dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Advisories, September 4, 2006

Sep 05, 2006, 04:30 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 1165-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 1st, 2006 http://www.debian.org/security/faq


Package : capi4hylafax
Vulnerability : missing input sanitising
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-3126

Lionel Elie Mamane discovered a security vulnerability in capi4hylafax, tools for faxing over a CAPI 2.0 device, that allows remote attackers to execute arbitrary commands on the fax receiving system.

For the stable distribution (sarge) this problem has been fixed in version 01.02.03-10sarge2.

For the unstable distribution (sid) this problem has been fixed in version 01.03.00.99.svn.300-3.

We recommend that you upgrade your capi4hylafax package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03-10sarge2.dsc
      Size/MD5 checksum: 700 ed2b42302da19f397f54be5b6ab2c70d
    http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03-10sarge2.diff.gz
      Size/MD5 checksum: 233973 cb882036840592b6365e890ba2bef034
    http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03.orig.tar.gz
      Size/MD5 checksum: 400508 8236290d6b880ee7d5e2fe970648ad6f

Alpha architecture:

    http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03-10sarge2_alpha.deb
      Size/MD5 checksum: 269704 e89fb2126460ebf99fabd817ccc135e1

AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03-10sarge2_amd64.deb
      Size/MD5 checksum: 205810 4fbbb15d7c0b8fa9548f669756b04c36

ARM architecture:

    http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03-10sarge2_arm.deb
      Size/MD5 checksum: 210290 5c6e249abe28be123f35321175c0caea

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03-10sarge2_i386.deb
      Size/MD5 checksum: 202278 829c7e7f7aa7b51ea52aba913b84f6e9

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03-10sarge2_ia64.deb
      Size/MD5 checksum: 341896 020682a6d4bb63d083a05d961bddaaa8

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03-10sarge2_m68k.deb
      Size/MD5 checksum: 183464 42cddb1cc2295fd753b50a0f49e9a3f4

PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03-10sarge2_powerpc.deb
      Size/MD5 checksum: 213034 6ccc6390878b66462fc4b4c501521025

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03-10sarge2_sparc.deb
      Size/MD5 checksum: 206634 6d82ddf94cd42c355bc125d1d542a1e9

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 1166-1 security@debian.org
http://www.debian.org/security/ Steve Kemp
September 3rd, 2006 http://www.debian.org/security/faq


Package : cheesetracker
Vulnerability : buffer overflow
Problem-Type : local
Debian-specific: no
CVE ID : CVE-2006-3814
BugTraq ID : 20060723
Debian Bug : 380364

Luigi Auriemma discovered a buffer overflow in the loading component of cheesetracker, a sound module tracking program, which could allow a maliciously constructed input file to execute arbitary code.

For the stable distribution (sarge) this problem has been fixed in version 0.9.9-1sarge1.

For the unstable distribution (sid) this problem has been fixed in version 0.9.9-6.

We recommend that you upgrade your cheesetracker package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1.dsc
      Size/MD5 checksum: 659 94fe4cfb651e3fd373a79d8928b7c24c
    http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1.diff.gz
      Size/MD5 checksum: 14286 c3e831161af73cb234e5ccee329e90ae
    http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9.orig.tar.gz
      Size/MD5 checksum: 842246 d2cb55cd35eaaaef48454a5aad41a08d

Alpha architecture:

    http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_alpha.deb
      Size/MD5 checksum: 1138458 aa9cab8b149d4824c4f19ef8f89f2200

AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_amd64.deb
      Size/MD5 checksum: 929228 67b42bf5ca9b7b7c230bb21a5ec3942d

ARM architecture:

    http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_arm.deb
      Size/MD5 checksum: 1159110 04e55102d781a572aa1e091a75c7c615

HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_hppa.deb
      Size/MD5 checksum: 1248130 547aa7324369bb2572d28558a418bd6f

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_i386.deb
      Size/MD5 checksum: 904204 286d04ae0c9893c894b67d2336e9aae9

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_ia64.deb
      Size/MD5 checksum: 1292230 d6e5e7d89f45509cccb1a51498629bdf

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_m68k.deb
      Size/MD5 checksum: 977470 6287cf1f532affc53921547dd9b9a6a4

PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_powerpc.deb
      Size/MD5 checksum: 968684 839f5a35fe36eb2f12627d5b9e6bbd8b

