dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Advisories: April 5, 2005

Apr 06, 2005, 04:45 (0 Talkback[s])

Fedora Core


Fedora Update Notification
FEDORA-2005-298
2005-04-05

Product : Fedora Core 2
Name : gaim
Version : 1.2.1
Release : 1.fc2
Summary : A Gtk+ based multiprotocol instant messaging client

Description :
Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor.

Gaim supports many common features of other clients, as well as many unique features, such as perl scripting and C plugins.

Gaim is NOT affiliated with or endorsed by America Online, Inc., Microsoft Corporation, or Yahoo! Inc. or other messaging service providers.


Update Information:

http://gaim.sourceforge.net/security/
http://gaim.sourceforge.net/ChangeLog
gaim-1.2.1 resolves CAN-2005-0965 and CAN-2005-0966 as well as some crashes in the jabber and yahoo protocols. Read upstream's pages above for more details.


  • Sun Apr 3 2005 Warren Togami <wtogami@redhat.com> 1:1.2.1-1
    • update to 1.2.1 (minor bug fixes)
  • Fri Mar 18 2005 Warren Togami <wtogami@redhat.com> 1:1.2.0-1
    • update to 1.2.0 (minor bug fixes)
  • Mon Mar 7 2005 Warren Togami <wtogami@redhat.com> 1:1.1.4-5
    • Copy before modifying prefs.xml

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

57065abd3a48d2936e7830aa47346e37 SRPMS/gaim-1.2.1-1.fc2.src.rpm
e183f42e2f2830994a2ed531ffbc42ba x86_64/gaim-1.2.1-1.fc2.x86_64.rpm
4c7f7bbd7841189893f87a94645026a5 x86_64/debug/gaim-debuginfo-1.2.1-1.fc2.x86_64.rpm
48b62b963e5499285d81c91a4b8c5df0 i386/gaim-1.2.1-1.fc2.i386.rpm
8b7d6a24e0c45da8a916e010649121c3 i386/debug/gaim-debuginfo-1.2.1-1.fc2.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.



Fedora Update Notification
FEDORA-2005-299
2005-04-05

Product : Fedora Core 3
Name : gaim
Version : 1.2.1
Release : 1.fc3
Summary : A Gtk+ based multiprotocol instant messaging client

Description :
Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor.

Gaim supports many common features of other clients, as well as many unique features, such as perl scripting and C plugins.

Gaim is NOT affiliated with or endorsed by America Online, Inc., Microsoft Corporation, or Yahoo! Inc. or other messaging service providers.


Update Information:

http://gaim.sourceforge.net/security/
http://gaim.sourceforge.net/ChangeLog
gaim-1.2.1 resolves CAN-2005-0965 and CAN-2005-0966 as well as some crashes in the jabber and yahoo protocols. Read upstream's pages above for more details.


  • Sun Apr 3 2005 Warren Togami <wtogami@redhat.com> 1:1.2.1-1
    • update to 1.2.1 (minor bug fixes)
  • Fri Mar 18 2005 Warren Togami <wtogami@redhat.com> 1:1.2.0-1
    • update to 1.2.0 (minor bug fixes)
  • Mon Mar 7 2005 Warren Togami <wtogami@redhat.com> 1:1.1.4-5
    • Copy before modifying prefs.xml

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

1190ddc5e1511eb8b0de6b29db2b8425 SRPMS/gaim-1.2.1-1.fc3.src.rpm
19ea5f0fd2e4b3ba6a473ade59eb3605 x86_64/gaim-1.2.1-1.fc3.x86_64.rpm
bfbf6e99151d09b2966184330bf9f7af
x86_64/debug/gaim-debuginfo-1.2.1-1.fc3.x86_64.rpm
f3b77bfd973fd80cd1afce537fc96cda i386/gaim-1.2.1-1.fc3.i386.rpm
3c9c1a69d3ed0e4ae2e287ab1163e119
i386/debug/gaim-debuginfo-1.2.1-1.fc3.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.


