---

Advisories: August 23, 2005

Debian GNU/Linux


Debian Security Advisory DSA 781-1 [email protected]
http://www.debian.org/security/
Martin Schulze
August 23rd, 2005 http://www.debian.org/security/faq


Package : mozilla-thunderbird
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0989 CAN-2005-1159 CAN-2005-1160 CAN-2005-1532
CAN-2005-2261 CAN-2005-2265 CAN-2005-2266 CAN-2005-2269
CAN-2005-2270
BugTraq ID : 14242 14242
Debian Bug : 318728

Several problems have been discovered in Mozilla Thunderbird,
the standalone mail client of the Mozilla suite. The Common
Vulnerabilities and Exposures project identifies the following
problems:

CAN-2005-0989

Remote attackers could read portions of heap memory into a
Javascript string via the lambda replace method.

CAN-2005-1159

The Javascript interpreter could be tricked to continue
execution at the wrong memory address, which may allow attackers to
cause a denial of service (application crash) and possibly execute
arbitrary code.

CAN-2005-1160

Remote attackers could override certain properties or methods of
DOM nodes and gain privileges.

CAN-2005-1532

Remote attackers could override certain properties or methods
due to missing proper limitation of Javascript eval and Script
objects and gain privileges.

CAN-2005-2261

XML scripts ran even when Javascript disabled.

CAN-2005-2265

Missing input sanitising of InstallVersion.compareTo() can cause
the application to crash.

CAN-2005-2266

Remote attackers could steal sensitive information such as
cookies and passwords from web sites by accessing data in alien
frames.

CAN-2005-2269

Remote attackers could modify certain tag properties of DOM
nodes that could lead to the execution of arbitrary script or
code.

CAN-2005-2270

The Mozilla browser familie does not properly clone base
objects, which allows remote attackers to execute arbitrary
code.

The old stable distribution (woody) is not affected by these
problems since it does not contain Mozilla Thunderbird
packages.

For the stable distribution (sarge) these problems have been
fixed in version 1.0.2-2.sarge1.0.6.

For the unstable distribution (sid) these problems have been
fixed in version 1.0.6-1.

We recommend that you upgrade your Mozilla Thunderbird
package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6.dsc

      Size/MD5 checksum: 997
53157e26cb9b032a3fdd375adcbac2bb
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6.diff.gz

      Size/MD5 checksum: 187279
35ff6f4f69563681c282d818f9e08f23
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz

      Size/MD5 checksum: 33288906
806175393a226670aa66060452d31df4

Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_alpha.deb

      Size/MD5 checksum: 12828558
258ee4d7ccd16193ef73a1e7f76b5e8e
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_alpha.deb

      Size/MD5 checksum: 3268880
e22ea42c42b9d9194c071b67372e1ed2
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_alpha.deb

      Size/MD5 checksum: 144960
78f53d39b9e4cf6897d29896a09f1fa9
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_alpha.deb

      Size/MD5 checksum: 26498
342c404ee93371fc0897059f549a7a9d
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_alpha.deb

      Size/MD5 checksum: 82278
48ad0c63a3da09affde9bbe934aff4e7

AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_amd64.deb

      Size/MD5 checksum: 12239002
886db98a0472273676651b622fb6db78
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_amd64.deb

      Size/MD5 checksum: 3269560
403f483ecb3adff814c78e3b8a44267f
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_amd64.deb

      Size/MD5 checksum: 144004
a7a1bafd0ead6f05ec2c7513431e2761
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_amd64.deb

      Size/MD5 checksum: 26498
056144ff158bbaa3e95081fb207ca026
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_amd64.deb

      Size/MD5 checksum: 82162
857d764cd365c7aecda22aadb794b2cf

ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_arm.deb

      Size/MD5 checksum: 10325602
afb900570718804d74b643b6fdcbe42a
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_arm.deb

      Size/MD5 checksum: 3264246
3cf2f71afc85cfdce8c2e80ad8b183a8
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_arm.deb

      Size/MD5 checksum: 136040
ef6d7998e45503c38565f53f1d240dd0
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_arm.deb

      Size/MD5 checksum: 26514
06819b7ec681da9c0c30ea37526d3c70
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_arm.deb

      Size/MD5 checksum: 74152
82e1e77ab75f6de61f6717af97e551c7

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_i386.deb

      Size/MD5 checksum: 11523292
0b3272e1f860da8d415a9d492718dab9
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_i386.deb

