dcsimg
Linux Today: Linux News On Internet Time.





More on LinuxToday


Security Digest: January 19, 2005

Jan 20, 2005, 04:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 648-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 19th, 2005 http://www.debian.org/security/faq


Package : xpdf
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0064

iDEFENSE has reported a buffer overflow in xpdf, the portable document format (PDF) suite. A maliciously crafted PDF file could exploit this problem, resulting in the execution of arbitrary code.

For the stable distribution (woody) this problem has been fixed in version 1.00-3.4.

For the unstable distribution (sid) this problem has been fixed in version 3.00-12.

We recommend that you upgrade your xpdf package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.4.dsc
Size/MD5 checksum: 706 635d7c4eae9655d8a3377d8eed6cb2d1
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.4.diff.gz
Size/MD5 checksum: 10726 0267c0fd7ffecd48dd888e170953a480
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00.orig.tar.gz
Size/MD5 checksum: 397750 81f3c381cef729e4b6f4ce21cf5bbf3c

Architecture independent components:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_1.00-3.4_all.deb
Size/MD5 checksum: 38654 d163325cae5a83d1f9ef2022242c731d
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.4_all.deb
Size/MD5 checksum: 1286 14b9041fb706c9dcf9a72a7a2d616498

Alpha architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.4_alpha.deb
Size/MD5 checksum: 570826 cf720966e539a765617002f4b4f5173f
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.4_alpha.deb
Size/MD5 checksum: 1045624 0515266a4c09a1f3d271c37de5642b7b

ARM architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.4_arm.deb
Size/MD5 checksum: 487114 64e64f1224c36ec480df57aaa8862464
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.4_arm.deb
Size/MD5 checksum: 886366 6295a2ce46f4fa28821ea140774bfb6e

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.4_i386.deb
Size/MD5 checksum: 449350 0967c7b29b81f78e9da2cdc889abb615
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.4_i386.deb
Size/MD5 checksum: 827852 f4d7c558370100c774ebfaa82954b83d

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.4_ia64.deb
Size/MD5 checksum: 682306 25b464ea05a8f598f08bcbdedf7170f4
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.4_ia64.deb
Size/MD5 checksum: 1227886 c5f8725564e5dac40e9a3e36d7cdb068

HP Precision architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.4_hppa.deb
Size/MD5 checksum: 563840 d1dd472effb32d5134a23f30c3fd2580
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.4_hppa.deb
Size/MD5 checksum: 1032718 5beab4427ebdb90e330b4c6f8f8d1d07

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.4_m68k.deb
Size/MD5 checksum: 427492 052dad490755f8875e01dc93f1bc4fe5
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.4_m68k.deb
Size/MD5 checksum: 794424 6670b3f46279a6a65c46b19f184195b9

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.4_mips.deb
Size/MD5 checksum: 555248 183c3ba8ae860fa97a04e78dbdb79907
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.4_mips.deb
Size/MD5 checksum: 1016592 dbbd8df3a721fe6f8fd2111d39a6398d

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.4_mipsel.deb
Size/MD5 checksum: 546180 3651e279ad35be576904a273ccc97e82
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.4_mipsel.deb
Size/MD5 checksum: 998826 d43a48dd2e29d83d6c8cd82c7b8eaede

PowerPC architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.4_powerpc.deb
Size/MD5 checksum: 470234 61843ddd6fd49a125b2de4ed3520aa81
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.4_powerpc.deb
Size/MD5 checksum: 859834 e8ecff5500bee7ea36c30a2f60f27a2c

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.4_s390.deb
Size/MD5 checksum: 429954 d87f372421dda1c197110de91bc0aa96
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.4_s390.deb
Size/MD5 checksum: 785678 64e863e6d800d87a506f2325028a3dcf

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.4_sparc.deb
Size/MD5 checksum: 443762 3d07a1c14b76f02dcd66c6e3049210b0
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.4_sparc.deb
Size/MD5 checksum: 809722 e9f738b1b4c5f06a605d828e4120278e

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 647-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 19th, 2005 http://www.debian.org/security/faq


Package : mysql
Vulnerability : insecure temporary files
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0004

Javier Fernandez-Sanguino Pena from the Debian Security Audit Project discoverd a temporary file vulnerability in the mysqlaccess script of MySQL that could allow an unprivileged user to let root overwrite arbitrary files via a symlink attack and could also could unveil the contents of a temporary file which might contain sensitive information.