Fedora Update Notification
FEDORA-2005-304
2005-04-05

Product : Fedora Core 3
Name : mysql
Version : 3.23.58
Release : 16.FC3.1
Summary : MySQL client programs and shared libraries.

Description :
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries.


  • Sat Apr 2 2005 Tom Lane <tgl@redhat.com> 3.23.58-16.FC3.1
    • Repair uninitialized variable in security2 patch.
    • Enable testing on 64-bit arches; continue to exclude s390x which still has issues.
  • Sat Mar 19 2005 Tom Lane <tgl@redhat.com> 3.23.58-15.FC3.1
    • Backpatch repair for CAN-2005-0709, CAN-2005-0710, CAN-2005-0711 (bz#151051).
    • Run 'make test' only on the archs we support for FC-3.

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

e10aaa3ca5094a04d7270b69d47d7f3f SRPMS/mysql-3.23.58-16.FC3.1.src.rpm
456ba9d51c756c0f8ef35193fa6343b6 x86_64/mysql-3.23.58-16.FC3.1.x86_64.rpm
d54113db808d815f5385c194aebc65b3 x86_64/mysql-server-3.23.58-16.FC3.1.x86_64.rpm
30347201165f92151ad5ff439df21ec0 x86_64/mysql-devel-3.23.58-16.FC3.1.x86_64.rpm
4185867c844766c5aecf25bce6b2c78d x86_64/mysql-bench-3.23.58-16.FC3.1.x86_64.rpm
41ecb666378eedc6992d9370c910781b x86_64/debug/mysql-debuginfo-3.23.58-16.FC3.1.x86_64.rpm
8fdf502952f2455aa7655df060e7018c x86_64/mysql-3.23.58-16.FC3.1.i386.rpm
8fdf502952f2455aa7655df060e7018c i386/mysql-3.23.58-16.FC3.1.i386.rpm
5104d8e9634b288a6fe811013978b40d i386/mysql-server-3.23.58-16.FC3.1.i386.rpm
ef67b665b2bc7d8341b1d259e8476238 i386/mysql-devel-3.23.58-16.FC3.1.i386.rpm
5d16c631193a066194fa716420a614b1 i386/mysql-bench-3.23.58-16.FC3.1.i386.rpm
d952a60f75ac5ffbb2aa619b4f7dbee7 i386/debug/mysql-debuginfo-3.23.58-16.FC3.1.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.



Fedora Update Notification
FEDORA-2005-305
2005-04-05

Product : Fedora Core 2
Name : mysql
Version : 3.23.58
Release : 16.FC2.1
Summary : MySQL client programs and shared libraries.

Description :
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries.


  • Sat Apr 2 2005 Tom Lane <tgl@redhat.com> 3.23.58-16.FC2.1
    • Repair uninitialized variable in security2 patch.
    • Enable testing on 64-bit arches; continue to exclude s390x which still has issues.
  • Fri Mar 18 2005 Tom Lane <tgl@redhat.com> 3.23.58-15.FC2.1
    • Backpatch repair for CAN-2005-0709, CAN-2005-0710, CAN-2005-0711 (bz#151051).
    • Fix init script to not need a valid username for startup check (bz#142328)
    • Don't assume /etc/my.cnf will specify pid-file (bz#143724)

