---

Home Security

Advisories, August 9, 2006

By

Debian GNU/Linux

Debian Security Advisory DSA 1146-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
August 9th, 2006 http://www.debian.org/security/faq

Package : krb5
Vulnerability : programming error
Problem type : local
Debian-specific: no
CVE IDs : CVE-2006-3083 CVE-2006-3084
CERT advisories: VU#580124 VU#401660

In certain application programs packaged in the MIT Kerberos 5
source distribution, calls to setuid() and seteuid() are not always
checked for success and which may fail with some PAM
configurations. A local user could exploit one of these
vulnerabilities to result in privilege escalation. No exploit code
is known to exist at this time.

For the stable distribution (sarge) these problems have been
fixed in version 1.3.6-2sarge3.

For the unstable distribution (sid) these problems have been
fixed in version 1.4.3-9.

We recommend that you upgrade your krb5 packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge3.dsc

      Size/MD5 checksum: 782
df8c8142c32fb06bcf09d5c44d4f9ea1
    http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge3.diff.gz

      Size/MD5 checksum: 663073
2e75d18a0b91e88b3df87439d981438a
    http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6.orig.tar.gz

      Size/MD5 checksum: 6526510
7974d0fc413802712998d5fc5eec2919

Architecture independent components:

    http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.3.6-2sarge3_all.deb

      Size/MD5 checksum: 718328
f2595b87eb8731af975215775c44e00b

Alpha architecture:

    http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_alpha.deb

      Size/MD5 checksum: 113770
53afa9353cfd612c1a4ce697390f1ff1
    http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_alpha.deb

      Size/MD5 checksum: 246936
bbfa0e6c00e69cf2df0d6957bdcc185f
    http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_alpha.deb

      Size/MD5 checksum: 62396
d13ec27eb3be9b7c210887519e5c1ce3
    http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_alpha.deb

      Size/MD5 checksum: 136856
303321f333c9835dbef85cf4b222da73
    http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_alpha.deb

      Size/MD5 checksum: 89594
27eb1a246db85bbe41280ba0b558429b
    http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_alpha.deb

      Size/MD5 checksum: 71766
b7ecdfdeee2a15d2694cea550c172897
    http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_alpha.deb

      Size/MD5 checksum: 145408
fef89723c90a38d76429f00802b39619
    http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_alpha.deb

      Size/MD5 checksum: 200660
6801613fb91bc9e655ca301d48782f69
    http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_alpha.deb

      Size/MD5 checksum: 861152
aad361c2f76f13fc3d7c857831f7524a
    http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_alpha.deb

      Size/MD5 checksum: 422316
ab1c2ea1a3c4da8e4a53caf9e59e0725

AMD64 architecture:

    http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_amd64.deb

      Size/MD5 checksum: 104030
42f5d96cd63367c8641177d5f087c0cd
    http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_amd64.deb

      Size/MD5 checksum: 216384
9e52260fcac54a436280ea705a772fca
    http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_amd64.deb

      Size/MD5 checksum: 56438
abca496cfe9100f2e98787baf7cb9596
    http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_amd64.deb

      Size/MD5 checksum: 124162
d19d239b1435c4d61532b05a3ccec5ff
    http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_amd64.deb

      Size/MD5 checksum: 82198
01f9adf1df2dfec4705e195bfb987809
    http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_amd64.deb

      Size/MD5 checksum: 62948
2f214984d0398eb0b7be737e7449137f
    http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_amd64.deb

      Size/MD5 checksum: 137194
ef1437a40dcb3a2b693bc18b62eb5305
    http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_amd64.deb

      Size/MD5 checksum: 177044
fcb495788de9ace6387613104305d1fc
    http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_amd64.deb

      Size/MD5 checksum: 651714
9c42b3ae304ee6b99205a739e5525f2b
    http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_amd64.deb

      Size/MD5 checksum: 368844
a6d46ba74757d0b3290cccc7d2a071cd

ARM architecture:

    http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_arm.deb

      Size/MD5 checksum: 92838
53115b51885ed7cc328d302b458bd7d1
    http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_arm.deb