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_s390.deb
      Size/MD5 checksum: 871530 9b6f802a60f568a537d7f6e40f15e4da

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_sparc.deb
      Size/MD5 checksum: 975272 c0cc12c0095961806788d1871acbbf54

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 1167-1 security@debian.org
http://www.debian.org/security/ Steve Kemp
September 4th, 2005 http://www.debian.org/security/faq


Package : apache
Vulnerability : missing input sanitising
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-3918 CVE-2005-3352
Debian Bug : 381381 343466

Several remote vulnerabilities have been discovered in the Apache, the worlds most popular webserver, which may lead to the execution of arbitrary web script. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2005-3352

A cross-site scripting (XSS) flaw exists in the mod_imap component of the Apache server.

CVE-2006-3918

Apache does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks.

For the stable distribution (sarge) these problems have been fixed in version 1.3.33-6sarge3.

For the unstable distribution (sid) these problems have been fixed in version 1.3.34-3.

We recommend that you upgrade your apache package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3.dsc
      Size/MD5 checksum: 1119 38df6fe54a784dfcbf3e1510e099865e
    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3.diff.gz
      Size/MD5 checksum: 373584 2af62cfb3d6523134bf52d32567d396a
    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33.orig.tar.gz
      Size/MD5 checksum: 3105683 1a34f13302878a8713a2ac760d9b6da8

Architecture independent components:

    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.33-6sarge3_all.deb
      Size/MD5 checksum: 334696 494bae0fb839c498146119864a215a45
    http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.33-6sarge3_all.deb
      Size/MD5 checksum: 1333060 d580b14b6d0dcd625d2e5d8cd052e172
    http://security.debian.org/pool/updates/main/a/apache/apache-utils_1.3.33-6sarge3_all.deb
      Size/MD5 checksum: 212750 62b603132ddffa8f1d209e25efaf710b

Alpha architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_alpha.deb
      Size/MD5 checksum: 428394 f046f50e83b2001911b075426a00496e
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_alpha.deb
      Size/MD5 checksum: 904410 11ab4e174f28b2ad55a4b8fe9164ec70
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_alpha.deb
      Size/MD5 checksum: 9223374 18af7b52030a8235808f758c9adc2233
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_alpha.deb
      Size/MD5 checksum: 569796 3df0cdde9f4293b732b00535e288638d
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_alpha.deb
      Size/MD5 checksum: 542832 a76d1fe52c6c7b604a4406b09b553dfb
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_alpha.deb
      Size/MD5 checksum: 505212 cd448b4a36c588e832fb3450ee568383

AMD64 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_amd64.deb
      Size/MD5 checksum: 401596 25172b26459154f43f6d6a30ca984223
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_amd64.deb
      Size/MD5 checksum: 876800 90566c369fb5bd3aef95cb1a982c4673
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_amd64.deb
      Size/MD5 checksum: 9163050 0039650aceb91734f4d28d71ed03b0b7
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_amd64.deb
      Size/MD5 checksum: 524552 974a82bc6cad36fceca1beb7e6e8a751
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_amd64.deb
      Size/MD5 checksum: 513922 cee41d6c34a440aa2641c6298afaec78
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_amd64.deb
      Size/MD5 checksum: 492634 a42522ddd4b1b0df67c214fe8fe30702

ARM architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_arm.deb
      Size/MD5 checksum: 384426 562d9db8c2d0c08e8ef3a5ac3c066991
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_arm.deb
      Size/MD5 checksum: 841502 b59f5bd9cd60afad9511e8d32234b605
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_arm.deb
      Size/MD5 checksum: 8986156 f297c94b1571043f0758a114f4cffacb
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_arm.deb
      Size/MD5 checksum: 496134 3b1126c47884892ab32dabd4ee7fa724
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_arm.deb
      Size/MD5 checksum: 489830 06f770b97e273e91684b90b98cb9416c
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_arm.deb
      Size/MD5 checksum: 479416 e1de8c552383fab6a73a2a2a33033392

HP Precision architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_hppa.deb
      Size/MD5 checksum: 406792 500ae39ef6507daec78c6cb98fc5fa6b
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_hppa.deb
      Size/MD5 checksum: 905596 ba4e1b726c573a28cabe4f192ec47a7e
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_hppa.deb
      Size/MD5 checksum: 9100666 3afce64bfeb0d49d87acbebfad937aa2
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_hppa.deb
      Size/MD5 checksum: 536310 0ed71b8af8923bbe73743f87a5b0d15d
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_hppa.deb
      Size/MD5 checksum: 518938 f60b6a4fe07eddc4ae9ad2907e9a10de
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_hppa.deb
      Size/MD5 checksum: 508866 e7166be9bedc95e600b8e6f99c6a0773