      Size/MD5 checksum: 3267364
e1c3e4a8c865bc13d69d94c5774c6806
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_i386.deb

      Size/MD5 checksum: 139484
43e24cd43ad7b87206866614dbe7f73c
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_i386.deb

      Size/MD5 checksum: 26502
e10611304b82a03ff28646cbc4a3ef4c
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_i386.deb

      Size/MD5 checksum: 80868
a017cf6698d4dc08d574083061876b18

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_ia64.deb

      Size/MD5 checksum: 14600148
ed6a27da1a997f2259c095a2d0fcd116
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_ia64.deb

      Size/MD5 checksum: 3283336
110376398b8b9ed932365de3f059f455
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_ia64.deb

      Size/MD5 checksum: 148328
d1b4914d0ac468538289856fc9e2c397
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_ia64.deb

      Size/MD5 checksum: 26500
36addd7bbce708f80f32a9ed7ec7307d
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_ia64.deb

      Size/MD5 checksum: 99946
91de5051f92e86f47aacc6a9909e1223

HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_hppa.deb

      Size/MD5 checksum: 13547772
1c53fd2a25d264244cb6d192cec34efd
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_hppa.deb

      Size/MD5 checksum: 3273922
fcfe3f416265b9315e1997959aa22dd1
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_hppa.deb

      Size/MD5 checksum: 146188
539321f5b43e18f58733c4105efec4cf
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_hppa.deb

      Size/MD5 checksum: 26512
5d91015a025bea70b15d65034233fdd0
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_hppa.deb

      Size/MD5 checksum: 90102
5947cd276b59a4637903a55af3a02303

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_m68k.deb

      Size/MD5 checksum: 10773214
e5fd6d229f37532ad9d0333b96cee1c2
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_m68k.deb

      Size/MD5 checksum: 3262424
f75ea663061af141c1c6e08a73defb27
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_m68k.deb

      Size/MD5 checksum: 137868
4ef977ad2552ddf5e6fe7d13479bb1e5
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_m68k.deb

      Size/MD5 checksum: 26516
84fe211d15cbd087124ee92e2fda0261
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_m68k.deb

      Size/MD5 checksum: 75366
f43e5ab28d62618be3e62e37c1b76002

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_mips.deb

      Size/MD5 checksum: 11932052
1935ec7c91cdb9b5e468d46d7d9157bf
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_mips.deb

      Size/MD5 checksum: 3269080
5582d0a2a1a1eceb4cc69eae7c9267ac
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_mips.deb

      Size/MD5 checksum: 140938
3578a4a679ffce4b60876f94de99c8d3
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_mips.deb

      Size/MD5 checksum: 26504
9e9a2e7cf4d2250377f24b7d7057b198
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_mips.deb

      Size/MD5 checksum: 77706
5abd79f4f7377cb3f1abaedb83f1bb99

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_mipsel.deb

      Size/MD5 checksum: 11792168
776ae7ac955ed7752f7ef68b8793a8a4
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_mipsel.deb

      Size/MD5 checksum: 3269258
a347fe9187b6da7236529d34e5e511b5
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_mipsel.deb

      Size/MD5 checksum: 140496
17e19ca8b6b544e15a179d20d8e8c486
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_mipsel.deb

      Size/MD5 checksum: 26502
6660fd9aa6bb0c1e334df72af0070386
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_mipsel.deb

      Size/MD5 checksum: 77556
5a3137f17694cfbd1579aba9b3272e18

PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_powerpc.deb

      Size/MD5 checksum: 10891054
a18795385ebbc6ed25eaf90387d54eea
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_powerpc.deb

      Size/MD5 checksum: 3262070
ec3bf4e8c959dac7dbbca1de8dbe8c11
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_powerpc.deb

      Size/MD5 checksum: 137876
194bf4676b6294708344f572b5495786
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_powerpc.deb

      Size/MD5 checksum: 26502
e0a5e3b166e1fbff1680c3d397e61aeb
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_powerpc.deb

      Size/MD5 checksum: 74240
35dcda6db87be485de2cc1a5581c5379

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_s390.deb

      Size/MD5 checksum: 12683578
d218dfa4a370a6b698e87481a7bc23c8
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_s390.deb

      Size/MD5 checksum: 3269612
e53f9324d774d130c0a319467690e551
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_s390.deb

      Size/MD5 checksum: 144314
91369b2da923d03324cb7bc5507c2ac3
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_s390.deb