      Size/MD5 checksum: 192330
b96c5f518c6b936ec850815dbc563444
    http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_arm.deb

      Size/MD5 checksum: 53132
d26a3b90c9739cc49b4832d4c6080a5a
    http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_arm.deb

      Size/MD5 checksum: 114880
1d3ee4ea1ed533d495a0f57a0a9b41fb
    http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_arm.deb

      Size/MD5 checksum: 74362
e4566a14988825c4b2b9e08de7004ac5
    http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_arm.deb

      Size/MD5 checksum: 57482
1d18ac632e9e60514ecf68993bccc324
    http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_arm.deb

      Size/MD5 checksum: 127014
f2c67cc5ac56c42c3018d817cf3cef24
    http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_arm.deb

      Size/MD5 checksum: 158120
3eebe39e58001ba876c6cbeb9e161487
    http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_arm.deb

      Size/MD5 checksum: 633252
b55abd0364621173f4c1f5261e9fa44e
    http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_arm.deb

      Size/MD5 checksum: 328604
092e97bd8efb2e88355663489961745b

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_i386.deb

      Size/MD5 checksum: 94894
c2a63602c4f4814ed7f231f52a48e946
    http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_i386.deb

      Size/MD5 checksum: 190924
9926ba246c49bb908e0caeb48f0238e6
    http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_i386.deb

      Size/MD5 checksum: 52294
6163d519b0a430556f95508422bcce5b
    http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_i386.deb

      Size/MD5 checksum: 115540
db679e7f19b98a7a8ecf0d0f61f15d81
    http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_i386.deb

      Size/MD5 checksum: 75288
e9fbe4b10637cdf4ced94a2b566b4448
    http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_i386.deb

      Size/MD5 checksum: 57080
90c1841a887804d0145b0eece47b3b0b
    http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_i386.deb

      Size/MD5 checksum: 127358
333b35931c6e9926ff2934d320401c97
    http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_i386.deb

      Size/MD5 checksum: 164978
51742df7d055e4bf6af3b3f57e2ff5a1
    http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_i386.deb

      Size/MD5 checksum: 573980
9225372462e8ace8494213cd3fe84fb7
    http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_i386.deb

      Size/MD5 checksum: 348792
00b39ddc324f2d2d43f701bbe63ee5bc

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_ia64.deb

      Size/MD5 checksum: 133244
252fd8d9577459865f69f16ab7a179e0
    http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_ia64.deb

      Size/MD5 checksum: 288826
af4e344f133c364d8af560957a8df23b
    http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_ia64.deb

      Size/MD5 checksum: 73052
62d1a4cb177c6f14c64c22a68ba64c6a
    http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_ia64.deb

      Size/MD5 checksum: 164528
f9d8ebe91ea0337b119f39fd07deec9b
    http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_ia64.deb

      Size/MD5 checksum: 104690
dc8a8fd34a202798c1e420e0f4feac42
    http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_ia64.deb

      Size/MD5 checksum: 79314
4c4e93be3b0a1b95e1e5c7c4a62b6bda
    http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_ia64.deb

      Size/MD5 checksum: 166886
d502e8edb9682232a95b9178ee98bd3d
    http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_ia64.deb

      Size/MD5 checksum: 239670
1a8cee5fa4ddfdad17778f2ea1c6ac83
    http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_ia64.deb

      Size/MD5 checksum: 889306
efd994be8fb083db25f98f8edfc3b03e
    http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_ia64.deb

      Size/MD5 checksum: 501774
498dc695dcb25d298f5b182d65927978

HP Precision architecture:

    http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_hppa.deb

      Size/MD5 checksum: 103882
27402cf5234a4479f83c62f26be6fb00
    http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_hppa.deb

      Size/MD5 checksum: 223564
54808e7c3cd8722b3bd6ca6a99be0423
    http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_hppa.deb

      Size/MD5 checksum: 58758
232f4f80e0f83b9e01c61bb5645249f9
    http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_hppa.deb

      Size/MD5 checksum: 124472
df7ea8d94ea5e8d0c6da1ef9acc85836
    http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_hppa.deb

