dcsimg
Linux Today: Linux News On Internet Time.





More on LinuxToday


Advisories, January 7, 2006

Jan 08, 2007, 04:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 1245-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
January 7th, 2006 http://www.debian.org/security/faq


Package : proftpd
Vulnerability : programming error
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2005-4816
Debian Bug : 404751

Martin Loewer discovered that the proftpd FTP daemon is vulnerable to denial of service if the addon module for Radius authentication is enabled.

For the stable distribution (sarge) this problem has been fixed in version 1.2.10-15sarge4.

For the upcoming stable distribution (etch) this problem has been fixed in version 1.2.10+1.3.0rc5-1.

For the unstable distribution (sid) this problem has been fixed in version 1.2.10+1.3.0rc5-1.

We recommend that you upgrade your proftpd package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4.dsc
      Size/MD5 checksum: 897 4bb3486da273b7f246396e54a672298d
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4.diff.gz
      Size/MD5 checksum: 128904 accf444b76dd76b0bf076ada64195e81
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10.orig.tar.gz
      Size/MD5 checksum: 920495 7d2bc5b4b1eef459a78e55c027a4f3c4

Architecture independent components:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-doc_1.2.10-15sarge4_all.deb
      Size/MD5 checksum: 418032 6c5b89cdad81b31913de87105841dd1e

Alpha architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_alpha.deb
      Size/MD5 checksum: 444480 fc8e4d8b8060b9fe582559c7b14af8e7
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_alpha.deb
      Size/MD5 checksum: 200968 9a870951184988f72d9012379a6eaf7a
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_alpha.deb
      Size/MD5 checksum: 457318 6aa9809aee60ee2d6151927f5916ce34
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_alpha.deb
      Size/MD5 checksum: 476904 b04b43ec13b396b40e305279e8a980e3
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_alpha.deb
      Size/MD5 checksum: 476558 7ac9fb101fa756968c958f5bf47c7686

AMD64 architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_amd64.deb
      Size/MD5 checksum: 389254 6bd512cb4bd2f8a264a4689a67a14bb9
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_amd64.deb
      Size/MD5 checksum: 194764 9f113824505cce070eeec9379c9dc885
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_amd64.deb
      Size/MD5 checksum: 400208 17f8fbcab75c416bdc0c3814637f48d4
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_amd64.deb
      Size/MD5 checksum: 415544 5315d8e9649fe27f5c1903d07c10b578
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_amd64.deb
      Size/MD5 checksum: 415324 00b57a27a56deb76e0a1e39073b6cd25

ARM architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_arm.deb
      Size/MD5 checksum: 374112 0965c04c1ce8378f51dc14fa3882d8d4
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_arm.deb
      Size/MD5 checksum: 188926 09d5f8d90fbd6226a589e8ebd1779347
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_arm.deb
      Size/MD5 checksum: 384246 3bf4887215a5b15f605c9208716bc039
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_arm.deb
      Size/MD5 checksum: 399130 6078dc20a109f70eea10bec067933227
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_arm.deb
      Size/MD5 checksum: 398920 fb5286540adc5baa2a768c44ed81b350

HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_hppa.deb
      Size/MD5 checksum: 403802 eaa3c2b98127b55b4e454ad8e26c1385
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_hppa.deb
      Size/MD5 checksum: 194616 740063db391cc8e91a875043c0696b3d
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_hppa.deb
      Size/MD5 checksum: 414990 0e55529a7f7d852fb96f3262a702680f
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_hppa.deb
      Size/MD5 checksum: 431956 900ac31fc0ef48f7726495e870bbd195
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_hppa.deb
      Size/MD5 checksum: 431700 e4ee9153c788d5b8d4f691b40a42c970

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_i386.deb
      Size/MD5 checksum: 371740 f4afca4abad80815388d82af744fe242
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_i386.deb
      Size/MD5 checksum: 189636 50dfe2e3126dcc8b7cc164f1d12969ef
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_i386.deb
      Size/MD5 checksum: 381896 82703bc0dbb797b5417c744a06a094ed
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_i386.deb
      Size/MD5 checksum: 397210 3f995554710621e5ec126e651787bad5
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_i386.deb
      Size/MD5 checksum: 396998 77d34b542d227a65d428ffa1d8a33ca3