      Size/MD5 checksum: 26510
7fc5828a1d89c0142f65896b35577382
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_s390.deb

      Size/MD5 checksum: 82196
af4fc5e81876b142f84e6ef40b98c135

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_sparc.deb

      Size/MD5 checksum: 11155834
d6e7eee2c9ccd2f050672bb759fa4866
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_sparc.deb

      Size/MD5 checksum: 3266376
eb63387994b5d108ed735cd70ccfe0f3
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_sparc.deb

      Size/MD5 checksum: 137498
37e5452c55fbe883021466f0a9289abf
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_sparc.deb

      Size/MD5 checksum: 26508
d45278e5302d461392b9ef8b376071bb
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_sparc.deb

      Size/MD5 checksum: 75996
409d7ea53302393fbfe387910562edab

These files will probably be moved into the stable distribution
on its next update.


For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: [email protected]

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Fedora Core


Fedora Update Notification
FEDORA-2005-790
2005-08-23


Product : Fedora Core 4
Name : cvs
Version : 1.11.19
Release : 9
Summary : A version control system.

Description :
CVS (Concurrent Version System) is a version control system that
can record the history of your files (usually, but not always,
source code). CVS only stores the differences between versions,
instead of every version of every file you have ever created. CVS
also keeps a log of who, when, and why changes occurred.

CVS is very helpful for managing releases and controlling the
concurrent editing of source files among multiple authors. Instead
of providing version control for a collection of files in a single
directory, CVS provides version control for a hierarchical
collection of directories consisting of revision controlled files.
These directories and files can then be combined together to form a
software release.


  • Tue Aug 23 2005 Martin Stransky <[email protected]>
    1.11.19-9

    • fix for #166366 – CVS temporary file issue

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

4bf76c04c60a124330489518b865530d SRPMS/cvs-1.11.19-9.src.rpm
cf08814339be854831348d6ee73254df ppc/cvs-1.11.19-9.ppc.rpm
f673c301ff24c76b0ce0bd9c179c49f9
ppc/debug/cvs-debuginfo-1.11.19-9.ppc.rpm
990ce8931ca7359cebe6de4b63218a21
x86_64/cvs-1.11.19-9.x86_64.rpm
8e7ccdb5a3e6df223679fb861f9c107b
x86_64/debug/cvs-debuginfo-1.11.19-9.x86_64.rpm
29a8086ccac579c5fc525ffc8b35adc6 i386/cvs-1.11.19-9.i386.rpm
c261db337d4e26beac46a06bed72907a
i386/debug/cvs-debuginfo-1.11.19-9.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.



Fedora Update Notification
FEDORA-2005-791
2005-08-23


Product : Fedora Core 3
Name : cvs
Version : 1.11.17
Release : 7.FC3
Summary : A version control system.

Description :
CVS (Concurrent Version System) is a version control system that
can record the history of your files (usually, but not always,
source code). CVS only stores the differences between versions,
instead of every version of every file you have ever created. CVS
also keeps a log of who, when, and why changes occurred.

CVS is very helpful for managing releases and controlling the
concurrent editing of source files among multiple authors. Instead
of providing version control for a collection of files in a single
directory, CVS provides version control for a hierarchical
collection of directories consisting of revision controlled files.
These directories and files can then be combined together to form a
software release.


  • Tue Aug 23 2005 Martin Stransky <[email protected]>
    1.11.17-7.FC3

    • fix for #166366 – CVS temporary file issue

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

69a876ca0452cb1c73c3be35f4eb19a6
SRPMS/cvs-1.11.17-7.FC3.src.rpm
db5de9c27d8901ebb6bdbae1a150c196
x86_64/cvs-1.11.17-7.FC3.x86_64.rpm
cafb738040a63eaf2eca539c10e4259a
x86_64/debug/cvs-debuginfo-1.11.17-7.FC3.x86_64.rpm
3f062459045d7679ed27f8825ebcb8ef
i386/cvs-1.11.17-7.FC3.i386.rpm
74494c45dbb4d46c4f234c36d59ed3a9
i386/debug/cvs-debuginfo-1.11.17-7.FC3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.


Mandriva Linux


Mandriva Linux Security Update Advisory


Package name: openvpn
Advisory ID: MDKSA-2005:145
Date: August 22nd, 2005
Affected versions: Multi Network Firewall 2.0


Problem Description:

A number of vulnerabilities were discovered in OpenVPN that were
fixed in the 2.0.1 release:

A DoS attack against the server when run with “verb 0” and
without “tls-auth” when a client connection to the server fails
certificate verification, the OpenSSL error queue is not properly
flushed. This could result in another unrelated client instance on
the server seeing the error and responding to it, resulting in a
disconnection of the unrelated client (CAN-2005-2531).