For the stable distribution (woody) this problem has been fixed in version 3.23.49-8.9.

For the unstable distribution (sid) this problem has been fixed in version 4.0.23-3 of mysql-dfsg and in version 4.1.8a-6 of mysql-dfsg-4.1.

We recommend that you upgrade your mysql packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.9.dsc
Size/MD5 checksum: 875 943c6c647b130518c2a6c96bcb9c4031
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.9.diff.gz
Size/MD5 checksum: 68320 7c46ef730e9c81c554b6d511481c02b7
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz
Size/MD5 checksum: 11861035 a2820d81997779a9fdf1f4b3c321564a

Architecture independent components:

http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.9_all.deb
Size/MD5 checksum: 17484 9c6cf59a839d3fc25a74f164358008e2
http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.5_all.deb
Size/MD5 checksum: 1962992 a4cacebaadf9d5988da0ed1a336b48e6

Alpha architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_alpha.deb
Size/MD5 checksum: 278304 345708861734203ea2b8539c08a522a5
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_alpha.deb
Size/MD5 checksum: 779380 fa6bc20e561e5022eedc5dcd69715a27
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_alpha.deb
Size/MD5 checksum: 164116 f71397420366e10b5baf839658611271
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_alpha.deb
Size/MD5 checksum: 3635240 09c8c082c5bb1a5aec7fc55bebc0bcd6

ARM architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_arm.deb
Size/MD5 checksum: 238910 874cde30bec50e22aec0d66b163b5d60
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_arm.deb
Size/MD5 checksum: 635228 2cde5c1d7b306ad42b57a0cf26980546
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_arm.deb
Size/MD5 checksum: 124520 4a625fd5ba3b3f28cc13ebf65c2a1afb
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_arm.deb
Size/MD5 checksum: 2806914 3d001b9b0c0cb886e145d0bd39af870f

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_i386.deb
Size/MD5 checksum: 235264 44202de31efe2267b50a0e24fb8ee3fd
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_i386.deb
Size/MD5 checksum: 577118 081914b6293637cedc177b4c10671796
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_i386.deb
Size/MD5 checksum: 123080 0d35e7a8bd5f5ae806c55a2a12aa6ac1
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_i386.deb
Size/MD5 checksum: 2800998 e2af0992c6a9921dfc864e75c1495258

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_ia64.deb
Size/MD5 checksum: 315628 29091ddf30d6c12f777f53cec06b740b
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_ia64.deb
Size/MD5 checksum: 849066 aa2f4e5c92fc2779c3072c85d68ffb5f
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_ia64.deb
Size/MD5 checksum: 174356 b4e35c1cbe4726f3abdeb5b159027c29
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_ia64.deb
Size/MD5 checksum: 4000374 bc43f76d2bde3d546f4d0c3a5066a641

HP Precision architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_hppa.deb
Size/MD5 checksum: 281234 342cd7fccbb64631bf655cb7952e90c1
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_hppa.deb
Size/MD5 checksum: 744302 546d8e2ba4c48c8936be30396dbedab2
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_hppa.deb
Size/MD5 checksum: 141156 0b4874c0a5e0961dc6027ed24bd2a6f9
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_hppa.deb
Size/MD5 checksum: 3515058 335d0afef63d0abc18e20ad760bd70b1

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_m68k.deb
Size/MD5 checksum: 228298 ace3b33157e09b2b78e23bd945cc56a5
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_m68k.deb
Size/MD5 checksum: 558298 b8c4e5656cc5a4208875740ed1b17aa9
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_m68k.deb
Size/MD5 checksum: 118952 ce85668f7070bcd748aad870c72aa150
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_m68k.deb
Size/MD5 checksum: 2647058 02d740546dc1690a604225d5e37cc99b

