dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Advisories: October 31, 2006

Nov 01, 2006, 04:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 1201-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
October 31st, 2006 http://www.debian.org/security/faq


Package : ethereal
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-4574 CVE-2006-4805
Debian Bug : 396258

Several remote vulnerabilities have been discovered in the Ethereal network scanner. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2005-4574

It was discovered that the MIME multipart dissector is vulnerable to denial of service caused by an off-by-one overflow.

CVE-2006-4805

It was discovered that the XOT dissector is vulnerable to denial of service caused by memory corruption.

For the stable distribution (sarge) these problems have been fixed in version 0.10.10-2sarge9. Due to technical problems with the security buildd infrastructure this update lacks builds for the hppa and sparc architecture. They will be released as soon as the problems are resolved.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your ethereal packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9.dsc
      Size/MD5 checksum: 855 4111fa99ac63f549e0ed3e2db668e542
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9.diff.gz
      Size/MD5 checksum: 178221 6566de4d9fc112f25f6bfaf45ad77faa
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz
      Size/MD5 checksum: 7411510 e6b74468412c17bb66cd459bfb61471c

Alpha architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_alpha.deb
      Size/MD5 checksum: 543092 c89ff6f8bdc7e6f7eb2650d5076f03e6
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_alpha.deb
      Size/MD5 checksum: 5476386 e2a8e648f15a347d05f5e5cd624edb4c
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_alpha.deb
      Size/MD5 checksum: 154592 5e0d5c37c0cc589d05d6e748e51e03ea
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_alpha.deb
      Size/MD5 checksum: 106306 f23e0e55dc96d7bdcb0fb95cdfba5548

AMD64 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_amd64.deb
      Size/MD5 checksum: 486550 ffd006375c90a4d059af7a024188776e
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_amd64.deb
      Size/MD5 checksum: 5334530 341c8645167abbae9ae6147b83649edb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_amd64.deb
      Size/MD5 checksum: 154598 b1d1d14d3d41120c1c5c65ce89f08ab2
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_amd64.deb
      Size/MD5 checksum: 99588 fdf5d3d8677e03c3edf2cfff04fba4ec

ARM architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_arm.deb
      Size/MD5 checksum: 473062 9a901ea673c269ccbf41ecdff1df53dd
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_arm.deb
      Size/MD5 checksum: 4688102 09120393788e912b7ac18182b09fcd2e
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_arm.deb
      Size/MD5 checksum: 154596 e539e5c413c0c39957c0abb9b34c9cfb
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_arm.deb
      Size/MD5 checksum: 95664 2131328ee58a900aedf3766ddbbfc98e

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_i386.deb
      Size/MD5 checksum: 443698 7693be67596d17632cf4723f8a54d047
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_i386.deb
      Size/MD5 checksum: 4529248 0139a1d19b4957c004df779e38a24a59
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_i386.deb
      Size/MD5 checksum: 154592 9c0525063d401ee054b27ce38d634e33
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_i386.deb
      Size/MD5 checksum: 90942 96abf559fb9430b1692d2d90a66ecc5c

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_ia64.deb
      Size/MD5 checksum: 674472 4abd34b813b05e024043da18bb3e402c
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_ia64.deb
      Size/MD5 checksum: 6630134 99f54db4831942d42296ab0a95342478
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_ia64.deb
      Size/MD5 checksum: 154594 97f03089c5a2f20ba38344f6cec55b30
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_ia64.deb
      Size/MD5 checksum: 129198 1112f7607579fcd8b9ca08f71343f634

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_m68k.deb
      Size/MD5 checksum: 447802 232f5842aa0e6adb46d20a7bb185f96d
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_m68k.deb
      Size/MD5 checksum: 5565136 fb513962f4e20d66c623a73b5ee9e885
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_m68k.deb
      Size/MD5 checksum: 154662 a3b9b1d5863b3aa898f0cc99c1cd6698
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_m68k.deb
      Size/MD5 checksum: 90952 dd7d57c87b84651cf379e89001605323

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_mips.deb
      Size/MD5 checksum: 462804 d4684b24816cc54d47cfad4ce32bd0b5
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_mips.deb
      Size/MD5 checksum: 4723362 7656bd956876056e532df9ecaec97471
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_mips.deb
      Size/MD5 checksum: 154588 8645620716b8d688475fd2ca631ab986
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_mips.deb
      Size/MD5 checksum: 94788 40066b71cfc3a122453e130e537c2302

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_mipsel.deb
      Size/MD5 checksum: 458076 1ac138ade7fd91253806ae4d8480154b
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_mipsel.deb
      Size/MD5 checksum: 4460986 7e9ca725df417dae65208e865ea329d6
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_mipsel.deb
      Size/MD5 checksum: 154606 ce8c4b32631676bc7817c3f4dfa5f6ca
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_mipsel.deb
      Size/MD5 checksum: 94696 d9525ded73ae609c0dc7672f1279626a

