dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Advisories, November 15, 2006

Nov 16, 2006, 04:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 1211-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
November 14th, 2006 http://www.debian.org/security/faq


Package : pdns
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-4251

It was discovered that malformed TCP packets may lead to denial of service and possibly the execution of arbitrary code if the PowerDNS nameserver acts as a recursive nameserver.

For the stable distribution (sarge) this problem has been fixed in version 2.9.17-13sarge3.

For the upcoming stable distribution (etch) this problem has been fixed in version 3.1.4-1 of pdns-recursor.

For the unstable distribution (sid) this problem has been fixed in version 3.1.4-1 of pdns-recursor.

We recommend that you upgrade your PowerDNS packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge3.dsc
      Size/MD5 checksum: 1018 bbfb6bdc6ba7d812941111bf6122c69f
    http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge3.diff.gz
      Size/MD5 checksum: 29487 980f5e34c2ebb3dc69f89c990c87715e
    http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17.orig.tar.gz
      Size/MD5 checksum: 782592 92489391182dc40012f1de7b2005ea93

Architecture independent components:

    http://security.debian.org/pool/updates/main/p/pdns/pdns-doc_2.9.17-13sarge3_all.deb
      Size/MD5 checksum: 134372 f50bddc731ddae8325a24f454e74ca68

AMD64 architecture:

    http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge3_amd64.deb
      Size/MD5 checksum: 16174 5fadd49d609082ada9589cf661a7a64e
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge3_amd64.deb
      Size/MD5 checksum: 106776 9152a774209958530f944315f33fa037
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge3_amd64.deb
      Size/MD5 checksum: 188090 312583c91d53241bc44eb0581fcbb318
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge3_amd64.deb
      Size/MD5 checksum: 89032 ba4afd45fbb34ba6568d54ef9b2b651f
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge3_amd64.deb
      Size/MD5 checksum: 57280 ec1c509ae13da4418dcaa7d3153d0f56
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge3_amd64.deb
      Size/MD5 checksum: 66226 46e2d2644d3756338944d16750f85d79
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge3_amd64.deb
      Size/MD5 checksum: 52914 bf4144931bc5ff67132fc05d0478f9b9
    http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge3_amd64.deb
      Size/MD5 checksum: 162778 3205f85892f2f9b2c2e9cc8656c1bb1a
    http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge3_amd64.deb
      Size/MD5 checksum: 566252 05fa25313e85f06968062e6c342d6d56

ARM architecture:

    http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge3_arm.deb
      Size/MD5 checksum: 16186 7f7883c147d8614689c8784c3179f58a
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge3_arm.deb
      Size/MD5 checksum: 153548 ae374daa2f304d51505e01ce24505fc9
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge3_arm.deb
      Size/MD5 checksum: 318132 2315482459f72086d56dc7af5c64bf53
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge3_arm.deb
      Size/MD5 checksum: 148248 7106275118831832261ff63db11a375d
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge3_arm.deb
      Size/MD5 checksum: 95406 a9a0957324fecc307daa6a09eb4a2c2c
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge3_arm.deb
      Size/MD5 checksum: 104136 15fca14010a66d0649fb035e44148e88
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge3_arm.deb
      Size/MD5 checksum: 85550 5eb56e7a4e618aa618075244ffac2d86
    http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge3_arm.deb
      Size/MD5 checksum: 272048 97c1458bc1600910f9e89f823f3582b4
    http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge3_arm.deb
      Size/MD5 checksum: 982434 df5275f39660a707a3169cbed1986188

HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge3_hppa.deb
      Size/MD5 checksum: 16178 d4abf2b2028d8878d413e7c132bbc197
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge3_hppa.deb
      Size/MD5 checksum: 130898 c5b4c4447f722b9aca866c19a9033357
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge3_hppa.deb
      Size/MD5 checksum: 246882 161afa8568254de4581a2e13774def6a
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge3_hppa.deb
      Size/MD5 checksum: 114266 cb23370d33b18fef63536e0bbbf06e66
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge3_hppa.deb
      Size/MD5 checksum: 72546 55ea74681af341d8a7352a3121aba7c6
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge3_hppa.deb
      Size/MD5 checksum: 83798 3367725ed1596d1732a2142f9b7b4522
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge3_hppa.deb
      Size/MD5 checksum: 66746 da7c1ff09f2e9538ce56f71edd755c68
    http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge3_hppa.deb
      Size/MD5 checksum: 220004 5a6d479e03229491d51a1831ca61386f
    http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge3_hppa.deb
      Size/MD5 checksum: 727174 d5ab4f0ef4027b54d5d2fc2830028424

