---

Home Security

Advisories, August 6, 2006

By

Debian GNU/Linux

Debian Security Advisory DSA 1141-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
August 4th, 2006 http://www.debian.org/security/faq

Package : gnupg2
Vulnerability : integer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-3746
BugTraq ID : 19110
Debian Bug : 381204

Evgeny Legerov discovered that overly large comments can crash
gnupg, the GNU privacy guard – a free PGP replacement, which is
also present in the development branch.

For the stable distribution (sarge) this problem has been fixed
in version 1.9.15-6sarge2.

For the unstable distribution (sid) this problem will be fixed
soon.

We recommend that you upgrade your gnupg2 package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2.dsc

      Size/MD5 checksum: 854
2c392bb08b77bcb9995be4fbf2c58283
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2.diff.gz

      Size/MD5 checksum: 1860310
f465fe72762f514831d87583ca399bd5
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15.orig.tar.gz

      Size/MD5 checksum: 5454978
ee3885e2c74a9c1ae539d6f12091c30b

Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_alpha.deb

      Size/MD5 checksum: 112370
a119a0b8c191e3689d42c9a213dd4f76
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_alpha.deb

      Size/MD5 checksum: 886302
4c5c70dd431e4ccc591a87d068ac9553
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_alpha.deb

      Size/MD5 checksum: 453490
eec6ae4af73ba7a7ccef13d4e36b003e

AMD64 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_amd64.deb

      Size/MD5 checksum: 98516
fa8437eba6bda3ad2162d43a30195c8e
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_amd64.deb

      Size/MD5 checksum: 774640
30b1e6d048ba60c0e073c0c180bc686b
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_amd64.deb

      Size/MD5 checksum: 385744
72d4e6b41160959caec8301b23032897

ARM architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_arm.deb

      Size/MD5 checksum: 87376
ea0c54b9a3556192db52aa1178866d96
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_arm.deb

      Size/MD5 checksum: 712774
9b7ba34e952f1b860bafeaeba2178c82
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_arm.deb

      Size/MD5 checksum: 339734
78250a052bd3784f942045470fa118aa

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_i386.deb

      Size/MD5 checksum: 90114
918515e91219ed74277a53abdfafe943
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_i386.deb

      Size/MD5 checksum: 731710
253c2259991935b0318465e6b9eb8219
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_i386.deb

      Size/MD5 checksum: 351978
67b70918cb89760a02e53a5776ad39b6

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_ia64.deb

      Size/MD5 checksum: 130350
b00f67ed9488c494e38b2e4e29266174
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_ia64.deb

      Size/MD5 checksum: 1026420
5a988d46cbf0a5934cf348d731ca1a15
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_ia64.deb

      Size/MD5 checksum: 539966
515877cf2dd350361ff10a0c58ea11a9

HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_hppa.deb

      Size/MD5 checksum: 100620
f5f9366786672079f327f365385425f4
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_hppa.deb

      Size/MD5 checksum: 794818
dcbed566a023e7e67e00898c07af70af
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_hppa.deb

      Size/MD5 checksum: 394016
71252acf652b07008f09442d0231df51

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_m68k.deb

      Size/MD5 checksum: 82194
50c0f479584c5e461c3f19fa0f2b15cb
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_m68k.deb

      Size/MD5 checksum: 669558
8ef059958304096b34a6afc28dc90211
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_m68k.deb

      Size/MD5 checksum: 312018
6a268cb889f3d63100eab8556e747126

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_mips.deb

      Size/MD5 checksum: 100550
e8d48a649076e96490fbc5312840d4a7
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_mips.deb

      Size/MD5 checksum: 788684
7bce8a4ac745fb31edbd36ac30952e14
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_mips.deb

      Size/MD5 checksum: 395128
b146bb25bd370d3b291bb09ea030f777

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_mipsel.deb

      Size/MD5 checksum: 101030
fb640cb9e3e11c780689e73c6e3a634b
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_mipsel.deb

      Size/MD5 checksum: 790182
a787aa68ea3e88ea41772e75627e15c1
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_mipsel.deb

      Size/MD5 checksum: 396312
821572bca6b813b65e72017f38c0a367

PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_powerpc.deb

      Size/MD5 checksum: 95628
cf88406807fc6743022e9c3da4d29bad
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_powerpc.deb

      Size/MD5 checksum: 769376
4311b23a564c3964a9a96cb13923a5be
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_powerpc.deb