PowerPC architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_powerpc.deb
      Size/MD5 checksum: 455752 8e5806f6f6a86f8b066c6366fbdaacfe
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_powerpc.deb
      Size/MD5 checksum: 5067972 c832d4ee9e201fffe698c4e5e8c064d6
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_powerpc.deb
      Size/MD5 checksum: 154602 ec05dd9cb9fda2cb532fc4a02b73870d
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_powerpc.deb
      Size/MD5 checksum: 94360 811445845ed5bc677c68597f4dc57553

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_s390.deb
      Size/MD5 checksum: 479716 1f9523a1563752c8b3f3ae3b77ee9e15
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_s390.deb
      Size/MD5 checksum: 5621732 36e4ce1ddaf99edf598933bc8af19c7b
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_s390.deb
      Size/MD5 checksum: 154590 5b08647010fc5275a27ded68e63d4859
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_s390.deb
      Size/MD5 checksum: 99946 93cb4151f77499728d2734c64a04f8c2

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 1202-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
October 31st, 2006 http://www.debian.org/security/faq


Package : screen
Vulnerability : programming error
Problem-Type : local(remote)
Debian-specific: no
CVE ID : CVE-2006-4573
Debian Bug : 395225 395999

"cstone" and Rich Felker discovered that specially crafted UTF-8 sequences may lead an out of bands memory write when displayed inside the screen terminal multiplexer, allowing denial of service and potentially the execution of arbitrary code.

For the stable distribution (sarge) this problem has been fixed in version 4.0.2-4.1sarge1. Due to technical problems with the security buildd infrastructure this update lacks a build for the Sun Sparc architecture. It will be released as soon as the problems are resolved.

For the unstable distribution (sid) this problem has been fixed in version 4.0.3-0.1.

We recommend that you upgrade your screen package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1.dsc
      Size/MD5 checksum: 636 e49dbc2f884aef5f5be87ee4e81c3d83
    http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1.diff.gz
      Size/MD5 checksum: 33782 659bf15bbbb31817ebad9372c8827618
    http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2.orig.tar.gz
      Size/MD5 checksum: 840519 ed68ea9b43d9fba0972cb017a24940a1

Alpha architecture:

    http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_alpha.deb
      Size/MD5 checksum: 629958 ed0ff830958e515c4cfe7578c3cbd43b

AMD64 architecture:

    http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_amd64.deb
      Size/MD5 checksum: 599552 c6b981d25812347be756677294dbb91e

ARM architecture:

    http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_arm.deb
      Size/MD5 checksum: 588386 a6a0e9b44c193c70207977a0a850a33c

HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_hppa.deb
      Size/MD5 checksum: 605298 312f40458406384986d369c69fec651f

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_i386.deb
      Size/MD5 checksum: 581822 0d04f818e84bba320ae7af77463a83f3

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_ia64.deb
      Size/MD5 checksum: 682540 f1ffda25938b5e08e80ed581a24a0311

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_m68k.deb
      Size/MD5 checksum: 560314 693600b1df1c4a87f281365a1102d780

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_mips.deb
      Size/MD5 checksum: 603124 4eb62645164745cbb946539e0c11af7c

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_mipsel.deb
      Size/MD5 checksum: 603336 8225a911fb5206aefafc8bd16813ce48

PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_powerpc.deb
      Size/MD5 checksum: 593248 8fab93a81f23a478171c8dab6b21bc78

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_s390.deb
      Size/MD5 checksum: 597560 5bb4d6445f7e433f8adab4b33e9e51fc

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Mandriva Linux


Mandriva Linux Security Advisory MDKSA-2006:193
http://www.mandriva.com/security/


Package : ImageMagick
Date : October 30, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0


Problem Description:

Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c.

Updated packages have been patched to correct these issues.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456


Updated Packages:

Mandriva Linux 2006.0:
9cff2af0f77ac36aa384c7c4514f36f0 2006.0/i586/ImageMagick-6.2.4.3-1.3.20060mdk.i586.rpm
8405ecc145ef62333e6b4e786c3c140e 2006.0/i586/ImageMagick-doc-6.2.4.3-1.3.20060mdk.i586.rpm
296450899da34bbde2d56e5259686d96 2006.0/i586/libMagick8.4.2-6.2.4.3-1.3.20060mdk.i586.rpm
bc576e4aa2425b60d38c97d783c982c0 2006.0/i586/libMagick8.4.2-devel-6.2.4.3-1.3.20060mdk.i586.rpm
2154b0021e296482ea3e3d8880559dcb 2006.0/i586/perl-Image-Magick-6.2.4.3-1.3.20060mdk.i586.rpm
5302895646e0bccbe9c0c5c1f4e11cec 2006.0/SRPMS/ImageMagick-6.2.4.3-1.3.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
37c26759a68c17030f75043060cfc2b4 2006.0/x86_64/ImageMagick-6.2.4.3-1.3.20060mdk.x86_64.rpm
4f88d24083c634afe7860e24075151ca 2006.0/x86_64/ImageMagick-doc-6.2.4.3-1.3.20060mdk.x86_64.rpm
274785820d8543a27aa254ff6a086ef2 2006.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.3.20060mdk.x86_64.rpm
02a7e7432374fcb5ace201bab9a6e1d7 2006.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.3.20060mdk.x86_64.rpm
ac8846ce3a292e4b1ffc791c10a20a74 2006.0/x86_64/perl-Image-Magick-6.2.4.3-1.3.20060mdk.x86_64.rpm
5302895646e0bccbe9c0c5c1f4e11cec 2006.0/SRPMS/ImageMagick-6.2.4.3-1.3.20060mdk.src.rpm