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_i386.deb
      Size/MD5 checksum: 386824 316be5f99dbce3d7a99b423bf6aad4f0
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_i386.deb
      Size/MD5 checksum: 860258 a5739eae75197bcdfefb3f88357046fa
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_i386.deb
      Size/MD5 checksum: 9125070 44dac7aa9af92c2d35805600d9942f56
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_i386.deb
      Size/MD5 checksum: 505036 d3507dbad7cc29b5d5f48838d37788f2
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_i386.deb
      Size/MD5 checksum: 493906 6cddd1409210e44d146e562437fe9b0e
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_i386.deb
      Size/MD5 checksum: 486920 7a4ebd8d698d8b27d86cde501b2e37ea

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_ia64.deb
      Size/MD5 checksum: 463582 d6727fb64033b7e9e5fec02c99ddccb4
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_ia64.deb
      Size/MD5 checksum: 972070 993bc5598b3f8d3b323d7142f0af068a
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_ia64.deb
      Size/MD5 checksum: 9356472 4f04357801f9adf640b923ba55141d06
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_ia64.deb
      Size/MD5 checksum: 627670 67723ecb16c6354f9917cfb2994688ce
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_ia64.deb
      Size/MD5 checksum: 586218 9d531536098a6132db6e5e55c8c61f7d
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_ia64.deb
      Size/MD5 checksum: 532970 2b4d80404ec866768b13eea9cccba0c8

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_m68k.deb
      Size/MD5 checksum: 371224 11e27383df4c492e780b602b5a691177
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_m68k.deb
      Size/MD5 checksum: 847290 bda6118d92b6f4266a68e5c769915d77
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_m68k.deb
      Size/MD5 checksum: 8973936 d5f3af955891e755a6f82ad2ddc4251f
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_m68k.deb
      Size/MD5 checksum: 448792 7cc02085c7a8854f7f99bf0486db8ef1
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_m68k.deb
      Size/MD5 checksum: 477488 9f1961a7b2298f33ca700f65b598a575
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_m68k.deb
      Size/MD5 checksum: 489430 2db034e4701a55c718919dad83f2c570

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_mips.deb
      Size/MD5 checksum: 403474 c2078bea81d4674b94cc6928c818d91f
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_mips.deb
      Size/MD5 checksum: 851594 7adcef101424558b208e458a7f26e5bb
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_mips.deb
      Size/MD5 checksum: 9049020 ad184b1edc27be6777add8a2dcee59bb
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_mips.deb
      Size/MD5 checksum: 485348 b067dad315f0eb43e35ef310ffcd8f11
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_mips.deb
      Size/MD5 checksum: 510036 11237943a107b9e5aab03b164946f192
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_mips.deb
      Size/MD5 checksum: 443674 cb61d4a7fb04bdfb149e91e6f162e3a5

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_mipsel.deb
      Size/MD5 checksum: 403812 544f672fc2fcc2386f0dfc52270370c2
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_mipsel.deb
      Size/MD5 checksum: 850096 1c86bed17e26ab9a0d7fabde05f54496
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_mipsel.deb
      Size/MD5 checksum: 9054440 6dfa3da28646f6ef2cda58e6583bd42a
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_mipsel.deb
      Size/MD5 checksum: 485576 1e22bdda682380f75e383ef6daa9810d
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_mipsel.deb
      Size/MD5 checksum: 510906 e8cc83ab983be776b2b8d5efa966cc93
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_mipsel.deb
      Size/MD5 checksum: 443550 df9c83e96b60d05415de5e7437c85c4d

PowerPC architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_powerpc.deb
      Size/MD5 checksum: 398792 fde3379aa1722e4928b0dcebacde8cd3
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_powerpc.deb
      Size/MD5 checksum: 921430 1752e1761d599f75bec0a5440a0c5000
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_powerpc.deb
      Size/MD5 checksum: 9252778 6598265b624c8081d067b51a4a2bd7b2
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_powerpc.deb
      Size/MD5 checksum: 515538 bed60fc9b7535fb76df1dc47b3b75d31
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_powerpc.deb
      Size/MD5 checksum: 510564 c6d6fa3c927fba3205d4d8cd7255f946
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_powerpc.deb
      Size/MD5 checksum: 490806 bd21c1a2c18c159f9be20147bd56a033