      Size/MD5 checksum: 377396
9918891d1cd6d307cd0b1772b3c698da

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_s390.deb

      Size/MD5 checksum: 98758
c728d9ae54f35867e0739b316f09f301
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_s390.deb

      Size/MD5 checksum: 766466
3b996b477a5c82a7b4b828daa931cb3e
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_s390.deb

      Size/MD5 checksum: 384794
e6a36afdcc54605336195929ac7fd715

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_sparc.deb

      Size/MD5 checksum: 89600
18af0a390ff51141947be8186a7579b1
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_sparc.deb

      Size/MD5 checksum: 721000
e8133a5b950115c89e0d702161c76ec9
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_sparc.deb

      Size/MD5 checksum: 345248
2b2d8a191d7832d570fb0ea8bb4a4eb1

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 1142-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
August 4th, 2006 http://www.debian.org/security/faq

Package : freeciv
Vulnerability : missing bouncary checks
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-3913
BugTraq ID : 19117
Debian Bug : 381378

Luigi Auriemma discovered missing boundary checks in freeciv, a
clone of the well known Civilisation game, which can be exploited
by remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code.

For the stable distribution (sarge) these problems have been
fixed in version 2.0.1-1sarge2.

For the unstable distribution (sid) these problems will be fixed
soon.

We recommend that you upgrade your freeciv package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/f/freeciv/freeciv_2.0.1-1sarge2.dsc

      Size/MD5 checksum: 997
18498d24b54250ab8af555d1d37a58f8
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv_2.0.1-1sarge2.diff.gz

      Size/MD5 checksum: 45177
f4ec2a9e5c535f8575f82da1acb31786
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv_2.0.1.orig.tar.gz

      Size/MD5 checksum: 11086541
2deea98d258138325f590ec52d530a96

Architecture independent components:

    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-data_2.0.1-1sarge2_all.deb

      Size/MD5 checksum: 3843642
7549950e9a2603c30dea3996d90a501b
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-gtk_2.0.1-1sarge2_all.deb

      Size/MD5 checksum: 11486
2eb9487aa46c184425c2ee753aeea408
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-xaw3d_2.0.1-1sarge2_all.deb

      Size/MD5 checksum: 11488
b76ae39e8da49198ea7b4f22fc4d4d61
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv_2.0.1-1sarge2_all.deb

      Size/MD5 checksum: 11476
313b69df56d17e4b4ce355828a4931bc

Alpha architecture:

    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_alpha.deb

      Size/MD5 checksum: 590380
3a46c7102fb7720c6b22c9260bd6e0e0
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_alpha.deb

      Size/MD5 checksum: 514700
a61852b93a19a6081529c52592a2c01d
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_alpha.deb

      Size/MD5 checksum: 591250
6489e88abf589ae4c551197f00ed2a76

AMD64 architecture:

    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_amd64.deb

      Size/MD5 checksum: 476452
88e8b7db6194537fa688d17942bcdae2
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_amd64.deb

      Size/MD5 checksum: 409102
c0f9a3698267f94f2549844c039cb28e
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_amd64.deb

      Size/MD5 checksum: 465952
17f7e28d44dd3e92419fd3c7b421581c

ARM architecture:

    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_arm.deb

      Size/MD5 checksum: 423188
b18cb6fa46ab087b9f40192262864d6a
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_arm.deb

      Size/MD5 checksum: 361720
38d5539132b1353c9936a8712ff02a52
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_arm.deb

      Size/MD5 checksum: 419792
7c93feca1fe53d90b021322c7682d111

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_i386.deb

      Size/MD5 checksum: 440948
3702e9ac054ba9ec5a92447622bc01ac
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_i386.deb

      Size/MD5 checksum: 366832
7a3ec68f830307fb2cba056fa32e370b
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_i386.deb

      Size/MD5 checksum: 430298
981b279b36cabff252e6a91d22573bb4

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_ia64.deb

      Size/MD5 checksum: 659204
c74609605998269044046cbf22542a15
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_ia64.deb

      Size/MD5 checksum: 582314
0dc7ef5486694446014b99950c1dca4e
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_ia64.deb

      Size/MD5 checksum: 684488
ff9b193af4be8186cb15e6baba922b59

HP Precision architecture:

    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_hppa.deb

      Size/MD5 checksum: 497434
9f26b32389fa0202d95e8deae0af5684
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_hppa.deb