A DoS attack against the server by an authenticated client that
sends a packet which fails to decrypt on the server, the OpenSSL
error queue was not properly flushed. This could result in another
unrelated client instance on the server seeing the error and
responding to it, resulting in a disconnection of the unrelated
client (CAN-2005-2532).

A DoS attack against the server by an authenticated client is
possible in “dev tap” ethernet bridging mode where a malicious
client could theoretically flood the server with packets appearing
to come from hundreds of thousands of different MAC addresses,
resulting in the OpenVPN process exhausting system virtual memory
(CAN-2005-2533).

If two or more client machines tried to connect to the server at
the same time via TCP, using the same client certificate, a race
condition could crash the server if –duplicate-cn is not enabled
on the server (CAN-2005-2534).

This update provides OpenVPN 2.0.1 which corrects these issues
as well as a number of other bugs.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2531

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2532

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2533

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2534


Updated Packages:

Multi Network Firewall 2.0:
20daf4b6f9dbc1c53f3b4f4d375262d4
mnf/2.0/RPMS/openvpn-2.0.1-0.1.M20mdk.i586.rpm
a92bbc0c8285fecfbe3f439d18a62580
mnf/2.0/SRPMS/openvpn-2.0.1-0.1.M20mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>


Mandriva Linux Security Update Advisory


Package name: php-pear
Advisory ID: MDKSA-2005:146
Date: August 22nd, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0


Problem Description:

A problem was discovered in the PEAR XML-RPC Server package
included in the php-pear package. If a PHP script which implements
the XML-RPC Server is used, it would be possible for a remote
attacker to construct an XML-RPC request which would cause PHP to
execute arbitrary commands as the ‘apache’ user.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498


Updated Packages:

Mandrakelinux 10.0:
ad5790382b19a06f31d341d7eba05fb6
10.0/RPMS/php-pear-4.3.4-3.2.100mdk.noarch.rpm
7d41047a2fb997725773ae9dccd76ff9
10.0/SRPMS/php-pear-4.3.4-3.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
ad5790382b19a06f31d341d7eba05fb6
amd64/10.0/RPMS/php-pear-4.3.4-3.2.100mdk.noarch.rpm
7d41047a2fb997725773ae9dccd76ff9
amd64/10.0/SRPMS/php-pear-4.3.4-3.2.100mdk.src.rpm

Mandrakelinux 10.1:
3c0b4ed15139d42df9be6ed177a571d6
10.1/RPMS/php-pear-4.3.8-1.2.101mdk.noarch.rpm
ffd4b96fe8e05b7246eccd881563229d
10.1/SRPMS/php-pear-4.3.8-1.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
3c0b4ed15139d42df9be6ed177a571d6
x86_64/10.1/RPMS/php-pear-4.3.8-1.2.101mdk.noarch.rpm
ffd4b96fe8e05b7246eccd881563229d
x86_64/10.1/SRPMS/php-pear-4.3.8-1.2.101mdk.src.rpm

Mandrakelinux 10.2:
484af9862c08f5fdec98007d74fdcf8c
10.2/RPMS/php-pear-4.3.10-3.2.102mdk.noarch.rpm
28e358ce40a0561251ba34d909a7c617
10.2/SRPMS/php-pear-4.3.10-3.2.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
484af9862c08f5fdec98007d74fdcf8c
x86_64/10.2/RPMS/php-pear-4.3.10-3.2.102mdk.noarch.rpm
28e358ce40a0561251ba34d909a7c617
x86_64/10.2/SRPMS/php-pear-4.3.10-3.2.102mdk.src.rpm

Corporate 3.0:
4f1eede09f0e47209b13e7c8168bcb79
corporate/3.0/RPMS/php-pear-4.3.4-3.2.C30mdk.noarch.rpm
e5e1fa37415a8761c2b25799ef8fffb5
corporate/3.0/SRPMS/php-pear-4.3.4-3.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
4f1eede09f0e47209b13e7c8168bcb79
x86_64/corporate/3.0/RPMS/php-pear-4.3.4-3.2.C30mdk.noarch.rpm
e5e1fa37415a8761c2b25799ef8fffb5
x86_64/corporate/3.0/SRPMS/php-pear-4.3.4-3.2.C30mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>