      Size/MD5 checksum: 81382
d0b70026412c03338c9f4f896195c94f
    http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_hppa.deb

      Size/MD5 checksum: 63602
322fee31f223795f689d35933b2bf9af
    http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_hppa.deb

      Size/MD5 checksum: 138552
686154015abdae71c518f1c0dc35c489
    http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_hppa.deb

      Size/MD5 checksum: 186630
fb53d4f3864d10e93e36e097d0af6826
    http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_hppa.deb

      Size/MD5 checksum: 669004
bfa9b717e5537352de8ba494429432ce
    http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_hppa.deb

      Size/MD5 checksum: 383270
997eea65966d93d16e7efbf2be95b827

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_m68k.deb

      Size/MD5 checksum: 87954
5927446895eab80283dfed1e33c39acd
    http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_m68k.deb

      Size/MD5 checksum: 173612
0615e8c1a45808b8c8f6cff3b8b3289e
    http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_m68k.deb

      Size/MD5 checksum: 49176
d53c131075c1d4f4b182788d436ac8a4
    http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_m68k.deb

      Size/MD5 checksum: 106894
8ffa020e4dfa1e0ced3827baa2a2b936
    http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_m68k.deb

      Size/MD5 checksum: 70516
290cf25961145e884733bf6375096db5
    http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_m68k.deb

      Size/MD5 checksum: 52818
2756537211d7e5a363c7c7fcf8f3b954
    http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_m68k.deb

      Size/MD5 checksum: 121568
b20e988adce800577872609ae6b992c6
    http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_m68k.deb

      Size/MD5 checksum: 147170
5c7439a07b085999d3ec60a85a7d09b5
    http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_m68k.deb

      Size/MD5 checksum: 515354
58e17a812ca5d4ae4ddd1f4bd2284f98
    http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_m68k.deb

      Size/MD5 checksum: 305252
81ab52f220afe10f7bef339a1f153fb4

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_mips.deb

      Size/MD5 checksum: 102714
42e5b123e67157992aeda70ed54a2c48
    http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_mips.deb

      Size/MD5 checksum: 226182
4e2d8b831bba0e10b34ce86a1e870c77
    http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_mips.deb

      Size/MD5 checksum: 57574
55c9acdfea9d46f6bee9734088a6b5ca
    http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_mips.deb

      Size/MD5 checksum: 128720
0b5e52310cd648be48b2a8ef9a28e9d5
    http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_mips.deb

      Size/MD5 checksum: 81176
e6ed192c639360fec544181448ae754b
    http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_mips.deb

      Size/MD5 checksum: 64850
9ac8c8b9bf28a07b9682a18b562e3b3a
    http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_mips.deb

      Size/MD5 checksum: 146306
b9755921995a2728dcb03528b4bfc0ed
    http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_mips.deb

      Size/MD5 checksum: 163540
af12479b3dab6180bdc3f64f1e901719
    http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_mips.deb

      Size/MD5 checksum: 679386
5732c39c6b6f8f68c48be497fd13440f
    http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_mips.deb

      Size/MD5 checksum: 354754
d0fb84b9a7affd2d6229022f5c200fec

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_mipsel.deb

      Size/MD5 checksum: 102984
461a4539738e1a0f1b778948336ada70
    http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_mipsel.deb

      Size/MD5 checksum: 225956
7bfab26d6338fe7b5ff08b125999a049
    http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_mipsel.deb

      Size/MD5 checksum: 57578
68f5c0d8e56d1dfb06dfbbedffbd27ce
    http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_mipsel.deb

      Size/MD5 checksum: 129452
6d20ff7a9dcd5be87802d5934f32f704
    http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_mipsel.deb

      Size/MD5 checksum: 81452
e6db8f84c86bdf4853ddb7a04fea6769
    http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_mipsel.deb

      Size/MD5 checksum: 64602
a4128e1c41282c37fb623dffda5f46dd
    http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_mipsel.deb

      Size/MD5 checksum: 146092
9181715b0f4077ebf9f11394491f052f
    http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_mipsel.deb

      Size/MD5 checksum: 165000
1a92c99183301405f845078b225796f2
    http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_mipsel.deb