      Size/MD5 checksum: 430048
5bb2ab51d5df4d835c153dedd37d141e
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_hppa.deb

      Size/MD5 checksum: 491856
bea4c5a866f2c438a02ff0e31cfaf4ae

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_m68k.deb

      Size/MD5 checksum: 373434
c09262a7902569f53880ea08f33a8676
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_m68k.deb

      Size/MD5 checksum: 306794
8889d4409be406bbbd12fec876f9b363
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_m68k.deb

      Size/MD5 checksum: 355074
c2cb934868408d9e65abf96d8545f943

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_mips.deb

      Size/MD5 checksum: 454590
bea2a98c3167d1edf978dce16d21201d
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_mips.deb

      Size/MD5 checksum: 425812
57f82500284148e5339f9c356b801bb2
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_mips.deb

      Size/MD5 checksum: 479602
4adeaeeda8106e690a5ff98139f756a6

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_mipsel.deb

      Size/MD5 checksum: 453720
6c3b76369a22f49b72e7c137391cc6ac
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_mipsel.deb

      Size/MD5 checksum: 424618
c5ddd9950387d3df225781e161c26e6d
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_mipsel.deb

      Size/MD5 checksum: 481472
9a016d4dbaa24ff2de7413450da9e4cc

PowerPC architecture:

    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_powerpc.deb

      Size/MD5 checksum: 456204
50e3f85bdda583cf075555a833c06ad6
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_powerpc.deb

      Size/MD5 checksum: 393738
7bb561e2df36d0435f392168a100d64d
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_powerpc.deb

      Size/MD5 checksum: 460074
8a5c403853f1a953249430b8a09e40ed

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_s390.deb

      Size/MD5 checksum: 460912
de810a4e95df7e151c14fee404a8450c
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_s390.deb

      Size/MD5 checksum: 395748
ee388ca83a3ff6e97e13e605983eea8b
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_s390.deb

      Size/MD5 checksum: 448188
3e104b06fe2de82396bb7e0148a10e78

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_sparc.deb

      Size/MD5 checksum: 423448
332e72e600c0dd5b8c2278b239654a6f
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_sparc.deb

      Size/MD5 checksum: 360112
2ea0092164c79b2eb235fa26ee93dadd
    http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_sparc.deb

      Size/MD5 checksum: 421234
1f0355398a7737cb6b04a07978417415

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 1143-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
August 4th, 2006 http://www.debian.org/security/faq

Package : dhcp
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-3122
Debian Bug : 380273

Justin Winschief and Andrew Steets discovered a bug in dhcp, the
DHCP server for automatic IP address assignment, which causes the
server to unexpectedly exit.

For the stable distribution (sarge) this problem has been fixed
in version 2.0pl5-19.1sarge2.

For the unstable distribution (sid) this problem will be fixed
soon.

We recommend that you upgrade your dhcp package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2.dsc

      Size/MD5 checksum: 687
f73fef2e9996c07f813e8b44cf058fed
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2.diff.gz

      Size/MD5 checksum: 86660
931619c25909dde0f8278502d089a509
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5.orig.tar.gz

      Size/MD5 checksum: 294909
ab22f363a7aff924e2cc9d1019a21498

Alpha architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_alpha.deb

      Size/MD5 checksum: 123178
1d36fdc0bdee24e63ddd68290de55d42
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_alpha.deb

      Size/MD5 checksum: 115486
bf17b3f6d1d23a4f24f63dc8dee47c4f
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_alpha.deb

      Size/MD5 checksum: 80526
c23b5a983212426881e79e42abb08103

AMD64 architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_amd64.deb

      Size/MD5 checksum: 116010
53d3be3b942892ff1a0cc641152a7c0b
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_amd64.deb

      Size/MD5 checksum: 108676
99eaef8f0c56b81b28e09bf2040dbfe5
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_amd64.deb

      Size/MD5 checksum: 75952
170a4701d80b295679e605cfc56fb955

ARM architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_arm.deb

      Size/MD5 checksum: 114428
e220cadbd5250f55e7a88a8df95ea487
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_arm.deb

      Size/MD5 checksum: 107212
3a73115a056708b9a6190cbda179ce18
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_arm.deb

      Size/MD5 checksum: 74422
fdfdb05b69c11736c16a6aea1d8c0aa4

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_i386.deb

      Size/MD5 checksum: 109440
ca711b93042d11f8b5c853c3f648242a
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_i386.deb