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge3_i386.deb
      Size/MD5 checksum: 16184 aa7f94f851d0721cc0b5aaf89f9f7efe
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge3_i386.deb
      Size/MD5 checksum: 105802 684151e9a47d1e417b21192dcba49eb9
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge3_i386.deb
      Size/MD5 checksum: 190030 9c44e214510304867cba5504b954e51b
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge3_i386.deb
      Size/MD5 checksum: 85366 b1009512668a727b0743a4032c5d6dc0
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge3_i386.deb
      Size/MD5 checksum: 55806 6028a90a62a381805771122b4a024ba4
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge3_i386.deb
      Size/MD5 checksum: 64436 e1a37aaaba2e6a386d8f7a4ed3ad09ff
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge3_i386.deb
      Size/MD5 checksum: 51360 517cfc2c56ad0aea60a58007ce278c67
    http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge3_i386.deb
      Size/MD5 checksum: 165632 be7ef193fbe1bb3cf29910ab13a45346
    http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge3_i386.deb
      Size/MD5 checksum: 572642 53ff20bf735519312926f6e2264af419

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge3_ia64.deb
      Size/MD5 checksum: 16176 84586e1be52db20263f37d6b0260529b
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge3_ia64.deb
      Size/MD5 checksum: 135730 8b1b28510711541b9d53e198d539a032
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge3_ia64.deb
      Size/MD5 checksum: 262690 620f0b73aaac4c673dbe77ab7b6213c6
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge3_ia64.deb
      Size/MD5 checksum: 112522 f72131d74251cc59f1e0a7150006df78
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge3_ia64.deb
      Size/MD5 checksum: 68592 49759f3dc06899c36896813ca1a3547e
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge3_ia64.deb
      Size/MD5 checksum: 83628 a011dae776f446aa74d5cfb02dbe58b9
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge3_ia64.deb
      Size/MD5 checksum: 63756 c4999bab977475f2787f2b7e71be39e3
    http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge3_ia64.deb
      Size/MD5 checksum: 229270 54b542d70d32a8169501c0adc22471a6
    http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge3_ia64.deb
      Size/MD5 checksum: 815048 3eacf1324cbbee8e12e8c29cb371653f

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge3_mips.deb
      Size/MD5 checksum: 16174 6eaa442fbede5a55987d3d17982e0a22
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge3_mips.deb
      Size/MD5 checksum: 109640 319cb1c75d5bf2803df6ee4b0802cc00
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge3_mips.deb
      Size/MD5 checksum: 200510 cde4b40fc5b402cb134adeade9f6a5ec
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge3_mips.deb
      Size/MD5 checksum: 90586 b702e8b396d064726976c939363a7bbc
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge3_mips.deb
      Size/MD5 checksum: 58894 72d12cd6e339b004612c4506e65d80db
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge3_mips.deb
      Size/MD5 checksum: 67836 bd754444bc1bedb4290d086dd3b97e38
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge3_mips.deb
      Size/MD5 checksum: 54774 4c2d18730a2d1f3ef2755b36f0041bf2
    http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge3_mips.deb
      Size/MD5 checksum: 183108 d4fe878bf7e39c49f11e9ae7bd0cb285
    http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge3_mips.deb
      Size/MD5 checksum: 591536 6f07684b76c184298a16196aed98ed96