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

ce64d54684dccadbe8e904158a77c55c SRPMS/mysql-3.23.58-16.FC2.1.src.rpm
45029d3e977ea532588e73679ecf3f93 x86_64/mysql-3.23.58-16.FC2.1.x86_64.rpm
b604c5055f981988c6b571c4ae9fbcd7 x86_64/mysql-server-3.23.58-16.FC2.1.x86_64.rpm
9d4b72e04424c35c40bf011b4a6adbfa x86_64/mysql-devel-3.23.58-16.FC2.1.x86_64.rpm
c1a9517559fa46fee8c445f8359473dc x86_64/mysql-bench-3.23.58-16.FC2.1.x86_64.rpm
5bd7026bfd3960273979e1b911fb594c x86_64/debug/mysql-debuginfo-3.23.58-16.FC2.1.x86_64.rpm
46e2f772570a1378e965911e30af7a3d i386/mysql-3.23.58-16.FC2.1.i386.rpm
3605613267d5344034aa3d7d92722dc0 i386/mysql-server-3.23.58-16.FC2.1.i386.rpm
3fb3f4689475517d95c6f377bfe03e55 i386/mysql-devel-3.23.58-16.FC2.1.i386.rpm
642ce33724b9a2401779a8d5028af4c3 i386/mysql-bench-3.23.58-16.FC2.1.i386.rpm
1eae3e1bdb4b2322c3aa4e903124edca i386/debug/mysql-debuginfo-3.23.58-16.FC2.1.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.


Trustix Secure Linux

Trustix Secure Linux Security Advisory #2005-0011

Package name: kernel
Summary: Various security bugs
Date: 2005-04-05
Affected versions: Trustix Secure Linux 2.1 Trustix Secure Linux 2.2 Trustix Operating System - Enterprise Server 2


Package description:
The kernel package contains the Linux kernel (vmlinuz), the core of your Trustix Secure Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

Problem description:
Mathieu Lafon didcovered an information leak in the ext2 mkdir() function where random kernel memory is written to disk.

The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-0400 to this issue.

Herbert Xu discovered a potential DOS in load_elf_library.

The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-0749 to this issue.

Ilja van Sprundel discovered an exploitable integer overflow in af_bluetooth which could lead to priviliege escalation.

The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-0750 to this issue.

Action:
We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system.

Location:
All Trustix Secure Linux updates are available from <URI:http://http.trustix.org/pub/trustix/updates/> <URI:ftp://ftp.trustix.org/pub/trustix/updates/>

About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater.

Automatic updates:
Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'.

Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>

Verification:
This advisory along with all Trustix packages are signed with the TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>

The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.1/> and
<URI:http://www.trustix.org/errata/trustix-2.2/>
or directly at
<URI:http://www.trustix.org/errata/2005/0011/>

MD5sums of the packages:


5a101df55c1b7913557af4f6973de263 2.2/rpms/kernel-2.4.30-2tr.i586.rpm
8168ff203ce1d9d8abfac4e8ea43bc56 2.2/rpms/kernel-BOOT-2.4.30-2tr.i586.rpm
2c7f4c7f9a7b6f4046712aa11bc54a81 2.2/rpms/kernel-doc-2.4.30-2tr.i586.rpm
de8a41479e466904e1e4ac48f404d15d 2.2/rpms/kernel-smp-2.4.30-2tr.i586.rpm
09bc2ed6711f8cd78eacd4231b10c3a2 2.2/rpms/kernel-source-2.4.30-2tr.i586.rpm
6443f710872c3c70f7bcc3b4ed14d20c 2.2/rpms/kernel-utils-2.4.30-2tr.i586.rpm

1b56583fb5e9c9c6feb7bd2210be9f4b 2.1/rpms/kernel-2.4.30-1tr.i586.rpm
3d56c6e78d2efef344fc40d0909dc0ed 2.1/rpms/kernel-BOOT-2.4.30-1tr.i586.rpm
b8587c2e64c1f78f3dc0f450fa7958f9 2.1/rpms/kernel-doc-2.4.30-1tr.i586.rpm
e2eca2719a9cb1243ba6e67dc59d8fde 2.1/rpms/kernel-firewall-2.4.30-1tr.i586.rpm
28469f57323a08a810315e8120bf212e 2.1/rpms/kernel-firewallsmp-2.4.30-1tr.i586.rpm
7df6788b4799278b7f573ca6c32cd2b2 2.1/rpms/kernel-smp-2.4.30-1tr.i586.rpm
f54c959f4c7bbd08ff1d8d6f4fcf3e8e 2.1/rpms/kernel-source-2.4.30-1tr.i586.rpm
15358a847f862cf00d9130682e58844d 2.1/rpms/kernel-utils-2.4.30-1tr.i586.rpm


