Advisories, January 7, 2006 | Linux Today

Advisories, January 7, 2006

Written By
Web Webster
Web Webster
Jan 8, 2007

Debian GNU/Linux


Debian Security Advisory DSA 1245-1 security@debian.org
http://www.debian.org/security/
Moritz Muehlenhoff
January 7th, 2006 http://www.debian.org/security/faq


Package : proftpd
Vulnerability : programming error
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2005-4816
Debian Bug : 404751

Martin Loewer discovered that the proftpd FTP daemon is
vulnerable to denial of service if the addon module for Radius
authentication is enabled.

For the stable distribution (sarge) this problem has been fixed
in version 1.2.10-15sarge4.

For the upcoming stable distribution (etch) this problem has
been fixed in version 1.2.10+1.3.0rc5-1.

For the unstable distribution (sid) this problem has been fixed
in version 1.2.10+1.3.0rc5-1.

We recommend that you upgrade your proftpd package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4.dsc

      Size/MD5 checksum: 897
4bb3486da273b7f246396e54a672298d
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4.diff.gz

      Size/MD5 checksum: 128904
accf444b76dd76b0bf076ada64195e81
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10.orig.tar.gz

      Size/MD5 checksum: 920495
7d2bc5b4b1eef459a78e55c027a4f3c4

Architecture independent components:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-doc_1.2.10-15sarge4_all.deb

      Size/MD5 checksum: 418032
6c5b89cdad81b31913de87105841dd1e

Alpha architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_alpha.deb

      Size/MD5 checksum: 444480
fc8e4d8b8060b9fe582559c7b14af8e7
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_alpha.deb

      Size/MD5 checksum: 200968
9a870951184988f72d9012379a6eaf7a
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_alpha.deb

      Size/MD5 checksum: 457318
6aa9809aee60ee2d6151927f5916ce34
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_alpha.deb

      Size/MD5 checksum: 476904
b04b43ec13b396b40e305279e8a980e3
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_alpha.deb

      Size/MD5 checksum: 476558
7ac9fb101fa756968c958f5bf47c7686

AMD64 architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_amd64.deb

      Size/MD5 checksum: 389254
6bd512cb4bd2f8a264a4689a67a14bb9
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_amd64.deb

      Size/MD5 checksum: 194764
9f113824505cce070eeec9379c9dc885
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_amd64.deb

      Size/MD5 checksum: 400208
17f8fbcab75c416bdc0c3814637f48d4
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_amd64.deb

      Size/MD5 checksum: 415544
5315d8e9649fe27f5c1903d07c10b578
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_amd64.deb

      Size/MD5 checksum: 415324
00b57a27a56deb76e0a1e39073b6cd25

ARM architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_arm.deb

      Size/MD5 checksum: 374112
0965c04c1ce8378f51dc14fa3882d8d4
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_arm.deb

      Size/MD5 checksum: 188926
09d5f8d90fbd6226a589e8ebd1779347
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_arm.deb

      Size/MD5 checksum: 384246
3bf4887215a5b15f605c9208716bc039
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_arm.deb

      Size/MD5 checksum: 399130
6078dc20a109f70eea10bec067933227
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_arm.deb

      Size/MD5 checksum: 398920
fb5286540adc5baa2a768c44ed81b350

HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_hppa.deb

      Size/MD5 checksum: 403802
eaa3c2b98127b55b4e454ad8e26c1385
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_hppa.deb

      Size/MD5 checksum: 194616
740063db391cc8e91a875043c0696b3d
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_hppa.deb

      Size/MD5 checksum: 414990
0e55529a7f7d852fb96f3262a702680f
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_hppa.deb

      Size/MD5 checksum: 431956
900ac31fc0ef48f7726495e870bbd195
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_hppa.deb

      Size/MD5 checksum: 431700
e4ee9153c788d5b8d4f691b40a42c970

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_i386.deb

      Size/MD5 checksum: 371740
f4afca4abad80815388d82af744fe242
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_i386.deb

      Size/MD5 checksum: 189636
50dfe2e3126dcc8b7cc164f1d12969ef
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_i386.deb

      Size/MD5 checksum: 381896
82703bc0dbb797b5417c744a06a094ed
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_i386.deb

      Size/MD5 checksum: 397210
3f995554710621e5ec126e651787bad5
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_i386.deb

      Size/MD5 checksum: 396998
77d34b542d227a65d428ffa1d8a33ca3

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_ia64.deb

      Size/MD5 checksum: 519866
743cd6f7c0360a68d191f83dedb226cc
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_ia64.deb

      Size/MD5 checksum: 207180
7bfaad1c8fa54f0b0d13ad75026a50ea
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_ia64.deb

      Size/MD5 checksum: 535514
624b5847eaaf7331ba4473a4a998ef9c
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_ia64.deb

      Size/MD5 checksum: 562540
23ba5248ccad6c75f3ee03d8bdc54ac4
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_ia64.deb

      Size/MD5 checksum: 562366
93433536b9aef09a573a172c40a8d4f1

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_m68k.deb

      Size/MD5 checksum: 332488
12e6fd84292ff109c9dec3322689f176
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_m68k.deb

      Size/MD5 checksum: 187288
a7ecdd1ee5dfaae278690cdd9092c38d
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_m68k.deb