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge3_mipsel.deb
      Size/MD5 checksum: 16182 bf76e107938a4a9670caf16bb3608301
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge3_mipsel.deb
      Size/MD5 checksum: 109400 2ed327da4606344fb7a480a4f03542a7
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge3_mipsel.deb
      Size/MD5 checksum: 200248 f56419447b55d3fbe6429e093074d47b
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge3_mipsel.deb
      Size/MD5 checksum: 90394 2e63b24243b22532dd907061ef7d94ab
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge3_mipsel.deb
      Size/MD5 checksum: 58872 6d4315c21c314e24aca597512df109b1
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge3_mipsel.deb
      Size/MD5 checksum: 67818 89c9b2fc9737146e0abca3cbfcd400f6
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge3_mipsel.deb
      Size/MD5 checksum: 54752 02e15c479702b1e50c70f2b2f385c480
    http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge3_mipsel.deb
      Size/MD5 checksum: 182620 75cbc8a157eb4105bb40d369dc760468
    http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge3_mipsel.deb
      Size/MD5 checksum: 590918 ca22699181c6824daaed2d095a722a19

PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge3_powerpc.deb
      Size/MD5 checksum: 16178 903a168bbe0e7a5e9d0e4feea9382ff7
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge3_powerpc.deb
      Size/MD5 checksum: 109538 6556a3d9673470b2f829bd86b57f319c
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge3_powerpc.deb
      Size/MD5 checksum: 195982 9471f51d5b2dd4cc7d39ab809f333240
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge3_powerpc.deb
      Size/MD5 checksum: 90790 3e19144a64c7cff646687586ba71b009
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge3_powerpc.deb
      Size/MD5 checksum: 60086 2f3af2b6408a4a5808ea3185e4d27a10
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge3_powerpc.deb
      Size/MD5 checksum: 67710 4751279b9ef4482a688cd913a7986e7d
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge3_powerpc.deb
      Size/MD5 checksum: 55132 8e3110487484b2313b249bdbcb67fc1b
    http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge3_powerpc.deb
      Size/MD5 checksum: 172548 9d720daa4c896cc7452d7507833e3530
    http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge3_powerpc.deb
      Size/MD5 checksum: 592530 64d44a88dce5a92dbb0a38ed67144b70

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge3_s390.deb
      Size/MD5 checksum: 16182 00ac904d37965f8a6649075dc31f6f99
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge3_s390.deb
      Size/MD5 checksum: 104428 46cc2ff75206e2cd28a0cbd811d24f2c
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge3_s390.deb
      Size/MD5 checksum: 176864 12a00d5b075af548336ccfe2b21b87f8
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge3_s390.deb
      Size/MD5 checksum: 82090 d66c90fa26cc98c0aa9790b9f5913359
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge3_s390.deb
      Size/MD5 checksum: 53816 4fa1e6f49aa9a80f2ce3678c03a05018
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge3_s390.deb
      Size/MD5 checksum: 63220 b428071b5c53a7d978ddbdd89649043d
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge3_s390.deb
      Size/MD5 checksum: 49556 2fec59ecc9fcf7471e623be2c68cd02f
    http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge3_s390.deb
      Size/MD5 checksum: 152532 1973cbd0d57aea09af20f59a0ca29524
    http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge3_s390.deb
      Size/MD5 checksum: 518362 aa0e9ad175a65736efcba6357ac6563d

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA-1212-1 security@debian.org
http://www.debian.org/security/ Noah Meyerhans
November 15, 2006


Package : openssh (1:3.8.1p1-8.sarge.6)
Vulnerability : Denial of service
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2006-4924 CVE-2006-5051
BugTraq ID : 20216 20241
Debian Bug : 392428

Two denial of service vulnerabilities have been found in the OpenSSH server.

CVE-2006-4924

The sshd support for ssh protcol version 1 does not properly handle duplicate incoming blocks. This could allow a remote attacker to cause sshd to consume significant CPU resources leading to a denial of service.

CVE-2006-5051

A signal handler race condition could potentially allow a remote attacker to crash sshd and could theoretically lead to the ability to execute arbitrary code.

For the stable distribution (sarge), these problems have been fixed in version 1:3.8.1p1-8.sarge.6

For the unstable and testing distributions, these problems have been fixed in version 1:4.3p2-4

We recommend that you upgrade your openssh package.