Mandriva Linux 2007.0:
259fc249b1dbbf6c58257b6908532140 2007.0/i586/ImageMagick-6.2.9.2-1.1mdv2007.0.i586.rpm
c8ff934b06f802278f7bcd3c9d3bab96 2007.0/i586/ImageMagick-doc-6.2.9.2-1.1mdv2007.0.i586.rpm
b72caa9c374ca69892255cddc521b073 2007.0/i586/libMagick10.4.0-6.2.9.2-1.1mdv2007.0.i586.rpm
0a6d767cf14550aa8a20215e01873272 2007.0/i586/libMagick10.4.0-devel-6.2.9.2-1.1mdv2007.0.i586.rpm
259991496195ecf4e7d75cc96f4f4235 2007.0/i586/perl-Image-Magick-6.2.9.2-1.1mdv2007.0.i586.rpm
5db799ea7e3150a4d124cc8468418163 2007.0/SRPMS/ImageMagick-6.2.9.2-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
5957de896d84e071fc73e32d184b9ff5 2007.0/x86_64/ImageMagick-6.2.9.2-1.1mdv2007.0.x86_64.rpm
2b91a2815b70a243f99b88c62664b5dc 2007.0/x86_64/ImageMagick-doc-6.2.9.2-1.1mdv2007.0.x86_64.rpm
92b14592306acfab456d2b6fe0c335cd 2007.0/x86_64/lib64Magick10.4.0-6.2.9.2-1.1mdv2007.0.x86_64.rpm
779dd5bf3491a3a3fffcbe542e761d79 2007.0/x86_64/lib64Magick10.4.0-devel-6.2.9.2-1.1mdv2007.0.x86_64.rpm
173459bbde013ce76a500b3316cac9eb 2007.0/x86_64/perl-Image-Magick-6.2.9.2-1.1mdv2007.0.x86_64.rpm
5db799ea7e3150a4d124cc8468418163 2007.0/SRPMS/ImageMagick-6.2.9.2-1.1mdv2007.0.src.rpm

Corporate 3.0:
3c3e93caa3752c6a83bf258a7c13f3dc corporate/3.0/i586/ImageMagick-5.5.7.15-6.8.C30mdk.i586.rpm
280341a8df9e0505ab906e8da7ad0558 corporate/3.0/i586/ImageMagick-doc-5.5.7.15-6.8.C30mdk.i586.rpm
650c884639355e492ee879a7cfbddbc7 corporate/3.0/i586/libMagick5.5.7-5.5.7.15-6.8.C30mdk.i586.rpm
13ccb4cb86f566cd0c811109a9dc0dd1 corporate/3.0/i586/libMagick5.5.7-devel-5.5.7.15-6.8.C30mdk.i586.rpm
48035e977de33e09b908a3f512f94e72 corporate/3.0/i586/perl-Magick-5.5.7.15-6.8.C30mdk.i586.rpm
c7894af769352505f059b0e16b9a34cc corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.8.C30mdk.src.rpm

Corporate 3.0/X86_64:
a096885d2bcaa9820c17e1a4dd71b5e3 corporate/3.0/x86_64/ImageMagick-5.5.7.15-6.8.C30mdk.x86_64.rpm
77d7216b6c3c92802470c929bf3fadc1 corporate/3.0/x86_64/ImageMagick-doc-5.5.7.15-6.8.C30mdk.x86_64.rpm
b8831dbe0e86ef1d86219c6d9e66f62e corporate/3.0/x86_64/lib64Magick5.5.7-5.5.7.15-6.8.C30mdk.x86_64.rpm
e86dd59f34359230ea5fc7b58cb2a59e corporate/3.0/x86_64/lib64Magick5.5.7-devel-5.5.7.15-6.8.C30mdk.x86_64.rpm
a6d2ee48d4c91ba79b31d26b5f1e83b4 corporate/3.0/x86_64/perl-Magick-5.5.7.15-6.8.C30mdk.x86_64.rpm
c7894af769352505f059b0e16b9a34cc corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.8.C30mdk.src.rpm