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_mips.deb
Size/MD5 checksum: 251516 9f7505c8797f0f36272449ea8b416ce6
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_mips.deb
Size/MD5 checksum: 689502 3bd49b0204f94da6a254dee9f0dfd778
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_mips.deb
Size/MD5 checksum: 134466 4dd241930eaec445b5ef90aa68f7d4ab
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_mips.deb
Size/MD5 checksum: 2848984 c5b09b6786844a747c8b8cef395dfac4

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_mipsel.deb
Size/MD5 checksum: 251192 73d7c69f49a13e8e3592310c2bc675e0
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_mipsel.deb
Size/MD5 checksum: 689122 f13325c3394b0385c76d289d886f165f
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_mipsel.deb
Size/MD5 checksum: 134828 6d0e79f252d1cd3048ce3367aa200636
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_mipsel.deb
Size/MD5 checksum: 2839732 499551d692fc5d80fd16c43e83e19201

PowerPC architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_powerpc.deb
Size/MD5 checksum: 248344 d2fbd5ac1b1ce08963b38c276297f8fb
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_powerpc.deb
Size/MD5 checksum: 653252 eefbee85063e49943d26b4e4f278343a
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_powerpc.deb
Size/MD5 checksum: 130004 33fb65f2e7d3e0b3681dc2ab8dc72762
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_powerpc.deb
Size/MD5 checksum: 2823828 29fa73043be8ec6caa52c65719fd9fc0

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_s390.deb
Size/MD5 checksum: 250630 e37efa3ab7dc647355c3525940f1e580
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_s390.deb
Size/MD5 checksum: 607800 31a8eb384c66765e82f8330e20e9abb8
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_s390.deb
Size/MD5 checksum: 126984 cc938da5903e7d7f22da55c88bdaa552
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_s390.deb
Size/MD5 checksum: 2691598 e944a61e4f832a410ef48a6ef1fafa36

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_sparc.deb
Size/MD5 checksum: 241812 f2996905943eaa9e4a04c842623cb4ce
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_sparc.deb
Size/MD5 checksum: 616256 251bda8bfc97c7d216faa1e0e174d4b6
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_sparc.deb
Size/MD5 checksum: 130942 372c0534b98507f3ecdcb3944c2f8a92
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_sparc.deb
Size/MD5 checksum: 2940408 38cd0279c75c8968a50b2742e810f484

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 646-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 19th, 2005 http://www.debian.org/security/faq


Package : imagemagick
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0005

Andrei Nigmatulin discovered a buffer overflow in the PSD image-decoding module of ImageMagick, a commonly used image manipulation library. Remote exploition with a carefully crafted image could lead to the execution of arbitrary code.

For the stable distribution (woody) this problem has been fixed in version 5.4.4.5-1woody5.

For the unstable distribution (sid) this problem has been fixed in version 6.0.6.2-2.

We recommend that you upgrade your imagemagick packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5.dsc
Size/MD5 checksum: 852 7ca6886f64037e980060508a770bd777
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5.diff.gz
Size/MD5 checksum: 15619 4b8192231c8975e0f83bab0bdee0f25a
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5.orig.tar.gz
Size/MD5 checksum: 3901237 f35e356b4ac1ebc58e3cffa7ea7abc07

Alpha architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_alpha.deb
Size/MD5 checksum: 1309882 ddc9e1e57e1733ba68898c4d78d11ff2
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_alpha.deb
Size/MD5 checksum: 154212 c0cb6e3b81807a9ea8b6fcf1b3d3403e
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_alpha.deb
Size/MD5 checksum: 56326 883322541fe624e48bd4d2f579090d27
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_alpha.deb
Size/MD5 checksum: 833384 4a6b6198ca41453dd989e65f68d7d3be
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_alpha.deb
Size/MD5 checksum: 67370 a7487a31ee8afcf6e8dbc942d9eb7226
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_alpha.deb
Size/MD5 checksum: 113864 815d027cfec793000bb6eafd54b6c6d4

ARM architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_arm.deb
Size/MD5 checksum: 1297154 08cf4503548d7b4f594b19dbbbc9b620
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_arm.deb
Size/MD5 checksum: 118778 7ea1c8496ba2f9b10e173136d7646b19
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_arm.deb
Size/MD5 checksum: 56372 5b58a6cfa9f0585b7dbcb2a6a079f5bb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_arm.deb
Size/MD5 checksum: 898716 4cbae243299cab78d9c7189d57b5f5e5
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_arm.deb
Size/MD5 checksum: 67398 9f7051f05c9f6339f29c814e6800c5a8
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_arm.deb
Size/MD5 checksum: 109992 feded00d7fa37064e447fd140a06b861

