Linux Today: Linux News On Internet Time.

More on LinuxToday

Advisories: September 13, 2005

Sep 14, 2005, 04:45 (0 Talkback[s])

Debian GNU/Linux

Debian Security Advisory DSA 809-1 Martin Schulze
September 13th, 2005

Package : squid
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CAN-2005-2794 CAN-2005-2796

Several vulnerabilities have been discovered in Squid, the popular WWW proxy cache. The Common Vulnerabilities and Exposures project identifies the following problems:


Certain aborted requests that trigger an assert may allow remote attackers to cause a denial of service.


Specially crafted requests can cause a denial of service.

For the stable distribution (sarge) these problems have been fixed in version 2.5.9-10sarge1.

For the unstable distribution (sid) these problems have been fixed in version 2.5.10-5.

We recommend that you upgrade your squid package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:
      Size/MD5 checksum: 659 a9eeeec5f2cb50c8cc0615d80ddd3448
      Size/MD5 checksum: 343051 07af4fe1887f8f06c7f0b0181e8bd043
      Size/MD5 checksum: 1384772 7290aa52ade1b5d5d3812e9089be13a9

Architecture independent components:
      Size/MD5 checksum: 194914 8f884932fab62702c206a919f9813317

Alpha architecture:
      Size/MD5 checksum: 942860 fe03705e82a8256f01358e01fc78fe64
      Size/MD5 checksum: 100082 d1b15a432028108e7ac9ae3ef6fd24fc
      Size/MD5 checksum: 78152 01b9a4741926e2e1a61ac9caf8f662c4

AMD64 architecture:
      Size/MD5 checksum: 822334 49fe562667b4a6c2b3df23e265f7fdd8
      Size/MD5 checksum: 98258 d3b723da7377f459fcd4d37ddea4217c
      Size/MD5 checksum: 76260 72d7e696587e731366226843b4a5fffe

ARM architecture:
      Size/MD5 checksum: 783042 8cfe92643e527f26a2126a3c21fb1ee9
      Size/MD5 checksum: 95782 cdd3b3c1f97b4434fb9a75fe0cb59823
      Size/MD5 checksum: 75208 a6c59bf6c3ab810a3a3ad2d767d886e0

Intel IA-32 architecture:
      Size/MD5 checksum: 767454 854dfa14c6218c7ad87351acc0700904
      Size/MD5 checksum: 96866 26460703415667d9ffb2cf7ae7d90526
      Size/MD5 checksum: 75338 92dff139a14d41741f4d4bf1c0c561c9

Intel IA-64 architecture:
      Size/MD5 checksum: 1073800 5311d3c87c80f6255e684a47b202ed1a
      Size/MD5 checksum: 103576 7bb8d9c943e38da9dc4f7711bfc81403
      Size/MD5 checksum: 80660 0d9fde10362da3ace34e8a64479b7cef

HP Precision architecture:
      Size/MD5 checksum: 849492 9e68e56025290ea5c05116e98b0c96f5
      Size/MD5 checksum: 98034 90a84a60d668e00e08e46573d85face3
      Size/MD5 checksum: 77634 e4d6becd74055d773dab265a5ebe0535

Motorola 680x0 architecture:
      Size/MD5 checksum: 705390 532fee256be5652ca9644945c506a4bb
      Size/MD5 checksum: 95094 bd7bdfa05c74c12d547a277b51c07eb3
      Size/MD5 checksum: 74568 bfe0086a12787b86327382f2ddf7ddb7

Big endian MIPS architecture:
      Size/MD5 checksum: 880002 26e42b4e259cf57d5ec7eced775cf816
      Size/MD5 checksum: 97548 9f238b534a1c2291fd6a40f6e9605f01
      Size/MD5 checksum: 76754 a27216ac6a54da87fb2269c72b74e27d

