dcsimg
Linux Today: Linux News On Internet Time.





More on LinuxToday


Advisories: October 25, 2005

Oct 26, 2005, 04:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 870-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 25th, 2005 http://www.debian.org/security/faq


Package : sudo
Vulnerability : missing input sanitising
Problem type : local
Debian-specific: no
CVE ID : CVE-2005-2959

Tavis Ormandy noticed that sudo, a program that provides limited super user privileges to specific users, does not clean the environment sufficiently. The SHELLOPTS and PS4 variables are dangerous and are still passed through to the program running as privileged user. This can result in the execution of arbitrary commands as privileged user when a bash script is executed. These vulnerabilities can only be exploited by users who have been granted limited super user privileges.

For the old stable distribution (woody) this problem has been fixed in version 1.6.6-1.4.

For the stable distribution (sarge) this problem has been fixed in version 1.6.8p7-1.2.

For the unstable distribution (sid) this problem has been fixed in version 1.6.8p9-3.

We recommend that you upgrade your sudo package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4.dsc
      Size/MD5 checksum: 587 c22d78e545cc41285b70e928baf5ef2a
    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4.diff.gz
      Size/MD5 checksum: 12353 49b036195d8797105cc48b77343409df
    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6.orig.tar.gz
      Size/MD5 checksum: 333074 4da4bf6cf31634cc7a17ec3b69fdc333

Alpha architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_alpha.deb
      Size/MD5 checksum: 151570 03fce4fe476ae16b4672dab579d5fd69

ARM architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_arm.deb
      Size/MD5 checksum: 141524 9337ba4f86b1bfc23b9c0ac43831e5b8

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_i386.deb
      Size/MD5 checksum: 134978 ad3fa7172bdf1367bcb7ffada5fe8bd1

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_ia64.deb
      Size/MD5 checksum: 172532 a37d469d4b88fbf61ffcf2bfe2ba2ac9

HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_hppa.deb
      Size/MD5 checksum: 147642 48ee191d753ce8231406383ddfeca83b

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_m68k.deb
      Size/MD5 checksum: 132792 661352760c71a856734ed98cf59718f8

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_mips.deb
      Size/MD5 checksum: 144444 8bd20f7ef341e7b4210bf83888288817

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_mipsel.deb
      Size/MD5 checksum: 144320 65cd1110ea9d0a24cfd42a963c2e932c

PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_powerpc.deb
      Size/MD5 checksum: 140708 d46cca27fddf5ba89b3a7ccbce87bfd8

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_s390.deb
      Size/MD5 checksum: 140294 c2b73dd934d2852bd97395021b82bcb1

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_sparc.deb
      Size/MD5 checksum: 143106 7fe864a335c9f438765cedb78b602695

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2.dsc
      Size/MD5 checksum: 571 ee704f9a7147f4af70b7f98c03fe63ca
    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2.diff.gz
      Size/MD5 checksum: 20291 85b39fe73ce73b17f89077f5baff1061
    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7.orig.tar.gz
      Size/MD5 checksum: 585302 ad65d24f20c736597360d242515e412c

Alpha architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_alpha.deb
      Size/MD5 checksum: 176516 f3d8c031b827697735e1fb4c6b30aa05

AMD64 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_amd64.deb
      Size/MD5 checksum: 169978 13c5fb4e10b152a0b8c304c9b5070f33

ARM architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_arm.deb
      Size/MD5 checksum: 163528 08b9302954e490b86915ba1c77ad2e95

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_i386.deb
      Size/MD5 checksum: 159618 b96c7e49de019a22e63b146108d373b2

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_ia64.deb
      Size/MD5 checksum: 195042 ea11fb9d63c42cd5e987cbc426b2d850

HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_hppa.deb
      Size/MD5 checksum: 170464 db7b10db7027d76e9db541e1ecfdf3c5

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_m68k.deb
      Size/MD5 checksum: 154890 984de6ffe0c4148eb4ec2524be48ec93

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_mips.deb
      Size/MD5 checksum: 168394 2915f237172414cd34d5a5f9d7bf9f52

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_mipsel.deb
      Size/MD5 checksum: 168296 1a69c185ad41d450e4cb0ee593e53779

PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_powerpc.deb
      Size/MD5 checksum: 165140 4cef8bdb04fb8c91a69d93a41f14a449

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_s390.deb
      Size/MD5 checksum: 167986 ef2691f0af99039da331c7cc68136a06

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_sparc.deb
      Size/MD5 checksum: 162382 897dd50a90835ff5ffeaa34a6d499506

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 871-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 25th, 2005 http://www.debian.org/security/faq


Package : libgda2
Vulnerability : format string
Problem type : local
Debian-specific: no
CVE ID : CAN-2005-2958

Steve Kemp discovered two format string vulnerabilities in libgda2, the GNOME Data Access library for GNOME2, which may lead to the execution of arbitrary code in programs that use this library.