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_i386.deb
Size/MD5 checksum: 1295194 4c860486ff0284c0f3a02e6db73d2729
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_i386.deb
Size/MD5 checksum: 122838 1fa97dc730589c4d2405cfb1daf65d58
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_i386.deb
Size/MD5 checksum: 56348 f6f1831bc53050fed4be4a779f617d85
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_i386.deb
Size/MD5 checksum: 772594 bc095d6fc212c57e76682d2e908e645f
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_i386.deb
Size/MD5 checksum: 67380 77bbc19b74af8f4ec6a423ca2cb8519f
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_i386.deb
Size/MD5 checksum: 106994 893011a405b1e248c75f9c2e2e43cdf6

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_ia64.deb
Size/MD5 checksum: 1336218 0da64c0ceb2ae9c2841ce4686c81ebbf
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_ia64.deb
Size/MD5 checksum: 137108 a2353ec66b50f90e3738aedde81e5093
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_ia64.deb
Size/MD5 checksum: 56312 044edaa6a7185e0e26a98a90748f1a7b
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_ia64.deb
Size/MD5 checksum: 1360062 471ec0c40753bb7eac7e45385b0c96f0
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_ia64.deb
Size/MD5 checksum: 67354 17efc0247ef95e3c38d170ed2f61a743
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_ia64.deb
Size/MD5 checksum: 132964 bacf380322370e7ced619ca4c76388f0

HP Precision architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_hppa.deb
Size/MD5 checksum: 1297430 d70abbbe6d475d60fc2a34e2778c12f2
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_hppa.deb
Size/MD5 checksum: 132930 fedc55e4a005b28e00b54c993887e209
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_hppa.deb
Size/MD5 checksum: 56362 8ec84f2f0a57a4c7f4289a652a4528ba
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_hppa.deb
Size/MD5 checksum: 859932 43a200eb3b9a70b8de1227e99820fb01
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_hppa.deb
Size/MD5 checksum: 67394 b1d4e146818947a44af16f15a1451a18
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_hppa.deb
Size/MD5 checksum: 117242 fc089bd83662c0fcc49cc0b569bb1c30

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_m68k.deb
Size/MD5 checksum: 1292622 a87e2eb868de28f78bf59d001468aedb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_m68k.deb
Size/MD5 checksum: 134082 9ea7de99c48a5dc768fa8224aa0238d5
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_m68k.deb
Size/MD5 checksum: 56392 c2059fc2455faa9c1d0a2f6f95fe5ba7
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_m68k.deb
Size/MD5 checksum: 751912 e80a1f4e2544d275fda1551b57d0246a
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_m68k.deb
Size/MD5 checksum: 67420 db7a3156415f665889b025a154e2e9f5
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_m68k.deb
Size/MD5 checksum: 107482 54a1926ff755f825afa4b89efbadfd76

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_mips.deb
Size/MD5 checksum: 1294936 67ca29a49ab0c8e515e4810ece9ab409
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_mips.deb
Size/MD5 checksum: 120352 99578089369ea2a003d0a56aec6d34b2
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_mips.deb
Size/MD5 checksum: 56362 98ecbc125c9451d9e885bb325997a73b
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_mips.deb
Size/MD5 checksum: 733120 641218d8281d38b3b55fb6d787e68760
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_mips.deb
Size/MD5 checksum: 67404 3d0714b089cd5de5e4471aaf760a831e
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_mips.deb
Size/MD5 checksum: 103404 1517f93c042c60907d9bcc98ab7a70c8

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_mipsel.deb
Size/MD5 checksum: 1294920 a4ecbf6a8abbd0e18e0b3c2d896e2dcc
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_mipsel.deb
Size/MD5 checksum: 113950 5cfad22c7d0beec13255e148ca11783d
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_mipsel.deb
Size/MD5 checksum: 56390 599616ef7a5869f65f65d4e1a493160c
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_mipsel.deb
Size/MD5 checksum: 721098 084defe73c73603e61b69419e1374f8e
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_mipsel.deb
Size/MD5 checksum: 67414 1e8aa5e91cf61883a0c046f2d734c12c
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_mipsel.deb
Size/MD5 checksum: 102940 78c33b91bf9214e4caaa39eaf0679df7