      Size/MD5 checksum: 682100
b1d3ca066a847ef1006f1d8b34484480
    http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_mipsel.deb

      Size/MD5 checksum: 354534
8c93408a4491d5f9f67b49a27d27403d

PowerPC architecture:

    http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_powerpc.deb

      Size/MD5 checksum: 104536
10bb668587c2ae672f6f891dab5e0970
    http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_powerpc.deb

      Size/MD5 checksum: 217226
b8dac77f30c9f4c3fe174b61f1aa8c46
    http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_powerpc.deb

      Size/MD5 checksum: 56412
8ded35353ce5efd002fc1e4f53fb173b
    http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_powerpc.deb

      Size/MD5 checksum: 125588
56be5626dd27ef3c9b0bdf4d5de6f9a5
    http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_powerpc.deb

      Size/MD5 checksum: 82098
d29dc35a58982d87147e377ac5817a32
    http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_powerpc.deb

      Size/MD5 checksum: 61042
580be28960c04072bc2a909f9ce34cf9
    http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_powerpc.deb

      Size/MD5 checksum: 143232
674c3a99c81dc1f38515874731bd09af
    http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_powerpc.deb

      Size/MD5 checksum: 165066
319b7bd874b9e5f34d3e38eafd9c74a5
    http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_powerpc.deb

      Size/MD5 checksum: 634344
c987a9cd3b1a54ee41961acaebd01237
    http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_powerpc.deb

      Size/MD5 checksum: 352518
5157d90954b7859620e18fbbfddfa16b

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_s390.deb

      Size/MD5 checksum: 98650
462d6dfab006f34f6c6436040ad8428c
    http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_s390.deb

      Size/MD5 checksum: 213598
0d14561167d5db582867c30e68844586
    http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_s390.deb

      Size/MD5 checksum: 56632
e70da2be6c9bd3ee119a9aab3fbe3ebe
    http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_s390.deb

      Size/MD5 checksum: 120626
52658794b6eef36c1637269293448261
    http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_s390.deb

      Size/MD5 checksum: 81764
0267de3b25d919036dd9b8740b7ebf27
    http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_s390.deb

      Size/MD5 checksum: 62714
18040cac9c66f0ce110a87d5d455e5aa
    http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_s390.deb

      Size/MD5 checksum: 132342
6d4f13bdbd36b0d33218d636db3b2faf
    http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_s390.deb

      Size/MD5 checksum: 179684
69ba3a57b66fcab029ecefa7ae09eef5
    http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_s390.deb

      Size/MD5 checksum: 624330
2103482460605ec90df54687c6d56751
    http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_s390.deb

      Size/MD5 checksum: 375578
0dc404d9ce7e00573e9fb4a024e67d8a

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_sparc.deb

      Size/MD5 checksum: 92538
64d322c748643962a60ebafd92114205
    http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_sparc.deb

      Size/MD5 checksum: 194002
eab627f7b6a794e8720d6eed45d58c52
    http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_sparc.deb

      Size/MD5 checksum: 52934
10488d7b0c2cec790a79f5b434c88479
    http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_sparc.deb

      Size/MD5 checksum: 113374
f3151e4a84c23789e5703bf6d615b723
    http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_sparc.deb

      Size/MD5 checksum: 72996
37e8825143d48b8fea57f09e0b433f8d
    http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_sparc.deb

      Size/MD5 checksum: 58268
c70dacb5c496f945220fac452771f176
    http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_sparc.deb

      Size/MD5 checksum: 126262
0575fbe57b13bc01d02f0f7784addae7
    http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_sparc.deb

      Size/MD5 checksum: 157058
bdaf3884529cbfb280a21ca608cc880a
    http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_sparc.deb

      Size/MD5 checksum: 576134
6e9b3a823d3d01a9222e5ead1507275c
    http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_sparc.deb

      Size/MD5 checksum: 329842
ebfd32dddeb86791b4c1bd393a3f335d

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 1147-1 security@debian.org
http://www.debian.org/security/
Moritz Muehlenhoff
August 9th, 2006 http://www.debian.org/security/faq

Package : drupal
Vulnerability : missing input sanitising
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-4002

Ayman Hourieh discovered that Drupal, a dynamic website
platform, performs insufficient input sanitising in the user
module, which might lead to cross-site scripting.