The old stable distribution (woody) is not affected by these problems.

For the stable distribution (sarge) these problems have been fixed in version 1.2.1-2sarge1.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your libgda2 packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2.dsc
      Size/MD5 checksum: 571 ee704f9a7147f4af70b7f98c03fe63ca
    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2.diff.gz
      Size/MD5 checksum: 20291 85b39fe73ce73b17f89077f5baff1061
    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7.orig.tar.gz
      Size/MD5 checksum: 585302 ad65d24f20c736597360d242515e412c

Alpha architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_alpha.deb
      Size/MD5 checksum: 176516 f3d8c031b827697735e1fb4c6b30aa05

AMD64 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_amd64.deb
      Size/MD5 checksum: 169978 13c5fb4e10b152a0b8c304c9b5070f33

ARM architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_arm.deb
      Size/MD5 checksum: 163528 08b9302954e490b86915ba1c77ad2e95

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_i386.deb
      Size/MD5 checksum: 159618 b96c7e49de019a22e63b146108d373b2

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_ia64.deb
      Size/MD5 checksum: 195042 ea11fb9d63c42cd5e987cbc426b2d850

HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_hppa.deb
      Size/MD5 checksum: 170464 db7b10db7027d76e9db541e1ecfdf3c5

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_m68k.deb
      Size/MD5 checksum: 154890 984de6ffe0c4148eb4ec2524be48ec93

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_mips.deb
      Size/MD5 checksum: 168394 2915f237172414cd34d5a5f9d7bf9f52

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_mipsel.deb
      Size/MD5 checksum: 168296 1a69c185ad41d450e4cb0ee593e53779

PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_powerpc.deb
      Size/MD5 checksum: 165140 4cef8bdb04fb8c91a69d93a41f14a449

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_s390.deb
      Size/MD5 checksum: 167986 ef2691f0af99039da331c7cc68136a06

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_sparc.deb
      Size/MD5 checksum: 162382 897dd50a90835ff5ffeaa34a6d499506

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 871-2 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 25th, 2005 http://www.debian.org/security/faq


Package : libgda2
Vulnerability : format string
Problem type : local
Debian-specific: no
CVE ID : CAN-2005-2958

Steve Kemp discovered two format string vulnerabilities in libgda2, the GNOME Data Access library for GNOME2, which may lead to the execution of arbitrary code in programs that use this library.

The old stable distribution (woody) is not affected by these problems.

For the stable distribution (sarge) these problems have been fixed in version 1.2.1-2sarge1.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your libgda2 packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2_1.2.1-2sarge1.dsc
      Size/MD5 checksum: 1956 0983c8ab899254d94754a1532e48eea1
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2_1.2.1-2sarge1.diff.gz
      Size/MD5 checksum: 30360 e8ffd1b0b21b2cc2706638824dfee050
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2_1.2.1.orig.tar.gz
      Size/MD5 checksum: 2038045 ca6103ad97d565c08a613b13b6b32f8d

Architecture independent components:

    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-doc_1.2.1-2sarge1_all.deb
      Size/MD5 checksum: 246024 93a6c926e87e3ca38fab8bbbe59492d4

Alpha architecture:

    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_alpha.deb
      Size/MD5 checksum: 19648 41f5a484601c537f3815ca8fae0f2bb6
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_alpha.deb
      Size/MD5 checksum: 19710 d96eb51d024eaddfd0c912d9c940f7a2
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_alpha.deb
      Size/MD5 checksum: 14480 39655f852a4804fb408564d680d82eca
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_alpha.deb
      Size/MD5 checksum: 29722 bb86932a54e2dc69f3adafaa5896ff36
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_alpha.deb
      Size/MD5 checksum: 12932 6cf19ce0b59b1fcb1815f265de809d85
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_alpha.deb
      Size/MD5 checksum: 248180 9d2a4181e899b5d2bc6ba390ed5a51a8
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_alpha.deb
      Size/MD5 checksum: 1773746 5906f24ba71bde9d8b32a92cc0a60960
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_alpha.deb
      Size/MD5 checksum: 311842 ac68f8d028ebc2100da6ac87bff61f22
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_alpha.deb
      Size/MD5 checksum: 474800 817a3cbe5267be730e51c8320f5b4e6f