Trustix Security Team


Ubuntu Linux


Ubuntu Security Notice USN-105-1 April 05, 2005
php4 vulnerabilities
CAN-2005-0524, CAN-2005-0525

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libapache2-mod-php4
php4-cgi

The problem can be corrected by upgrading the affected package to version 4:4.3.8-3ubuntu7.7. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Two Denial of Service vulnerabilities have been discovered in the getimagesize() function. getimagesize() uses format specific internal functions php_handle_iff() and php_handle_jpeg() which get stuck in infinite loops when certain (invalid) size parameters are read from the image. In web applications that allow users to upload arbitrary image files, a remote attacker could render the server unavailable by uploading specially crafted images.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.7.diff.gz
Size/MD5: 614584 e1e4658c0bae269863b66a49bb1789cc
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.7.dsc
Size/MD5: 1624 53c60faf1cf695e843a9fed0aab32c77
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8.orig.tar.gz
Size/MD5: 4832570 dd69f8c89281f088eadf4ade3dbd39ee

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.8-3ubuntu7.7_all.deb
Size/MD5: 332096 d29a70597ebf8701dbb770a5a2df99c6
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-pear_4.3.8-3ubuntu7.7_all.deb
Size/MD5: 333216 214989078c962bdd8e3c68efdea24e79

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 1688788 282c770eeceb3b622bff45dbb1f3697f
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 3197760 688aaee04cfbedbf28f444ff78643275
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 17270 d5b8ca553be39d5c7dc5433662b829a9
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 40426 a222fd13d29d2ac9e8a6f3ca2332f075
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 33490 850faabd6c74a780fc5dac1e04e77305
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 21226 6adc5a2fec65a578637fb2c8d4d61287
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 18402 8c830761ed1cf819bfb716cd062f2d99
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 7990 dd174278067bea68130997ebbf8a3f36
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 23104 acc54ef8616addca8b13bd7705715469
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 28320 06043332850b57bec6689d08e525e77a
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 7616 e30ee5ae5a87fe517852fa99c5541a8f
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 12976 5e08d2d6eef94a91c6dc83e1ec4a3ad1
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 21504 3392a02bebfb734e56624fa8f6e05c9f
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 17246 94f0b4443e8df88bf8adc06ec113225b
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 1704842 dac6b7d637b559a8ac6f53d6c2cd4e4c

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 1630616 84cb8a55df23a51feaecf303154d3829
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 3044204 015a09b97c147de9a747f060c068ea13
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 16852 cee9e1885827277cb1a16bb7deec639e
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 35554 dac653d1fe82fd71419a0e6bace784b2
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 31068 b51bd380ad14556b0ccaeb5599cfd7c1
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 19474 e05e15801bd839f5f9ea94cda102267d
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 17054 d40c6352b3283626d210437f733251ae
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 7736 eee3b5f201d4cd174732b4cef81b1479
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 20900 63ce98c0ce7aeda7201c47eb346cbebe
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 26064 6cbaa547ab716198142a569bd38c823c
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 7372 5ed54eb594586ae56f202bf678451ec0
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 12320 449d214d5a3df63b798432793b837711
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 20008 7df58c1a5dc6bf1f391ead2ce51da017
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 15880 25572c6d71cc59b64847dde954a24412
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 1645276 b6bc44c59dd99f01bbaae144abe7c828

