---

Home Security

Advisories, April 27, 2005

By

Conectiva Linux

CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE : squid
SUMMARY : Fixes for multiple squid vulnerabilities
DATE : 2005-04-27 14:19:00
ID : CLA-2005:948
RELEVANT RELEASES : 9, 10

DESCRIPTION
Squid[1] is a full-featured web proxy cache.

This announcement upgrades Squid from 2.5STABLE5 to 2.5STABLE9
in order to fix bug #13718[2] and also fixes the two following
vulnerabilities:

1.Unexpected access control results on configuration errors[3]
On configuration errors involving wrongly defined or missing acls
the http_access results may be different than expected, possibly
allowing more access than intended. This patch makes such
configuration errors a fatal error, preventing the service from
starting until the access control configuration errors have been
corrected.

2.Race condition related to Set-Cookie header[4] A race window
has been discovered where Set-Cookie headers may leak to another
users if the requested server relies on the old (obsolete since
1997) Netscape Set-Cookie specifications in how caches should
handle the Set-Cookie header on otherwise cacheable content.

SOLUTION
It is recommended that all squid users upgrade to the latest
packages. This update will automatically restart the service if it
is already running.

REFERENCES
1.http://www.squid-cache.org/
2.http://bugzilla.conectiva.com.br/show_bug.cgi?id=13718

3.http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error

4.http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie

UPDATED PACKAGES

ftp://atualizacoes.conectiva.com.br/10/SRPMS/squid-2.5.5-77559U10_10cl.src.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-2.5.5-77559U10_10cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-auth-2.5.5-77559U10_10cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-extra-templates-2.5.5-77559U10_10cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/SRPMS/squid-2.5.5-77559U90_12cl.src.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/squid-2.5.5-77559U90_12cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/squid-auth-2.5.5-77559U90_12cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/squid-extra-templates-2.5.5-77559U90_12cl.i386.rpm

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

  • run: apt-get update
  • after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade
examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

All packages are signed with Conectiva’s GPG key. The key and
instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can
be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com

CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE : gaim
SUMMARY : Fixes for gaim’s vulnerabilities
DATE : 2005-04-27 15:11:00
ID : CLA-2005:949
RELEVANT RELEASES : 9, 10

DESCRIPTION
Gaim[1] is a multi-protocol instant messaging (IM) client.

This announcement fixes three denial of service vulnerabilities
that were encountered in Gaim.

The fixed vulnerabilities are:

CAN-2005-0965[2]: The gaim_markup_strip_html function allows
remote attackers to cause a denial of service (application crash)
via a string that contains malformed HTML, which causes an
out-of-bounds read.

CAN-2005-0966[3]: The IRC protocol plugin allowed (1) remote
attackers to inject arbitrary Gaim markup via irc_msg_kick,
irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to
inject arbitrary Pango markup and pop up empty dialog boxes via
irc_msg_invite, or (3) malicious IRC servers to cause a denial of
service (application crash) by injecting certain Pango markup into
irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan
functions.

CAN-2005-0967[4]: Sending a Gaim Jabber user a certain invalid
file transfer request triggered an out-of-bounds read which caused
Gaim to crash.

For further informations on Gaim’s vulnerabilities, please refer
to the project’s security page[5].

SOLUTION
It is recommended that all Gaim users upgrade their packages.

IMPORTANT: Gaim must be restarted after the upgrade in order to
close the vulnerabilities.

REFERENCES
1.http://gaim.sourceforge.net/
2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0965

3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0966

4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0967

5.http://gaim.sourceforge.net/security/

UPDATED PACKAGES

ftp://atualizacoes.conectiva.com.br/10/SRPMS.gaim/gaim-1.2.1-69982U10_3cl.src.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-am-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-bg-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-ca-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-cs-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-da-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-de-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-en_AU-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-en_CA-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-en_GB-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-es-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-et-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-fi-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-fr-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-he-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-hi-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-hu-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-it-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-ja-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-ko-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-lt-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-mk-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-my_MM-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-nb-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-nl-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-pl-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-pt-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-pt_BR-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-ro-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-ru-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-sk-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-sl-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-sq-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-sr-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-sv-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-tr-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-uk-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-vi-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-zh_CN-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-zh_TW-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/libgaim-remote-devel-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/libgaim-remote0-1.2.1-69982U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/SRPMS.gaim/gaim-1.2.1-27683U90_4cl.src.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS.gaim/gaim-1.2.1-27683U90_4cl.i386.rpm

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

  • run: apt-get update
  • after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade
examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

All packages are signed with Conectiva’s GPG key. The key and
instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en

Instructions on how to check the signatures of the RPM packages can
be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com

CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE : evolution
SUMMARY : Fix for Evolution vulnerability
DATE : 2005-04-27 15:58:00
ID : CLA-2005:950
RELEVANT RELEASES : 10

DESCRIPTION
Evolution[1] is the GNOME mailer, calendar, contact manager and
communications tool.