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_ia64.deb
      Size/MD5 checksum: 519866 743cd6f7c0360a68d191f83dedb226cc
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_ia64.deb
      Size/MD5 checksum: 207180 7bfaad1c8fa54f0b0d13ad75026a50ea
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_ia64.deb
      Size/MD5 checksum: 535514 624b5847eaaf7331ba4473a4a998ef9c
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_ia64.deb
      Size/MD5 checksum: 562540 23ba5248ccad6c75f3ee03d8bdc54ac4
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_ia64.deb
      Size/MD5 checksum: 562366 93433536b9aef09a573a172c40a8d4f1

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_m68k.deb
      Size/MD5 checksum: 332488 12e6fd84292ff109c9dec3322689f176
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_m68k.deb
      Size/MD5 checksum: 187288 a7ecdd1ee5dfaae278690cdd9092c38d
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_m68k.deb
      Size/MD5 checksum: 341016 e75f44fa2038c8f2dee1203349a62a09
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_m68k.deb
      Size/MD5 checksum: 353240 cc43c21a15a6e862df18e82b29e65f57
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_m68k.deb
      Size/MD5 checksum: 352958 410894e0290f6eeac5decd8996186abd

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_mips.deb
      Size/MD5 checksum: 382560 a7194e12d0173f7a1130a842c76fe1d1
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_mips.deb
      Size/MD5 checksum: 201798 23e239465f075c6f8f1d724f687e626c
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_mips.deb
      Size/MD5 checksum: 392048 cf9750041e7128cadd73a99a8ca2569c
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_mips.deb
      Size/MD5 checksum: 406636 cb4a2ac79bf3b1c74d64db9e2c77d947
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_mips.deb
      Size/MD5 checksum: 406416 832e2e03285701cc0c469185ca5a2fca

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_mipsel.deb
      Size/MD5 checksum: 384422 819609d01b95bc4a8e21180c55a24096
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_mipsel.deb
      Size/MD5 checksum: 202010 d8facfe7af0b99b1b05e6a5671abe489
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_mipsel.deb
      Size/MD5 checksum: 393532 5e2f37d07d9793ca99afcb9269e5ede6
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_mipsel.deb
      Size/MD5 checksum: 409628 a1e9c5453054a9220347f822ac83ece7
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_mipsel.deb
      Size/MD5 checksum: 409390 347231a9363dcdd0d4c9ebe02b84458c

PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_powerpc.deb
      Size/MD5 checksum: 384604 645714c5221f671dfc5561f757834507
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_powerpc.deb
      Size/MD5 checksum: 195554 09ffa848bb4dc4fdba75eb0795d8098b
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_powerpc.deb
      Size/MD5 checksum: 395262 9114efd839caf4a4e64e127045bc972c
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_powerpc.deb
      Size/MD5 checksum: 412218 31a846c2ade77bbc1a6e5e43d3d4dc2d
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_powerpc.deb
      Size/MD5 checksum: 411824 869b072b5d558a8f6f8f0494b38a6024

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_s390.deb
      Size/MD5 checksum: 379786 03606ef08f344bb5462b81e525d61733
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_s390.deb
      Size/MD5 checksum: 193150 de4c7761d960492e6b7c526bebbfca68
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_s390.deb
      Size/MD5 checksum: 390248 0a786f8ad3d6fc4efff7b6c3825243ad
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_s390.deb
      Size/MD5 checksum: 404096 d507247c2896307a9ebc4e6a1330e2c6
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_s390.deb
      Size/MD5 checksum: 403818 94aa1917df6b1f46ab079004efd75b44

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_sparc.deb
      Size/MD5 checksum: 369958 3ab88aaa1466c9975dec9df3ee2db33e
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_sparc.deb
      Size/MD5 checksum: 189172 c4e651e5930c18b3002dbb20d7ad63ec
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_sparc.deb
      Size/MD5 checksum: 379626 323009aab72ccbc9646c35002dd8cd3b
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_sparc.deb
      Size/MD5 checksum: 395006 ec5b5f65e5db9856eebf430894d5b5fa
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_sparc.deb
      Size/MD5 checksum: 394892 197da4298e2bae985628a133ce7c257e

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Fedora Core


Fedora Update Notification
FEDORA-2007-018
2007-01-07

Product : Fedora Core 5
Name : avahi
Version : 0.6.11
Release : 3.fc5
Summary : Local network service discovery

Description :
Avahi is a system which facilitates service discovery on a local network -- this means that you can plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared. This kind of technology is already found in MacOS X (branded 'Rendezvous', 'Bonjour' and sometimes 'ZeroConf') and is very convenient.