      Size/MD5 checksum: 102220
558d78e22d1f4f909b718c46baa09cc4
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_i386.deb

      Size/MD5 checksum: 71330
6d5c42ff7f481df025b687b3969a6c25

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_ia64.deb

      Size/MD5 checksum: 144842
fe2d7f0eb45fba721e616f25dcdf29bb
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_ia64.deb

      Size/MD5 checksum: 136910
2ab43f384602792ae905ed00ee0b3465
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_ia64.deb

      Size/MD5 checksum: 92922
c87307ed1d553b3309c9d8f5b9a71783

HP Precision architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_hppa.deb

      Size/MD5 checksum: 116134
49852e02e411112adb6ad7acdee24c31
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_hppa.deb

      Size/MD5 checksum: 109042
6c117a4f8bb1cb0cf74f3e92baaf20e1
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_hppa.deb

      Size/MD5 checksum: 76740
6cc2f2822a7aa36b18eaaaae453d96a9

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_m68k.deb

      Size/MD5 checksum: 108782
fb3680aa3ea521fb4e77642cc47ac102
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_m68k.deb

      Size/MD5 checksum: 101672
9d6d600f9eecb2cda48c5f632e06bdf1
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_m68k.deb

      Size/MD5 checksum: 71418
79acf1203e75efb88a6216a8ed8d7a5b

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_mips.deb

      Size/MD5 checksum: 118566
c1b9855f7bb152ef9e8086a9631a4759
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_mips.deb

      Size/MD5 checksum: 111614
b22335a1a584a6e03622f92672d564af
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_mips.deb

      Size/MD5 checksum: 78014
cd698721ca4b076f4021c38e555301c1

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_mipsel.deb

      Size/MD5 checksum: 118140
0b08da85c43ad35c296a1554bbea0040
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_mipsel.deb

      Size/MD5 checksum: 111074
bf434314d3726fc72f1ba520019ad3e5
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_mipsel.deb

      Size/MD5 checksum: 77664
65e41b021840dd87d5cc776076ca5f92

PowerPC architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_powerpc.deb

      Size/MD5 checksum: 112540
0b83ec51591c3d2fc892cef08c25658d
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_powerpc.deb

      Size/MD5 checksum: 105446
e80540790b43f62d39d8e8ecccf06196
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_powerpc.deb

      Size/MD5 checksum: 73954
ae82323f9af86e64f809cb07165df9c4

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_s390.deb

      Size/MD5 checksum: 116578
45547a0804c240a48f90087d19e79b7a
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_s390.deb

      Size/MD5 checksum: 109366
8915a41a56e4d96080f937ec4e253381
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_s390.deb

      Size/MD5 checksum: 76834
55b285d1b7fa0cf81f3869441d576f16

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_sparc.deb

      Size/MD5 checksum: 113842
3800bc8307455eff6a3b38e820c5409f
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_sparc.deb

      Size/MD5 checksum: 106432
921b89e0c14344507cdf3272bc1e0c96
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_sparc.deb

      Size/MD5 checksum: 74860
312464adc38738ae26352b79c270109d

These files will probably be moved into the stable distribution
on its next update.

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200608-05

http://security.gentoo.org/

Severity: High
Title: LibVNCServer: Authentication bypass
Date: August 04, 2006
Bugs: #136916
ID: 200608-05

Synopsis

VNC servers created with LibVNCServer accept insecure protocol
types, even when the server does not offer it, resulting in
unauthorized access to the server.

Background

LibVNCServer is a GPL’ed library for creating VNC servers.

Affected packages

     Package                /  Vulnerable  /                Unaffected

  1  net-libs/libvncserver       < 0.8.2                      >= 0.8.2

Description

LibVNCServer fails to properly validate protocol types
effectively letting users decide what protocol to use, such as
“Type 1 – None”. LibVNCServer will accept this security type, even
if it is not offered by the server.

Impact

An attacker could use this vulnerability to gain unauthorized
access with the privileges of the user running the VNC server.

Workaround

There is no known workaround at this time.

Resolution

All LibVNCServer users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-libs/libvncserver-0.8.2"

References

[ 1 ] CVE-2006-2450

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2450

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200608-05.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory GLSA 200608-06

http://security.gentoo.org/

Severity: Normal
Title: Courier MTA: Denial of Service vulnerability
Date: August 04, 2006
Bugs: #135005
ID: 200608-06

Synopsis

Courier MTA has fixed a DoS issue related to usernames
containing a “=” character.