Little endian MIPS architecture:
      Size/MD5 checksum: 882790 4bf35e60322b8ed354d96d908cc70648
      Size/MD5 checksum: 97648 6a6264c1ae52f4a59c370f8db65dd317
      Size/MD5 checksum: 76844 f7069807f6c0c85c3e0ee2cbae7c720c

PowerPC architecture:
      Size/MD5 checksum: 817388 758ff6b7a4ed76d6bd8296e4c57b2723
      Size/MD5 checksum: 96734 50de022ab7c1ddc659137d23f737bd80
      Size/MD5 checksum: 75896 fb40740e8b4c618b32135c42237d7f47

IBM S/390 architecture:
      Size/MD5 checksum: 815950 cb9c58fb872989d9c936af287c53a8e2
      Size/MD5 checksum: 97146 fbc6059a777958429b69670f49a96de2
      Size/MD5 checksum: 76570 09ea209115eb65e59977deceef7ad1f0

Sun Sparc architecture:
      Size/MD5 checksum: 773658 c790b3c82c813393650bf5043bd89c2e
      Size/MD5 checksum: 95946 f3c61ed57ff0e28d5815e16624eada16
      Size/MD5 checksum: 75602 7b3e6e607609dc5319ce7cdb5fcb4cfb

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 810-1 Martin Schulze
September 13th, 2005

Package : mozilla
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2263 CAN-2005-2265 CAN-2005-2266 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270
BugTraq ID : 14242

Several problems have been discovered in Mozilla, the we browser of the Mozilla suite. Since the usual praxis of backporting apparently does not work for this package, this update is basically version 1.7.10 with the version number rolled back, and hence still named 1.7.8. The Common Vulnerabilities and Exposures project identifies the following problems:

CAN-2004-0718, CAN-2005-1937

A vulnerability has been discovered in Mozilla that allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site.


The browser user interface does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user.


XML scripts ran even when Javascript disabled.


It is possible for a remote attacker to execute a callback function in the context of another domain (i.e. frame).


Missing input sanitising of InstallVersion.compareTo() can cause the application to crash.


Remote attackers could steal sensitive information such as cookies and passwords from web sites by accessing data in alien frames.


It is possible for a Javascript dialog box to spoof a dialog box from a trusted site and facilitates phishing attacks.


Remote attackers could modify certain tag properties of DOM nodes that could lead to the execution of arbitrary script or code.


The Mozilla browser familie does not properly clone base objects, which allows remote attackers to execute arbitrary code.

For the stable distribution (sarge) these problems have been fixed in version 1.7.8-1sarge2.

For the unstable distribution (sid) these problems have been fixed in version 1.7.10-1.

We recommend that you upgrade your Mozilla packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:
      Size/MD5 checksum: 1123 c48d385962c84c57d6085e04483fe01c
      Size/MD5 checksum: 397348 e786529434e3cd0d0cdc9371fe5d727c
      Size/MD5 checksum: 30589520 13c0f0331617748426679e8f2e9f537a

Alpha architecture:
      Size/MD5 checksum: 168068 71495f11fb3103e6ae2bc5d9e7fdb766
      Size/MD5 checksum: 140940 cd47c5563a95fa7c3ebb2e9455eb65a0
      Size/MD5 checksum: 184940 d0860ce58bee848587f6bb321361ce0d
      Size/MD5 checksum: 850514 9a253c1024e4b8c08647823375641267
      Size/MD5 checksum: 1032 73f53f229ce501153cea5fb09b89f6d4
      Size/MD5 checksum: 11470982 37ab56233fbdcbf4e9027c43661347d7
      Size/MD5 checksum: 403288 ac5b62f33b82ab3921435e921b581158
      Size/MD5 checksum: 158338 44cc055102d69e1e7d5c25c0c5da6eee
      Size/MD5 checksum: 3356396 791b6e0fccd2d59afc5fb40988917ac3
      Size/MD5 checksum: 122286 a3cb6e9c468aafab34fe6221202de18b
      Size/MD5 checksum: 204160 d6b515db021120f4eb6db0db4b9ee626
      Size/MD5 checksum: 1936994 39fe2ed6db5dec1fb1a5088b824a290d
      Size/MD5 checksum: 212304 4bd374977a806726f6fbfc1def975530