For the stable distribution (sarge) this problem has been fixed
in version 4.5.3-6.1sarge3.

For the unstable distribution (sid) this problem has been fixed
in version 4.5.8-2.

We recommend that you upgrade your drupal package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-6.1sarge3.dsc

      Size/MD5 checksum: 625
bded8b7fb39d612fea45ddefca3f29ed
    http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-6.1sarge3.diff.gz

      Size/MD5 checksum: 84159
9e76069818a9187b7fe393aec84d5817
    http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3.orig.tar.gz

      Size/MD5 checksum: 471540
bf093c4c8aca7bba62833ea1df35702f

Architecture independent components:

    http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-6.1sarge3_all.deb

      Size/MD5 checksum: 503164
196e9b4a743836d68e2668ae96d01ed1

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 1148-1 security@debian.org
http://www.debian.org/security/
Moritz Muehlenhoff
August 9th, 2006 http://www.debian.org/security/faq

Package : gallery
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2005-2734 CVE-2006-0330 CVE-2006-4030
Debian Bug : 325285

Several remote vulnerabilities have been discovered in gallery,
a web-based photo album. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2005-2734

A cross-site scripting vulnerability allows injection of web
script code through HTML or EXIF information.

CVE-2006-0330

A cross-site scripting vulnerability in the user registration
allows injection of web script code.

CVE-2006-4030

Missing input sanitising in the stats modules allows information
disclosure.

For the stable distribution (sarge) these problems have been
fixed in version 1.5-1sarge2.

For the unstable distribution (sid) these problems have been
fixed in version 1.5-2.

We recommend that you upgrade your gallery package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/g/gallery/gallery_1.5-1sarge2.dsc

      Size/MD5 checksum: 589
f66813dbb5218b6cae62345331e73de0
    http://security.debian.org/pool/updates/main/g/gallery/gallery_1.5-1sarge2.diff.gz

      Size/MD5 checksum: 15917
4f2cb50ce35dcdce2af96dc251ee695f
    http://security.debian.org/pool/updates/main/g/gallery/gallery_1.5.orig.tar.gz

      Size/MD5 checksum: 6654533
7d610b59e7bf9edbbfa0abb38e041754

Architecture independent components:

    http://security.debian.org/pool/updates/main/g/gallery/gallery_1.5-1sarge2_all.deb

      Size/MD5 checksum: 6570476
5fd487a3d9973eb95af4eb4ee85cf545

These files will probably be moved into the stable distribution
on its next update.

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Mandriva Linux

Mandriva Linux Security Advisory MDKSA-2006:138
http://www.mandriva.com/security/

Package : clamav
Date : August 8, 2006
Affected: 2006.0, Corporate 3.0

Problem Description:

Damian Put discovered a boundary error in the UPX extraction
module in ClamAV which is used to unpack PE Windows executables.
This could be abused to cause a Denial of Service issue and
potentially allow for the execution of arbitrary code with the
permissions of the user running clamscan or clamd.

Updated packages have been patched to correct this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4018

Updated Packages:

Mandriva Linux 2006.0:
7160be474b24613a61e0544bc51f7f86
2006.0/RPMS/clamav-0.88.4-0.1.20060mdk.i586.rpm
8eaf5d27daa93c18117d72991d04f6a2
2006.0/RPMS/clamav-db-0.88.4-0.1.20060mdk.i586.rpm
27781d61cf85dd88b8d83586d4831e1c
2006.0/RPMS/clamav-milter-0.88.4-0.1.20060mdk.i586.rpm
ee41c72a28b45af3a8bc8a01b24680c1
2006.0/RPMS/clamd-0.88.4-0.1.20060mdk.i586.rpm
0a9fb0940a123a7347920c22a9453282
2006.0/RPMS/libclamav1-0.88.4-0.1.20060mdk.i586.rpm
89af9807ff0787621c51c0a6cf2545a0
2006.0/RPMS/libclamav1-devel-0.88.4-0.1.20060mdk.i586.rpm
034456a7e7e5c583403c69b06fb2b7c0
2006.0/SRPMS/clamav-0.88.4-0.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
8fc81c2d735a98c48c84abc4654c947e
x86_64/2006.0/RPMS/clamav-0.88.4-0.1.20060mdk.x86_64.rpm
0b306fe32d6e833e1ac45bd485fa2e93
x86_64/2006.0/RPMS/clamav-db-0.88.4-0.1.20060mdk.x86_64.rpm
fba26b042f08e0edbea94f26e3b0093e
x86_64/2006.0/RPMS/clamav-milter-0.88.4-0.1.20060mdk.x86_64.rpm
50fc585d63d14daceeec889d52f4e1e1
x86_64/2006.0/RPMS/clamd-0.88.4-0.1.20060mdk.x86_64.rpm
cf9e501d41c3951c158647aeb28a018f
x86_64/2006.0/RPMS/lib64clamav1-0.88.4-0.1.20060mdk.x86_64.rpm
9734f7d218bf446ac403584198d035bd
x86_64/2006.0/RPMS/lib64clamav1-devel-0.88.4-0.1.20060mdk.x86_64.rpm

034456a7e7e5c583403c69b06fb2b7c0
x86_64/2006.0/SRPMS/clamav-0.88.4-0.1.20060mdk.src.rpm

Corporate 3.0:
8995669334c70e4abe03a130291ceee3
corporate/3.0/RPMS/clamav-0.88.4-0.1.C30mdk.i586.rpm
b4d5bb40c553484ece891b5ccf6b9946
corporate/3.0/RPMS/clamav-db-0.88.4-0.1.C30mdk.i586.rpm
beca95463cea696152f9b25f57fee24c
corporate/3.0/RPMS/clamav-milter-0.88.4-0.1.C30mdk.i586.rpm
35dd7bff362ed54c8e052ba3182bff91
corporate/3.0/RPMS/clamd-0.88.4-0.1.C30mdk.i586.rpm
620db7610ccc4c7b05d0580634217e14
corporate/3.0/RPMS/libclamav1-0.88.4-0.1.C30mdk.i586.rpm
943964d75379bfbf9db16aa44a6965a4
corporate/3.0/RPMS/libclamav1-devel-0.88.4-0.1.C30mdk.i586.rpm
2ae9a4d818dce236123140f9edbaa742
corporate/3.0/SRPMS/clamav-0.88.4-0.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
873e244792ddb282ba7d5d3780644198
x86_64/corporate/3.0/RPMS/clamav-0.88.4-0.1.C30mdk.x86_64.rpm
45a538b5fc07847628b32f4346f4683e
x86_64/corporate/3.0/RPMS/clamav-db-0.88.4-0.1.C30mdk.x86_64.rpm

5eef3b58eba440748a40d144adc9f36c
x86_64/corporate/3.0/RPMS/clamav-milter-0.88.4-0.1.C30mdk.x86_64.rpm

e2cb732e7b7a676a330784f2414d7700
x86_64/corporate/3.0/RPMS/clamd-0.88.4-0.1.C30mdk.x86_64.rpm
686e984920647ab725f6a79249673663
x86_64/corporate/3.0/RPMS/lib64clamav1-0.88.4-0.1.C30mdk.x86_64.rpm

78e63226b709d850781813c2e5ea9b08
x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.88.4-0.1.C30mdk.x86_64.rpm

2ae9a4d818dce236123140f9edbaa742
x86_64/corporate/3.0/SRPMS/clamav-0.88.4-0.1.C30mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2006:139
http://www.mandriva.com/security/

Package : krb5
Date : September 9, 2006
Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0

Problem Description:

A flaw was discovered in some bundled Kerberos-aware packages
that would fail to check the results of the setuid() call. This
call can fail in some circumstances on the Linux 2.6 kernel if
certain user limits are reached, which could be abused by a local
attacker to get the applications to continue to run as root,
possibly leading to an elevation of privilege.

