dcsimg
Linux Today: Linux News On Internet Time.





More on LinuxToday


Security Digest: February 9, 2005

Feb 10, 2005, 04:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 671-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 8th, 2005 http://www.debian.org/security/faq


Package : xemacs21
Vulnerability : format string
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0100

Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs, the well-known editor. Via connecting to a malicious POP server an attacker can execute arbitrary code under the privileges of group mail.

For the stable distribution (woody) these problems have been fixed in version 21.4.6-8woody2.

For the unstable distribution (sid) these problems have been fixed in version 21.4.16-2.

We recommend that you upgrade your emacs packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21_21.4.6-8woody2.dsc
Size/MD5 checksum: 1074 171f6e125b07b5557a1a9539de922b76
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21_21.4.6-8woody2.diff.gz
Size/MD5 checksum: 26534 858f425089cbe261cc22bfabd7c20c43
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21_21.4.6.orig.tar.gz
Size/MD5 checksum: 7898727 2ad6fdbd595cbfa7ed150e0f72e31bd4

Architecture independent components:

http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-support_21.4.6-8woody2_all.deb
Size/MD5 checksum: 4386014 aff24460c2104a77ba88bf1b4ee0d3ed
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-supportel_21.4.6-8woody2_all.deb
Size/MD5 checksum: 1271018 84c7e9871cdca5d03c5a353c8ff0a3a6
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21_21.4.6-8woody2_all.deb
Size/MD5 checksum: 9760 171e6e768169212d27773a73bd455da8

Alpha architecture:

http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-bin_21.4.6-8woody2_alpha.deb
Size/MD5 checksum: 580448 187d3c3464408b0526e0da6b841a6731
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule_21.4.6-8woody2_alpha.deb
Size/MD5 checksum: 2421810 2d78ecb039f98f15fed2753d15bff997
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule-canna-wnn_21.4.6-8woody2_alpha.deb
Size/MD5 checksum: 2525422 cda5569e4db68c98cb8e25faf8f21854
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-nomule_21.4.6-8woody2_alpha.deb
Size/MD5 checksum: 2101610 3df092c816c3c7cd86e5f57454857b68
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule_21.4.6-8woody2_alpha.deb
Size/MD5 checksum: 2354032 129c25cb4d7863cd3220cc6da24f20bf
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule-canna-wnn_21.4.6-8woody2_alpha.deb
Size/MD5 checksum: 2460292 e6da7dffb7adbc22ef1bb25e1a7be340
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-nomule_21.4.6-8woody2_alpha.deb
Size/MD5 checksum: 2058930 6c49e0a69513eddd47088555ed6b3dc9

ARM architecture:

http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-bin_21.4.6-8woody2_arm.deb
Size/MD5 checksum: 537204 c3a5eb7a9a74793a46b0580a5d538640
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule_21.4.6-8woody2_arm.deb
Size/MD5 checksum: 2094660 b97afec887bbe9412cd5a1086ae27ce3
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule-canna-wnn_21.4.6-8woody2_arm.deb
Size/MD5 checksum: 2190530 e2d64ff9c998e4ddcb1d850aa1e8456b
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-nomule_21.4.6-8woody2_arm.deb
Size/MD5 checksum: 1835584 4151f9408d4e4d25adb0472a42f4a6a3
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule_21.4.6-8woody2_arm.deb
Size/MD5 checksum: 2032010 ef2350299bef5bedb37cd19d3f4e91d9
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule-canna-wnn_21.4.6-8woody2_arm.deb
Size/MD5 checksum: 2121292 7c1b79d91ecbee44832acbb318191889
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-nomule_21.4.6-8woody2_arm.deb
Size/MD5 checksum: 1791656 987a2a160b865de276ba92aa8f74ee0e

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-bin_21.4.6-8woody2_i386.deb
Size/MD5 checksum: 531076 e65d37f2fd9eeb6e59daa41ad7ebae82
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule_21.4.6-8woody2_i386.deb
Size/MD5 checksum: 2023450 9d78c33b6144b188277d8ba254b47a27
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule-canna-wnn_21.4.6-8woody2_i386.deb
Size/MD5 checksum: 2106246 d6d4a671f08c5c56777ac9756c697ed9
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-nomule_21.4.6-8woody2_i386.deb
Size/MD5 checksum: 1770586 6b6eea65ba459a5a4b92f6c7f2cab85c
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule_21.4.6-8woody2_i386.deb
Size/MD5 checksum: 1951628 e9b396f7c2e1eea680210811ea557abf
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule-canna-wnn_21.4.6-8woody2_i386.deb
Size/MD5 checksum: 2025806 69d40b285f354dec9daa4bc965c3717c
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-nomule_21.4.6-8woody2_i386.deb
Size/MD5 checksum: 1717190 e4b9ebdeda765d5b1b6b3c223da0c2bf