AMD64 architecture:
      Size/MD5 checksum: 168060 ebc548f1d781de96a079f3342dc82b3b
      Size/MD5 checksum: 140056 77c8a52e2d8266609a7e525af4161df8
      Size/MD5 checksum: 184940 6ffbb6b06dbe9ee8596786e210ae710a
      Size/MD5 checksum: 708872 58228c54d8704f159f13d6e6f0150f31
      Size/MD5 checksum: 1028 413cfcb6a49d5b1764030288c0c45a74
      Size/MD5 checksum: 10941658 7f0bad760bc57b613572bb162bb63886
      Size/MD5 checksum: 403286 90bb2fb7d737686de2b531614d78727c
      Size/MD5 checksum: 158336 15adac56a6752d8f1d1f5f7832e25f11
      Size/MD5 checksum: 3348382 9d44b8103a1b53f10774906824b91d66
      Size/MD5 checksum: 121182 134b9b5443cb5b4c9b56bc7ae296bd8f
      Size/MD5 checksum: 204150 2d1402c6cfe40172fe4631be7c6a059c
      Size/MD5 checksum: 1935916 466bdf7d2ee2702143e75e4736e732fb
      Size/MD5 checksum: 204124 b21193a3b75a2a0cd0811c8c2f9a10b1

ARM architecture:
      Size/MD5 checksum: 168070 5cb0bbb3372c9dc7dcb6deb845e8921c
      Size/MD5 checksum: 118450 83915533563d108467adbcc9d83a7649
      Size/MD5 checksum: 184952 492eef333e3d1d54074940c33c667703
      Size/MD5 checksum: 626102 7b280c86df88059ecaf7380fb5c26892
      Size/MD5 checksum: 1034 c2b47c4bc5534586625341deb2ee2437
      Size/MD5 checksum: 9199040 1d7c685d1c2debfed5294f7eea14bf12
      Size/MD5 checksum: 403312 325ccb41c6cc082addce53aa67b321f2
      Size/MD5 checksum: 158352 13d0923b5d2b406228c76e797ff4af41
      Size/MD5 checksum: 3340106 c198d17aa10a4eff4e383c2816185241
      Size/MD5 checksum: 112670 c2f9a27a1c01550c0f9e4797568d6c7a
      Size/MD5 checksum: 204162 e982f007a93b53e5137322fd8eab2ccd
      Size/MD5 checksum: 1604384 ca59ad05f353e5ab3660850559fce1ff
      Size/MD5 checksum: 168720 0a519a5e78e1e364640941e643ce91ce

Intel IA-32 architecture:
      Size/MD5 checksum: 170348 7e785c6ca8fccb661b4dec78aa7251d8
      Size/MD5 checksum: 130860 072f3d046ce9cdc9f78f9b4ffd2e892b
      Size/MD5 checksum: 187128 6683024c42d5d434eb0014588af87b0f
      Size/MD5 checksum: 655690 5ba9ea0be3b85aed6bad309f610c841a
      Size/MD5 checksum: 1032 8401dcc3b9c2ac3c5e956d4d93c43724
      Size/MD5 checksum: 10322448 b56563023bd65f213db1f0a138b4a38f
      Size/MD5 checksum: 403494 dd9f36972a06aa2e0b153fa9f3d0009f
      Size/MD5 checksum: 158354 16a81c7add5e724e2dd65396a3121350
      Size/MD5 checksum: 3591808 fbfcb714a164679a87b41f1896eeef4a
      Size/MD5 checksum: 116676 3f8cbaee36be34d4709a600ec0d3cf0a
      Size/MD5 checksum: 204164 9694bdc6d612132e760a9b645cc7d7d1
      Size/MD5 checksum: 1816046 2cc3dddc6921aafdf749c31a9e69e2e6
      Size/MD5 checksum: 192476 eebc8cefb2d6689f1e708cd915fa93ad