Updated packages have been patched to correct this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3083

Updated Packages:

Mandriva Linux 2006.0:
9769771585fb7b7fc6cf6feea1d6852d
2006.0/RPMS/ftp-client-krb5-1.4.2-1.1.20060mdk.i586.rpm
132d70eb7cc47ac787ceb4490f87d308
2006.0/RPMS/ftp-server-krb5-1.4.2-1.1.20060mdk.i586.rpm
ebcf417d249dc28511c8e6579ad832de
2006.0/RPMS/krb5-server-1.4.2-1.1.20060mdk.i586.rpm
37eb990906dea9b113f8dde526a218ab
2006.0/RPMS/krb5-workstation-1.4.2-1.1.20060mdk.i586.rpm
12bd0420fdfdf55433beaa839d245c7d
2006.0/RPMS/libkrb53-1.4.2-1.1.20060mdk.i586.rpm
73ec87553b0dfdee4170c23fd42f9b33
2006.0/RPMS/libkrb53-devel-1.4.2-1.1.20060mdk.i586.rpm
2e9bca676a7c89a2970105ec73dfd43a
2006.0/RPMS/telnet-client-krb5-1.4.2-1.1.20060mdk.i586.rpm
309990a6c12954d0c742ae3fcc20d3f7
2006.0/RPMS/telnet-server-krb5-1.4.2-1.1.20060mdk.i586.rpm
6b8f5083efd5c04230fb732636e78269
2006.0/SRPMS/krb5-1.4.2-1.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
7379da32042912507b45257c3ae7527a
x86_64/2006.0/RPMS/ftp-client-krb5-1.4.2-1.1.20060mdk.x86_64.rpm

5b9c39f00856cbfe56c984636c9616ec
x86_64/2006.0/RPMS/ftp-server-krb5-1.4.2-1.1.20060mdk.x86_64.rpm

dcbd8eb16edbaeab7f96bbbd61a63a42
x86_64/2006.0/RPMS/krb5-server-1.4.2-1.1.20060mdk.x86_64.rpm
27f81fe2c23b1aadb77bf36a765f1f3a
x86_64/2006.0/RPMS/krb5-workstation-1.4.2-1.1.20060mdk.x86_64.rpm

3ab0d3234686c559c0ca1363503f6632
x86_64/2006.0/RPMS/lib64krb53-1.4.2-1.1.20060mdk.x86_64.rpm
b79453018b1fdfd10cd1e67ed77eeecb
x86_64/2006.0/RPMS/lib64krb53-devel-1.4.2-1.1.20060mdk.x86_64.rpm

7ec7ec461afca7f7707e010310be4532
x86_64/2006.0/RPMS/telnet-client-krb5-1.4.2-1.1.20060mdk.x86_64.rpm

e596730793941a4aedb582abb7bec0cf
x86_64/2006.0/RPMS/telnet-server-krb5-1.4.2-1.1.20060mdk.x86_64.rpm

6b8f5083efd5c04230fb732636e78269
x86_64/2006.0/SRPMS/krb5-1.4.2-1.1.20060mdk.src.rpm

Corporate 3.0:
828af711a7bc04cee4de3fccba07543f
corporate/3.0/RPMS/ftp-client-krb5-1.3-6.7.C30mdk.i586.rpm
fc41fbc471acd1d94716ba7b37094e2c
corporate/3.0/RPMS/ftp-server-krb5-1.3-6.7.C30mdk.i586.rpm
d118695919843b28dc401994b2f8605f
corporate/3.0/RPMS/krb5-server-1.3-6.7.C30mdk.i586.rpm
c75c0d61e7fc98123f4dbfce2b2d3109
corporate/3.0/RPMS/krb5-workstation-1.3-6.7.C30mdk.i586.rpm
156f7354acd35590c33903d5dce0697d
corporate/3.0/RPMS/libkrb51-1.3-6.7.C30mdk.i586.rpm
15c4329696fbcfecc7bedc62c56cf577
corporate/3.0/RPMS/libkrb51-devel-1.3-6.7.C30mdk.i586.rpm
d88d3533f6993057eb01d9baeb8f9046
corporate/3.0/RPMS/telnet-client-krb5-1.3-6.7.C30mdk.i586.rpm
be90de149ade08f77bf15481e4a65bf6
corporate/3.0/RPMS/telnet-server-krb5-1.3-6.7.C30mdk.i586.rpm
b5ab69f2c45bd7fd8ddf24204126a0d1
corporate/3.0/SRPMS/krb5-1.3-6.7.C30mdk.src.rpm