PowerPC architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_powerpc.deb
Size/MD5 checksum: 1291544 7b362ea5200d9f6e9d2721cd94f2c0d0
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_powerpc.deb
Size/MD5 checksum: 135970 01a05f7cd212b3fa7ed76c0a0525c7b3
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_powerpc.deb
Size/MD5 checksum: 56354 07ec4a9182761c19fd19090d0fdcaa04
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_powerpc.deb
Size/MD5 checksum: 786292 5415dfec8fbed3256fd306a727408d15
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_powerpc.deb
Size/MD5 checksum: 67400 644db38acce431e9b42baf87691232d7
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_powerpc.deb
Size/MD5 checksum: 111994 9723784a9a5d0da539449356f2437dbb

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_s390.deb
Size/MD5 checksum: 1292246 2f71ab873e1756bd046a2321835a94b4
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_s390.deb
Size/MD5 checksum: 132088 7d757d128832809a4d151013bb5cd488
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_s390.deb
Size/MD5 checksum: 56364 375a050c6067239cdc4bbf6effca8132
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_s390.deb
Size/MD5 checksum: 778100 e5185091f6cd9e27d71580fb38fc8690
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_s390.deb
Size/MD5 checksum: 67390 26dc5601e55ead50a24df92aa115e44e
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_s390.deb
Size/MD5 checksum: 109050 4c65dcbf5625457c3fe1aa91f6664045

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_sparc.deb
Size/MD5 checksum: 1295258 21cd0e05b94c92089329dd5668835e0d
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_sparc.deb
Size/MD5 checksum: 123926 2555c9f3c2b04fb3158ba1013b66f2f2
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_sparc.deb
Size/MD5 checksum: 56360 0d0cbbb1bd4c1ba9ab5a843097f5d194
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_sparc.deb
Size/MD5 checksum: 802740 5636ffd8e41544e1495668221c448cdf
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_sparc.deb
Size/MD5 checksum: 67386 165565fb0f4519388893f2f8548b0535
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_sparc.deb
Size/MD5 checksum: 112954 c7a6faee63c2c8b59a30585245e4c2a1

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 645-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 19th, 2005 http://www.debian.org/security/faq


Package : cupsys
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0064

iDEFENSE has reported a buffer overflow in xpdf, the portable document format (PDF) suite. Similar code is present in the PDF processing part of CUPS. A maliciously crafted PDF file could exploit this problem, resulting in the execution of arbitrary code.

For the stable distribution (woody) this problem has been fixed in version 1.1.14-5woody12.

In the unstable distribution (sid) CUPSYS does not use its own xpdf variant anymore but uses xpdf-utils.

We recommend that you upgrade your cups packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12.dsc
Size/MD5 checksum: 712 dba687dbc0a6992b0a3cdd8da496abdf
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12.diff.gz
Size/MD5 checksum: 40770 083cfc2f84280ebaee765ec1ba7a8f29
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14.orig.tar.gz
Size/MD5 checksum: 6150756 0dfa41f29fa73e7744903b2471d2ca2f

Alpha architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_alpha.deb
Size/MD5 checksum: 1901080 80c9b14b52397228088eb278ef07d897
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_alpha.deb
Size/MD5 checksum: 74548 98b9ef57c0e574aadf0e804fb070ccff
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_alpha.deb
Size/MD5 checksum: 93196 ebe102c5982747fb36254898db73bdac
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_alpha.deb
Size/MD5 checksum: 2446048 e3509f813586e394fcaea652caeb979d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_alpha.deb
Size/MD5 checksum: 138216 c6c6beeff4bc077a290bb213ffafcd04
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_alpha.deb
Size/MD5 checksum: 181162 c612bffce4b666c36e9709a3f1c3b916

