---

Home Security

Advisories: August 15, 2005

By

Debian GNU/Linux

Debian Security Advisory DSA 761-2 [email protected]
http://www.debian.org/security/
Martin Schulze
August 15th, 2005 http://www.debian.org/security/faq

Package : heartbeat
Vulnerability : insecure temporary files
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-2231

The security update DSA 761-1 for pdns contained a bug which
caused a regression. This problem is corrected with this advisory.
For completeness below please find the original advisory text:

Eric Romang discovered several insecure temporary file creations
in heartbeat, the subsystem for High-Availability Linux.

For the stable distribution (sarge) these problems have been
fixed in version 1.2.3-9sarge3.

We recommend that you upgrade your heartbeat package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3.dsc

      Size/MD5 checksum: 881
3544d0263e793b04ec3b893faa7d4358
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3.diff.gz

      Size/MD5 checksum: 267445
c38c21332c83fbbc6f04b7a95923c52b
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3.orig.tar.gz

      Size/MD5 checksum: 1772513
9fd126e5dff51cc8c1eee223c252a4af

Architecture independent components:

    http://security.debian.org/pool/updates/main/h/heartbeat/ldirectord_1.2.3-9sarge3_all.deb

      Size/MD5 checksum: 45276
af7385c286cf97611abc63694536f31b

Alpha architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_alpha.deb

      Size/MD5 checksum: 574458
0dbd8af2534f7f2097f3da75c6a4efb1
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_alpha.deb

      Size/MD5 checksum: 150592
66e74571efad4f25aa1f7ea3ed3a31a0
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_alpha.deb

      Size/MD5 checksum: 70874
c1fe65aeda6313eff97e2f7a7e739a7f
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_alpha.deb

      Size/MD5 checksum: 53904
cb69e40fd6a1de6e87a72bd6a72e6ebe
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_alpha.deb

      Size/MD5 checksum: 31064
cc3d581be9eba80478df3fb0dbbd2512
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_alpha.deb

      Size/MD5 checksum: 94070
202897bb3f00c9c890b6ab42585e5ed6
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_alpha.deb

      Size/MD5 checksum: 31516
f83006aa4c97225cb5a52178e9360e84

AMD64 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_amd64.deb

      Size/MD5 checksum: 525780
8360b452456be24df79c7ae29c53277b
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_amd64.deb

      Size/MD5 checksum: 126042
8a3b8b4e6c22c6a0fb1f7b459d211117
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_amd64.deb

      Size/MD5 checksum: 61684
ddba93c0e7d37b4714a6f52cdfd3c595
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_amd64.deb

      Size/MD5 checksum: 52370
45c27593a16b94baf9647b6efca179d9
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_amd64.deb

      Size/MD5 checksum: 29892
d15f73d6ce9f43a56abf7817ccbf08a8
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_amd64.deb

      Size/MD5 checksum: 88908
1ad33906c529089fe40738304af1c1e0
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_amd64.deb

      Size/MD5 checksum: 30926
26ddc4fbea838b972065b38bd29d249a

ARM architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_arm.deb

      Size/MD5 checksum: 498386
d88b235816220da27c4f316c957f99f8
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_arm.deb

      Size/MD5 checksum: 123574
cf0088e68cc23bed1ac17d6e21715a73
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_arm.deb

      Size/MD5 checksum: 63160
731e5e243017d9a40aaa89ef4dae492b
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_arm.deb

      Size/MD5 checksum: 49016
171e6fdbf0f72c525ac8695381f6d523
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_arm.deb

      Size/MD5 checksum: 29790
d82e6a7fdd5def2bcb0614a9276e5f88
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_arm.deb

      Size/MD5 checksum: 77380
14c49b6f70827caa9391ecab91981b30
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_arm.deb

      Size/MD5 checksum: 30222
4fe0b9cb97d0721ed7b944c99bfffc0b

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_i386.deb

      Size/MD5 checksum: 493636
af1e9089f5b799762ab2819a51557fde
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_i386.deb

      Size/MD5 checksum: 117570
2ae72b36cdb8b61a4dd411f738d53ae3
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_i386.deb

      Size/MD5 checksum: 58876
38fc2cfb6d0f14e378b32e925d25a6db
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_i386.deb

      Size/MD5 checksum: 48056
5d12b336be8605f155d549243c4e8deb
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_i386.deb

      Size/MD5 checksum: 29524
9b9e293795e1db55ca75c12e8c8aabf3
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_i386.deb

      Size/MD5 checksum: 79122
369ae7c1032c7ce9589149a0135354c7
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_i386.deb