Mandriva Linux Security Update Advisory


Package name: slocate
Advisory ID: MDKSA-2005:147
Date: August 22nd, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate
Server 2.1


Problem Description:

A bug was discovered in the way that slocate processes very long
paths. A local user could create a carefully crafted directory
structure that would prevent updatedb from completing its
filesystem scan, resulting in an incomplete database.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2499


Updated Packages:

Mandrakelinux 10.0:
8b492b8674dcd11652f28b267f314f89
10.0/RPMS/slocate-2.7-4.1.100mdk.i586.rpm
752863ae586d26b93bc4833967d4c5cd
10.0/SRPMS/slocate-2.7-4.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
abd885edd206419961702efee3b76f16
amd64/10.0/RPMS/slocate-2.7-4.1.100mdk.amd64.rpm
752863ae586d26b93bc4833967d4c5cd
amd64/10.0/SRPMS/slocate-2.7-4.1.100mdk.src.rpm

Mandrakelinux 10.1:
c5eb5da64a9500f2917467380ec2016b
10.1/RPMS/slocate-2.7-4.1.101mdk.i586.rpm
734eb05ad18bd9c4955a29574b2bebd0
10.1/SRPMS/slocate-2.7-4.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
2d7791f13424975932551dc9e83bfceb
x86_64/10.1/RPMS/slocate-2.7-4.1.101mdk.x86_64.rpm
734eb05ad18bd9c4955a29574b2bebd0
x86_64/10.1/SRPMS/slocate-2.7-4.1.101mdk.src.rpm

Mandrakelinux 10.2:
fd8bf38e59bb05eea611de5b2ae70255
10.2/RPMS/slocate-2.7-4.1.102mdk.i586.rpm
37c7654356b72327dd028e2ce3b1e9f0
10.2/SRPMS/slocate-2.7-4.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
8344b2bece3dca3cac1d3afbe5774936
x86_64/10.2/RPMS/slocate-2.7-4.1.102mdk.x86_64.rpm
37c7654356b72327dd028e2ce3b1e9f0
x86_64/10.2/SRPMS/slocate-2.7-4.1.102mdk.src.rpm

Corporate Server 2.1:
57e13aee8eb5547443b1d6df1897a5a4
corporate/2.1/RPMS/slocate-2.7-2.2.C21mdk.i586.rpm
e827615678546ce552ddea3784ea7651
corporate/2.1/SRPMS/slocate-2.7-2.2.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
be3dab7dac13c4a873296f9f81d8c893
x86_64/corporate/2.1/RPMS/slocate-2.7-2.2.C21mdk.x86_64.rpm
e827615678546ce552ddea3784ea7651
x86_64/corporate/2.1/SRPMS/slocate-2.7-2.2.C21mdk.src.rpm

Corporate 3.0:
6410921b0027b5fbfd6357934eb8283e
corporate/3.0/RPMS/slocate-2.7-4.1.C30mdk.i586.rpm
cfd5b24994f7c16a10e0fbafd86f8e47
corporate/3.0/SRPMS/slocate-2.7-4.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
0cfb14d70b0fd89f49e5ed9b42d98782
x86_64/corporate/3.0/RPMS/slocate-2.7-4.1.C30mdk.x86_64.rpm
cfd5b24994f7c16a10e0fbafd86f8e47
x86_64/corporate/3.0/SRPMS/slocate-2.7-4.1.C30mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>


Mandriva Linux Security Update Advisory


Package name: vim
Advisory ID: MDKSA-2005:148
Date: August 22nd, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate
Server 2.1, Multi Network Firewall 2.0


Problem Description:

A vulnerability was discovered in the way that vim processed
modelines. If a user with modelines enabled opened a textfile with
a specially crafted modeline, arbitrary commands could be
executed.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2368


Updated Packages:

Mandrakelinux 10.0:
962c81613136ed7ca634b960a92722b4
10.0/RPMS/vim-X11-6.2-14.4.100mdk.i586.rpm
cd0286f3cdcca0bcb61e91b690c33e50
10.0/RPMS/vim-common-6.2-14.4.100mdk.i586.rpm
84c7a8451f4b84ae5f362ad1e21fff66
10.0/RPMS/vim-enhanced-6.2-14.4.100mdk.i586.rpm
669fc75bbda5aa9fb66f63428ba340e5
10.0/RPMS/vim-minimal-6.2-14.4.100mdk.i586.rpm
0c122671de7f0be1fe5889b97077ae4d
10.0/SRPMS/vim-6.2-14.4.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
0f3caed96b7f1f2baed8a8962ec3b4ca
amd64/10.0/RPMS/vim-X11-6.2-14.4.100mdk.amd64.rpm
ab87468b1829e910b4ca7ac0d0100978
amd64/10.0/RPMS/vim-common-6.2-14.4.100mdk.amd64.rpm
ffd161316881f3b1507eb3290094a25a
amd64/10.0/RPMS/vim-enhanced-6.2-14.4.100mdk.amd64.rpm
4868d574f0f9f25e758f925083a90b72
amd64/10.0/RPMS/vim-minimal-6.2-14.4.100mdk.amd64.rpm
0c122671de7f0be1fe5889b97077ae4d
amd64/10.0/SRPMS/vim-6.2-14.4.100mdk.src.rpm

Mandrakelinux 10.1:
aafd1a6fd9f2b5971a563f4e2afa962a
10.1/RPMS/vim-X11-6.3-5.4.101mdk.i586.rpm
376493f4f15bf4472e5b9607d3274231
10.1/RPMS/vim-common-6.3-5.4.101mdk.i586.rpm
9939e76b7510a330f999a0c59a8fe7eb
10.1/RPMS/vim-enhanced-6.3-5.4.101mdk.i586.rpm
766aee98f2396becd720b924512bcd16
10.1/RPMS/vim-minimal-6.3-5.4.101mdk.i586.rpm
f373a2117c65bf18d25efd95db9fc3cd
10.1/SRPMS/vim-6.3-5.4.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
57b16ed9c7ec73a21849f813b7d14c8d
x86_64/10.1/RPMS/vim-X11-6.3-5.4.101mdk.x86_64.rpm
7a7d30797acda07ae1ff25d6f7c58dca
x86_64/10.1/RPMS/vim-common-6.3-5.4.101mdk.x86_64.rpm
65e69d9cb477cc0477d3ddf9687065d4
x86_64/10.1/RPMS/vim-enhanced-6.3-5.4.101mdk.x86_64.rpm
1807eb9791da5518167a3fc2f4637776
x86_64/10.1/RPMS/vim-minimal-6.3-5.4.101mdk.x86_64.rpm
f373a2117c65bf18d25efd95db9fc3cd
x86_64/10.1/SRPMS/vim-6.3-5.4.101mdk.src.rpm

Mandrakelinux 10.2:
534262aacc55523ac8f70bd0bb128c0d
10.2/RPMS/vim-X11-6.3-12.1.102mdk.i586.rpm
edc277a6b8e1f68f936283addd4c693b
10.2/RPMS/vim-common-6.3-12.1.102mdk.i586.rpm
ca29f9b56afb7130378179187e2dff48
10.2/RPMS/vim-enhanced-6.3-12.1.102mdk.i586.rpm
890cee90f519765234316fe31e53adab
10.2/RPMS/vim-minimal-6.3-12.1.102mdk.i586.rpm
91627d558879abb42b848dfba98f2c75
10.2/SRPMS/vim-6.3-12.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
1df911cedfaedfe99e60463296af6672
x86_64/10.2/RPMS/vim-X11-6.3-12.1.102mdk.x86_64.rpm
8a673c26fac6a9ab7d06d5295b4c7229
x86_64/10.2/RPMS/vim-common-6.3-12.1.102mdk.x86_64.rpm
b4bc9aec773899cfee039cc7a3eacb8a
x86_64/10.2/RPMS/vim-enhanced-6.3-12.1.102mdk.x86_64.rpm
a5c194fb681f9eb51c6b2dae3c47d716
x86_64/10.2/RPMS/vim-minimal-6.3-12.1.102mdk.x86_64.rpm
91627d558879abb42b848dfba98f2c75
x86_64/10.2/SRPMS/vim-6.3-12.1.102mdk.src.rpm

Multi Network Firewall 2.0:
a155774dfb2e3de1398520b1fcc26ec7
mnf/2.0/RPMS/vim-common-6.2-14.4.M20mdk.i586.rpm
568587310ed3f7901dd5d4b5a165f32f
mnf/2.0/RPMS/vim-enhanced-6.2-14.4.M20mdk.i586.rpm
b677a06a11ed028b08d8eeed9bcaaab6
mnf/2.0/RPMS/vim-minimal-6.2-14.4.M20mdk.i586.rpm
6bd495589bc061390b3bf2bfa1470c0a
mnf/2.0/SRPMS/vim-6.2-14.4.M20mdk.src.rpm