Upgrade instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian 3.1 (stable)


Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

    http://security.debian.org/pool/updates/main/o/openssh/openssh_3.8.1p1-8.sarge.6.dsc
      Size/MD5 checksum: 842 b58f3585c4ce713f58096cc8f86e4550
    http://security.debian.org/pool/updates/main/o/openssh/openssh_3.8.1p1.orig.tar.gz
      Size/MD5 checksum: 795948 9ce6f2fa5b2931ce2c4c25f3af9ad50d
    http://security.debian.org/pool/updates/main/o/openssh/openssh_3.8.1p1-8.sarge.6.diff.gz
      Size/MD5 checksum: 157942 413fea91d9074513db60e466ca053f0d

alpha architecture (DEC Alpha)

    http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_alpha.udeb
      Size/MD5 checksum: 216100 0595066001c0004f181b58e781153ae2
    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_alpha.deb
      Size/MD5 checksum: 52112 dcca41fba77489a57bf5a7e9c9069e90
    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_alpha.deb
      Size/MD5 checksum: 886462 71f73c733794ea68f8c8c6e05ca2e8d3
    http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_alpha.udeb
      Size/MD5 checksum: 195114 32b3d7e2b11a5ae016ea19d44380f0d1

amd64 architecture (AMD x86_64 (AMD64))

    http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_amd64.udeb
      Size/MD5 checksum: 159608 2d8c050003def7b7a2c8832333f90cf0
    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_amd64.deb
      Size/MD5 checksum: 51688 ca60feebdef5f772ab0d42b6fd2c61f0
    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_amd64.deb
      Size/MD5 checksum: 748382 59cebd0c9413b12894b88f9688216847
    http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_amd64.udeb
      Size/MD5 checksum: 176252 d886a611e7b150786b6e3ccdac303018

arm architecture (ARM)

    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_arm.deb
      Size/MD5 checksum: 673038 a58f22f69602835be4ebe87493d6f006
    http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_arm.udeb
      Size/MD5 checksum: 153938 5c668e80ea8429d686f9f9999b1e450d
    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_arm.deb
      Size/MD5 checksum: 51028 3fc55eba3c4ec515fb70220b5f64a8d3
    http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_arm.udeb
      Size/MD5 checksum: 144324 f8ca3e9ae3592445e1b18cc84f111f30

hppa architecture (HP PA RISC)

    http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_hppa.udeb
      Size/MD5 checksum: 166640 ef7a980dfd7fbb3319d7be72a34783cd
    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_hppa.deb
      Size/MD5 checksum: 51764 5e5dfa87acf51e46224f54b3caf39814
    http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_hppa.udeb
      Size/MD5 checksum: 176152 480fd653a01de9ec47801b20e28c180a
    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_hppa.deb
      Size/MD5 checksum: 759876 aaced6680806080745d7e7b1b7e16105

i386 architecture (Intel ia32)

    http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_i386.udeb
      Size/MD5 checksum: 133076 3e8728a64af00a02dd940350512eb5d9
    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_i386.deb
      Size/MD5 checksum: 688728 15e34bcd846e85fac769f3ac3c90e14b
    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_i386.deb
      Size/MD5 checksum: 51336 b0c953a6b2a8d04fd3a384bd987be243
    http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_i386.udeb
      Size/MD5 checksum: 146126 d0c4ab7aa9735fa5bd6b5e088cd38fe0

ia64 architecture (Intel ia64)

    http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_ia64.udeb
      Size/MD5 checksum: 245060 943b8ef2aa2efebadb1382a17ec73385
    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_ia64.deb
      Size/MD5 checksum: 52794 d5152cba549f21aea88e1e4f7e1156f9
    http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_ia64.udeb
      Size/MD5 checksum: 223128 c1343bc83aa62b8d4d0669990c890e9a
    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_ia64.deb
      Size/MD5 checksum: 978348 4df605171fec285cf0d63121dcbdc226

m68k architecture (Motorola Mc680x0)