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-bin_21.4.6-8woody2_ia64.deb
Size/MD5 checksum: 625504 39a41e6cb27eb4c39fa061d297ec0c90
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule_21.4.6-8woody2_ia64.deb
Size/MD5 checksum: 2711560 04422ee233798df0903fce907fbbe9fa
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule-canna-wnn_21.4.6-8woody2_ia64.deb
Size/MD5 checksum: 2843090 01ab68f4a76880fb563f5851df560653
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-nomule_21.4.6-8woody2_ia64.deb
Size/MD5 checksum: 2366896 4c77d04e65316eda945c7f7b62431e87
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule_21.4.6-8woody2_ia64.deb
Size/MD5 checksum: 2660828 31ab16a84a027c47ef742dde4ae5be85
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule-canna-wnn_21.4.6-8woody2_ia64.deb
Size/MD5 checksum: 2799262 1241735510e66d72bf41d60e43f2a369
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-nomule_21.4.6-8woody2_ia64.deb
Size/MD5 checksum: 2336530 ff23ca5e111c9b117f90e97874fbfb81

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-bin_21.4.6-8woody2_mips.deb
Size/MD5 checksum: 558124 8c0d4c9a7e0e599e8b8526c415da81ff
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule_21.4.6-8woody2_mips.deb
Size/MD5 checksum: 2195440 b3d55e6877728950b18e96f7493fabf0
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule-canna-wnn_21.4.6-8woody2_mips.deb
Size/MD5 checksum: 2286100 9d7d7e67f80f2b50c9629cdeb7ab02f6
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-nomule_21.4.6-8woody2_mips.deb
Size/MD5 checksum: 1927926 636349330540adbe8948d691a9664c0c
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule_21.4.6-8woody2_mips.deb
Size/MD5 checksum: 2133942 0f7ef8e90e50c70bcd2a21de7e15f866
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule-canna-wnn_21.4.6-8woody2_mips.deb
Size/MD5 checksum: 2210340 bc3a32dd12b0a7ffe3a24a21222aff5f
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-nomule_21.4.6-8woody2_mips.deb
Size/MD5 checksum: 1884858 78e29349e073b1530597b8ddfdbe7fc7

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-bin_21.4.6-8woody2_mipsel.deb
Size/MD5 checksum: 557652 0c66d1356d675aa3a851852868bf1474
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule_21.4.6-8woody2_mipsel.deb
Size/MD5 checksum: 2145012 849832ea07d99b8c9c34aa0f8d0f07a2
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule-canna-wnn_21.4.6-8woody2_mipsel.deb
Size/MD5 checksum: 2232936 1d0547bfceb6438302508e4303882026
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-nomule_21.4.6-8woody2_mipsel.deb
Size/MD5 checksum: 1884032 b02862c6d3b9f54b00c5da9563cea642
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule_21.4.6-8woody2_mipsel.deb
Size/MD5 checksum: 2087790 a45c0b783e8f89a6f90000853de82d97
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule-canna-wnn_21.4.6-8woody2_mipsel.deb
Size/MD5 checksum: 2160484 71eb4b77eab06a699136c46c381411ba
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-nomule_21.4.6-8woody2_mipsel.deb
Size/MD5 checksum: 1842970 66bc0a6ab8b6e206ec5547a50cd1dc90

PowerPC architecture:

http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-bin_21.4.6-8woody2_powerpc.deb
Size/MD5 checksum: 543242 676657598fc9fc1cdd7a78d00ad382c1
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule_21.4.6-8woody2_powerpc.deb
Size/MD5 checksum: 2151626 fd25f9c884831e0773a60f5558570fb6
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule-canna-wnn_21.4.6-8woody2_powerpc.deb
Size/MD5 checksum: 2246958 82b13b39d6321ef513eeac576d1ac542
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-nomule_21.4.6-8woody2_powerpc.deb
Size/MD5 checksum: 1890260 661caa995cdf5b32dd85bfe40cc2291c
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule_21.4.6-8woody2_powerpc.deb
Size/MD5 checksum: 2089262 472f238a0aa1af047842012664a6009b
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule-canna-wnn_21.4.6-8woody2_powerpc.deb
Size/MD5 checksum: 2159034 35bd5b545006e5f49598e5c7fcddc904
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-nomule_21.4.6-8woody2_powerpc.deb
Size/MD5 checksum: 1838876 0841e2ea39bf16ca83a137d0d0fc0952