Corporate Server 2.1:
5a0b82ffacb2846807366ed0df79aa5f
corporate/2.1/RPMS/vim-X11-6.1-34.5.C21mdk.i586.rpm
e3645b75141486cd7a0df56f1a55b21f
corporate/2.1/RPMS/vim-common-6.1-34.5.C21mdk.i586.rpm
20d0a95ab5a8deadbb0e776997f436fb
corporate/2.1/RPMS/vim-enhanced-6.1-34.5.C21mdk.i586.rpm
6de52fca478c565cded946eb24d7fbe8
corporate/2.1/RPMS/vim-minimal-6.1-34.5.C21mdk.i586.rpm
944de1a2b8348726c6fbe3bc5c7eb719
corporate/2.1/SRPMS/vim-6.1-34.5.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
c86249e6a7541ef5ddfe2b90e1c498aa
x86_64/corporate/2.1/RPMS/vim-X11-6.1-34.5.C21mdk.x86_64.rpm
f21a7e25f753c36c57841e27953e9ed9
x86_64/corporate/2.1/RPMS/vim-common-6.1-34.5.C21mdk.x86_64.rpm
27d5ce793640ae0cfcaebc09a977388d
x86_64/corporate/2.1/RPMS/vim-enhanced-6.1-34.5.C21mdk.x86_64.rpm

8e84a6e1153bc4b140916184b5fb2d67
x86_64/corporate/2.1/RPMS/vim-minimal-6.1-34.5.C21mdk.x86_64.rpm

944de1a2b8348726c6fbe3bc5c7eb719
x86_64/corporate/2.1/SRPMS/vim-6.1-34.5.C21mdk.src.rpm

Corporate 3.0:
f9487b4995c1f64b176feec5e93775cb
corporate/3.0/RPMS/vim-X11-6.2-14.4.C30mdk.i586.rpm
3d33b7f4c3685c1874b2ca6150b9bf1a
corporate/3.0/RPMS/vim-common-6.2-14.4.C30mdk.i586.rpm
9cb2997766630fed03f1da93a874e662
corporate/3.0/RPMS/vim-enhanced-6.2-14.4.C30mdk.i586.rpm
c98990ae777f2d6a16f259412e61b6be
corporate/3.0/RPMS/vim-minimal-6.2-14.4.C30mdk.i586.rpm
08174e3db0af720dd3bd8f8ac2492def
corporate/3.0/SRPMS/vim-6.2-14.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
52175513104bf687a0dc7002e5d2374f
x86_64/corporate/3.0/RPMS/vim-X11-6.2-14.4.C30mdk.x86_64.rpm
719644f6a0b76baa21d0d950b80df548
x86_64/corporate/3.0/RPMS/vim-common-6.2-14.4.C30mdk.x86_64.rpm
c5e65cec1752232eb0123bd5e02970e1
x86_64/corporate/3.0/RPMS/vim-enhanced-6.2-14.4.C30mdk.x86_64.rpm

ef9cdaf59ea64f6abe526c430c368926
x86_64/corporate/3.0/RPMS/vim-minimal-6.2-14.4.C30mdk.x86_64.rpm

08174e3db0af720dd3bd8f8ac2492def
x86_64/corporate/3.0/SRPMS/vim-6.2-14.4.C30mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Red Hat Linux


Red Hat Security Advisory

Synopsis: Critical: elm security update
Advisory ID: RHSA-2005:755-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-755.html

Issue date: 2005-08-23
Updated on: 2005-08-23
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-2665


1. Summary:

An updated elm package is now available that fixes a buffer
overflow issue for Red Hat Enterprise Linux 2.1 AS and AW.

This update has been rated as having critical security impact by
the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 –
i386, ia64 Red Hat Linux Advanced Workstation 2.1 – ia64

3. Problem description:

Elm is a terminal mode email client.

A buffer overflow flaw in Elm was discovered that was triggered
by viewing a mailbox containing a message with a carefully crafted
‘Expires’ header. An attacker could create a malicious message that
would execute arbitrary code with the privileges of the user who
received it. The Common Vulnerabilities and Exposures project
(cve.mitre.org/) has assigned
the name CAN-2005-2665 to this issue.

Users of Elm should update to this updated package, which
contains a backported patch that corrects this issue.