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 1690610 3857d24f10f0a950b76e03c8b1e1d663
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 3203548 ac2e9c91f5fd9d80f97c4e5f44256d57
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 19076 560c45fd8cc01d6ed85bb4124a9878a7
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 38278 e780094260109fb3127647e9f33357d2
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 34000 1222155b9a80cbdacabf345810a64848
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 21474 e7b955ecd7c36d079af80c31a05ffc30
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 19300 02d564e04e540773720eaceb42ad07e5
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 9312 4ddb42c6ad8bab5f901eca499d085c25
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 22680 65c22c805385f10129b1594e57dc66f1
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 28398 21c858449fa712269b2fd16db5657d00
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 9004 8284d0b18f6951c5d06693c4932d1985
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 14322 46838ddd2207c1ced82d39df732497fd
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 22194 f680fec5a3f461bbf31874cb1d8d7136
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 18052 ab288cf61f4d35627ef0113438227997
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 1708412 f2d8a566456a811453039f722d2e779f


Ubuntu Security Notice USN-106-1 April 05, 2005
gaim vulnerabilities
CAN-2005-0965, CAN-2005-0966

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

gaim

The problem can be corrected by upgrading the affected package to version 1:1.0.0-1ubuntu1.3. You have to restart gaim after a standard system upgrade to effect the necessary changes.=20

Details follow:

Jean-Yves Lefort discovered a buffer overflow in the gaim_markup_strip_html() function. This caused Gaim to crash when receiving certain malformed HTML messages. (CAN-2005-0965)

Jean-Yves Lefort also noticed that many functions that handle IRC commands do not escape received HTML metacharacters; this allowed remote attackers to cause a Denial of Service by injecting arbitrary HTML code into the conversation window, popping up arbitrarily many empty dialog boxes, or even causing Gaim to crash. (CAN-2005-0966)

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.3.diff.gz
Size/MD5: 44905 d03a90434a68d12eb361fd9fbfca7d91
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.3.dsc
Size/MD5: 853 7da3670bdef956122725699e38775026
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0.orig.tar.gz
Size/MD5: 6985979 7dde686aace751a49dce734fd0cb7ace

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.3_amd64.deb
Size/MD5: 3444332 f844c3edb768a56d5404589b9c42651b

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.3_i386.deb
Size/MD5: 3354832 61ef71028ec730ee598d889a75588189

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.3_powerpc.deb
Size/MD5: 3418174 e0d906d95a46f99de375efabbe713781


Ubuntu Security Notice USN-107-1 April 05, 2005
ipsec-tools vulnerability
CAN-2005-0398

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

racoon

The problem can be corrected by upgrading the affected package to version 0.3.3-1ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Sebastian Krahmer discovered a Denial of Service vulnerability in the racoon daemon. By sending specially crafted ISAKMP packets, a remote attacker could trigger a buffer overflow which caused racoon to crash.

This update does not introduce any source code changes affecting the ipsec-tools package. It is necessary to update the version number of the package in order to support an update to the "racoon" package. Please note that racoon is not officially supported by Ubuntu (it is in the "universe" component of the archive).

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.1.diff.gz
Size/MD5: 191538 4cde6e53403236be32d6640b0c3e0482
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.1.dsc
Size/MD5: 705 022ba833374033ad5089ff1250dd0360
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3.orig.tar.gz
Size/MD5: 864122 b141da8ae299c8fdc53e536f6bbc3ad0

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.1_amd64.deb
Size/MD5: 106112 96d79a33ea9fca8a4e62b9be790ecc91
http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.3.3-1ubuntu0.1_amd64.deb
Size/MD5: 201304 800c93f6ea50b99b635364b8acb98d7b

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.1_i386.deb
Size/MD5: 101104 f36df353beb372625da1aaefd7f641e5
http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.3.3-1ubuntu0.1_i386.deb
Size/MD5: 186172 d0213fee3f32816c0e83c227064891fc

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.1_powerpc.deb
Size/MD5: 108824 cc6193f450715b21e4c16b8bea002399
http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.3.3-1ubuntu0.1_powerpc.deb
Size/MD5: 195936 4ab4dd044d8f31d17d8022bcd8539370