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-bin_21.4.6-8woody2_s390.deb
Size/MD5 checksum: 540628 367af36ba2af7112f6960507b6028313
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule_21.4.6-8woody2_s390.deb
Size/MD5 checksum: 2126568 385279e981a6aa5816d32817c95e2d6c
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule-canna-wnn_21.4.6-8woody2_s390.deb
Size/MD5 checksum: 2214740 f3e3d2c9da3342a520be8dae7d4a4cde
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-nomule_21.4.6-8woody2_s390.deb
Size/MD5 checksum: 1865760 3d4900f641af12cf836ee1a346388871
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule_21.4.6-8woody2_s390.deb
Size/MD5 checksum: 2062040 4bec5cfdf3ae855f5e32d72af45f2a0c
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule-canna-wnn_21.4.6-8woody2_s390.deb
Size/MD5 checksum: 2133634 1d8bc2ad4f5074a5392f75e2a5ffd38f
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-nomule_21.4.6-8woody2_s390.deb
Size/MD5 checksum: 1815436 5563da798b2587f63c315abcf43821dd

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-bin_21.4.6-8woody2_sparc.deb
Size/MD5 checksum: 561414 c18759a402b17fc3e03c64ea985600d9
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule_21.4.6-8woody2_sparc.deb
Size/MD5 checksum: 2122166 c0584bbb69dd8e2547d4d84878e4f6ee
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule-canna-wnn_21.4.6-8woody2_sparc.deb
Size/MD5 checksum: 2212100 3d6aa37784918a7be79240b03c654d87
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-nomule_21.4.6-8woody2_sparc.deb
Size/MD5 checksum: 1861558 4ddeb1f266dffebc135d5b6f01454915
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule_21.4.6-8woody2_sparc.deb
Size/MD5 checksum: 2050316 519b2fda5b2528a32e95b87f2da5c7e8
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule-canna-wnn_21.4.6-8woody2_sparc.deb
Size/MD5 checksum: 2127898 e7f92723f2e505c0ff95a426a760d9c3
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-nomule_21.4.6-8woody2_sparc.deb
Size/MD5 checksum: 1807234 d769ccf2b75911a474e5b6fc4a29c05d

These files will probably be moved into the stable distribution on its next update.


Debian Security Advisory DSA 672-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 9th, 2005 http://www.debian.org/security/faq


Package : xview
Vulnerability : buffer overflows
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0076

Erik Sjölund discovered that programs linked against xview are vulnerable to a number of buffer overflows in the XView library. When the overflow is triggered in a program which is installed setuid root a malicious user could perhaps execute arbitrary code as privileged user.

For the stable distribution (woody) these problems have been fixed in version 3.2p1.4-16woody2.

For the unstable distribution (sid) these problems have been fixed in version 3.2p1.4-19.

We recommend that you upgrade your xview packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/x/xview/xview_3.2p1.4-16woody2.dsc
Size/MD5 checksum: 682 73f2ebae0581f04e9edf62333da56353
http://security.debian.org/pool/updates/main/x/xview/xview_3.2p1.4-16woody2.diff.gz
Size/MD5 checksum: 65663 526f16dcd2164713e792e19b9c9a42c2
http://security.debian.org/pool/updates/main/x/xview/xview_3.2p1.4.orig.tar.gz
Size/MD5 checksum: 3227552 b9ff26d6ad378af320bac45154ceaeba

Alpha architecture:

http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_alpha.deb
Size/MD5 checksum: 242538 b02d3c329cd137288360c8dfa1d279ef
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_alpha.deb
Size/MD5 checksum: 166874 01c86265b4b1bb03924dc39f03d16e26
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_alpha.deb
Size/MD5 checksum: 82184 c90e02f6824b1966cab7c843f866f366
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_alpha.deb
Size/MD5 checksum: 282748 0f0d74d37511ef359a9cfa073d1c7a2e
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_alpha.deb
Size/MD5 checksum: 830458 396d5dcd0896c25bd5ef3db05356c29c
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_alpha.deb
Size/MD5 checksum: 1336468 15932deabc7a32861bca5dec52749ccc