ARM architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_arm.deb
Size/MD5 checksum: 1821988 cae79abb7d1980e5cb983c51c23df200
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_arm.deb
Size/MD5 checksum: 68682 2aef42b9bfa45d45a0b94f980cd75f0b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_arm.deb
Size/MD5 checksum: 85876 c998cf95bd9faa58bbc3618d92c69e3b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_arm.deb
Size/MD5 checksum: 2346072 24d5e48e3e0319b948038c45b1219b4d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_arm.deb
Size/MD5 checksum: 113198 4ce263fe2f228ad505e6249869ede086
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_arm.deb
Size/MD5 checksum: 150620 9644fdf3f4c6021a203b1a9811a14de8

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_i386.deb
Size/MD5 checksum: 1788840 4421966dabb586f81791d9d27eaf9ceb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_i386.deb
Size/MD5 checksum: 68212 af70c5816c54edf896a22c24fe0568b8
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_i386.deb
Size/MD5 checksum: 84376 6178a9c61d805a70e3f787f9cec45d44
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_i386.deb
Size/MD5 checksum: 2312208 53aaab028df004928720cf25e9912298
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_i386.deb
Size/MD5 checksum: 111224 2a6caaceda4a9a617637ffec2e6b0888
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_i386.deb
Size/MD5 checksum: 136782 70d5e60898bf4cb15ec009832f2914ff

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_ia64.deb
Size/MD5 checksum: 2008480 dbd5516b389032d32bed1b3f47157dd6
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_ia64.deb
Size/MD5 checksum: 77618 c93fd0ad5ed158ece2b3bfe820f65c85
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_ia64.deb
Size/MD5 checksum: 97360 d5b475b30e5566ae84e4388a9c8b88ce
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_ia64.deb
Size/MD5 checksum: 2656984 7c862503822e4f2bf4758f7d2359ebc9
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_ia64.deb
Size/MD5 checksum: 156234 67c450bec79adc3790e03933d59f3d37
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_ia64.deb
Size/MD5 checksum: 183182 7f11c1e4644116c23db6b29c73427040

HP Precision architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_hppa.deb
Size/MD5 checksum: 1882020 9c4b419efcb6432c6470c3d1d55d2df4
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_hppa.deb
Size/MD5 checksum: 71014 be0ebd451a3141b3962fe2bdcf6ec50f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_hppa.deb
Size/MD5 checksum: 90032 a7ba29d9e1c69af6b90f4007d5a74c6f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_hppa.deb
Size/MD5 checksum: 2456276 65d1e20bf5e1189467226ead52702708
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_hppa.deb
Size/MD5 checksum: 126706 b780b2343e1a4c1f7efbc2e31bf45a5f
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_hppa.deb
Size/MD5 checksum: 159768 aaac5dbdd82b5e781f088687f924a6db

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_m68k.deb
Size/MD5 checksum: 1755578 cba34fd3943f142f9f02349409e0a401
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_m68k.deb
Size/MD5 checksum: 66480 547ceec1de16cd3a30591e0a4d7d522c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_m68k.deb
Size/MD5 checksum: 81600 92628a29ad3a5c5fe612b5f878747bbb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_m68k.deb
Size/MD5 checksum: 2261580 76a36d1fbc58b906e9e2aaa3524f788d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_m68k.deb
Size/MD5 checksum: 106458 5e70c0f80644ae350edc1062877ced89
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_m68k.deb
Size/MD5 checksum: 128992 8ff14878ace478af7a9f2827867a04d1

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_mips.deb
Size/MD5 checksum: 1811940 9ced9be894453681c8f256f67e337751
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_mips.deb
Size/MD5 checksum: 68116 63e45c41ec22bc005663f008aa05ef0b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_mips.deb
Size/MD5 checksum: 81558 6300fb89191894457fa6672cad347bb4
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_mips.deb
Size/MD5 checksum: 2404826 f8d58e941201559799af19451002a284
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_mips.deb
Size/MD5 checksum: 112996 a4b6ffee4e6cc6a3800c0ef8c20ff539
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_mips.deb
Size/MD5 checksum: 151418 aaae3c74411b75b49dc14def7a9c32fe

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_mipsel.deb
Size/MD5 checksum: 1812724 bbfee7ac7b15145c6f89d4a25c1db340
http://security.debian.org/pool/