its content before installing the package. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or rpm package:

    1. md5sums as provided in the (cryptographically signed) announcement.
    2. using the internal gpg signatures of the rpm package.
    3. execute the command md5sum <name-of-the-file.rpm> after you downloaded the file from a SUSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key security@suse.de), the checksums show proof of the authenticity of the package. We recommend against subscribing to security lists that cause the e-mail message containing the announcement to be modified so that the signature does not match after transport through the mailing list software. Downsides: You must be able to verify the authenticity of the announcement in the first place. If RPM packages are being rebuilt and a new version of a package is published on the ftp server, all md5 sums for the files are useless.
    4. rpm package signatures provide an easy way to verify the authenticity of an rpm package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, where <file.rpm> is the file name of the rpm package that you have downloaded. Of course, package authenticity verification can only target an uninstalled rpm package file. Prerequisites:
      1. gpg is installed
      2. The package is signed using a certain key. The public part of this key must be installed by the gpg program in the directory ~/.gnupg/ under the user's home directory who performs the signature verification (usually root). You can import the key that is used by SUSE in rpm packages for SUSE Linux by saving this announcement to a file ("announcement.txt") and running the command (do "su -" to be root): gpg --batch; gpg < announcement.txt | gpg --import SUSE Linux distributions version 7.1 and thereafter install the key "build@suse.de" upon installation or upgrade, provided that the package gpg is installed. The file containing the public key is placed at the top-level directory of the first CD (pubring.gpg) and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .
  • SUSE runs two security mailing lists to which any interested party may subscribe:

    suse-security@suse.com

  • general/linux/SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an email to

    <suse-security-subscribe@suse.com>.

    suse-security-announce@suse.com

  • SUSE's announce-onl