ARM architecture:

http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_arm.deb
Size/MD5 checksum: 213546 31b52257f06f8c5c9b75cc7d0d45cd25
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_arm.deb
Size/MD5 checksum: 146328 d3e5511c12ef36547e86b1798f000ef1
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_arm.deb
Size/MD5 checksum: 72314 b77af29123fa25750f470bcd3b9fa555
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_arm.deb
Size/MD5 checksum: 233808 f7feda439c8e0367a5b0270895924351
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_arm.deb
Size/MD5 checksum: 740040 28a2d8eb135764c7fe0026a65df32d9c
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_arm.deb
Size/MD5 checksum: 1119956 2e0e9dfc6641d46d6daac559bb32b233

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_i386.deb
Size/MD5 checksum: 183850 acf639933b6eb260f027a546c57d4136
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_i386.deb
Size/MD5 checksum: 127802 c6cc52741c73598aa3fc5e4158ecec0c
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_i386.deb
Size/MD5 checksum: 64396 d7770705890e14eee88d28768a483e5f
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_i386.deb
Size/MD5 checksum: 223156 5f3a95acb70658bfc66df2896e1223d9
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_i386.deb
Size/MD5 checksum: 646392 6055e545d592579dd5c012608a464752
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_i386.deb
Size/MD5 checksum: 934796 2f3c3c124dc19d5d14aa1dbf54c64784

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_ia64.deb
Size/MD5 checksum: 317404 576da684ffdf28de0b0715fdb4dcdcd3
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_ia64.deb
Size/MD5 checksum: 220186 316ad06d0819a284884bcb06a4114ff9
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_ia64.deb
Size/MD5 checksum: 95106 2b2e5ec4a072aac2d958e91c8c41c8f9
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_ia64.deb
Size/MD5 checksum: 287570 7b7967de5eedab4b9e34a66fe887a63d
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_ia64.deb
Size/MD5 checksum: 1079586 7200cb22efc8b346e4eaa83ec1897f74
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_ia64.deb
Size/MD5 checksum: 1482648 55b93aca51484c25e38c6a75f716cade

HP Precision architecture:

http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_hppa.deb
Size/MD5 checksum: 230118 5282c987f39795033ef181fc52fb0361
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_hppa.deb
Size/MD5 checksum: 159716 57a57cc876a7d51f9e15e0dab24fc373
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_hppa.deb
Size/MD5 checksum: 77650 41d67effdaac9bbfae93b35c2d1a99e8
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_hppa.deb
Size/MD5 checksum: 257698 e49c1614bb05f896d4c0d2ea64567710
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_hppa.deb
Size/MD5 checksum: 830414 f0544907dd17dce7fbf5e0b2c48f044c
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_hppa.deb
Size/MD5 checksum: 1221342 e8f00721366a9bb20f2c65cc9ff51849

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_m68k.deb
Size/MD5 checksum: 174654 e9d4846e4431980b742f8fef19274d95
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_m68k.deb
Size/MD5 checksum: 121528 27740085ec299dc2f152824242880226
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_m68k.deb
Size/MD5 checksum: 62152 cd34146cd2266f438ffd8dde794244b2
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_m68k.deb
Size/MD5 checksum: 221572 d60602e378f194426fe223311429a76e
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_m68k.deb
Size/MD5 checksum: 609756 21606f2051ff57c2feadacd072129b16
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_m68k.deb
Size/MD5 checksum: 891654 833ce26f040f64bc4cc3b684416b5c25

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_mips.deb
Size/MD5 checksum: 233608 d1e233b9724bdc330fc65be9b053292c
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_mips.deb
Size/MD5 checksum: 162770 e792cab975f9a1fc4f1cb1b20548732d
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_mips.deb
Size/MD5 checksum: 73522 7b28384a8a7b0786752af6aed4bde04d
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_mips.deb
Size/MD5 checksum: 242610 a3b5ab6c3fa2586fcd6cc756ed276e6f
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_mips.deb
Size/MD5 checksum: 718426 feeba8a97bf24eead7e186f7954adec1
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_mips.deb
Size/MD5 checksum: 1152450 3b52fdfd2abcba003a40f62161e97249