Background

Courier MTA is an integrated mail and groupware server based on
open protocols.

Affected packages

     Package           /  Vulnerable  /                     Unaffected

  1  mail-mta/courier      < 0.53.2                          >= 0.53.2

Description

Courier MTA has fixed a security issue relating to usernames
containing the “=” character, causing high CPU utilization.

Impact

An attacker could exploit this vulnerability by sending a
specially crafted email to a mail gateway running a vulnerable
version of Courier MTA.

Workaround

There is no known workaround at this time.

Resolution

All Courier MTA users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=mail-mta/courier-0.53.2"

References

[ 1 ] CVE-2006-2659

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2659

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200608-06.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory GLSA 200608-07

http://security.gentoo.org/

Severity: Normal
Title: libTIFF: Multiple vulnerabilities
Date: August 04, 2006
Bugs: #142383
ID: 200608-07

Synopsis

libTIFF contains several vulnerabilities that could result in
arbitrary code execution.

Background

libTIFF provides support for reading and manipulating TIFF
images.

Affected packages

     Package          /  Vulnerable  /                      Unaffected

  1  media-libs/tiff     < 3.8.2-r2                        >= 3.8.2-r2

Description

Tavis Ormandy of the Google Security Team discovered several
heap and stack buffer overflows and other flaws in libTIFF. The
affected parts include the TIFFFetchShortPair(), TIFFScanLineSize()
and EstimateStripByteCounts() functions, and the PixarLog and NeXT
RLE decoders.

Impact

A remote attacker could entice a user to open a specially
crafted TIFF file, resulting in the possible execution of arbitrary
code.

Workaround

There is no known workaround at this time.

Resolution

All libTIFF users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.8.2-r2"

References

[ 1 ] CVE-2006-3459

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459

[ 2 ] CVE-2006-3460

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460

[ 3 ] CVE-2006-3461

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3461

[ 4 ] CVE-2006-3462

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3462

[ 5 ] CVE-2006-3463

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3463

[ 6 ] CVE-2006-3464

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3464

[ 7 ] CVE-2006-3465

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3465

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200608-07.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory GLSA 200608-08

http://security.gentoo.org/

Severity: High
Title: GnuPG: Integer overflow vulnerability
Date: August 05, 2006
Bugs: #142248
ID: 200608-08

Synopsis

GnuPG is vulnerable to an integer overflow that could lead to
the execution of arbitrary code.

Background

The GNU Privacy Guard, GnuPG, is a free replacement for the PGP
suite of cryptographic software.

Affected packages

     Package          /  Vulnerable  /                      Unaffected

  1  app-crypt/gnupg       < 1.4.5                            >= 1.4.5

Description

Evgeny Legerov discovered a vulnerability in GnuPG that when
certain packets are handled an integer overflow may occur.

Impact

By sending a specially crafted email to a user running an
affected version of GnuPG, a remote attacker could possibly execute
arbitrary code with the permissions of the user running GnuPG.

Workaround

There is no known workaround at this time.

Resolution

All GnuPG users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-crypt/gnupg-1.4.5"

References

[ 1 ] CVE-2006-3746

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3746

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200608-08.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Slackware Linux

[slackware-security] php (SSA:2006-217-01)

New php packages are available for Slackware 10.2 and -current
to fix security and other issues.

More details about these issues may be found on the PHP
website:

http://www.php.net

Here are the details from the Slackware 10.2 ChangeLog:
+————————–+
patches/packages/php-4.4.3-i486-1_slack10.2.tgz:
Upgraded to php-4.4.3.
From the announcement of the release:
The security issues resolved include the following:
* Disallow certain characters in session names.
* Fixed a buffer overflow inside the wordwrap() function.
* Prevent jumps to parent directory via the 2nd parameter of the
tempnam() function.
* Improved safe_mode check for the error_log() function.
* Fixed cross-site scripting inside the phpinfo() function.
The PHP 4.4.3 release announcement may be found on their web
site:
    http://www.php.net
(* Security fix *)
+————————–+

Where to find the new
packages:

Updated package for Slackware 10.2:

ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/php-4.4.3-i486-1_slack10.2.tgz

Updated package for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-4.4.3-i486-1.tgz

MD5 signatures:

Slackware 10.2 package:
417d976f97a53240868e5c715f1ba00b php-4.4.3-i486-1_slack10.2.tgz

Slackware -cu

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.