Update Information:

avahi-0.6.11-3.fc5 should fix CVE-2006-6870 - the consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself.


  • Sat Jan 6 2007 Martin Bacovsky <mbacovsk@redhat.com> - 0.6.11-3.fc5
    • Resolves: #221726 - CVE-2006-6870 Maliciously crafted packed can DoS avahi daemon
  • Tue Nov 28 2006 Martin Bacovsky <mbacovsk@redhat.com> - 0.6.11-2.fc5
    • fix bug #216655 - CVE-2006-5461 - avahi did not verify the sender identity of netlink messages
  • Mon Jul 17 2006 Jason Vas Dias <jvdias@redhat.com> - 0.6.11-1
    • Upgrade to upstream version 0.6.11
    • fix bug 195674: set 'use-ipv6=yes' in avahi-daemon.conf
    • fix bug 197414: avahi-compat-howl and avahi-compat-dns-sd symlinks
    • fix bug 198282: avahi-compat-{howl-devel,dns-sd-devel} Requires:
  • Tue Jun 13 2006 Jason Vas Dias <jvdias@redhat.com> - 0.6.10-3
    • rebuild for broken mono deps
  • Tue Jun 6 2006 Jason Vas Dias <jvdias@redhat.com> - 0.6.10-2
    • fix bug 194203: fix permissions on /var/run/avahi-daemon
  • Tue May 30 2006 Jason Vas Dias <jvdias@redhat.com> - 0.6.10-1
    • Upgrade to upstream version 0.6.10
    • fix bug 192080: split avahi-compat-libdns_sd into separate package

(same goes for avahi-compat-howl)


This update can be downloaded from:

    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

b01dbf83412f1b631396b847e1cb8b310572c2b6 SRPMS/avahi-0.6.11-3.fc5.src.rpm
b01dbf83412f1b631396b847e1cb8b310572c2b6 noarch/avahi-0.6.11-3.fc5.src.rpm
7f925f8323faa20936ea8d96995485f9399a1510 ppc/avahi-qt3-0.6.11-3.fc5.ppc.rpm
7d9c72855552c82b6cd71e0c875574e762c7626b ppc/avahi-devel-0.6.11-3.fc5.ppc.rpm
a3db6cc323d158698d68f86d8ba78c004cfe2258 ppc/debug/avahi-debuginfo-0.6.11-3.fc5.ppc.rpm
bc5a82fd6caecf5a3fb65047cf429dd5f7528f79 ppc/avahi-compat-howl-devel-0.6.11-3.fc5.ppc.rpm
ea818680bfdfab2ead934e64f9e124c0d4804dff ppc/avahi-glib-devel-0.6.11-3.fc5.ppc.rpm
e27f3163396568b7b74742316d84e0babb768606 ppc/avahi-0.6.11-3.fc5.ppc.rpm
4d1e24090b6cd9b369795ea17b6d328fdab61d9a ppc/avahi-compat-libdns_sd-0.6.11-3.fc5.ppc.rpm
217252824665083566a65ed6cdbc33033fbe4499 ppc/avahi-sharp-0.6.11-3.fc5.ppc.rpm
5f40395031b840be55d3527d8e14c318f03a3f70 ppc/avahi-compat-howl-0.6.11-3.fc5.ppc.rpm
bdaf22b561e27213fed12e34a82b1e96a9599b07 ppc/avahi-compat-libdns_sd-devel-0.6.11-3.fc5.ppc.rpm
75f4cabc9c154c516bb0d9bfd9d628853e03f34e ppc/avahi-tools-0.6.11-3.fc5.ppc.rpm
34e928f003f88e4170a5cd03629e0f971e805b32 ppc/avahi-qt3-devel-0.6.11-3.fc5.ppc.rpm
62377cb9206444dd6d6a4252c0315842331d29b9 ppc/avahi-glib-0.6.11-3.fc5.ppc.rpm
9aa18e9988fbb4ae5b4933a8aafe7ce02ad1d950 x86_64/debug/avahi-debuginfo-0.6.11-3.fc5.x86_64.rpm
9c81cea8f8e7bfa87902333065eee500386ed6bc x86_64/avahi-compat-howl-0.6.11-3.fc5.x86_64.rpm
ef4aec742161ef0b4654136e7d30869c6c7c5b8b x86_64/avahi-compat-libdns_sd-devel-0.6.11-3.fc5.x86_64.rpm
e71d4e057ed81bb37a0e110e841952ac74c7c97b x86_64/avahi-tools-0.6.11-3.fc5.x86_64.rpm
b838b206d627959f0a679a3a7234c3ea1c0ea05c x86_64/avahi-glib-0.6.11-3.fc5.x86_64.rpm
1e6d80d421a0ddeb080d2c458c12c099ad736ef2 x86_64/avahi-0.6.11-3.fc5.x86_64.rpm
b93177ae822424ca2b30070182bd40673abd81d4 x86_64/avahi-qt3-0.6.11-3.fc5.x86_64.rpm
8ae22542f95a359d4a3fb9a6d083b64e32b03fdd x86_64/avahi-qt3-devel-0.6.11-3.fc5.x86_64.rpm
11aaa6721bbcea2f5f12fd987659c58d5a87797a x86_64/avahi-devel-0.6.11-3.fc5.x86_64.rpm
10e3c611deb39c0b227fee31ce1b864027f117d7 x86_64/avahi-compat-libdns_sd-0.6.11-3.fc5.x86_64.rpm
2d311fc29cc57c585be6a7c745d3fb368e952781 x86_64/avahi-sharp-0.6.11-3.fc5.x86_64.rpm
ec28ecefa644d493a8b0eb3b0710637cdc57ca8a x86_64/avahi-compat-howl-devel-0.6.11-3.fc5.x86_64.rpm
89ec848c906ee0561a6b0e1a88a074f72f9d5e9c x86_64/avahi-glib-devel-0.6.11-3.fc5.x86_64.rpm
df75711a7b29d309819ddca7b5ba89b7472f6855 i386/avahi-sharp-0.6.11-3.fc5.i386.rpm
9ff37604e6f3ac9982aaf2a0c643423e3ad15cf8 i386/avahi-compat-howl-0.6.11-3.fc5.i386.rpm
292ff2d69694b5031b1d9a6ba33c42e1b07b5a4a i386/avahi-compat-howl-devel-0.6.11-3.fc5.i386.rpm
8a5cb1da102e9ddd03f8c22b1b48e20e9714ef3b i386/avahi-glib-devel-0.6.11-3.fc5.i386.rpm
721025866c12cf18dc3019a61b41fdde385351ec i386/avahi-tools-0.6.11-3.fc5.i386.rpm
bd44fde300294686dd87a6a4bea68af06dc20968 i386/avahi-0.6.11-3.fc5.i386.rpm
07f1f76afde5f0184c0a3182cd9c00b45609ad77 i386/avahi-glib-0.6.11-3.fc5.i386.rpm
8b0943ab980b8329eaf03478d8c2f56293f851d0 i386/avahi-devel-0.6.11-3.fc5.i386.rpm
6b31212d6fdeb03963726b361b847fe267246b04 i386/avahi-qt3-0.6.11-3.fc5.i386.rpm
f6d8143a90419a6fcf639d46c3e170487907cc36 i386/avahi-compat-libdns_sd-0.6.11-3.fc5.i386.rpm
1fdb1ee9276c9110499fcdf61daabb9834543240 i386/avahi-qt3-devel-0.6.11-3.fc5.i386.rpm
2d31df6b26f65db784bc49521bebf89702a963ca i386/avahi-compat-libdns_sd-devel-0.6.11-3.fc5.i386.rpm
80a926710b2fea263c57649b5c048788f6a40115 i386/debug/avahi-debuginfo-0.6.11-3.fc5.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/.