Corporate 4.0:
44b50bffc31a13fa724e923e407e5704 corporate/4.0/i586/ImageMagick-6.2.4.3-1.3.20060mlcs4.i586.rpm
5efe5a1942bed2207adf2d3b2c36e46b corporate/4.0/i586/ImageMagick-doc-6.2.4.3-1.3.20060mlcs4.i586.rpm
558d6f229a8fe1748bbded9e768810e7 corporate/4.0/i586/libMagick8.4.2-6.2.4.3-1.3.20060mlcs4.i586.rpm
ebe94e9238780355631db170fc2aaaad corporate/4.0/i586/libMagick8.4.2-devel-6.2.4.3-1.3.20060mlcs4.i586.rpm
fc13aa3e6ecfc36940080b9da42950a3 corporate/4.0/i586/perl-Image-Magick-6.2.4.3-1.3.20060mlcs4.i586.rpm
343443bbd8220c90bb032d524f63e503 corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
670292a2b380dd9fdc7643f13a9e3599 corporate/4.0/x86_64/ImageMagick-6.2.4.3-1.3.20060mlcs4.x86_64.rpm
decb45c0eada9bd5c51426b798ecc95e corporate/4.0/x86_64/ImageMagick-doc-6.2.4.3-1.3.20060mlcs4.x86_64.rpm
3ceb638aef243a6e9c3a26cc33809f0b corporate/4.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.3.20060mlcs4.x86_64.rpm
6c4535cf487832fbed1e37ff9cd225a7 corporate/4.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.3.20060mlcs4.x86_64.rpm
3987e468326d5a5d647312e8da336b09 corporate/4.0/x86_64/perl-Image-Magick-6.2.4.3-1.3.20060mlcs4.x86_64.rpm
343443bbd8220c90bb032d524f63e503 corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.3.20060mlcs4.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Advisory MDKSA-2006:194
http://www.mandriva.com/security/


Package : postgresql
Date : October 30, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0


Problem Description:

A vulnerability in PostgreSQL 8.1.x allowed remote authenticated users to cause a Denial of Service (daemon crash) via certain aggregate functions in an UPDATE statement which were not handled correctly (CVE-2006-5540).

Another DoS issue in PostgreSQL 7.4.x, 8.0.x, and 8.1.x allowed remote authenticated users to crash the daemon via a coercion of an unknown element to ANYARRAY (CVE-2006-5541).

Finally, another vulnerability in 8.1.x could allow a remote authenticated user to cause a DoS related to duration logging of V3-protocol Execute message for COMMIT and ROLLBACK statements (CVE-2006-5542).

This updated provides the latest 8.0.x and 8.1.x PostgreSQL versions and patches the version of PostgreSQL shipped with Corporate 3.0.

After installing this upgrade, you will need to execute "service postgresql restart" for it to take effect.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5542


Updated Packages:

Mandriva Linux 2006.0:
1fb571748d2c90bd15e3cd8fd8f2ce44 2006.0/i586/libecpg5-8.0.9-0.1.20060mdk.i586.rpm
ed4f5712c8981cad55401043600820cf 2006.0/i586/libecpg5-devel-8.0.9-0.1.20060mdk.i586.rpm
0466a77d44a3b0dadd9c4f3e50339eb5 2006.0/i586/libpq4-8.0.9-0.1.20060mdk.i586.rpm
1149c289545be7a75d702665672d5191 2006.0/i586/libpq4-devel-8.0.9-0.1.20060mdk.i586.rpm
01bf40cba5982c032fe7c30890ea4ba3 2006.0/i586/postgresql-8.0.9-0.1.20060mdk.i586.rpm
43b86ce619e0e838dabe50a4db0de4b5 2006.0/i586/postgresql-contrib-8.0.9-0.1.20060mdk.i586.rpm
d04bbd08d8a46211738e8ce6f1bf4e32 2006.0/i586/postgresql-devel-8.0.9-0.1.20060mdk.i586.rpm
0ca91af936b21233550407b77a062d17 2006.0/i586/postgresql-docs-8.0.9-0.1.20060mdk.i586.rpm
9d7db675ef8020751378eddff8472940 2006.0/i586/postgresql-jdbc-8.0.9-0.1.20060mdk.i586.rpm
8b02452736d9b74b563f859f14427f26 2006.0/i586/postgresql-pl-8.0.9-0.1.20060mdk.i586.rpm
d6044790a99203e54f036bd81b236bb6 2006.0/i586/postgresql-plperl-8.0.9-0.1.20060mdk.i586.rpm
2fda8e8a6fa08089aac4b0862b68553b 2006.0/i586/postgresql-plpgsql-8.0.9-0.1.20060mdk.i586.rpm
eff79cf24be0c26d58ee2995b12bb130 2006.0/i586/postgresql-plpython-8.0.9-0.1.20060mdk.i586.rpm
fd72f96206ef85c1b55488bb68462408 2006.0/i586/postgresql-pltcl-8.0.9-0.1.20060mdk.i586.rpm
f5904aecf7f0eaf88d5ec7cf80a910da 2006.0/i586/postgresql-server-8.0.9-0.1.20060mdk.i586.rpm
1477b09a635ca665aef8ba43d6ee5c2e 2006.0/i586/postgresql-test-8.0.9-0.1.20060mdk.i586.rpm
ff24736bd204ad38a014215bd32a006a 2006.0/SRPMS/postgresql-8.0.9-0.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
5fc89eca9286a691155eb5e53519af42 2006.0/x86_64/lib64ecpg5-8.0.9-0.1.20060mdk.x86_64.rpm
00de88aa7317e47520524e433df4983d 2006.0/x86_64/lib64ecpg5-devel-8.0.9-0.1.20060mdk.x86_64.rpm
cf2533c6dd26873da1df50f310669acd 2006.0/x86_64/lib64pq4-8.0.9-0.1.20060mdk.x86_64.rpm
8ea480eb47f34581a647820f3a9b2a6c 2006.0/x86_64/lib64pq4-devel-8.0.9-0.1.20060mdk.x86_64.rpm
f021ef750b2705421014f90ade870d43 2006.0/x86_64/postgresql-8.0.9-0.1.20060mdk.x86_64.rpm
adbdd69d8ae11e1b068c58f25d8f64eb 2006.0/x86_64/postgresql-contrib-8.0.9-0.1.20060mdk.x86_64.rpm
e35b8a7ee77fd1a5a6a031016514b195 2006.0/x86_64/postgresql-devel-8.0.9-0.1.20060mdk.x86_64.rpm
314b05df0f065843135a4d4920fc2599 2006.0/x86_64/postgresql-docs-8.0.9-0.1.20060mdk.x86_64.rpm
5a6d3aaa058ea31eb1e05e54104d5350 2006.0/x86_64/postgresql-jdbc-8.0.9-0.1.20060mdk.x86_64.rpm
32fb058d2d478c505a1f3957dcb7c994 2006.0/x86_64/postgresql-pl-8.0.9-0.1.20060mdk.x86_64.rpm
f1a1d5a54e4ac529744eeca2de780066 2006.0/x86_64/postgresql-plperl-8.0.9-0.1.20060mdk.x86_64.rpm
76665f281a7696f710fc2dc9a8138374 2006.0/x86_64/postgresql-plpgsql-8.0.9-0.1.20060mdk.x86_64.rpm
ff50a1b54276a6d5d80689ef1d8069ff 2006.0/x86_64/postgresql-plpython-8.0.9-0.1.20060mdk.x86_64.rpm
19ea6350ab699a2224325b2de5ebd84b 2006.0/x86_64/postgresql-pltcl-8.0.9-0.1.20060mdk.x86_64.rpm
bdaf40227e8352392a33be14f546bf72 2006.0/x86_64/postgresql-server-8.0.9-0.1.20060mdk.x86_64.rpm
f3729161d74e40ec9755f4d6ed00719c 2006.0/x86_64/postgresql-test-8.0.9-0.1.20060mdk.x86_64.rpm
ff24736bd204ad38a014215bd32a006a 2006.0/SRPMS/postgresql-8.0.9-0.1.20060mdk.src.rpm