    http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_m68k.udeb
      Size/MD5 checksum: 140424 703a06479b9b06d08fdccb08c3c5a0c6
    http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_m68k.udeb
      Size/MD5 checksum: 126882 d4a4960f8a81e0325e7e51d9de30ccb2
    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_m68k.deb
      Size/MD5 checksum: 634538 db5bd8d18c409fdd0d32645229cf2b9c
    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_m68k.deb
      Size/MD5 checksum: 51254 8b350a4b23bfb3791cba5b48fe5ecd5d

mips architecture (MIPS (Big Endian))

    http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_mips.udeb
      Size/MD5 checksum: 180468 e5e51b59cb930e454c30464e386354a4
    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_mips.deb
      Size/MD5 checksum: 51652 dc40a74947d6e20dc1069818b0b509e6
    http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_mips.udeb
      Size/MD5 checksum: 168434 5c60cab56f8114141c2b66ff11fdb27b
    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_mips.deb
      Size/MD5 checksum: 771620 bbfea051bebdda48d80e2e85e54e59fa

mipsel architecture (MIPS (Little Endian))

    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_mipsel.deb
      Size/MD5 checksum: 51598 f1d94e4df1c066c47b1e8b0da68d1af1
    http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_mipsel.udeb
      Size/MD5 checksum: 168904 2812bd93c1a73475a2f5da2360c6ae84
    http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_mipsel.udeb
      Size/MD5 checksum: 180466 34e765b1bb88443887ab351ca1aed6b5
    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_mipsel.deb
      Size/MD5 checksum: 773824 b999638c312e9d05bd70550afc44e215

powerpc architecture (PowerPC)

    http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_powerpc.udeb
      Size/MD5 checksum: 160160 079367a6f51d6b971bb89569098401e3
    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_powerpc.deb
      Size/MD5 checksum: 52792 232893927edddfe9e90dddf37e746c12
    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_powerpc.deb
      Size/MD5 checksum: 738392 1b3480543efd3f9314f7a00279b8b995
    http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_powerpc.udeb
      Size/MD5 checksum: 151108 6852aaf3e53763b502d7217ad50d44b3

s390 architecture (IBM S/390)

    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_s390.deb
      Size/MD5 checksum: 51848 477de6fc5a16e8e9c8a6ee37900a0662
    http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_s390.udeb
      Size/MD5 checksum: 163144 ea1c37908db44852a6a8a3c6e9b46d5e
    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_s390.deb
      Size/MD5 checksum: 751564 bce6de0298a3e0e644e7732c1e38b92e
    http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_s390.udeb
      Size/MD5 checksum: 174552 31116868d2522f627ad4e03e7a5f83ea

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_sparc.deb
      Size/MD5 checksum: 678210 eb8315ac61f84552e5d0960974d8b6b8
    http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_sparc.udeb
      Size/MD5 checksum: 153190 60ad4beeaa93a360212614fee9059e44
    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_sparc.deb
      Size/MD5 checksum: 51102 b7e318e55dd39c2c5a7b47cdea057005
    http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_sparc.udeb
      Size/MD5 checksum: 142084 b84f6dd4d0209df91c1f436e80526aea

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Mandriva Linux


Mandriva Linux Security Advisory MDKSA-2006:207
http://www.mandriva.com/security/


Package : bind
Date : November 14, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0


Problem Description:

The BIND DNS server is vulnerable to the recently-discovered OpenSSL RSA signature verification problem (CVE-2006-4339). BIND uses RSA cryptography as part of its DNSSEC implementation. As a result, to resolve the security issue, these packages need to be upgraded and for both KEY and DNSKEY record types, new RSASHA1 and RSAMD5 keys need to be generated using the "-e" option of dnssec-keygen, if the current keys were generated using the default exponent of 3.