Ubuntu


Ubuntu Security Notice USN-398-3 January 04, 2007
firefox-themes-ubuntu regression
https://launchpad.net/bugs/76871

A security issue affects the following Ubuntu releases:

Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.10:
firefox-themes-ubuntu 0.5.4.1~6.10

After a standard system upgrade you need to restart Firefox to effect the necessary changes.

Details follow:

USN-398-1 fixed vulnerabilities in Firefox. Due to the updated version, a flaw was uncovered in the Firefox Themes bundle, which erroneously reported to be incompatible with the updated Firefox. This update fixes the problem.

We apologize for the inconvenience.

Updated packages for Ubuntu 6.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-themes-ubuntu/firefox-themes-ubuntu_0.5.4.1~6.10.dsc
      Size/MD5: 686 b3ee34c6ef4af852f2418db6694a891a
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-themes-ubuntu/firefox-themes-ubuntu_0.5.4.1~6.10.tar.gz
      Size/MD5: 187370 11706b8b8fd00c59973ed1497ce8dabe

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-themes-ubuntu/firefox-themes-ubuntu_0.5.4.1~6.10_all.deb
      Size/MD5: 1917682 37795bf1756250a0c4d22d41c248022b


Ubuntu Security Notice USN-400-1 January 04, 2007
mozilla-thunderbird vulnerabilities
CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6505

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.10:

mozilla-thunderbird 1.5.0.9-0ubuntu0.5.10
mozilla-thunderbird-dev 1.5.0.9-0ubuntu0.5.10

Ubuntu 6.06 LTS:

mozilla-thunderbird 1.5.0.9-0ubuntu0.6.06
mozilla-thunderbird-dev 1.5.0.9-0ubuntu0.6.06

Ubuntu 6.10:

mozilla-thunderbird 1.5.0.9-0ubuntu0.6.10
mozilla-thunderbird-dev 1.5.0.9-0ubuntu0.6.10

After a standard system upgrade you need to restart Thunderbird to effect the necessary changes.

Details follow:

Georgi Guninski and David Bienvenu discovered that long Content-Type and RFC2047-encoded headers we vulnerable to heap overflows. By tricking the user into opening a specially crafted email, an attacker could execute arbitrary code with user privileges. (CVE-2006-6506)

Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges or bypass internal XSS protections by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. (CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503)

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.5.10.diff.gz
      Size/MD5: 451886 9f56038195cbfd504e30d728afffd839
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.5.10.dsc
      Size/MD5: 960 9355d95244a407ed2e186cebeec17227

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.9-0ubuntu0.5.10_amd64.deb
      Size/MD5: 3527900 d42e7fe575f44c47df2be82c8822f118
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.9-0ubuntu0.5.10_amd64.deb
      Size/MD5: 190564 84bc6710da5797f6d2602ee4e1706c03
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.9-0ubuntu0.5.10_amd64.deb
      Size/MD5: 55790 3c54969a4c202ad37a22852dc09218fa
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.5.10_amd64.deb
      Size/MD5: 11992084 d6f7b1e835dc1698fa7b9b610eb774d7

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.9-0ubuntu0.5.10_i386.deb
      Size/MD5: 3519308 e36f9544ba777426ff48cd6cd98598b7
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.9-0ubuntu0.5.10_i386.deb
      Size/MD5: 183926 071d1aeb37a7be4b270ad72d8e3fe83e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.9-0ubuntu0.5.10_i386.deb
      Size/MD5: 51408 edb40af1565a0ad0449172dffc05bdf2
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.5.10_i386.deb
      Size/MD5: 10301946 1d5a89a3c62003e78bb524470d1df0bd

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.9-0ubuntu0.5.10_powerpc.deb
      Size/MD5: 3524840 bf72063909f218ea644be71bb24fa978
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.9-0ubuntu0.5.10_powerpc.deb
      Size/MD5: 187280 0c2a5965a1f167ebd39ed2ac510dd25f
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.9-0ubuntu0.5.10_powerpc.deb
      Size/MD5: 54980 3eaf7a9964f9fe19e394497d2d011c91
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.5.10_powerpc.deb
      Size/MD5: 11544152 03bba83cdba82a9d3cf5668f5481fa3f