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_mipsel.deb
Size/MD5 checksum: 232930 4c7ba7912711277c3bd43e906f182b86
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_mipsel.deb
Size/MD5 checksum: 162148 5a74c1afae73c463ad735d7b6d95e36c
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_mipsel.deb
Size/MD5 checksum: 73550 f7bfee56646b67b45234b9ff45e686c0
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_mipsel.deb
Size/MD5 checksum: 240548 db21fa02e89c56f2de7650c7c436c72c
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_mipsel.deb
Size/MD5 checksum: 713016 546f6ffb970b55020066d425b57b10b1
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_mipsel.deb
Size/MD5 checksum: 1148214 597d06b001a2840e3b833b0fbdceee8c

PowerPC architecture:

http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_powerpc.deb
Size/MD5 checksum: 203952 e12cef8460e96bb8442e802a7dadfd2f
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_powerpc.deb
Size/MD5 checksum: 141172 a5b5baaf8985cb50f8af76a1f66bdb80
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_powerpc.deb
Size/MD5 checksum: 71612 373ec845cde8c0507a7bb0534550ad0b
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_powerpc.deb
Size/MD5 checksum: 235564 09c30509e8d8197fe408ec7548a8cd72
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_powerpc.deb
Size/MD5 checksum: 708600 b4637a98855afa87cd1f0f0852350409
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_powerpc.deb
Size/MD5 checksum: 1078698 8502065905a3e47870287397de3ec478

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_s390.deb
Size/MD5 checksum: 196944 52b2322fc1b8449d0621460cc9f148c8
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_s390.deb
Size/MD5 checksum: 138124 1dee9a95eff97d2efc1a57035da9d519
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_s390.deb
Size/MD5 checksum: 69010 fba4d2583f26b3824935630f1da4211d
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_s390.deb
Size/MD5 checksum: 238726 3d07b2a9aec170e5785dc625501a9247
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_s390.deb
Size/MD5 checksum: 718966 be18b0d190dbea53a46ac986d8c9ebed
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_s390.deb
Size/MD5 checksum: 996136 df7958201a7d422f838c699b58ce3457

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_sparc.deb
Size/MD5 checksum: 196302 13ac28d455799ff897e7c18d6d7e9162
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_sparc.deb
Size/MD5 checksum: 139756 d3428077114ef61a236991156daddf13
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_sparc.deb
Size/MD5 checksum: 82644 60d3b85b20b5331408f361265e5cfba6
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_sparc.deb
Size/MD5 checksum: 375160 1aa0dafb2e393a13b9de921c05641448
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_sparc.deb
Size/MD5 checksum: 695008 57e61ce2f7d51ca1adbbe80fe5de78f6
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_sparc.deb
Size/MD5 checksum: 1031568 e9793f290c3b3aae31168fe0d5ccfa32

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>;

Fedora Core


Fedora Update Notification
FEDORA-2005-115
2005-02-08

Product : Fedora Core 2
Name : emacs
Version : 21.3
Release : 21.FC2
Summary : GNU Emacs text editor

Description :
Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language (elisp), and the capability to read mail, news, and more without leaving the editor.


Update Information:

This update fixes the CAN-2005-0100 movemail vulnerability and backports current bug fixes.


  • Fri Feb 04 2005 Jens Petersen <petersen@redhat.com> - 21.3-21
    • fix CAN-2005-0100 movemail vulnerability with movemail-CAN-2005-0100.patch (Max Vozeler, 146702)
  • Fri Jan 14 2005 Jens Petersen <petersen@redhat.com> - 21.3-20
    • workaround xorg-x11 modifier key problem with emacs-21.3-xterm-modifiers-137868.patch (Thomas Woerner, 137868)
  • Mon Nov 29 2004 Jens Petersen <petersen@redhat.com> - 21.3-19
    • prefer XIM status under-the-window for now to stop xft httx from dying (125413): add emacs-xim-status-under-window-125413.patch
    • default diff to unified format in .emacs
  • Thu Nov 04 2004 Jens Petersen <petersen@redhat.com> - 21.3-18
    • show emacs again in the desktop menu (132567)
  • Mon Oct 18 2004 Jens Petersen <petersen@redhat.com> - 21.3-17
    • fix etag alternatives removal when uninstalling (Karsten Hopp, 136137)
  • Fri Oct 15 2004 Jens Petersen <petersen@redhat.com> - 21.3-16
    • do not setup frame-title-format in default.el, since it will override setting by users (Henrik Bakken, 134520)
    • emacs-el no longer requires emacs for the sake of -nox users (Lars Hupfeldt Nielsen, 134479)
    • condition calling of global-font-lock-mode in default .emacs in case xemacs should happen to load it
  • Wed Sep 29 2004 Jens Petersen <petersen@redhat.com> - 21.3-15
    • cleanup and update .desktop file
    • make emacs not appear in the desktop menu (Seth Nickell,132567)
    • move the desktop file from -common to main package
    • go back to using just gctags for ctags
    • etags is now handled by alternatives (92256)
    • improve the default frame title by prefixing the buffer name (Christopher Beland, 128110)
    • fix the names of some European aspell languages with emacs-21.3-lisp-textmodes-ispell-languages.patch (David Jansen, 122618)
    • fixing running "libtool gdb program" in gud with emacs-21.3-gud-libtool-fix.patch (Dave Malcolm, 130955)
  • Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
    • rebuilt
  • Fri Apr 30 2004 Jens Petersen <petersen@redhat.com> - 21.3-13
    • unset focus-follows-mouse in default.el to make switching frames work for click-to-focus (Theodore Belding,114736)