Corporate 3.0/X86_64:
52e38def3585a04f2cec5dff30d1dad2
x86_64/corporate/3.0/RPMS/ftp-client-krb5-1.3-6.7.C30mdk.x86_64.rpm

02a6c33fc49fe58013e999e2a4773f70
x86_64/corporate/3.0/RPMS/ftp-server-krb5-1.3-6.7.C30mdk.x86_64.rpm

c3a9e4068740aeb23667ed5d46f0b48d
x86_64/corporate/3.0/RPMS/krb5-server-1.3-6.7.C30mdk.x86_64.rpm
9196af8c916c889cbe234acb1393faf0
x86_64/corporate/3.0/RPMS/krb5-workstation-1.3-6.7.C30mdk.x86_64.rpm

ae7336d754a485b4f24a42f3c36fbb59
x86_64/corporate/3.0/RPMS/lib64krb51-1.3-6.7.C30mdk.x86_64.rpm
d38b0395a79d4ea909aeaf0eefcdc9d4
x86_64/corporate/3.0/RPMS/lib64krb51-devel-1.3-6.7.C30mdk.x86_64.rpm

9e9bc222b2d7cbfc47c1af0fabd6ffd5
x86_64/corporate/3.0/RPMS/telnet-client-krb5-1.3-6.7.C30mdk.x86_64.rpm

afd4f60af3022e6c319eb38fb658ca24
x86_64/corporate/3.0/RPMS/telnet-server-krb5-1.3-6.7.C30mdk.x86_64.rpm

b5ab69f2c45bd7fd8ddf24204126a0d1
x86_64/corporate/3.0/SRPMS/krb5-1.3-6.7.C30mdk.src.rpm

Multi Network Firewall 2.0:
99da07eef578ea9634378d30310ea6da
mnf/2.0/RPMS/libkrb51-1.3-6.7.M20mdk.i586.rpm
8fd9018ab4c3bed69af2466a5e587f25
mnf/2.0/SRPMS/krb5-1.3-6.7.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2006:140
http://www.mandriva.com/security/

Package : ncompress
Date : August 9, 2006
Affected: 2006.0, Corporate 3.0

Problem Description:

Tavis Ormandy, of the Google Security Team, discovered that
ncompress, when uncompressing data, performed no bounds checking,
which could allow a specially crafted datastream to underflow a
.bss buffer with attacker controlled data.

Updated packages have been patched to correct this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1168

Updated Packages:

Mandriva Linux 2006.0:
a1e4fe7d74a1c8e043beb83baec7b34b
2006.0/RPMS/ncompress-4.2.4-28.1.20060mdk.i586.rpm
4b87e1b5ba659ce410067b09a75d669e
2006.0/SRPMS/ncompress-4.2.4-28.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
7ce7f3a618b9c3687936145e2563733a
x86_64/2006.0/RPMS/ncompress-4.2.4-28.1.20060mdk.x86_64.rpm
4b87e1b5ba659ce410067b09a75d669e
x86_64/2006.0/SRPMS/ncompress-4.2.4-28.1.20060mdk.src.rpm

Corporate 3.0:
30ecc6154bc75783218b82961288b085
corporate/3.0/RPMS/ncompress-4.2.4-28.1.C30mdk.i586.rpm
bda272f060534aa25bebf22ed852f647
corporate/3.0/SRPMS/ncompress-4.2.4-28.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
c9340a5c9bea0316f31fc61f6916f192
x86_64/corporate/3.0/RPMS/ncompress-4.2.4-28.1.C30mdk.x86_64.rpm

bda272f060534aa25bebf22ed852f647
x86_64/corporate/3.0/SRPMS/ncompress-4.2.4-28.1.C30mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 200

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.