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.9-0ubuntu0.5.10_sparc.deb
      Size/MD5: 3521026 fce40c573d51c4ec6ed7e1bba5d3371b
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.9-0ubuntu0.5.10_sparc.deb
      Size/MD5: 184710 6a69cad59a1296f6c937f32e936759c2
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.9-0ubuntu0.5.10_sparc.deb
      Size/MD5: 52872 d2cb21977046d1e02596ddbe349712c1
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.5.10_sparc.deb
      Size/MD5: 10782152 b4408f24a49a98056ae912ecc5bcb245

Updated packages for Ubuntu 6.06 LTS:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.6.06.diff.gz
      Size/MD5: 455145 8e3dd9a42c535cf3dbbfa7d3f43c10d4
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.6.06.dsc
      Size/MD5: 960 b80db5c275a3c7f4a2ea7842e17fec6d

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.9-0ubuntu0.6.06_amd64.deb
      Size/MD5: 3532510 5592350d1dd0bb6b70394b14f8fde2c2
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.9-0ubuntu0.6.06_amd64.deb
      Size/MD5: 194024 e5871c35e2aef3f1768b447019b379f1
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.9-0ubuntu0.6.06_amd64.deb
      Size/MD5: 59274 79e2c030c89eb8297d1ff24a7597b6d7
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.6.06_amd64.deb
      Size/MD5: 12001616 02611be9890cbfccd812db689cb94e19

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.9-0ubuntu0.6.06_i386.deb
      Size/MD5: 3524028 aa54f8fb63106674dc23514edf7f452e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.9-0ubuntu0.6.06_i386.deb
      Size/MD5: 187396 a0d317c47f12847d79cba7c6393100e9
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.9-0ubuntu0.6.06_i386.deb
      Size/MD5: 54784 af53dd218d88562c6daaabfbf6e2eb28
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.6.06_i386.deb
      Size/MD5: 10300500 7703c64dd2d715a77fd1ee8e7d4106af

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.9-0ubuntu0.6.06_powerpc.deb
      Size/MD5: 3530092 ae5f0e37440660e41982ae2d879d5a1c
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.9-0ubuntu0.6.06_powerpc.deb
      Size/MD5: 190730 fd4a74ad4c46b884420187435095f986
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.9-0ubuntu0.6.06_powerpc.deb
      Size/MD5: 58386 6159f387a03d0a328ff3c077e259700f
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.6.06_powerpc.deb
      Size/MD5: 11572978 4da87cee0aa4392bb9172ffca7d5cbd3

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.9-0ubuntu0.6.06_sparc.deb
      Size/MD5: 3525958 21c5b90c693a918e435ec19dac264768
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.9-0ubuntu0.6.06_sparc.deb
      Size/MD5: 188194 88f2e1008358728615ffe26a2671d4cc
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.9-0ubuntu0.6.06_sparc.deb
      Size/MD5: 56276 ee1009439286856271c676fdb8abecf8
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.6.06_sparc.deb
      Size/MD5: 10772130 2798c0f5b0ed07c22f783ea321f18757

Updated packages for Ubuntu 6.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.6.10.diff.gz
      Size/MD5: 455145 bd31793ada82bc8f7f188fce4996ad94
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.6.10.dsc
      Size/MD5: 960 3954fe275c0b3a6fbc4069e85d27ce87
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9.orig.tar.gz
      Size/MD5: 35610990 511100300f92ef07dc733c5f0a8aadf6

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.9-0ubuntu0.6.10_amd64.deb
      Size/MD5: 3532362 6f54066cee692a33b4261eda37c77f7a
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.9-0ubuntu0.6.10_amd64.deb
      Size/MD5: 194160 49fe3e145ccd8986d089e6625de45a42
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.9-0ubuntu0.6.10_amd64.deb
      Size/MD5: 59302 5437dc8ca65ddcbe1b54269ecca513d1
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.6.10_amd64.deb
      Size/MD5: 11996524 c592f4f62e077ee6832d752f1630c9f1

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.9-0ubuntu0.6.10_i386.deb
      Size/MD5: 3528062 4009f219f4ebbb0b57a9ea809eef8fdd
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.9-0ubuntu0.6.10_i386.deb
      Size/MD5: 188812 70ec0e513c5ff23ee5ea1ae9b6f146b7
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.9-0ubuntu0.6.10_i386.deb
      Size/MD5: 55920 1700eb2f625cc68c58ecd64c6b52918e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.6.10_i386.deb
      Size/MD5: 10756290 43b607dd453f4f2344f9631c7883a45b