This update can be downloaded from:
~ http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

13175c9b1a0da9b3746d266346bae299 SRPMS/emacs-21.3-21.FC2.src.rpm
e79a6e423eba3989fe9548cc9fdd1001 x86_64/emacs-21.3-21.FC2.x86_64.rpm
f85de247e08001d7fcdc41dfe57918b7 x86_64/emacs-nox-21.3-21.FC2.x86_64.rpm
bc01212a37122a04e72f6a011a218715 x86_64/emacs-common-21.3-21.FC2.x86_64.rpm
2229643df6b888d5b278491b033a7072 x86_64/emacs-el-21.3-21.FC2.x86_64.rpm
76271cc058a96eefb5646de02f1b56e7 x86_64/emacs-leim-21.3-21.FC2.x86_64.rpm
1d2330e5bd456a719914d8ccd607f2fb x86_64/debug/emacs-debuginfo-21.3-21.FC2.x86_64.rpm
19aeb1e43cf64174e533f1956c461dd8 i386/emacs-21.3-21.FC2.i386.rpm
eac01df4076770582469d29859876f52 i386/emacs-nox-21.3-21.FC2.i386.rpm
feb354418a505fc3772d46d368c6f121 i386/emacs-common-21.3-21.FC2.i386.rpm
2f96d9379b381e3016ea6624bb7046f1 i386/emacs-el-21.3-21.FC2.i386.rpm
f972dd98ca864830a4980f07fbffda15 i386/emacs-leim-21.3-21.FC2.i386.rpm
0d6e1f3d4c6fec9f35863b15b1269909 i386/debug/emacs-debuginfo-21.3-21.FC2.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.



Fedora Update Notification
FEDORA-2005-116
2005-02-08

Product : Fedora Core 3
Name : emacs
Version : 21.3
Release : 21.FC3
Summary : GNU Emacs text editor

Description :
Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language (elisp), and the capability to read mail, news, and more without leaving the editor.

This package provides an emacs binary with support for X windows.


Update Information:

This update fixes the CAN-2005-0100 movemail vulnerability and backports the latest bug fixes.


  • Fri Feb 04 2005 Jens Petersen <petersen@redhat.com> - 21.3-21
    • fix CAN-2005-0100 movemail vulnerability with movemail-CAN-2005-0100.patch (Max Vozeler, 146702)
  • Fri Jan 14 2005 Jens Petersen <petersen@redhat.com> - 21.3-20
    • workaround xorg-x11 modifier key problem with emacs-21.3-xterm-modifiers-137868.patch (Thomas Woerner, 137868)
  • Mon Nov 29 2004 Jens Petersen <petersen@redhat.com> - 21.3-19
    • prefer XIM status under-the-window for now to stop xft httx from dying 125413): add emacs-xim-status-under-window-125413.patch
    • default diff to unified format in .emacs
  • Thu Nov 04 2004 Jens Petersen <petersen@redhat.com> - 21.3-18
    • show emacs again in the desktop menu (132567)
    • require fonts-xorg-75dpi to prevent empty boxes at startup due to missing fonts (Johannes Kaiser, 137060)