Mandriva Linux 2007.0:
ac56fa5052022abcd0e14020b358f405 2007.0/i586/libecpg5-8.1.5-1.1mdv2007.0.i586.rpm
3478d9db597de1ca4301f215dc0d723b 2007.0/i586/libecpg5-devel-8.1.5-1.1mdv2007.0.i586.rpm
8a3118cd7c30bd148f8c28eb67634ed4 2007.0/i586/libpq4-8.1.5-1.1mdv2007.0.i586.rpm
faf39e2ca0b08d3f3fecb653c29cb3ee 2007.0/i586/libpq4-devel-8.1.5-1.1mdv2007.0.i586.rpm
9455b83b95b34dcc4f63cae6bb09ba43 2007.0/i586/postgresql-8.1.5-1.1mdv2007.0.i586.rpm
73ad9b8f3b64f30606df8df0c9c50cae 2007.0/i586/postgresql-contrib-8.1.5-1.1mdv2007.0.i586.rpm
f413df37137b6442f8f0f98f90cdd0f2 2007.0/i586/postgresql-devel-8.1.5-1.1mdv2007.0.i586.rpm
1ea0dbdee49b367698c4a154328a9c2a 2007.0/i586/postgresql-docs-8.1.5-1.1mdv2007.0.i586.rpm
4c05a60ab179ccf2bf0d26b516976abf 2007.0/i586/postgresql-pl-8.1.5-1.1mdv2007.0.i586.rpm
25e2b5df178be8deb2f2f2bfeae29d48 2007.0/i586/postgresql-plperl-8.1.5-1.1mdv2007.0.i586.rpm
eee6444693f723372a287d62dc2ea0da 2007.0/i586/postgresql-plpgsql-8.1.5-1.1mdv2007.0.i586.rpm
08044754f6a3bb70aab008e0f91395f1 2007.0/i586/postgresql-plpython-8.1.5-1.1mdv2007.0.i586.rpm
a75b7c287e4946f3ff4c2b66be1f8931 2007.0/i586/postgresql-pltcl-8.1.5-1.1mdv2007.0.i586.rpm
46150f94055d88e114d6d7563a0a2af6 2007.0/i586/postgresql-server-8.1.5-1.1mdv2007.0.i586.rpm
c1c48e44ea40621c7b9166161bafbdbd 2007.0/i586/postgresql-test-8.1.5-1.1mdv2007.0.i586.rpm
2445c13c47075faa93f8a74c1dff9b15 2007.0/SRPMS/postgresql-8.1.5-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
c9f5a2bd635f3a8f71a642fdb0c61a70 2007.0/x86_64/lib64ecpg5-8.1.5-1.1mdv2007.0.x86_64.rpm
97356c96c606e93ea935929817e1bdf9 2007.0/x86_64/lib64ecpg5-devel-8.1.5-1.1mdv2007.0.x86_64.rpm
df65534147d923dfd8aed7cecd15d2b1 2007.0/x86_64/lib64pq4-8.1.5-1.1mdv2007.0.x86_64.rpm
88b41f69996829f9113afbc526630431 2007.0/x86_64/lib64pq4-devel-8.1.5-1.1mdv2007.0.x86_64.rpm
c721cb020ae8d47d3953a9b5d3942b58 2007.0/x86_64/postgresql-8.1.5-1.1mdv2007.0.x86_64.rpm
92a27c6b77e20e943781dcf117e36439 2007.0/x86_64/postgresql-contrib-8.1.5-1.1mdv2007.0.x86_64.rpm
67ba2ad1be4c65c711f443178a32364e 2007.0/x86_64/postgresql-devel-8.1.5-1.1mdv2007.0.x86_64.rpm
4ed8e29d73fffe92e7d90a8cd913ca18 2007.0/x86_64/postgresql-docs-8.1.5-1.1mdv2007.0.x86_64.rpm
932fb1d2b0592953fa9d6a931140d6a2 2007.0/x86_64/postgresql-pl-8.1.5-1.1mdv2007.0.x86_64.rpm
299452ce74af7d7a5913a292bf649ac2 2007.0/x86_64/postgresql-plperl-8.1.5-1.1mdv2007.0.x86_64.rpm
f0477ff759d4026051e68a927f7ee0d4 2007.0/x86_64/postgresql-plpgsql-8.1.5-1.1mdv2007.0.x86_64.rpm
0dd0e8a435d403ea8fffcc8f4d708070 2007.0/x86_64/postgresql-plpython-8.1.5-1.1mdv2007.0.x86_64.rpm
a42972ca797bebef9faa861fd32917fa 2007.0/x86_64/postgresql-pltcl-8.1.5-1.1mdv2007.0.x86_64.rpm
201faf962540b78f49fb1c6ad6657c57 2007.0/x86_64/postgresql-server-8.1.5-1.1mdv2007.0.x86_64.rpm
f307467b7567da24cd4e46fb8745e05f 2007.0/x86_64/postgresql-test-8.1.5-1.1mdv2007.0.x86_64.rpm
2445c13c47075faa93f8a74c1dff9b15 2007.0/SRPMS/postgresql-8.1.5-1.1mdv2007.0.src.rpm