You are able to determine if your keys are vulnerable by looking at the algorithm (1 or 5) and the first three characters of the Base64 encoded RSA key. RSAMD5 (1) and RSASHA1 (5) keys that start with "AQM", "AQN", "AQO", or "AQP" are vulnerable.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
http://marc.theaimsgroup.com/?l=bind-announce&m=116253119512445


Updated Packages:

Mandriva Linux 2006.0:
1035f92172986ed63ca035de0603a0fd 2006.0/i586/bind-9.3.1-4.2.20060mdk.i586.rpm
4f5949d85f13c68220f4f5f030f63849 2006.0/i586/bind-devel-9.3.1-4.2.20060mdk.i586.rpm
f201e05548b673268038e95225451085 2006.0/i586/bind-utils-9.3.1-4.2.20060mdk.i586.rpm
4f57cbdc960171c439223f5c20952460 2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
83b6c31bef9e4df229e2fe5cf8c3aa2a 2006.0/x86_64/bind-9.3.1-4.2.20060mdk.x86_64.rpm
fb03e9a493645041816c206267a052f4 2006.0/x86_64/bind-devel-9.3.1-4.2.20060mdk.x86_64.rpm
f54babadfba3ec593563724208df1eaa 2006.0/x86_64/bind-utils-9.3.1-4.2.20060mdk.x86_64.rpm
4f57cbdc960171c439223f5c20952460 2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm

Mandriva Linux 2007.0:
6c282a7b5c3cfec534e2557926005bbf 2007.0/i586/bind-9.3.2-8.1mdv2007.0.i586.rpm
03390448f140777d62cdd76e50361526 2007.0/i586/bind-devel-9.3.2-8.1mdv2007.0.i586.rpm
7546dc98ff5e8061636a3a75d6b318fb 2007.0/i586/bind-utils-9.3.2-8.1mdv2007.0.i586.rpm
8be8a7d591971e760d1251bd75f97a6c 2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
c190d522505a16aa97891f525e0034a4 2007.0/x86_64/bind-9.3.2-8.1mdv2007.0.x86_64.rpm
594cacdac86db81b0c62a7380c6a3a2d 2007.0/x86_64/bind-devel-9.3.2-8.1mdv2007.0.x86_64.rpm
e827e65717615868896e43bcb4856f2d 2007.0/x86_64/bind-utils-9.3.2-8.1mdv2007.0.x86_64.rpm
8be8a7d591971e760d1251bd75f97a6c 2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm

Corporate 3.0:
fa096b2fac1840797e382ba61728d47e corporate/3.0/i586/bind-9.2.3-6.2.C30mdk.i586.rpm
0f1e56f1f3a2689443c04b52d8ce5545 corporate/3.0/i586/bind-devel-9.2.3-6.2.C30mdk.i586.rpm
99bf1f4127e97b8941b597aa5e19aa0a corporate/3.0/i586/bind-utils-9.2.3-6.2.C30mdk.i586.rpm
2b49bd9c7edf8bd81b297260b54de32d corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
e74bea44aee406d11c87227584790c26 corporate/3.0/x86_64/bind-9.2.3-6.2.C30mdk.x86_64.rpm
b108edf227b55f3af3ab55b48c23a62a corporate/3.0/x86_64/bind-devel-9.2.3-6.2.C30mdk.x86_64.rpm
ba548cbba992f479ad40ecf0808f36cb corporate/3.0/x86_64/bind-utils-9.2.3-6.2.C30mdk.x86_64.rpm
2b49bd9c7edf8bd81b297260b54de32d corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm

Corporate 4.0:
8bfc97510d4f07568d64c9b9872b4bba corporate/4.0/i586/bind-9.3.2-7.1.20060mlcs4.i586.rpm
dda709703f8bf05f1ff59ae6132a81a7 corporate/4.0/i586/bind-devel-9.3.2-7.1.20060mlcs4.i586.rpm
daf59d23abaaaf62c990d2fa1155688c corporate/4.0/i586/bind-utils-9.3.2-7.1.20060mlcs4.i586.rpm
ccfd1d4d79b168ab5f7998e51c305a26 corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
3d1bbe1e7d4f2de6e546996e181a16b0 corporate/4.0/x86_64/bind-9.3.2-7.1.20060mlcs4.x86_64.rpm
c1b8467d62623ef5daf35a696ab2389e corporate/4.0/x86_64/bind-devel-9.3.2-7.1.20060mlcs4.x86_64.rpm
83cf57110f107c450aaac5931ee52ecb corporate/4.0/x86_64/bind-utils-9.3.2-7.1.20060mlcs4.x86_64.rpm
ccfd1d4d79b168ab5f7998e51c305a26 corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
abd228e7f0b762ae8c11c8ecd90200c2 mnf/2.0/i586/bind-9.2.3-6.2.M20mdk.i586.rpm
dd7b0785e31880a09d10957695c0552d mnf/2.0/i586/bind-devel-9.2.3-6.2.M20mdk.i586.rpm
0a2052e5f263b8b8d94111a581928c57 mnf/2.0/i586/bind-utils-9.2.3-6.2.M20mdk.i586.rpm
eff2c78779b4285783ffea14e6e33c31 mnf/2.0/SRPMS/bind-9.2.3-6.2.M20mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Advisory MDKSA-2006:208
http://www.mandriva.com/security/


