Linux Today: Linux News On Internet Time.

More on LinuxToday

Advisories, June 26, 2006

Jun 27, 2006, 04:45 (0 Talkback[s])

WEBINAR: On-demand Event

Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >

Debian GNU/Linux

Debian Security Advisory DSA 1102-1 Steve Kemp
June 26th, 2006

Package : pinball
Vulnerability : design error
Problem type : local
Debian-specific: no
CVE ID : CVE-2006-2196

Steve Kemp from the Debian Security Audit project discovered that pinball, a pinball simulator, can be tricked into loading level plugins from user-controlled directories without dropping privileges.

The old stable distribution (woody) does not contain this package.

For the stable distribution (sarge) this problem has been fixed in version 0.3.1-3sarge1.

For the unstable distribution (sid) this problem has been fixed in version 0.3.1-6.

We recommend that you upgrade your pinball package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:
      Size/MD5 checksum: 811 17ac5604e5bb7e13b938d84012c6ea7c
      Size/MD5 checksum: 320626 5473ae87027018899b08f12c34ddd538
      Size/MD5 checksum: 6082982 f28e8f49e0db8e9491e4d9f0c13c36c6

Architecture independent components:
      Size/MD5 checksum: 5542524 c586ed47103f89443cf32f57984ac95c

Alpha architecture:
      Size/MD5 checksum: 189898 6168d325d265c72da1007aaa83c7b9bd
      Size/MD5 checksum: 325654 caeae82e416a40ad943ff38ce8c5eb98

AMD64 architecture:
      Size/MD5 checksum: 167050 af8664da7ef5e0d1fd1e1eb86e2a7fc1
      Size/MD5 checksum: 242432 36c44eed9de2d48089e7c396e270c98e

ARM architecture:
      Size/MD5 checksum: 193056 52d5e3fb06e529326ae361f739915169
      Size/MD5 checksum: 294198 4bc5b7e9d5b1cc0f0b90f91290cf0999

Intel IA-32 architecture:
      Size/MD5 checksum: 159576 b7fcaf42621d2c356de66c90ea19fab0
      Size/MD5 checksum: 219780 7a4877a175b976ca20d25040e0fcab11

Intel IA-64 architecture:
      Size/MD5 checksum: 221146 717fb85a21f4bd4a535200a7420e16b9
      Size/MD5 checksum: 315856 a9a8496a1d029a0d64afb00b0c5fd116

HP Precision architecture:
      Size/MD5 checksum: 191708 e97c652fb430dbaeb5d367f196ea1ba0
      Size/MD5 checksum: 300260 606404a0da99b9884229bee10849413e

Motorola 680x0 architecture:
      Size/MD5 checksum: 160442 1ff1dd9d285de6e7300f8e7eb027c766
      Size/MD5 checksum: 223038 a7a4a5a997a05cf929b45529cd81942f

Big endian MIPS architecture:
      Size/MD5 checksum: 166400 05f3ea274037ffb1a2b76fa5a802ff87
      Size/MD5 checksum: 263344 ab1b99a12b3be3151f84e94a6073b27f

Little endian MIPS architecture:
      Size/MD5 checksum: 165114 5275bf21b63a2a2c30148d7a7a3aface
      Size/MD5 checksum: 263394 f287e3ee0a11745580f175585112632b

PowerPC architecture:
      Size/MD5 checksum: 170788 bb51f1dc4d1f9a5cd7b244111b61bb42
      Size/MD5 checksum: 245192 d390d54045f7ac70bf63164ba672a4d0

IBM S/390 architecture:
      Size/MD5 checksum: 152218 873670da1cc02dbe495c7254d4c5e316
      Size/MD5 checksum: 214592 074ea5085ed5c727b9e4fcf9ce0574c2

Sun Sparc architecture:
      Size/MD5 checksum: 159116 43ba78279f91e1da5268c71af524b3ab
      Size/MD5 checksum: 233376 ec2531c5979bc0e6df6ec5f34d4d7d48

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200606-25

Severity: High
Title: Hashcash: Possible heap overflow
Date: June 26, 2006
Bugs: #134960
ID: 200606-25


A heap overflow vulnerability in the Hashcash utility could allow an attacker to execute arbitrary code.