Corporate 3.0:
ea5314d8ea3b3f18c0075aff95bc7200 corporate/3.0/i586/libecpg3-7.4.1-2.7.C30mdk.i586.rpm
23c6670398f27abf928992a9812fc578 corporate/3.0/i586/libecpg3-devel-7.4.1-2.7.C30mdk.i586.rpm
101e16a7faf1a6920d24af4ccc66e319 corporate/3.0/i586/libpgtcl2-7.4.1-2.7.C30mdk.i586.rpm
ca2d39a28d8c86fa1ff2e1f8ed510e89 corporate/3.0/i586/libpgtcl2-devel-7.4.1-2.7.C30mdk.i586.rpm
bc955518e6ad3315226fe5ab14ffc6d7 corporate/3.0/i586/libpq3-7.4.1-2.7.C30mdk.i586.rpm
f65ec0a99e111f76e7bb6e515648cd0a corporate/3.0/i586/libpq3-devel-7.4.1-2.7.C30mdk.i586.rpm
e47e849098af0d788b406a982391edbe corporate/3.0/i586/postgresql-7.4.1-2.7.C30mdk.i586.rpm
4435fecede0b88db775c2c9aee378158 corporate/3.0/i586/postgresql-contrib-7.4.1-2.7.C30mdk.i586.rpm
033ad03ff0dd8632d420f16993a7d7ec corporate/3.0/i586/postgresql-devel-7.4.1-2.7.C30mdk.i586.rpm
4b795893f10706b85f51502e403b4044 corporate/3.0/i586/postgresql-docs-7.4.1-2.7.C30mdk.i586.rpm
7e784bcba9573e52774256c8b3219c1e corporate/3.0/i586/postgresql-jdbc-7.4.1-2.7.C30mdk.i586.rpm
58d483706e95cd39a5df02a32a7b81d4 corporate/3.0/i586/postgresql-pl-7.4.1-2.7.C30mdk.i586.rpm
766327598604b042b2311489ce876a99 corporate/3.0/i586/postgresql-server-7.4.1-2.7.C30mdk.i586.rpm
81c7ca36c3e6dabc88c03cbe4134a7d2 corporate/3.0/i586/postgresql-tcl-7.4.1-2.7.C30mdk.i586.rpm
9fc697243ac48f3553de9b1ff6500965 corporate/3.0/i586/postgresql-test-7.4.1-2.7.C30mdk.i586.rpm
a43af6d9f276cc26e1c35aca23ef2bbc corporate/3.0/SRPMS/postgresql-7.4.1-2.7.C30mdk.src.rpm

Corporate 3.0/X86_64:
34954f43ad725af7530b6232bd5bd556 corporate/3.0/x86_64/lib64ecpg3-7.4.1-2.7.C30mdk.x86_64.rpm
761e273759dfab143dc126f48d511b45 corporate/3.0/x86_64/lib64ecpg3-devel-7.4.1-2.7.C30mdk.x86_64.rpm
517c15b8f4a1d54a4c950220c25dd23b corporate/3.0/x86_64/lib64pgtcl2-7.4.1-2.7.C30mdk.x86_64.rpm
a10677a6af9609fbf8f05526ce9caec6 corporate/3.0/x86_64/lib64pgtcl2-devel-7.4.1-2.7.C30mdk.x86_64.rpm
4a5b755a9dbbe425bef61e6269da112f corporate/3.0/x86_64/lib64pq3-7.4.1-2.7.C30mdk.x86_64.rpm
3a4c7d4ef3830c057adb3aa47655d21a corporate/3.0/x86_64/lib64pq3-devel-7.4.1-2.7.C30mdk.x86_64.rpm
e7fe9777ad5637ba96a1260c77a373e0 corporate/3.0/x86_64/postgresql-7.4.1-2.7.C30mdk.x86_64.rpm
4f492571534522371d1b6bc6dc27b02c corporate/3.0/x86_64/postgresql-contrib-7.4.1-2.7.C30mdk.x86_64.rpm
7ca9240f5038a2d90da56b31fc698824 corporate/3.0/x86_64/postgresql-devel-7.4.1-2.7.C30mdk.x86_64.rpm
7a92752be990700ef7ef1cde076c7bb0 corporate/3.0/x86_64/postgresql-docs-7.4.1-2.7.C30mdk.x86_64.rpm
3c660c199d346b565706be8cd1f94196 corporate/3.0/x86_64/postgresql-jdbc-7.4.1-2.7.C30mdk.x86_64.rpm
a742de9115bf59fcf57e97f6d4bde9a5 corporate/3.0/x86_64/postgresql-pl-7.4.1-2.7.C30mdk.x86_64.rpm
69599b34d2fa9ab8a35dc76acefbaebb corporate/3.0/x86_64/postgresql-server-7.4.1-2.7.C30mdk.x86_64.rpm
5d049cafa926f353f2d999af21511b5b corporate/3.0/x86_64/postgresql-tcl-7.4.1-2.7.C30mdk.x86_64.rpm
f495fdcccc678549b1984a20d6d29134 corporate/3.0/x86_64/postgresql-test-7.4.1-2.7.C30mdk.x86_64.rpm
a43af6d9f276cc26e1c35aca23ef2bbc corporate/3.0/SRPMS/postgresql-7.4.1-2.7.C30mdk.src.rpm