4. Solution:

Before applying this update, make sure all previously released
errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat
Network, launch the Red Hat Update Agent with the following
command:

up2date

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

166580 – CAN-2005-2665 elm buffer overflow

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/elm-2.5.6-6.src.rpm

479f0512285ad516895777c2e995a9a7 elm-2.5.6-6.src.rpm

i386:
71cba99974d435407927cffd9901eaf9 elm-2.5.6-6.i386.rpm

ia64:
6272e2c92c5eb207992b60d79c096565 elm-2.5.6-6.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/elm-2.5.6-6.src.rpm

479f0512285ad516895777c2e995a9a7 elm-2.5.6-6.src.rpm

ia64:
6272e2c92c5eb207992b60d79c096565 elm-2.5.6-6.ia64.rpm

These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2665

8. Contact:

The Red Hat security contact is <[email protected]>.
More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

Ubuntu Linux


Ubuntu Security Notice USN-172-1 August 23, 2005
lm-sensors vulnerabilities
https://bugzilla.ubuntu.com/show_bug.cgi?id=13887


A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

lm-sensors

The problem can be corrected by upgrading the affected package
to version 2.8.8-7ubuntu2.1. In general, a standard system upgrade
is sufficient to effect the necessary changes.

Details follow:

Javier Fernández-Sanguino Peña noticed that the
pwmconfig script created temporary files in an insecure manner.
This could allow a symlink attack to create or overwrite arbitrary
files with full root privileges since pwmconfig is usually executed
by root.

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8.8-7ubuntu2.1.diff.gz

      Size/MD5: 28002
78649f71071530897671aec9d90530bc
    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8.8-7ubuntu2.1.dsc

      Size/MD5: 659
2e17dd3a420f2be9fee42ba8932acc93
    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8.8.orig.tar.gz

      Size/MD5: 820983
95cdb083b4d16e2419a2c78b35f608d0

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors-dev_2.8.8-7ubuntu2.1_amd64.deb

      Size/MD5: 94266
927658de6c8c8dfd592bbd6ea4a2ebf6
    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors3_2.8.8-7ubuntu2.1_amd64.deb

      Size/MD5: 81466
e216f3ac2e5b40dcf3c80a0dedfdddaa
    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8.8-7ubuntu2.1_amd64.deb

      Size/MD5: 467670
e5593dcddbe395f31966b58dd0ff8d6e
    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/sensord_2.8.8-7ubuntu2.1_amd64.deb

      Size/MD5: 54554
f69b44c19c1d6640291a140a172d124b

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors-dev_2.8.8-7ubuntu2.1_i386.deb

      Size/MD5: 88018
f1f90add89d25e99cc1c12f62a4652f4
    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors3_2.8.8-7ubuntu2.1_i386.deb

      Size/MD5: 73074
551f33f59451ab244e972bf5cd77b200
    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8.8-7ubuntu2.1_i386.deb

      Size/MD5: 464566
3175fceb85c4f8500d325b551e600e6c
    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/sensord_2.8.8-7ubuntu2.1_i386.deb

      Size/MD5: 52492
067285384debd4bfcd5ca87083d51e3d

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors-dev_2.8.8-7ubuntu2.1_powerpc.deb

      Size/MD5: 100452
cd698db9856bfe43c20e4b359372a592
    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors3_2.8.8-7ubuntu2.1_powerpc.deb

      Size/MD5: 79554
899763c092e6497a64437aba12cc07f0
    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8.8-7ubuntu2.1_powerpc.deb

      Size/MD5: 468262
bb280b3c35f59386bad25e332a91c969
    http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/sensord_2.8.8-7ubuntu2.1_powerpc.deb

      Size/MD5: 55752
d1c2efe66350314ed725713885d23e95


Ubuntu Security Notice USN-173-1 August 23, 2005
pcre3 vulnerability
CAN-2005-2491


A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

libpcre3

The problem can be corrected by upgrading the affected package
to version 4.5-1.1ubuntu0.4.10 (for Ubuntu 4.10), or
4.5-1.1ubuntu0.5.04 (for Ubuntu 5.04).

A standard system upgrade is NOT SUFFICIENT to effect the
necessary changes! If you can afford to reboot your machine, this
is the easiest way to ensure that all services using this library
are restarted correctly. If not, please manually restart all server
processes (exim, Apache, PHP, etc.). It is advised to also restart
your desktop session.

Details follow:

A buffer ove