Hashcash is a utility for generating Hashcash tokens, a proof-of-work system to reduce the impact of spam.

Affected packages

     Package            /  Vulnerable  /                    Unaffected

  1  net-misc/hashcash       < 1.21                            >= 1.21


Andreas Seltenreich has reported a possible heap overflow in the array_push() function in hashcash.c, as a result of an incorrect amount of allocated memory for the "ARRAY" structure.


By sending malicious entries to the Hashcash utility, an attacker may be able to cause an overflow, potentially resulting in the execution of arbitrary code with the privileges of the user running the application.


There is no known workaround at this time.


All Hashcash users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-misc/hashcash-1.21"


[ 1 ] Hashcash ChangeLog


This GLSA and any updates to it are available for viewing at the Gentoo Security Website:


Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to or alternatively, you may file a bug at


Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

Gentoo Linux Security Advisory GLSA 200606-26

Severity: Normal
Title: EnergyMech: Denial of Service
Date: June 26, 2006
Bugs: #132749
ID: 200606-26


A Denial of Service vulnerability was discovered in EnergyMech that is easily exploitable via IRC.


EnergyMech is an IRC bot programmed in C.

Affected packages

     Package        /  Vulnerable  /                        Unaffected

  1  net-irc/emech       < 3.0.2                              >= 3.0.2


A bug in EnergyMech fails to handle empty CTCP NOTICEs correctly, and will cause a crash from a segmentation fault.


By sending an empty CTCP NOTICE, a remote attacker could exploit this vulnerability to cause a Denial of Service.


There is no known workaround at this time.


All EnergyMech users should update to the latest stable version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-irc/emech-3.0.2"


[ 1 ] EnergyMech Changelog


This GLSA and any updates to it are available for viewing at the Gentoo Security Website:


Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to or alternatively, you may file a bug at


Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

Mandriva Linux

Mandriva Linux Security Advisory MDKSA-2006:111

Package : MySQL
Date : June 23, 2006
Affected: 10.2, 2006.0

Problem Description:

Mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function.

MySQL 4.0.18 in Corporate 3.0 and MNF 2.0 is not affected by this issue.

Packages have been patched to correct this issue.


Updated Packages:

Mandriva Linux 10.2:
78e8411d4173067449ab40b253359584 10.2/RPMS/libmysql14-4.1.11-1.6.102mdk.i586.rpm
1b8c46014749729fd853c6dcee91eaed 10.2/RPMS/libmysql14-devel-4.1.11-1.6.102mdk.i586.rpm
996f92c1d1cb685938a1b019d8b637c0 10.2/RPMS/MySQL-4.1.11-1.6.102mdk.i586.rpm
766fa948a6d3e0094658aa936a76e203 10.2/RPMS/MySQL-bench-4.1.11-1.6.102mdk.i586.rpm
587b166b5e24e39df778d1a49ca26c60 10.2/RPMS/MySQL-client-4.1.11-1.6.102mdk.i586.rpm
26e3fd9cf0a5977e2b934c12ad9500fc 10.2/RPMS/MySQL-common-4.1.11-1.6.102mdk.i586.rpm
66f223fa9cfe196c01c6e4b311d70a65 10.2/RPMS/MySQL-Max-4.1.11-1.6.102mdk.i586.rpm
550a497e8f5fb748b9a91a0717da6c48 10.2/RPMS/MySQL-NDB-4.1.11-1.6.102mdk.i586.rpm
c3cd6a33370387b6b7ef26810d04ed5e 10.2/SRPMS/MySQL-4.1.11-1.6.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
b93aa5af71b0fc8752b59ea9e137fbb9 x86_64/10.2/RPMS/lib64mysql14-4.1.11-1.6.102mdk.x86_64.rpm
97baf24556b164bd67d7456f662788a2 x86_64/10.2/RPMS/lib64mysql14-devel-4.1.11-1.6.102mdk.x86_64.rpm
2e1874294dd1bd7bb66eca3db4b84f9f x86_64/10.2/RPMS/MySQL-4.1.11-1.6.102mdk.x86_64.rpm
e59c30459703a1143a6a5c2aa962fdeb x86_64/10.2/RPMS/MySQL-bench-4.1.11-1.6.102mdk.x86_64.rpm
921411f6d52933199902eae720bdfc4c x86_64/10.2/RPMS/MySQL-client-4.1.11-1.6.102mdk.x86_64.rpm
ee8319140b47877d3920a6f789f10076 x86_64/10.2/RPMS/MySQL-common-4.1.11-1.6.102mdk.x86_64.rpm
5ecce7afbba4fd0ddd9e36ef068cb007 x86_64/10.2/RPMS/MySQL-Max-4.1.11-1.6.102mdk.x86_64.rpm
7f30cc287096f0a28347b9a18454bdf8 x86_64/10.2/RPMS/MySQL-NDB-4.1.11-1.6.102mdk.x86_64.rpm
c3cd6a33370387b6b7ef26810d04ed5e x86_64/10.2/SRPMS/MySQL-4.1.11-1.6.102mdk.src.rpm