Intel IA-64 architecture:
      Size/MD5 checksum: 168070 0881acb46827879db0bcfac436d076c0
      Size/MD5 checksum: 168438 1e7d4feb5a00013140e8c3d233af4927
      Size/MD5 checksum: 184934 c541a352fe1bf5db50b3c1eef95ae94f
      Size/MD5 checksum: 960808 26086056a93ccc4141ae97127ad3f484
      Size/MD5 checksum: 1034 129033c34c302977f8eda398917262a1
      Size/MD5 checksum: 12937236 15a17a96cb3d5deff80b104e09a151e1
      Size/MD5 checksum: 403280 d9aa6683b601da268e890d9cff611c3f
      Size/MD5 checksum: 158336 7688d7c23e9cce834bd97e041bcd842f
      Size/MD5 checksum: 3376288 aa6dc0570cbe163f6c1b916af44a6b47
      Size/MD5 checksum: 125582 25624cd23f1b06e2b72b5c062e46c4a3
      Size/MD5 checksum: 204152 3e1b98b0d5b8fbbb33a63c65a9c19397
      Size/MD5 checksum: 2302106 d9d5865cfc06176f49c574cff0f0671c
      Size/MD5 checksum: 242280 92ccb9ef6c88f334d356f73d0b78ae0e

HP Precision architecture:
      Size/MD5 checksum: 168074 dae6210677671505fcf2f9663514d249
      Size/MD5 checksum: 150966 afc1f1aa945853d771d825d6b135af30
      Size/MD5 checksum: 184960 818c556a0107b8c0afc9058be4ab79fd
      Size/MD5 checksum: 748850 d7fd064e3c23b2d4c2d15cfebb88af19
      Size/MD5 checksum: 1040 803e211b40f9f585fd492bd7ae8742eb
      Size/MD5 checksum: 12147934 498e46abae1f0864ff3dab3911d53346
      Size/MD5 checksum: 403296 f38f3ad7af0741208cf1e2de70ce6a95
      Size/MD5 checksum: 158344 f203b4d7e2385a052efb355f58a6709c
      Size/MD5 checksum: 3356940 5a5f23ead626d58f695e208642d3220a
      Size/MD5 checksum: 123518 1570a2bc025597c6ea950c9f005406f5
      Size/MD5 checksum: 204162 bb1ef48e12ac74e62978abac7d6eff0b
      Size/MD5 checksum: 2135064 7d61e164827ebd20365207bbcc284bc5
      Size/MD5 checksum: 216088 ea18a73aa8dea41767d6649feb749581

Motorola 680x0 architecture:
      Size/MD5 checksum: 168088 e9f99c03a9698f26740f08e39e8b07a0
      Size/MD5 checksum: 120116 8958d53fd8586b410fb9467e040dc50b
      Size/MD5 checksum: 184980 d88a4008218b34e74010a606cc9d0e70
      Size/MD5 checksum: 594176 064a675432b3fef03094ed00f2c71983
      Size/MD5 checksum: 1046 14a582bd1e52980b866a98f51f9f1e07
      Size/MD5 checksum: 9692978 daf3134326810458f79614d3181d7ccf
      Size/MD5 checksum: 403390 936849bbe19beca05056c5f80b8fa7c2
      Size/MD5 checksum: 158388 b13b3bcbcba5c311a713eaa5747889c1
      Size/MD5 checksum: 3335888 708a201c6574ecd4f4d0377ab5bad746
      Size/MD5 checksum: 114500 014e6d9be2ba778548ea4e0ff1b54899
      Size/MD5 checksum: 204220 c33a2696b684fb9a066dfcfa9b9a705a
      Size/MD5 checksum: 1683002 0cd9307611e9b6690e4466b48d796f0a
      Size/MD5 checksum: 174654 5f9eaff11bc36bef653aee62acca4f7d