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

1ae44786c50272b20eaaa6227867897d SRPMS/emacs-21.3-21.FC3.src.rpm
29763c9c025f26c09cb31368af1807f5 x86_64/emacs-21.3-21.FC3.x86_64.rpm
f09ae3756e0bd5d5e9cf645ff0f73896 x86_64/emacs-nox-21.3-21.FC3.x86_64.rpm
43a225a811cfcb76a6a48bebb53560fd x86_64/emacs-common-21.3-21.FC3.x86_64.rpm
b2491aff5f03654bceb38825284d2a1a x86_64/emacs-el-21.3-21.FC3.x86_64.rpm
65979686b6004eb4f0d96fd055b42295 x86_64/emacs-leim-21.3-21.FC3.x86_64.rpm
4ef36a839ea60a0b9c5524ba65e0ab2b x86_64/debug/emacs-debuginfo-21.3-21.FC3.x86_64.rpm
2ebd012dfca888624f6041e5569af8bc i386/emacs-21.3-21.FC3.i386.rpm
0db83d1b9b286c7c05b67ec3a5b60cc1 i386/emacs-nox-21.3-21.FC3.i386.rpm
bffd4a4dbad9fd3e837bc87551b2a31b i386/emacs-common-21.3-21.FC3.i386.rpm
c2b41581645192afe7cf1be6ce5669de i386/emacs-el-21.3-21.FC3.i386.rpm
5598497a282fb25595020f819af848c7 i386/emacs-leim-21.3-21.FC3.i386.rpm
caba6d8fd97ba7a7ecf5f71f8f1b7525 i386/debug/emacs-debuginfo-21.3-21.FC3.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.



Fedora Update Notification
FEDORA-2005-133
2005-02-09

Product : Fedora Core 3
Name : kdegraphics
Version : 3.3.1
Release : 2.4
Summary : K Desktop Environment - Graphics Applications

Description :
Graphics applications for the K Desktop Environment.

Includes:
kdvi (displays TeX .dvi files)
kfax (displays faxfiles)
kghostview (displays postscript files)
kcoloredit (palette editor and color chooser)
kamera (digital camera support)
kiconedit (icon editor)
kpaint (a simple drawing program)
ksnapshot (screen capture utility)
kview (image viewer for GIF, JPEG, TIFF, etc.)
kuickshow (quick picture viewer)
kooka (scanner application)
kruler (screen ruler and color measurement tool)


  • Tue Feb 08 2005 Than Ngo <than@redhat.com> 7:3.3.1-2.4
    • More fixing of CAN-2004-0888 patch (bug #135393)

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

bbd0e8802ae49e3d7b86aa2754170736 SRPMS/kdegraphics-3.3.1-2.4.src.rpm
cf1b8d706aaf261da876d2b47362202c x86_64/kdegraphics-3.3.1-2.4.x86_64.rpm
28f34a08cd9579bbbbaa561452df2ac6 x86_64/kdegraphics-devel-3.3.1-2.4.x86_64.rpm
c9f6865b50445896a8f6094e028edd09 x86_64/debug/kdegraphics-debuginfo-3.3.1-2.4.x86_64.rpm
75f48a7adf8a8d9b6dcd6fa6a7f5ebf7 i386/kdegraphics-3.3.1-2.4.i386.rpm
700cc076cd9bb2f884d4862bba8181c7 i386/kdegraphics-devel-3.3.1-2.4.i386.rpm
10ad3bb28fd5d5ed9c8b407f80ac7515 i386/debug/kdegraphics-debuginfo-3.3.1-2.4.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.



Fedora Update Notification
FEDORA-2005-134
2005-02-09

Product : Fedora Core 2
Name : kdegraphics
Version : 3.2.2
Release : 1.4
Summary : K Desktop Environment - Graphics Applications

Description :
Graphics applications for the K Desktop Environment.

Includes:
kdvi (displays TeX .dvi files)
kfax (displays faxfiles)
kghostview (displays postscript files)
kcoloredit (palette editor and color chooser)
kamera (digital camera support)
kiconedit (icon editor)
kpaint (a simple drawing program)
ksnapshot (screen capture utility)
kview (image viewer for GIF, JPEG, TIFF, etc.)
kuickshow (quick picture viewer)
kooka (scanner application)
kruler (screen ruler and color measurement tool)


  • Wed Feb 09 2005 Than Ngo <than@redhat.com> 7:3.2.2-1.4
    • More fixing of CAN-2004-0888 patch (bug #135393)