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_s390.deb
      Size/MD5 checksum: 403296 cdb74b97915f5bba992d43aa5072bf69
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_s390.deb
      Size/MD5 checksum: 868460 0af306030af56192e6a4a0ddbc857fbd
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_s390.deb
      Size/MD5 checksum: 9183208 92aa1ac6e882540971f228ccb7b8581e
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_s390.deb
      Size/MD5 checksum: 490244 d70328a7357a3f0d0f4750ac44f14b7a
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_s390.deb
      Size/MD5 checksum: 514702 ceb61f369cccf94aa44aa43675eaf715
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_s390.deb
      Size/MD5 checksum: 460598 505caef969194a36e151a2ad11436c09

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_sparc.deb
      Size/MD5 checksum: 385712 1b7269518bb8477b617e80e4441e346c
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_sparc.deb
      Size/MD5 checksum: 849494 119987a73dc8781ba2f11db3b38fa32d
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_sparc.deb
      Size/MD5 checksum: 9046496 53bb97f85c73563d247165532dac13c5
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_sparc.deb
      Size/MD5 checksum: 504378 ca133fd06dd62da415ef8382453cf657
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_sparc.deb
      Size/MD5 checksum: 492194 b97d2a3cd2d95a8b77dc9ab54f52bd13
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_sparc.deb
      Size/MD5 checksum: 490386 1dca7784debdba341f27d1b388bb0eb2

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 1168-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
September 4th, 2006 http://www.debian.org/security/faq


Package : imagemagick
Vulnerability : several
Problem-Type : local(remote)
Debian-specific: no
CVE ID : CVE-2006-2440 CVE-2006-3743 CVE-2006-3744
Debian Bug : 345595

Several remote vulnerabilities have been discovered in Imagemagick, a collection of image manipulation tools, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-2440

Eero Høkkinen discovered that the display tool allocates insufficient memory for globbing patterns, which might lead to a buffer overflow.

CVE-2006-3743

Tavis Ormandy from the Google Security Team discovered that the Sun bitmap decoder performs insufficient input sanitising, which might lead to buffer overflows and the execution of arbitrary code.

CVE-2006-3744

Tavis Ormandy from the Google Security Team discovered that the XCF image decoder performs insufficient input sanitising, which might lead to buffer overflows and the execution of arbitrary code.

For the stable distribution (sarge) these problems have been fixed in version 6:6.0.6.2-2.7.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your imagemagick packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7.dsc
      Size/MD5 checksum: 881 5f4679e6227198748235d9568723bed8
    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7.diff.gz
      Size/MD5 checksum: 139850 5b2a96c4b4b33911aad3554e62ff6ead
    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2.orig.tar.gz
      Size/MD5 checksum: 6824001 477a361ba0154cc2423726fab4a3f57c

Alpha architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_alpha.deb
      Size/MD5 checksum: 1469458 4b7e270543c1cba6ef911d0b57f528bd
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_alpha.deb
      Size/MD5 checksum: 173642 e89b1ac6389af3c3654c92ef04f71236
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_alpha.deb
      Size/MD5 checksum: 288440 9c890a22da5b3108e1e79986b8f3f9d7
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_alpha.deb
      Size/MD5 checksum: 1284480 b46ddf341c60bd3b56a74c30bc18b4b3
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_alpha.deb
      Size/MD5 checksum: 2203472 a8dd1051aac2733bd0af5e8fd49023fb
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_alpha.deb
      Size/MD5 checksum: 143624 a57deca01aad6b87c7c84e2b8a14b24c

AMD64 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_amd64.deb
      Size/MD5 checksum: 1465964 d731dd65e03575fe951f346c270a6c47
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_amd64.deb
      Size/MD5 checksum: 163296 5dfd5471d9e8857847afa0d50765df35
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_amd64.deb
      Size/MD5 checksum: 228512 c0a5d774b8b597e7d63c077a43e350c6
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_amd64.deb
      Size/MD5 checksum: 1194568 4d948195b97c8f2dfe56a1cf6b482991
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_amd64.deb
      Size/MD5 checksum: 1549604 024c88129c756946fed8ee1d864e33cf
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_amd64.deb
      Size/MD5 checksum: 231526 587b1beb498fc92d0b8ff76f5a35bdf9