This announcement fixes an issue[2] in Evolution which caused it
to crash when displaying certain message types.

SOLUTION
It is recommended that all Evolution users upgade their
packages.

IMPORTANT: It is necessary to restart the application after the
upgrade in order to properly close the vulnerability.

REFERENCES
1.http://www.ximian.com/products/ximian_evolution

2.http://bugzilla.gnome.org/show_bug.cgi?id=272609

UPDATED PACKAGES

ftp://atualizacoes.conectiva.com.br/10/SRPMS.evolution/evolution-2.0.4-75609U10_5cl.src.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-devel-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-devel-static-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-am-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-ar-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-az-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-be-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-bg-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-bn-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-bs-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-ca-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-cs-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-cy-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-da-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-de-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-el-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-en_AU-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-en_CA-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-en_GB-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-es-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-et-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-eu-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-fa-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-fi-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-fr-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-ga-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-gl-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-gu-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-he-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-hi-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-hr-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-hu-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-id-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-is-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-it-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-ja-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-ko-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-lt-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-lv-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-mk-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-ml-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-mn-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-ms-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-nb-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-nl-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-nn-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-no-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-pa-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-pl-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-pt-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-pt_BR-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-ro-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-ru-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-sk-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-sl-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-sq-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-sr-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-sv-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-ta-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-tr-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-uk-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-vi-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-wa-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-zh_CN-2.0.4-75609U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS.evolution/evolution-i18n-zh_TW-2.0.4-75609U10_5cl.i386.rpm

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

  • run: apt-get update
  • after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade
examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

All packages are signed with Conectiva’s GPG key. The key and
instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en

Instructions on how to check the signatures of the RPM packages can
be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com

Debian GNU/Linux

Debian Security Advisory DSA 714-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
April 26th, 2005 http://www.debian.org/security/faq

Package : kdelibs
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-1046

KDE security team discovered several vulnerabilities in the PCX
and other image file format readers in the KDE core libraries, some
of them exploitable to execute arbitrary code. To a small extend
the packages in woody are affected as well.

For the stable distribution (woody) this problem has been fixed
in version 2.2.2-13.woody.14.

For the unstable distribution (sid) this problem has been fixed
in version 3.3.2-5.

We recommend that you upgrade your kdelibs packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:


http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.14.dsc

Size/MD5 checksum: 1355 2edeb0458baefabf6cad7e312f34712e

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.14.diff.gz

Size/MD5 checksum: 61029 aab99bcaa38986b246b4c390b3d6240f

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2.orig.tar.gz

Size/MD5 checksum: 6396699 7a9277a2e727821338f751855c2ce5d3

Architecture independent components:


http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-doc_2.2.2-13.woody.14_all.deb

Size/MD5 checksum: 2566570 bf158da1274e633190acdea02ff3a6b2

Alpha architecture:


http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_alpha.deb

Size/MD5 checksum: 757842 c36da42fb8265860b8867e45206c9185

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_alpha.deb

Size/MD5 checksum: 7533646 6c306edc12186660b14b05cc05176905

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_alpha.deb

Size/MD5 checksum: 137658 6f108583d6fa4b9faedc63815e8debd9

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_alpha.deb

Size/MD5 checksum: 202316 8c6888e10724394268186d5e02187e48

http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_alpha.deb

Size/MD5 checksum: 1022540 4415412df2720a1f2a2a2d4d96a0f67f

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_alpha.deb

Size/MD5 checksum: 1029392 e48959c7502219939d7ae0c978a137f9

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_alpha.deb

Size/MD5 checksum: 198464 06ed7e88d3d172eb614e1bfebc715a84

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_alpha.deb

Size/MD5 checksum: 175010 69a33131b2910a627277a0fe6a8a347c

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_alpha.deb

Size/MD5 checksum: 178430 bdd26c67147a6fe2f330693d4115ff34

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_alpha.deb

Size/MD5 checksum: 37504 82131f7d56034cd5e3fb51bb93feb3ee

ARM architecture:


http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_arm.deb

Size/MD5 checksum: 744050 494a6b5e13989bb1af655a08fc6b034d

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_arm.deb

Size/MD5 checksum: 6605028 f82ea87f6cb02efbba5f15eb84d9600a

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_arm.deb

Size/MD5 checksum: 104870 62c8b620f4902992a797e17d5b5e80c3

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_arm.deb

Size/MD5 checksum: 186886 7a931840616877b3a64d5d8a9fdf0b5f

http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_arm.deb

Size/MD5 checksum: 652040 a5553896972a43d53cc439ef3b1e4c08

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_arm.deb

Size/MD5 checksum: 655674 294711360824657a7d82322913a0052a

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_arm.deb

Size/MD5 checksum: 156014 5f773c03b00e642344491753752f90d0

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_arm.deb

Size/MD5 checksum: 125094 1f8527c29f51feec519d194347891a2f

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_arm.deb

Size/MD5 checksum: 128216 644d9e2f238ae3674c0bbefc3abd0913

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_arm.deb

Size/MD5 checksum: 37508 555511e6d1542dd85b3f2525a8d1f179

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_i386.deb

Size/MD5 checksum: 743320 91785fa72bd2f7d60f5c1a20fcee6edd

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_i386.deb

Size/MD5 checksum: 6619904 3cb4a66ec80635e08a33d18cbc539c31

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_i386.deb

Size/MD5 checksum: 106408 03e67ed6c91058b72c9421aba5a29fd5

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_i386.deb

Size/MD5 checksum: 183424 5b34a15931eca4001dca956b74a4a827

http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_i386.deb

Size/MD5 checksum: 625580 1a9670079bedc52aaf36d50f65a6cdfe

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_i386.deb

Size/MD5 checksum: 629740 eb924c6a36898ed0f4154e92271302a6

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_i386.deb

Size/MD5 checksum: 155318 67ae607a8ce21027cd3c73805c464cab

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_i386.deb

Size/MD5 checksum: 123770 196d19248c6671040e3fc9204c308273

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_i386.deb

Size/MD5 checksum: 126846 ed76442966d9757101beaa782d8bf8f1

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_i386.deb

Size/MD5 checksum: 37486 1a4128190396a577ef04466930cc6e6b

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_ia64.deb

Size/MD5 checksum: 768242 1237c0dfd23668879908a2a2965c227a

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_ia64.deb

Size/MD5 checksum: 8843698 da72b2d17c7c26c9db8f9bc23f92564f

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_ia64.deb

Size/MD5 checksum: 154020 43c47aa7108caa693157bffec1c72447

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_ia64.deb

Size/MD5 checksum: 257678 d2d312195da96a197e9949834c7e6da8

http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_ia64.deb

Size/MD5 checksum: 1045820 85d7913da76ecf49dd7ee0c6834204cd

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_ia64.deb

Size/MD5 checksum: 1051304 8cbdc7d36e899a4f71fdea223ec6c88c

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_ia64.deb

Size/MD5 checksum: 199792 f4c638fa150d33b228f5bcdd7d27df8a

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_ia64.deb

Size/MD5 checksum: 185778 fec5f64d251724241d42347c73b68319

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_ia64.deb

Size/MD5 checksum: 191298 a9e1f44bb6d66f786f06e15ae0c0560c

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_ia64.deb

Size/MD5 checksum: 37496 f7ee54e15c6247ddaf296e62b9dc2ef2

HP Precision architecture:


http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_hppa.deb

Size/MD5 checksum: 750128 5cde6628d6065687f32d23ca42c4b4a2

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_hppa.deb

Size/MD5 checksum: 7367572 ad1e68fa713ed91b5ccb8f14fb97a023

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_hppa.deb

Size/MD5 checksum: 117832 be8e58fb33a273b8ea4c3f55585a430d

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_hppa.deb

Size/MD5 checksum: 218258 8035d8010c52bc2567400dd48fce0c02

http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_hppa.deb

Size/MD5 checksum: 1112036 a04250ae1a33687931f7d180e925c6a1

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_hppa.deb

Size/MD5 checksum: 1115628 a0d26fa493cfa9fc3775b9eaa16222da

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_hppa.deb

Size/MD5 checksum: 208046 b6c325233fcb98d2a8d724feaa607c36

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_hppa.deb

Size/MD5 checksum: 172310 4f1e932b44e8a542624b77b5ad27ff7e

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_hppa.deb

Size/MD5 checksum: 176484 db2f63e71a237953ecd5a8fa8604c465

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_hppa.deb

Size/MD5 checksum: 37500 bce68008ede6c63e44500e616331fbb6

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_m68k.deb

Size/MD5 checksum: 740488 80ebcca522f2b3cf87005f0f9f3555e4

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_m68k.deb

Size/MD5 checksum: 6485098 7959f90d7d271535222901edc139c273

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_m68k.deb

Size/MD5 checksum: 103950 f59690bd51e8b1c9809f9df9198d6b37

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_m68k.deb

Size/MD5 checksum: 178844 dec6510a262922ed8b4b3dd9471d024d

http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_m68k.deb

Size/MD5 checksum: 629010 8bd957e00e0593af9dba939fe64ac3c8

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_m68k.deb

Size/MD5 checksum: 633518 840ab067671bd13996dc51ddf55e3ac8

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_m68k.deb

Size/MD5 checksum: 151550 713a805ea7a0d530950183b90f60958a

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_m68k.deb

Size/MD5 checksum: 121080 542da8694055f5d3e218e7e8adf456c2

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_m68k.deb

Size/MD5 checksum: 124000 a10868d87ef70a54db09abc0df4434c5

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_m68k.deb

Size/MD5 checksum: 37512 1ad80019230d31fe389ba146771e7ed5

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_mips.deb

Size/MD5 checksum: 740276 960ceb78e82e2df114c7c1fdbfaf45e5

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_mips.deb

Size/MD5 checksum: 6284820 5d7c8d96e691e9026975b7f03071662d

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_mips.deb

Size/MD5 checksum: 107202 4954f1153e012cb625fb675bdefcbe40

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_mips.deb

Size/MD5 checksum: 161288 2113879170ac67549384ced2a64ea5a2

http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_mips.deb

Size/MD5 checksum: 621216 433ab8e45480b9db258a42b11a2d83c2

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_mips.deb

Size/MD5 checksum: 625566 4e7b13c2d0cc10469b5524728024ca01

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_mips.deb

Size/MD5 checksum: 176214 65e13e2bf05121c6a4c3dedd12ef7379

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_mips.deb

Size/MD5 checksum: 124612 5f37f8c5aea38bf745f1bc83917fc2af

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_mips.deb

Size/MD5 checksum: 127616 ed13fd47b01ec4c1e932b2e1ab9a5097

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_mips.deb

Size/MD5 checksum: 37512 e89bae84f5d23e44bc8a8c97f90beca5

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_mipsel.deb

Size/MD5 checksum: 739614 b6c96307d8e4bb13eb8030c3c9d8b4fc

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_mipsel.deb

Size/MD5 checksum: 6190894 05e576bc649eaa947db4841872bd9af5

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_mipsel.deb

Size/MD5 checksum: 106208 8b5bad7478c2817b381090e0dbb29795

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_mipsel.deb

Size/MD5 checksum: 159544 3dce69d70433c6d2cb49d875e139eeaa

http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_mipsel.deb

Size/MD5 checksum: 614058 838c176f4bd39640a5ba9c37f0a38cc5

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_mipsel.deb

Size/MD5 checksum: 617518 d35cd5459d046df52ddfc0211141ef73

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_mipsel.deb

Size/MD5 checksum: 175364 a77dcb1b7f29aa1603aa20f642ad824e

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_mipsel.deb

Size/MD5 checksum: 123628 fd6962b418fe4c33bf1364429f16446b

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_mipsel.deb

Size/MD5 checksum: 126584 d3170d436f8ffc0a74a1ddc43e1788f3

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_mipsel.deb

Size/MD5 checksum: 37508 ca51ad9bea2b452af76e86e632c111e9

PowerPC architecture:


http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_powerpc.deb

Size/MD5 checksum: 741300 eb89bb59fa2f161b35999d9181dc01db

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_powerpc.deb

Size/MD5 checksum: 6743570 9619dca36a404d209f93232279508185

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_powerpc.deb

Size/MD5 checksum: 106326 242e987d56b6c372b591033cffde91b7

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_powerpc.deb

Size/MD5 checksum: 182946 f5c3f5cc9ddd5076345bd66c59231ba0

http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_powerpc.deb

Size/MD5 checksum: 691316 d137a0428c5e4fd3fae8a7831bdadb3e

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_powerpc.deb

Size/MD5 checksum: 695130 cb7e5a47e2e9892227a3a5dddc726bfd

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_powerpc.deb

Size/MD5 checksum: 154244 fec6e32c9e1a7ed943d7a1984324426a

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_powerpc.deb

Size/MD5 checksum: 127922 b73520e3822413ccb507185c56af1ced

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_powerpc.deb

Size/MD5 checksum: 130804 133638aa6468f9c8bc6f2f6f5e2e4e67

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_powerpc.deb

Size/MD5 checksum: 37504 38201cb34cd63798675dfa5a9e6e90d7

IBM S/390 architecture:

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.