Package : openldap
Date : November 14, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0


Problem Description:

An unspecified vulnerability in OpenLDAP allows remote attackers to cause a denial of service (daemon crash) via a certain combination of SASL Bind requests that triggers an assertion failure in libldap.

Packages have been patched to correct this issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5779


Updated Packages:

Mandriva Linux 2006.0:
b72665688e5e1ff9b6fe0e681af6cb05 2006.0/i586/libldap2.3_0-2.3.6-4.3.20060mdk.i586.rpm
84a2dc039815bb6d67683d4e63ca0621 2006.0/i586/libldap2.3_0-devel-2.3.6-4.3.20060mdk.i586.rpm
1fbf4c412d038ed9b8f858e33a35ead5 2006.0/i586/libldap2.3_0-static-devel-2.3.6-4.3.20060mdk.i586.rpm
7bcd4adfab46638fb4dad1e348bc59bf 2006.0/i586/openldap-2.3.6-4.3.20060mdk.i586.rpm
639fa71315c66e551ac238c9f3de2bd4 2006.0/i586/openldap-clients-2.3.6-4.3.20060mdk.i586.rpm
852dd34144c00b4133ec682ec51bc9e6 2006.0/i586/openldap-doc-2.3.6-4.3.20060mdk.i586.rpm
6dfb754e096a7b5938abdc2e9075f1db 2006.0/i586/openldap-servers-2.3.6-4.3.20060mdk.i586.rpm
33c1cbabec53f8a4ae97814ee00ede84 2006.0/SRPMS/openldap-2.3.6-4.3.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
6d18e8fcd352be094574246da2a79c42 2006.0/x86_64/lib64ldap2.3_0-2.3.6-4.3.20060mdk.x86_64.rpm
b27b5f57402c4a3f962804f1b704f1a2 2006.0/x86_64/lib64ldap2.3_0-devel-2.3.6-4.3.20060mdk.x86_64.rpm
c637b0949ac7724b60bac03f00844ecd 2006.0/x86_64/lib64ldap2.3_0-static-devel-2.3.6-4.3.20060mdk.x86_64.rpm
e04a970029040bc722942d6a04db4710 2006.0/x86_64/openldap-2.3.6-4.3.20060mdk.x86_64.rpm
246c24e419b857592a719e6d02f4d1d9 2006.0/x86_64/openldap-clients-2.3.6-4.3.20060mdk.x86_64.rpm
97c6bfac30389a0b3a64c7d7783a3e9a 2006.0/x86_64/openldap-doc-2.3.6-4.3.20060mdk.x86_64.rpm
31dcb6111bcb5204d47f86bf210daa27 2006.0/x86_64/openldap-servers-2.3.6-4.3.20060mdk.x86_64.rpm
33c1cbabec53f8a4ae97814ee00ede84 2006.0/SRPMS/openldap-2.3.6-4.3.20060mdk.src.rpm