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

b0ab4e86dfa7dde5597783a6b9e39af5 SRPMS/kdegraphics-3.2.2-1.4.src.rpm
f7571ad82eaf8f2926f70473777b90ae x86_64/kdegraphics-3.2.2-1.4.x86_64.rpm
c6ca2f85bcee32ab791481ecdcca70e9 x86_64/kdegraphics-devel-3.2.2-1.4.x86_64.rpm
b4882a7b6ae6dcf9db90611199cf8225 x86_64/debug/kdegraphics-debuginfo-3.2.2-1.4.x86_64.rpm
688488e59eb3b047fe95ba5deeac3d44 i386/kdegraphics-3.2.2-1.4.i386.rpm
7e43745cd689ecbc8b85d8ef27222a45 i386/kdegraphics-devel-3.2.2-1.4.i386.rpm
65d9a2c211685d805363e9d39a1c9866 i386/debug/kdegraphics-debuginfo-3.2.2-1.4.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.



Fedora Update Notification
FEDORA-2005-135
2005-02-09

Product : Fedora Core 2
Name : xpdf
Version : 3.00
Release : 3.8
Summary : A PDF file viewer for the X Window System.

Description :
Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Xpdf is a small and efficient program which uses standard X fonts.


  • Wed Feb 09 2005 Than Ngo <than@redhat.com> 1:3.00-3.8
    • More fixing of CAN-2004-0888 patch (bug #135393, #147524)

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

a777638c15179245eb18823e87706869 SRPMS/xpdf-3.00-3.8.src.rpm
4edf41d4dea0324f0266434cfcaccd92 x86_64/xpdf-3.00-3.8.x86_64.rpm
45d75140b2f618744e5ca082bf510442 x86_64/debug/xpdf-debuginfo-3.00-3.8.x86_64.rpm
cd3262c7b377d38a25e3d1f5d628239c i386/xpdf-3.00-3.8.i386.rpm
013c7961f5eb34891b0cc0340c499ec6 i386/debug/xpdf-debuginfo-3.00-3.8.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.



Fedora Update Notification
FEDORA-2005-136
2005-02-09

Product : Fedora Core 3
Name : xpdf
Version : 3.00
Release : 10.4
Summary : A PDF file viewer for the X Window System.

Description :
Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Xpdf is a small and efficient program which uses standard X fonts.


  • Wed Feb 09 2005 Than Ngo <than@redhat.com> 1:3.00-10.4
    • More fixing of CAN-2004-0888 patch (bug #135393, #147524)

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

e8887f97797ba45ba63feab0d6bb6eeb SRPMS/xpdf-3.00-10.4.src.rpm
7680310c31056e59790add5628fa34d9 x86_64/xpdf-3.00-10.4.x86_64.rpm
d651468bdc227cddc31193066b3b60b8
x86_64/debug/xpdf-debuginfo-3.00-10.4.x86_64.rpm
ee1ef478b0ef9f9c33a8014f57c1b44f i386/xpdf-3.00-10.4.i386.rpm
b04b4f8ba654a23f081cdba53b9b9f6f
i386/debug/xpdf-debuginfo-3.00-10.4.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.


Gentoo Linux


Gentoo Linux Security Advisory GLSA 200502-09

http://security.gentoo.org/


Severity: High
Title: Python: Arbitrary code execution through SimpleXMLRPCServer
Date: February 08, 2005
Bugs: #80592
ID: 200502-09


Synopsis

Python-based XML-RPC servers may be vulnerable to remote execution of arbitrary code.

Background

Python is an interpreted, interactive, object-oriented, cross-platform programming language.

Affected packages


     Package          /  Vulnerable  /                      Unaffected


1 dev-lang/python <= 2.3.4 >= 2.3.4-r1 *>= 2.3.3-r2 *>= 2.2.3-r6

Description

Graham Dumpleton discovered that XML-RPC servers making use of the SimpleXMLRPCServer library that use the register_instance() method to register an object without a _dispatch() method are vulnerable to a flaw allowing to read or modify globals of the associated module.

Impact

A remote attacker may be able to exploit the flaw in such XML-RPC servers to execute arbitrary code on the server host with the rights of the XML-RPC server.

Workaround

Python users that don't make use of any SimpleXMLRPCServer-based XML-RPC servers, or making use of servers using only the register_function() method are not affected.

Resolution

All Python users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose dev-lang/python

References

[ 1 ] CAN-2005-0089

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0089

[ 2 ] Python PSF-2005-001

http://www.python.org/security/PSF-2005-001/

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200502-09.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at