AMD64 architecture:

    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_amd64.deb
      Size/MD5 checksum: 18576 84774f37ecedf6a3ffc053658fe9e76c
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_amd64.deb
      Size/MD5 checksum: 19134 b555bd0c290787cf06e2db595a52b106
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_amd64.deb
      Size/MD5 checksum: 13484 8287ebfa490ee28927ef35c930c96ba7
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_amd64.deb
      Size/MD5 checksum: 28088 4a52a1d46778c5519b580b942d6b239e
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_amd64.deb
      Size/MD5 checksum: 12226 20ce9bfe72ce78033845e313f9b0651a
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_amd64.deb
      Size/MD5 checksum: 237700 b4681370948309fe02483ea0e46f6fe1
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_amd64.deb
      Size/MD5 checksum: 1755974 4aee4239a1517a614b6f2f059b8b8297
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_amd64.deb
      Size/MD5 checksum: 308448 af015a22131a3fdfd76ac3eabddbf9cf
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_amd64.deb
      Size/MD5 checksum: 311176 84dcaec25ef9b5efbd6081ca0913bfcc

ARM architecture:

    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_arm.deb
      Size/MD5 checksum: 17038 b58dd069a49c28a0c44c23f95e1478ac
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_arm.deb
      Size/MD5 checksum: 16640 66abb2820a97a99a497a1fec9824445c
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_arm.deb
      Size/MD5 checksum: 12100 d6a7ecdd83608a93ddd964520840f834
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_arm.deb
      Size/MD5 checksum: 25972 5a7a9ea4d8a3739aff6375c07d42f590
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_arm.deb
      Size/MD5 checksum: 10430 21d4e6a4d766b2626cd686b587f743f2
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_arm.deb
      Size/MD5 checksum: 210644 03959f16ffc0953639a52147ac410679
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_arm.deb
      Size/MD5 checksum: 1769754 8857b2e5369037ec50810c4a8111792d
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_arm.deb
      Size/MD5 checksum: 303822 4543059e9f81511bfe853a8f48127f82
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_arm.deb
      Size/MD5 checksum: 299246 8a99315a22a45b7c92f2913bfb0834ac

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_i386.deb
      Size/MD5 checksum: 17918 8c46c19db230e31efc018c50e6bf908f
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_i386.deb
      Size/MD5 checksum: 17700 3dad5abf3911159d2645a84f332145b4
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_i386.deb
      Size/MD5 checksum: 13020 04712b106a731c37224283d4fc44ff68
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_i386.deb
      Size/MD5 checksum: 27324 cf81899bb7d64f6da8a26f68b3e976b9
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_i386.deb
      Size/MD5 checksum: 11380 df7e50f1b1df199608cf0a129500fb4a
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_i386.deb
      Size/MD5 checksum: 221002 3a71f03b1f31aa15aff6ad2af6309c9a
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_i386.deb
      Size/MD5 checksum: 1751258 d6b30d0b98ebfa628ecaabc23022557f
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_i386.deb
      Size/MD5 checksum: 305134 0b3fa59fa288430ef26b100082e97d5e
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_i386.deb
      Size/MD5 checksum: 273452 1a7728b84864c006ad5567f4c22affd6

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_ia64.deb
      Size/MD5 checksum: 24134 7063c109de7382226945c61e989b56d5
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_ia64.deb
      Size/MD5 checksum: 23342 addc133865fe528dc152410397af4cd0
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_ia64.deb
      Size/MD5 checksum: 17202 5750cb644a2d1066527592ae10351d1a
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_ia64.deb
      Size/MD5 checksum: 36530 36b585b78310fc8c73d8f99b5da22467
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_ia64.deb
      Size/MD5 checksum: 15454 aeb43bf1553d2f371eaf4062001c9fa8
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_ia64.deb
      Size/MD5 checksum: 270956 adc98292491fc488458838fa50b5d7a8
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_ia64.deb
      Size/MD5 checksum: 1773542 662cc9c3a8778cc220fa82c659398d02
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_ia64.deb
      Size/MD5 checksum: 317356 1968f879e06d22eff34fda2319cca15a
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_ia64.deb
      Size/MD5 checksum: 429516 c8e512fdcfbf957d4d86eb11eb864fa6