Big endian MIPS architecture:
      Size/MD5 checksum: 168076 97520f62f7d6a38cd4b5f33fff681b76
      Size/MD5 checksum: 134914 7db10fc18b885c299a4d82049320a001
      Size/MD5 checksum: 184952 ab8e65c716546400065ba7ce5d53153f
      Size/MD5 checksum: 719936 89acab17025391bb29374468715e7a1d
      Size/MD5 checksum: 1036 4204b39c628ce8bdc1ba6da591f41c56
      Size/MD5 checksum: 10715608 2313c5e6a36d426364925a032c492c98
      Size/MD5 checksum: 403266 d159863ed36ad648172c7c5d46ae5045
      Size/MD5 checksum: 158340 ac0a2664084a801d4bbef6cc0ea89353
      Size/MD5 checksum: 3356434 e59a7cf95f0c159341a990d4fc8d05f4
      Size/MD5 checksum: 117656 cd3315641a90c294aee2574010bb30bc
      Size/MD5 checksum: 204158 8fc79bbf308924cba6b785a05dd35408
      Size/MD5 checksum: 1795434 3bcc1f3f6a5f4b8f52e633be80fd87aa
      Size/MD5 checksum: 189690 297a7aa85d0d8f0658c5a61248cd0a98

Little endian MIPS architecture:
      Size/MD5 checksum: 168072 c12666c85419bc664a8be5b04ef976b8
      Size/MD5 checksum: 134866 a32b662a6c86b5c93912018873bbe14e
      Size/MD5 checksum: 184950 2b039b1d254385b6eaf855fbe8fb7132
      Size/MD5 checksum: 709336 37caa6a5326cb8aea305c8f9a6af32c0
      Size/MD5 checksum: 1038 c97306a0eb4ed5c9ee2800290158c83e
      Size/MD5 checksum: 10595158 34212f9a7487505e81c04093a41abdc7
      Size/MD5 checksum: 403294 fa1458956536f2f036a3f4eb113bcfb6
      Size/MD5 checksum: 158352 f65a77248ef9c44c43862e288bf2789a
      Size/MD5 checksum: 3357124 32a5a9065cda7851323730f64809a96e
      Size/MD5 checksum: 117210 4bc00d66c021344be91f6221857372bd
      Size/MD5 checksum: 204172 38f9894327d84061fde5a5a342a1795a
      Size/MD5 checksum: 1777584 cff43e7d6aba391a4c52af2ef6b5c253
      Size/MD5 checksum: 187270 e608cad23cb2f499e7ce68bc7756fc23

PowerPC architecture:
      Size/MD5 checksum: 168072 d566f85043291497ecab6de59ee021c8
      Size/MD5 checksum: 125444 5ad46d6b89546f8159083c9f8c4807c7
      Size/MD5 checksum: 184944 6c6df33ad4b0fae0cf53e902a0c3a781
      Size/MD5 checksum: 713092 c1cfc0824749c3a7f0a4260df6082383
      Size/MD5 checksum: 1034 811232581ba22342ae67479df677bde2
      Size/MD5 checksum: 9689616 12eae02cbaa8864b8ed13747cc110e2f
      Size/MD5 checksum: 403276 4a1b3b68ffd9bce118f1e20fc8b6e17a
      Size/MD5 checksum: 158326 52c593909f4c0c8981829865ed7335c0
      Size/MD5 checksum: 3338900 60878c413134449e0a0d833b07a04a41
      Size/MD5 checksum: 114598 621cd8aaa66359612b29e96c205882f9
      Size/MD5 checksum: 204144 e9e9d38bbc0ed111abbe89ea8a34486e
      Size/MD5 checksum: 1642898 2ec4a63af3d500dc51bf43f706df09b3