Mandriva Linux 2007.0:
39b1958af245ecfcecf20c97ad4bc166 2007.0/i586/libldap2.3_0-2.3.27-1.1mdv2007.0.i586.rpm
c40f187a17e9cc9343072d2cb85c907c 2007.0/i586/libldap2.3_0-devel-2.3.27-1.1mdv2007.0.i586.rpm
26791df1fecb524951de012a18cd0bee 2007.0/i586/libldap2.3_0-static-devel-2.3.27-1.1mdv2007.0.i586.rpm
89b2d92928afb2c7ecfaa0e1cb19c2fc 2007.0/i586/openldap-2.3.27-1.1mdv2007.0.i586.rpm
110928ada569de751e90b6458f15d70c 2007.0/i586/openldap-clients-2.3.27-1.1mdv2007.0.i586.rpm
02ab9fa4f2df8939006274859bad973e 2007.0/i586/openldap-doc-2.3.27-1.1mdv2007.0.i586.rpm
f1c1cdd706a0d588169f43fdf0364798 2007.0/i586/openldap-servers-2.3.27-1.1mdv2007.0.i586.rpm
f5dca5dfc0b0b9dc943eb91329d5edd4 2007.0/SRPMS/openldap-2.3.27-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
842e1009b0f1df726c6782ccc44a9f8e 2007.0/x86_64/lib64ldap2.3_0-2.3.27-1.1mdv2007.0.x86_64.rpm
14a0154ec9c9c14cff5f1071792188fa 2007.0/x86_64/lib64ldap2.3_0-devel-2.3.27-1.1mdv2007.0.x86_64.rpm
08be2ac440ca59f1d572f15479c2813a 2007.0/x86_64/lib64ldap2.3_0-static-devel-2.3.27-1.1mdv2007.0.x86_64.rpm
15d356bbf748f5ac65068e51aeed23f6 2007.0/x86_64/openldap-2.3.27-1.1mdv2007.0.x86_64.rpm
d90efede17b72263125047dedfcf8ede 2007.0/x86_64/openldap-clients-2.3.27-1.1mdv2007.0.x86_64.rpm
ab5d0a91199c1e3f72bccbec7de94d9c 2007.0/x86_64/openldap-doc-2.3.27-1.1mdv2007.0.x86_64.rpm
959d798ef393b2ce85aff8311390f41c 2007.0/x86_64/openldap-servers-2.3.27-1.1mdv2007.0.x86_64.rpm
f5dca5dfc0b0b9dc943eb91329d5edd4 2007.0/SRPMS/openldap-2.3.27-1.1mdv2007.0.src.rpm

Corporate 3.0:
f3499debd45315f02d33eda18e5c86b7 corporate/3.0/i586/libldap2-2.1.25-7.3.C30mdk.i586.rpm
68ca2a014ada5bbd31214cf028b37463 corporate/3.0/i586/libldap2-devel-2.1.25-7.3.C30mdk.i586.rpm
aa5847991ac3354a5ea0a1bad87b0a67 corporate/3.0/i586/libldap2-devel-static-2.1.25-7.3.C30mdk.i586.rpm
628a3eaff7a146fb0bb1d8d90ecb42e0 corporate/3.0/i586/openldap-2.1.25-7.3.C30mdk.i586.rpm
957f7be83dbf78efd6a2d268d9141ff6 corporate/3.0/i586/openldap-back_dnssrv-2.1.25-7.3.C30mdk.i586.rpm
4ce6284c6afd75d84ea37606ae1d6e93 corporate/3.0/i586/openldap-back_ldap-2.1.25-7.3.C30mdk.i586.rpm
270c11c28dfc20c64e1533d2898d36cf corporate/3.0/i586/openldap-back_passwd-2.1.25-7.3.C30mdk.i586.rpm
5d7d58339e9201248fc010575cb31869 corporate/3.0/i586/openldap-back_sql-2.1.25-7.3.C30mdk.i586.rpm
a9abf93db02be8a440e1552f68de461f corporate/3.0/i586/openldap-clients-2.1.25-7.3.C30mdk.i586.rpm
276f933bf4b2b4ec2154c1711e390528 corporate/3.0/i586/openldap-doc-2.1.25-7.3.C30mdk.i586.rpm
e5413f3739f4f0b05d5613fcfe4ed440 corporate/3.0/i586/openldap-migration-2.1.25-7.3.C30mdk.i586.rpm
b853003aec279c201f340c2a4e522b6d corporate/3.0/i586/openldap-servers-2.1.25-7.3.C30mdk.i586.rpm
184104c031fff375d12005fac7d6352e corpor