      Size/MD5 checksum: 30374
8b4c4a4aa922a8d5fa213b431bcffe53

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_ia64.deb

      Size/MD5 checksum: 648244
9356cd18494dce44a0f27ba9f3c76425
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_ia64.deb

      Size/MD5 checksum: 152630
b392e15e62434d99c8321e5efe8a5508
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_ia64.deb

      Size/MD5 checksum: 74132
67f3e84093e5550ccc0f83aeebcd406f
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_ia64.deb

      Size/MD5 checksum: 62390
70d3376d7002c9db165aa74d54961bbf
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_ia64.deb

      Size/MD5 checksum: 31194
99e6fb826d61ba6b720d02a3fcbfe976
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_ia64.deb

      Size/MD5 checksum: 104558
84c4e5c68b0273ef8be60c5f48628e29
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_ia64.deb

      Size/MD5 checksum: 32444
030f7f481056357ba4d8c10d3427e2a9

HP Precision architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_hppa.deb

      Size/MD5 checksum: 550550
f21382efe966438294ad461f09620acb
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_hppa.deb

      Size/MD5 checksum: 135880
86957e78d857d893755e3022ac1d648c
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_hppa.deb

      Size/MD5 checksum: 68154
25d5a17fc0e3b63d5f3b02c659545d7b
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_hppa.deb

      Size/MD5 checksum: 55528
f13105c363b0137240048e09bb9ae07f
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_hppa.deb

      Size/MD5 checksum: 30300
fc862d73793810ba0f5dcbf0ca11f1bb
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_hppa.deb

      Size/MD5 checksum: 92774
bf04ac77fa0eb7eebcd74fe2cdad355f
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_hppa.deb

      Size/MD5 checksum: 31380
2e379ced3aea02eea24640ce35dcf0ed

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_m68k.deb

      Size/MD5 checksum: 480640
5a8df01756ad70aae2f0022b286f1970
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_m68k.deb

      Size/MD5 checksum: 113482
6c8947d7a9337589e5f0795f2b2bafaf
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_m68k.deb

      Size/MD5 checksum: 56470
40a4e3f316137d2a77c0414e5f8c0170
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_m68k.deb

      Size/MD5 checksum: 48254
6998bfa6ccb10114a9eb118d48075cbe
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_m68k.deb

      Size/MD5 checksum: 29418
dfa6314f2678a398be309767cea40623
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_m68k.deb

      Size/MD5 checksum: 81896
9d2b5c93cb079805802a25230e412654
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_m68k.deb

      Size/MD5 checksum: 30204
912a312571782a54275d1ea43c81f06f

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_mips.deb

      Size/MD5 checksum: 536388
9e98c4c8d575ad8d1f3e5cd8ae1ad45e
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_mips.deb

      Size/MD5 checksum: 132540
ede0ee1b34414f6eeb1f4d45847356e3
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_mips.deb

      Size/MD5 checksum: 65458
0a08a5ceccf9744ca4ead2d0be51fd9a
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_mips.deb

      Size/MD5 checksum: 48326
cff2af32d2a51a98884947c98da6a3a3
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_mips.deb

      Size/MD5 checksum: 30128
5390bf7e0ac461eb12e0b9c11fb9ef5d
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_mips.deb

      Size/MD5 checksum: 80600
43d2f82e08ffd5f4ad6bf32d66fd7ade
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_mips.deb

      Size/MD5 checksum: 32594
db05fce36a3c9ba63dff462136457c84

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_mipsel.deb

      Size/MD5 checksum: 537016
79a6f30758663e974f925d3afc0e3eeb
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_mipsel.deb

      Size/MD5 checksum: 132674
f4ad130febbe95b21e1e4f517324f53e
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_mipsel.deb

      Size/MD5 checksum: 65236
378b548016fa5c4e2df45b1f0e7f97c6
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_mipsel.deb

      Size/MD5 checksum: 48546
58a80e13f3d66595e785c3aca0feccce
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_mipsel.deb

      Size/MD5 checksum: 30166
e4c11c0f413db63ca3b76bc75ca39a38
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_mipsel.deb

      Size/MD5 checksum: 80524
4ce68cf47764f0092916fbfd74c91e0f
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_mipsel.deb

      Size/MD5 checksum: 32586
027dec3fbc1b16c5c7cb35c114aed1d3

PowerPC architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_powerpc.deb

      Size/MD5 checksum: 554938
5b72952dedccb187fb0db7438df7b019
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_powerpc.deb