Corporate 4.0:
7377cc8a31eef5d5862075e95574c042 corporate/4.0/i586/libecpg5-8.1.5-0.1.20060mlcs4.i586.rpm
af17c7a5144cf9c234b785fe6cf341ee corporate/4.0/i586/libecpg5-devel-8.1.5-0.1.20060mlcs4.i586.rpm
6ccbc4dcd5546a264c4e7e8172f50ed9 corporate/4.0/i586/libpq4-8.1.5-0.1.20060mlcs4.i586.rpm
2a3d0e8816cce25df125b943c6862fbb corporate/4.0/i586/libpq4-devel-8.1.5-0.1.20060mlcs4.i586.rpm
a58c5c6ee6dc30d7be1193c73d5976c8 corporate/4.0/i586/postgresql-8.1.5-0.1.20060mlcs4.i586.rpm
d313f326da2c44bb6dd5db7aa9bba64a corporate/4.0/i586/postgresql-contrib-8.1.5-0.1.20060mlcs4.i586.rpm
7d902b81a6bbfaca675b09143553406c corporate/4.0/i586/postgresql-devel-8.1.5-0.1.20060mlcs4.i586.rpm
0c901f454fa377a319aafc3c5dec9675 corporate/4.0/i586/postgresql-docs-8.1.5-0.1.20060mlcs4.i586.rpm
2e593d9d3fa83c175eac3f12ad9e45a1 corporate/4.0/i586/postgresql-pl-8.1.5-0.1.20060mlcs4.i586.rpm
47d521dbd90198753aab1a70a11081ea corporate/4.0/i586/postgresql-plperl-8.1.5-0.1.20060mlcs4.i586.rpm
cfdf1d454446d5638e2bb0ab1c66522b corporate/4.0/i586/postgresql-plpgsql-8.1.5-0.1.20060mlcs4.i586.rpm
9c9d461b05bb5843668f950592805d59 corporate/4.0/i586/postgresql-plpython-8.1.5-0.1.20060mlcs4.i586.rpm
a3e7bffc4a5538ff1177a9cbf1a5ca6b corporate/4.0/i586/postgresql-pltcl-8.1.5-0.1.20060mlcs4.i586.rpm
f7e14aa31b44838a3fdec11ea353f2de corporate/4.0/i586/postgresql-server-8.1.5-0.1.20060mlcs4.i586.rpm
8a38fe370cc5003e3556d83b39ff8dc1 corporate/4.0/i586/postgresql-test-8.1.5-0.1.20060mlcs4.i586.rpm
ff0ac92c00839335e1514eb0c3ed52e4 corporate/4.0/SRPMS/postgresql-8.1.5-0.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
7f2c7a45cfda3307178149237df2f6bd corporate/4.0/x86_64/lib64ecpg5-8.1.5-0.1.20060mlcs4.x86_64.rpm
eda7da21931ef9d9b234e1b570bbe61c corporate/4.0/x86_64/lib64ecpg5-devel-8.1.5-0.1.20060mlcs4.x86_64.rpm
ab765fe8f17e0fe3f13039755305d852 corporate/4.0/x86_64/lib64pq4-8.1.5-0.1.20060mlcs4.x86_64.rpm
0e78d974ee02cd74123508c7f85a6e08 corporate/4.0/x86_64/lib64pq4-devel-8.1.5-0.1.20060mlcs4.x86_64.rpm
d779d763187c574e4eaaeb2e1e4137e2 corporate/4.0/x86_64/postgresql-8.1.5-0.1.20060mlcs4.x86_64.rpm
8ffb912e00dbde3a9554e18367b9aad4 corporate/4.0/x86_64/postgresql-contrib-8.1.5-0.1.20060mlcs4.x86_64.rpm
1510c836a5d1975322d2f57f6827f8ae corporate/4.0/x86_64/postgresql-devel-8.1.5-0.1.20060mlcs4.x86_64.rpm
21fed3a03cff7118fd02a207e5a639a2 corporate/4.0/x86_64/postgresql-docs-8.1.5-0.1.20060mlcs4.x86_64.rpm
cf226c1042bc4dab1a53e81b2452ff0e corporate/4.0/x86_64/postgresql-pl-8.1.5-0.1.20060mlcs4.x86_64.rpm
a027caad15e8b0e4a41743774e686737 corporate/4.0/x86_64/postgresql-plperl-8.1.5-0.1.20060mlcs4.x86_64.rpm
b34462b8c3a671e602758f5ccdff1e02 corporate/4.0/x86_64/postgresql-plpgsql-8.1.5-0.1.20060mlcs4.x86_64.rpm
010df242aead3b2a30d1892508f3060f corporate/4.0/x86_64/postgresql-plpython-8.1.5-0.1.20060mlcs4.x86_64.rpm
f3f7ccfec77ba15d04a11b9bfa7662ae corporate/4.0/x86_64/postgresql-pltcl-8.1.5-0.1.20060mlcs4.x86_64.rpm
15602549144e5445384aec5ae8378083 corporate/4.0/x86_64/postgresql-server-8.1.5-0.1.20060mlcs4.x86_64.rpm
0937f8b274f06f7485671ab6fe29e914 corporate/4.0/x86_64/postgresql-test-8.1.5-0.1.20060mlcs4.x86_64.rpm
ff0ac92c00839335e1514eb0c3ed52e4 corporate/4.0/SRPMS/postgresql-8.1.5-0.1.20060mlcs4.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu/ 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>