HP Precision architecture:

    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_hppa.deb
      Size/MD5 checksum: 21526 2d1bd4655cab5c0864537e9c29348a8d
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_hppa.deb
      Size/MD5 checksum: 21896 c1ba6e374188e33720162e4918fb2d5a
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_hppa.deb
      Size/MD5 checksum: 15336 ac53a3c14b68c4fb94df936acf5dcf45
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_hppa.deb
      Size/MD5 checksum: 33150 d9031ba1f3ca5c4988990d3efbee251c
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_hppa.deb
      Size/MD5 checksum: 13532 89bf619b50a7c68776db38cffe46544f
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_hppa.deb
      Size/MD5 checksum: 256476 b6a4ffb87828ddd805379ccea3267a61
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_hppa.deb
      Size/MD5 checksum: 1734900 fad830aa4983a9b575b0d7a68dbf9a25
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_hppa.deb
      Size/MD5 checksum: 307476 ad4673e441abaaab8ffbda96c9570b5e
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_hppa.deb
      Size/MD5 checksum: 348344 a77961c9cafa742c3dbb112f20f40b42

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_m68k.deb
      Size/MD5 checksum: 18364 d3a207b26d9c5035cc11523fdc8a5478
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_m68k.deb
      Size/MD5 checksum: 19804 acf3adc242e5676524ac376411c5f342
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_m68k.deb
      Size/MD5 checksum: 12568 da581ec8522559241c447bed10130886
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_m68k.deb
      Size/MD5 checksum: 27402 dcd475791f09ba16497fcd310ba1114e
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_m68k.deb
      Size/MD5 checksum: 11772 94a87090f136461fdf41a59899218b26
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_m68k.deb
      Size/MD5 checksum: 234784 6ead5b070ab21011f574cc0972ac7c38
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_m68k.deb
      Size/MD5 checksum: 1725500 246e6d2edbf96f7679e641a75276a5fc
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_m68k.deb
      Size/MD5 checksum: 303868 6d72f5556bbe686558687d1757595a74
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_m68k.deb
      Size/MD5 checksum: 241986 25630bd62705e84a86db5e2dc3999114

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_mips.deb
      Size/MD5 checksum: 16412 94020c0e91c2e40c6e17b8f658772e14
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_mips.deb
      Size/MD5 checksum: 16204 f25d43b0d3beda95f07870aa50fe737d
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_mips.deb
      Size/MD5 checksum: 11168 9f924add37b8c58e5a6639e0e5ff1ada
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_mips.deb
      Size/MD5 checksum: 25296 553b29ec7dbdea366e45141ede4e83c3
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_mips.deb
      Size/MD5 checksum: 10628 bed50e9c80db55bef60388662161d96e
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_mips.deb
      Size/MD5 checksum: 203826 9d1253235d6109a4bf774e8c3672bea0
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_mips.deb
      Size/MD5 checksum: 1744510 b0e8eb8c51e04d57f08fc53aa09ddea4
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_mips.deb
      Size/MD5 checksum: 308648 d2a8b9bd9bcd54ca0e25d00469846dd6
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_mips.deb
      Size/MD5 checksum: 340932 4fc5bde16310babdd019afe4ca1655d7

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_mipsel.deb
      Size/MD5 checksum: 16284 7b4acbc962a3763dc60791d50a895fae
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_mipsel.deb
      Size/MD5 checksum: 15948 d3713a875d56959fe289fb8923373839
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_mipsel.deb
      Size/MD5 checksum: 11116 b61c1b3a25b40d5210653f0b781a1104
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_mipsel.deb
      Size/MD5 checksum: 25330 5d74a6bc3bd240ea8d7d6c6baa476af2
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_mipsel.deb
      Size/MD5 checksum: 10580 0870fabeac2f21f3eb8106fe0e21ebf0
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_mipsel.deb
      Size/MD5 checksum: 203296 e439e33f7ed99d02f63e417de7f4f8d0
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_mipsel.deb
      Size/MD5 checksum: 1775548 e826e8f9a4880717b19f003c43261ca5
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_mipsel.deb
      Size/MD5 checksum: 308730 781d27c6ac3cf85770b76f1f44f37cd0
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_mipsel.deb
      Size/MD5 checksum: 336490 14a7110c30c436a32303e022d16659f8

PowerPC architecture:

    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_powerpc.deb
      Size/MD5 checksum: 18934 d9d17f60a00a46d21c14b8c55119c5b2
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_powerpc.deb
      Size/MD5 checksum: 19644 f23b493c74ff17a553bbc8c847328297
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_powerpc.deb
      Size/MD5 checksum: 13760 98e5c89cdb9338734a867feca99e6457
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_powerpc.deb
      Size/MD5 checksum: 29092 4a7be952221ae1a2b1552bbc9bde8bb2
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_powerpc.deb
      Size/MD5 checksum: 12480 411d44722eab2651bf30408cda108e51
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_powerpc.deb
      Size/MD5 checksum: 229276 25e9bee76bba0147ebd1702297374bf2
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_powerpc.deb
      Size/MD5 checksum: 2938946 168c6214d7c70785e31b476234ca970b
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_powerpc.deb
      Size/MD5 checksum: 309610 3ddd891d14f01b4208d57b403d0d2292
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_powerpc.deb
      Size/MD5 checksum: 314538 095eea9df912eb602cbebe53732927fc

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_s390.deb
      Size/MD5 checksum: 18834 18b1a40ea0d2ec097bb07c49271cc120
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_s390.deb
      Size/MD5 checksum: 19598 aeb7f110280e06a548ac729949ebcdb9
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_s390.deb
      Size/MD5 checksum: 13344 d57b243ae0eebe1bc76796e75d1c78e4
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_s390.deb
      Size/MD5 checksum: 30006 bf493b5cb1bc940d923b5e39e29cb143
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_s390.deb
      Size/MD5 checksum: 12810 9f75abc7ba588cf4de4b5268469cd8da
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_s390.deb
      Size/MD5 checksum: 246206 9ef3c6e979e9193dac1f167e0bea0525
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_s390.deb
      Size/MD5 checksum: 1763810 39d862f8e8888445b018b09969e9a438
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_s390.deb
      Size/MD5 checksum: 307666 43ff240987c3038501860c6e0fe2ec92
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_s390.deb
      Size/MD5 checksum: 307016 1fa5d7f4d3494cd0eb57e8a6b4842bd6

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_sparc.deb
      Size/MD5 checksum: 17880 1abf77947e960a08fc7b7a2418734ad7
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_sparc.deb
      Size/MD5 checksum: 18580 6b8aaba490609a06e891c4f9b886a981
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_sparc.deb
      Size/MD5 checksum: 12248 5d04b907cf9d94c324da12b0afcf06cc
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_sparc.deb
      Size/MD5 checksum: 27748 60556f269964cbaaa86605ef4994cbb2
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_sparc.deb
      Size/MD5 checksum: 11258 991e9395c92ca5d183b4ea74df0820fd
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_sparc.deb
      Size/MD5 checksum: 230888 a7566666e83f1bfc59fc4a4f311c412c
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_sparc.deb
      Size/MD5 checksum: 1726606 77a5564c76903717123a1b3fb4831cff
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_sparc.deb
      Size/MD5 checksum: 304002 2d31a52d5d0ca1a1e76f9154bd5bfeee
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_sparc.deb
      Size/MD5 checksum: 286736 d2d06bbda0a845b994c8a823ebafcffb

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>;

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200510-20

http://security.gentoo.org/


Severity: Normal
Title: Zope: File inclusion through RestructuredText
Date: October 25, 2005
Bugs: #109087
ID: 200510-20


Synopsis

Zope is vulnerable to a file inclusion vulnerability when exposing RestructuredText functionalities to untrusted users.

Background

Zope is an application server that can be used to build content management systems, intranets, portals or other custom applications.

Affected packages


     Package        /  Vulnerable  /                        Unaffected


1 net-zope/zope < 2.7.8 >= 2.7.8 net-zope/zope == 2.8.0 net-zope/zope == 2.8.1

Description

Zope honors file inclusion directives in RestructuredText objects by default.

Impact

An attacker could exploit the vulnerability by sending malicious input that would be interpreted in a RestructuredText Zope object, potentially resulting in the execution of arbitrary Zope code with the rights of the Zope server.

Workaround

There is no known workaround at this time.

Resolution

All Zope users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose net-zope/zope

References

[ 1 ] Zope Hotfix 2005-10-09 Alert

http://www.zope.org/Products/Zope/Hotfix_2005-10-09/security_alert

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200510-20.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200510-21

http://security.gentoo.org/


Severity: Normal
Title: phpMyAdmin: Local file inclusion and XSS vulnerabilities
Date: October 25, 2005
Bugs: #110146
ID: 200510-21


Synopsis