      Size/MD5 checksum: 127506
aae35f8d1888ce532f3ca54a4d62da7f
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_powerpc.deb

      Size/MD5 checksum: 61738
7f65568832507e6ff8e721f14f903367
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_powerpc.deb

      Size/MD5 checksum: 53396
cb699f884c3a04703432e0b665154bd2
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_powerpc.deb

      Size/MD5 checksum: 30016
28c769722b7cb30630e729cfa403a3f0
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_powerpc.deb

      Size/MD5 checksum: 98590
816a4be11149be0b23ef71a83f8e8e63
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_powerpc.deb

      Size/MD5 checksum: 33170
a480a5e90263e088c61d2fd0c69b684c

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_s390.deb

      Size/MD5 checksum: 530432
8cd269f9be98c289ff34daf10900002e
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_s390.deb

      Size/MD5 checksum: 126658
aba07d35c7128edb4de04afb60714a69
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_s390.deb

      Size/MD5 checksum: 62370
08c42b465904968c333dbd0ba4a75a74
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_s390.deb

      Size/MD5 checksum: 52828
5cc46349891c9343927606216ee37c17
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_s390.deb

      Size/MD5 checksum: 29904
5cf21f62deb179b7b7bf3d9f133a1ccd
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_s390.deb

      Size/MD5 checksum: 84810
0763f53019af2eaee8a40124d40002d5
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_s390.deb

      Size/MD5 checksum: 30878
9eed7728d9e74166b3ebe358d87e0f75

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_sparc.deb

      Size/MD5 checksum: 500874
b2f9e4558a891a32f8589bab66229377
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_sparc.deb

      Size/MD5 checksum: 121122
7ea5e33cb775d6761ce5895ea81d2bfe
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_sparc.deb

      Size/MD5 checksum: 62918
b832c80146fad1ba2792e58247a2eafc
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_sparc.deb

      Size/MD5 checksum: 49994
b62c3a0612ae68351087f8dbb9575bc2
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_sparc.deb

      Size/MD5 checksum: 29756
56d9d3a1815670b063e7404a238fe52e
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_sparc.deb

      Size/MD5 checksum: 81156
395c0e3f7c9f26a40751d49f101293c6
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_sparc.deb

      Size/MD5 checksum: 30300
9bb0898aecf070952a06990a111a620d

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 775-1 [email protected]
http://www.debian.org/security/
Martin Schulze
August 15th, 2005 http://www.debian.org/security/faq

Package : mozilla
Vulnerability : frame injection spoofing
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0718 CAN-2005-1937
BugTraq ID : 14242

A vulnerability has been discovered in Mozilla and Mozilla
Firefox that allows remote attackers to inject arbitrary Javascript
from one page into the frameset of another site. Thunderbird is not
affected by this and Galeon will be automatically fixed as it uses
Mozilla components.

The old stable distribution (woody) does not contain Mozilla
Firefox packages.

For the stable distribution (sarge) this problem has been fixed
in version 1.0.4-2sarge1.

For the unstable distribution (sid) this problem has been fixed
in version 1.0.6-1.

We recommend that you upgrade your mozilla-firefox package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1.dsc

      Size/MD5 checksum: 1001
248d8f9e82f3cade699588f729b26aba
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1.diff.gz

      Size/MD5 checksum: 227342
b5bff4a3262a6bd69dfb66b654dd1baf
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz

      Size/MD5 checksum: 40212297
8e4ba81ad02c7986446d4e54e978409d

Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_alpha.deb

      Size/MD5 checksum: 11156416
70c32a6e9517462f18bb828a454b3212
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_alpha.deb

      Size/MD5 checksum: 164986
e3b758071d4be7c98bfd8a0540791de6
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_alpha.deb

      Size/MD5 checksum: 56802
a45946418ff52e979d402455eb910a48

AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_amd64.deb

      Size/MD5 checksum: 9392060
636d020aff9b205714b45b739110425b
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_amd64.deb

      Size/MD5 checksum: 159748
49544cb67eafedfa22248d7d8fdd8663
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_amd64.deb

      Size/MD5 checksum: 55276
8f948a91991238f70f75e3775c2d0801

ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_arm.deb

      Size/MD5 checksum: 8209620
89ecd8c94f4fbbb90300c345dd6c3563
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_arm.deb

      Size/MD5 checksum: 151096
f8fb6c08b9258a1ff01b98ec0a45c2c4
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_arm.deb

      Size/MD5 checksum: 50648
7cf42eb18d94903784c6bccdc5b325e3

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_i386.deb

      Size/MD5 checksum: 8880930
c52905c0b136e7539670c41018b9c9b3
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_i386.deb