Mandriva Linux 2006.0:
bbad68193933b00b85f243e80280f954 2006.0/RPMS/libmysql14-4.1.12-4.3.20060mdk.i586.rpm
c8f89626e74f928e1f997d547ea9e5ff 2006.0/RPMS/libmysql14-devel-4.1.12-4.3.20060mdk.i586.rpm
7274a11988a77408823e0fef2375cc16 2006.0/RPMS/MySQL-4.1.12-4.3.20060mdk.i586.rpm
e63c7660cb86a3e0d3240d00a43e53a9 2006.0/RPMS/MySQL-bench-4.1.12-4.3.20060mdk.i586.rpm
aa902a285d22f9df2a33dc7d9490c3f7 2006.0/RPMS/MySQL-client-4.1.12-4.3.20060mdk.i586.rpm
633d3a283dd19ea2a51448b815ad53a9 2006.0/RPMS/MySQL-common-4.1.12-4.3.20060mdk.i586.rpm
96ce79cfbda19d2af7ba81de922561c1 2006.0/RPMS/MySQL-Max-4.1.12-4.3.20060mdk.i586.rpm
0e83d8f9db5f77d08a0c876befbe1a67 2006.0/RPMS/MySQL-NDB-4.1.12-4.3.20060mdk.i586.rpm
7e92a87a1fbe7b3dad96372a678a2c65 2006.0/SRPMS/MySQL-4.1.12-4.3.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
3abed6dfe1aff3e142effab7438f1813 x86_64/2006.0/RPMS/lib64mysql14-4.1.12-4.3.20060mdk.x86_64.rpm
d29d7cc058e7cd5af8068db37e2170e8 x86_64/2006.0/RPMS/lib64mysql14-devel-4.1.12-4.3.20060mdk.x86_64.rpm
4dd7efc9fcd7fd77cc6a5f4b9e2294f5 x86_64/2006.0/RPMS/MySQL-4.1.12-4.3.20060mdk.x86_64.rpm
7b2f19ea6fd61a972038ea79063167e3 x86_64/2006.0/RPMS/MySQL-bench-4.1.12-4.3.20060mdk.x86_64.rpm
434eaff2f79e6dcb6d4ad6ca7d538259 x86_64/2006.0/RPMS/MySQL-client-4.1.12-4.3.20060mdk.x86_64.rpm
49aa9dcfbe79d8a91ad6823d505f19ac x86_64/2006.0/RPMS/MySQL-common-4.1.12-4.3.20060mdk.x86_64.rpm
bfa5996ca7e57f071fcc4a2574883a8e x86_64/2006.0/RPMS/MySQL-Max-4.1.12-4.3.20060mdk.x86_64.rpm
9df2f30b72c53bd4be9c92b4146e5c79 x86_64/2006.0/RPMS/MySQL-NDB-4.1.12-4.3.20060mdk.x86_64.rpm
7e92a87a1fbe7b3dad96372a678a2c65 x86_64/2006.0/SRPMS/MySQL-4.1.12-4.3.20060mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver 0x22458A98