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.9-0ubuntu0.6.10_powerpc.deb
      Size/MD5: 3530100 39a904eea3487e877ed89099b093182e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.9-0ubuntu0.6.10_powerpc.deb
      Size/MD5: 191248 89fd5cfb1d7ce4232714bad58cc8c4e5
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.9-0ubuntu0.6.10_powerpc.deb
      Size/MD5: 58958 e8883e10a4adc2d5175faa4871c45db3
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.6.10_powerpc.deb
      Size/MD5: 11702722 9e1ac70b40fadc13540ed8e1346ebd96

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.9-0ubuntu0.6.10_sparc.deb
      Size/MD5: 3526070 8a172512a876f136335b42ec2fb64b5e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.9-0ubuntu0.6.10_sparc.deb
      Size/MD5: 188646 efee0c9e23d240797f5963223a8e27a3
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.9-0ubuntu0.6.10_sparc.deb
      Size/MD5: 56344 74beaea8578051a5f1cf4e0acf6a93c1
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.6.10_sparc.deb
      Size/MD5: 10969616 0327abc5d649e757c03e5763b2469bce


Ubuntu Security Notice USN-401-1 January 04, 2007
dbus vulnerability
CVE-2006-6107

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.10:
dbus 0.36.2-0ubuntu7.1

Ubuntu 6.06 LTS:
dbus 0.60-6ubuntu8.1

Ubuntu 6.10:
dbus 0.93-0ubuntu3.1

After a standard system upgrade you need to reboot your computer to effect the necessary changes.

Details follow:

Kimmo H. discovered that local users could delete other users' D-Bus match rules. Applications would stop receiving D-Bus messages, resulting in a local denial of service, and potential data loss for applications that depended on D-Bus for storing information.

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_0.36.2-0ubuntu7.1.diff.gz
      Size/MD5: 20079 c9da5415d9c40e3e7d8c8a0a42a5a8af
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_0.36.2-0ubuntu7.1.dsc
      Size/MD5: 1481 678473638ffb542af376a9288b7e9894
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_0.36.2.orig.tar.gz
      Size/MD5: 1601374 45468e46967d3e70f082d0d0e6049225

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-doc_0.36.2-0ubuntu7.1_all.deb
      Size/MD5: 1383452 824c945c895bd5ca3a1632ebf8781bd9

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-utils_0.36.2-0ubuntu7.1_amd64.deb
      Size/MD5: 195764 712e8501c1c1c5565a8bb12acbb51a4d
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_0.36.2-0ubuntu7.1_amd64.deb
      Size/MD5: 310368 60e21a4aa8c9d645455af9fb25cd81c6
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-1-1_0.36.2-0ubuntu7.1_amd64.deb
      Size/MD5: 241070 bc6ba41be6e038289ef183bc1c87e181
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-1-cil_0.36.2-0ubuntu7.1_amd64.deb
      Size/MD5: 170960 950c9bbff0dfb5ef4df5ac6973fa04c3
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-1-dev_0.36.2-0ubuntu7.1_amd64.deb
      Size/MD5: 300864 7fb845375f9e670ac3d4227606fe392d
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-glib-1-1_0.36.2-0ubuntu7.1_amd64.deb
      Size/MD5: 180612 df5d59d9d9c29f95f972b5e2c256ce50
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-glib-1-dev_0.36.2-0ubuntu7.1_amd64.deb
      Size/MD5: 193072 86e23e014f4c77a76151a1757c1b3be1
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-qt-1-1c2_0.36.2-0ubuntu7.1_amd64.deb
      Size/MD5: 157726 39d7412bb822f791d92350a2696b9887
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-qt-1-dev_0.36.2-0ubuntu7.1_amd64.deb
      Size/MD5: 163258 8027be432eb55cfb227c5bef071280c1
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/python2.4-dbus_0.36.2-0ubuntu7.1_amd64.deb
      Size/MD5: 251134 6fe6da35ea09b517f10a024fd46358a3

i386 architecture (x86 compatible Intel/AMD)