ARM architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_arm.deb
      Size/MD5 checksum: 1465884 bdd4e36a48a0e9a565dab28fba2d7fa1
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_arm.deb
      Size/MD5 checksum: 149044 08f5af4cfd20733853cc170e3740a5a0
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_arm.deb
      Size/MD5 checksum: 234434 ee66b8b8e350f66e2292f04187e3c95c
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_arm.deb
      Size/MD5 checksum: 1204024 98632b2822a85c4754fa57a4ef518e86
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_arm.deb
      Size/MD5 checksum: 1646990 d4bcb1b567ffa09b73a2c68614ba358c
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_arm.deb
      Size/MD5 checksum: 230240 fc8a8fe47b515072aac332ad79e87cfd

HP Precision architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_hppa.deb
      Size/MD5 checksum: 1468036 4da528a607d18caad31a4534b872498e
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_hppa.deb
      Size/MD5 checksum: 181886 75a2bb4d8f9121695dea5d1395bc4d4d
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_hppa.deb
      Size/MD5 checksum: 273540 c91370290615180e7ee8256b036b88b9
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_hppa.deb
      Size/MD5 checksum: 1403916 027763e00e9fe27a40d3a031c89ed66f
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_hppa.deb
      Size/MD5 checksum: 1827124 6cdc0bb8859935f3236c8894892fee6d
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_hppa.deb
      Size/MD5 checksum: 243534 7fef0d62b4bd54dae3508ab234885cbc

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_i386.deb
      Size/MD5 checksum: 1465818 06d21a526f3c7f2296ff7e44cb8a98ef
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_i386.deb
      Size/MD5 checksum: 164226 8c28e623a546df89295f5de93fcb4989
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_i386.deb
      Size/MD5 checksum: 208680 02c986fb33cf8ebfe92605dd6eceb3dd
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_i386.deb
      Size/MD5 checksum: 1171644 dda01d8a91f2c0d94011c7bae98d07e1
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_i386.deb
      Size/MD5 checksum: 1506700 19e58632b0eac9882d55a27e68fe97a7
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_i386.deb
      Size/MD5 checksum: 233688 076aa5e15bafcc81ff8935ae3f3f2bcc

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_ia64.deb
      Size/MD5 checksum: 1468256 b095d99f1f20f574d126231bc86d47ed
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_ia64.deb
      Size/MD5 checksum: 187928 315c8f19d9de2880e6e3925949e64009
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_ia64.deb
      Size/MD5 checksum: 295760 81309e0aa4ee6fec3a013ea422d09252
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_ia64.deb
      Size/MD5 checksum: 1604778 1311def07d07f8f218730dc592d936b5
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_ia64.deb
      Size/MD5 checksum: 2131646 7670599c9d1fd4f40f427a54343a61c1
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_ia64.deb
      Size/MD5 checksum: 273216 30dc5ab1b25e101211b7b877fecfc91c

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_m68k.deb
      Size/MD5 checksum: 1465838 f28fe7f4854ea9ac33624fe28a9eeb99
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_m68k.deb
      Size/MD5 checksum: 159628 5c6cfce3833e5f72bc4ea4b67b44ddc9
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_m68k.deb
      Size/MD5 checksum: 210424 06aba656e3adacb2edba8a9b46924131
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_m68k.deb
      Size/MD5 checksum: 1072262 6c0ea79df42c7f85982fcb8ffdd3d424
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_m68k.deb
      Size/MD5 checksum: 1287984 97c8589da25738b8db5d0aa8276038ce
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_m68k.deb
      Size/MD5 checksum: 226664 6821aa6e592122ae948669d91daa19e1

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_mips.deb
      Size/MD5 checksum: 1489988 90f02f37f1fc359c311e6608a8b9e773
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_mips.deb
      Size/MD5 checksum: 155234 8d20bbf6bc2db0a380d430eaf4e2ac44
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_mips.deb
      Size/MD5 checksum: 254482 173a83133ca983ee808f903c405b00e2
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_mips.deb
      Size/MD5 checksum: 1118906 048767a15ff7b77d3464eb43810b9bc5
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_mips.deb
      Size/MD5 checksum: 1703880 d7dcbe48dfbf7bdae48d41fae20a83ff
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_mips.deb
      Size/MD5 checksum: 131050 e154d6146014c2eb7d7d85ff04581f56

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.