      Size/MD5 checksum: 154894
b2a599514fda8a36228ca74cc6e642eb
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_i386.deb

      Size/MD5 checksum: 52186
665e3b76f6303cf62cfaa8673a5c67a3

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_ia64.deb

      Size/MD5 checksum: 11608384
7a4b9639a9cdaf21243ed7a3be74e598
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_ia64.deb

      Size/MD5 checksum: 165308
11a3066857ca62dec1d60dbe8ac14851
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_ia64.deb

      Size/MD5 checksum: 59988
a7465c43cf91cf81fbaa342f027d10c0

HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_hppa.deb

      Size/MD5 checksum: 10258426
d5ffabecc48a1a6bfa7d3a8d26980732
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_hppa.deb

      Size/MD5 checksum: 162692
58a4a0a39bafd202a2919a5543a7ab55
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_hppa.deb

      Size/MD5 checksum: 55782
d475a913358c0621373cfaa6759f3858

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_m68k.deb

      Size/MD5 checksum: 8159568
14665ff28f3988e53f27b2a69ac6969e
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_m68k.deb

      Size/MD5 checksum: 153808
0fa57632ae398ffac16a51a7a38ef4aa
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_m68k.deb

      Size/MD5 checksum: 51458
8b05ef20891031341e127772cf467009

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_mips.deb

      Size/MD5 checksum: 9913666
0be44208606d670654eceaf1f0467395
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_mips.deb

      Size/MD5 checksum: 152774
7cb360f46abc025799c9a8ae4b2f195d
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_mips.deb

      Size/MD5 checksum: 52480
921b88b8540a0bb7cfabb68490055d00

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_mipsel.deb

      Size/MD5 checksum: 9794034
f6bc5806b30ba861b45abbd945338f32
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_mipsel.deb

      Size/MD5 checksum: 152272
bf7d062c8aaa7177233069d67849b311
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_mipsel.deb

      Size/MD5 checksum: 52272
d268d7c64ed36ac6c08d0786f0717abf

PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_powerpc.deb

      Size/MD5 checksum: 8553770
4867ba093d827168e933ffda4e6919fa
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_powerpc.deb

      Size/MD5 checksum: 153316
cdcc5efb2ab59de06336ad19c19d4f0f
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_powerpc.deb

      Size/MD5 checksum: 54574
96ce5e54ce3d3431430319ed18d185f6

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_s390.deb

      Size/MD5 checksum: 9631110
6e4bfb79847ae61b7e273cc2bb5498a0
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_s390.deb

      Size/MD5 checksum: 160320
60b84a49f19bc3a4b22aa945ccf3e2bf
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_s390.deb

      Size/MD5 checksum: 54716
e7b8bc318ee6bb50e02c5d53246d7d05

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_sparc.deb

      Size/MD5 checksum: 8643914
594b8fb1f240d890bdda7d0a3ad3fc71
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_sparc.deb

      Size/MD5 checksum: 153508
167227e2dccc4264cdc4ba8c20986df8
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_sparc.deb

      Size/MD5 checksum: 51014
6a3225585fb9f8a8632e09ba6403b8d9

These files will probably be moved into the stable distribution
on its next update.

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: [email protected]

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200508-06

http://security.gentoo.org/

Severity: High
Title: Gaim: Remote execution of arbitrary code
Date: August 15, 2005
Bugs: #102000
ID: 200508-06

Synopsis

Gaim is vulnerable to a buffer overflow which could lead to the
execution of arbitrary code or to a Denial of Service.

Background

Gaim is a full featured instant messaging client which handles a
variety of instant messaging protocols.

Affected packages

     Package      /  Vulnerable  /                          Unaffected

  1  net-im/gaim       < 1.5.0                                >= 1.5.0

Description

Brandon Perry discovered that Gaim is vulnerable to a heap-based
buffer overflow when handling away messages (CAN-2005-2103).
Furthermore, Daniel Atallah discovered a vulnerability in the
handling of file transfers (CAN-2005-2102).

Impact

A remote attacker could create a specially crafted away message
which, when viewed by the target user, could lead to the execution
of arbitrary code. Also, an attacker could send a file with a
non-UTF8 filename to a user, which would result in a Denial of
Service.

Workaround

There is no known workaround at this time.

Resolution

All Gaim users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-im/gaim-1.5.0"

References

[ 1 ] CAN-2005-2102

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2102

[ 2 ] CAN-2005-2103

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2103

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200508-06.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.