You can view other update advisories for Mandriva Linux at:

If you want to report vulnerabilities, please contact


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*>

Ubuntu Linux

Ubuntu Security Notice USN-304-1 June 26, 2006
gnupg vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.04:
gnupg 1.2.5-3ubuntu5.4

Ubuntu 5.10:
gnupg 1.4.1-1ubuntu1.3

Ubuntu 6.06 LTS:

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Evgeny Legerov discovered that GnuPG did not sufficiently check overly large user ID packets. Specially crafted user IDs caused a buffer overflow. By tricking an user or remote automated system into processing a malicous GnuPG message, an attacker could exploit this to crash GnuPG or possibly even execute arbitrary code.

Updated packages for Ubuntu 5.04:

Source archives:
      Size/MD5: 66657 258c3a5166f20a0859a3137a0154e661
      Size/MD5: 654 7d0e00dfc3d9c8008fa863ad082a8244
      Size/MD5: 3645308 9109ff94f7a502acd915a6e61d28d98a

amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5: 805972 eb80d914280ca0d14e518c2517303fca
      Size/MD5: 146410 b1fe302ef21bb1b2a861dca1648671c8

i386 architecture (x86 compatible Intel/AMD)
      Size/MD5: 750660 f7799aacd286de91cf1590d47f092fbf
      Size/MD5: 121398 d3908ec7b4a400c372a887ffff90cd5c

powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5: 806578 76656bbbce1e59dee14a07c4d06c9169
      Size/MD5: 135516 57192001042e37f1597cbe8d4cc96397

Updated packages for Ubuntu 5.10:

Source archives:
      Size/MD5: 21031 d2e00314a6319c80e40af374299b3cdb
      Size/MD5: 684 65b8ffc1c7f51d2920496eddadfb1236
      Size/MD5: 4059170 1cc77c6943baaa711222e954bbd785e5

amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5: 1136302 5b871cea504e1b520ac61ee0ace19452
      Size/MD5: 152178 97622cf5abc3f4923281d08536f816c0

i386 architecture (x86 compatible Intel/AMD)
      Size/MD5: 1044392 30c94fae4dbc994eed85d226b226a938
      Size/MD5: 130644 216ff1f2393a2dd5bf5c814a5f33ae9f

powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5: 1119498 67ad3b4a3254334e85bd659e24a65bea
      Size/MD5: 140162 38a01b4e3f447f6cd340d6d17b714180

sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5: 1064176 4e4e2671d46f266792d6693208bd5b34
      Size/MD5: 139584 9d840a2108b3d999e8b0ad620a262f69

Updated packages for Ubuntu 6.06 LTS:

Source archives:
      Size/MD5: 19943 a04a4bdf67d9e86d15c8b89312b455e5
      Size/MD5: 692 90847403acb4d359f8b75ad345985b9d
      Size/MD5: 4222685 50d8fd9c5715ff78b7db0e5f20d08550

amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5: 1066042 bb06afba5075ee71763b6391959cd074
      Size/MD5: 140274 3bfce59e90c5d356c743e0f7612ad2a6

i386 architecture (x86 compatible Intel/AMD)
      Size/MD5: 980840 4c677c20e0684b1271cc6606ab17a923
      Size/MD5: 120298 cb027ca2dac06902a764a40ca2f02fe4

powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5: 1053332 20b7f093e43c9b8ea71c4860d4d312ae
      Size/MD5: 130084 5035c386a599e112167cefd04964c911

sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5: 993688 3aaaa181b7a003539bda014a71296b72
      Size/MD5: 127372 0f86bc1b29af92d85382e4d7bee4129d