      Size/MD5 checksum: 341016
e75f44fa2038c8f2dee1203349a62a09
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_m68k.deb

      Size/MD5 checksum: 353240
cc43c21a15a6e862df18e82b29e65f57
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_m68k.deb

      Size/MD5 checksum: 352958
410894e0290f6eeac5decd8996186abd

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_mips.deb

      Size/MD5 checksum: 382560
a7194e12d0173f7a1130a842c76fe1d1
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_mips.deb

      Size/MD5 checksum: 201798
23e239465f075c6f8f1d724f687e626c
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_mips.deb

      Size/MD5 checksum: 392048
cf9750041e7128cadd73a99a8ca2569c
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_mips.deb

      Size/MD5 checksum: 406636
cb4a2ac79bf3b1c74d64db9e2c77d947
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_mips.deb

      Size/MD5 checksum: 406416
832e2e03285701cc0c469185ca5a2fca

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_mipsel.deb

      Size/MD5 checksum: 384422
819609d01b95bc4a8e21180c55a24096
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_mipsel.deb

      Size/MD5 checksum: 202010
d8facfe7af0b99b1b05e6a5671abe489
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_mipsel.deb

      Size/MD5 checksum: 393532
5e2f37d07d9793ca99afcb9269e5ede6
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_mipsel.deb

      Size/MD5 checksum: 409628
a1e9c5453054a9220347f822ac83ece7
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_mipsel.deb

      Size/MD5 checksum: 409390
347231a9363dcdd0d4c9ebe02b84458c

PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_powerpc.deb

      Size/MD5 checksum: 384604
645714c5221f671dfc5561f757834507
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_powerpc.deb

      Size/MD5 checksum: 195554
09ffa848bb4dc4fdba75eb0795d8098b
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_powerpc.deb

      Size/MD5 checksum: 395262
9114efd839caf4a4e64e127045bc972c
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_powerpc.deb

      Size/MD5 checksum: 412218
31a846c2ade77bbc1a6e5e43d3d4dc2d
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_powerpc.deb

      Size/MD5 checksum: 411824
869b072b5d558a8f6f8f0494b38a6024

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_s390.deb

      Size/MD5 checksum: 379786
03606ef08f344bb5462b81e525d61733
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_s390.deb

      Size/MD5 checksum: 193150
de4c7761d960492e6b7c526bebbfca68
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_s390.deb

      Size/MD5 checksum: 390248
0a786f8ad3d6fc4efff7b6c3825243ad
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_s390.deb

      Size/MD5 checksum: 404096
d507247c2896307a9ebc4e6a1330e2c6
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_s390.deb

      Size/MD5 checksum: 403818
94aa1917df6b1f46ab079004efd75b44

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_sparc.deb

      Size/MD5 checksum: 369958
3ab88aaa1466c9975dec9df3ee2db33e
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_sparc.deb

      Size/MD5 checksum: 189172
c4e651e5930c18b3002dbb20d7ad63ec
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_sparc.deb

      Size/MD5 checksum: 379626
323009aab72ccbc9646c35002dd8cd3b
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_sparc.deb

      Size/MD5 checksum: 395006
ec5b5f65e5db9856eebf430894d5b5fa
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_sparc.deb

      Size/MD5 checksum: 394892
197da4298e2bae985628a133ce7c257e

These files will probably be moved into the stable distribution
on its next update.


For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Fedora Core


Fedora Update Notification
FEDORA-2007-018
2007-01-07


Product : Fedora Core 5
Name : avahi
Version : 0.6.11
Release : 3.fc5
Summary : Local network service discovery

Description :
Avahi is a system which facilitates service discovery on a local
network — this means that you can plug your laptop or computer
into a network and instantly be able to view other people who you
can chat with, find printers to print to or find files being
shared. This kind of technology is already found in MacOS X
(branded ‘Rendezvous’, ‘Bonjour’ and sometimes ‘ZeroConf’) and is
very convenient.


Update Information:

avahi-0.6.11-3.fc5 should fix CVE-2006-6870 – the consume_labels
function in avahi-core/dns.c in Avahi before 0.6.16 allows remote
attackers to cause a denial of service (infinite loop) via a
crafted compressed DNS response with a label that points to
itself.


  • Sat Jan 6 2007 Martin Bacovsky <mbacovsk@redhat.com> –
    0.6.11-3.fc5
    • Resolves: #221726 – CVE-2006-6870 Maliciously crafted packed
      can DoS avahi daemon
  • Tue Nov 28 2006 Martin Bacovsky <mbacovsk@redhat.com> –
    0.6.11-2.fc5
    • fix bug #216655 – CVE-2006-5461 – avahi did not verify the
      sender identity of netlink messages
  • Mon Jul 17 2006 Jason Vas Dias <jvdias@redhat.com> –
    0.6.11-1
    • Upgrade to upstream version 0.6.11
    • fix bug 195674: set ‘use-ipv6=yes’ in avahi-daemon.conf
    • fix bug 197414: avahi-compat-howl and avahi-compat-dns-sd
      symlinks
    • fix bug 198282: avahi-compat-{howl-devel,dns-sd-devel}
      Requires:
  • Tue Jun 13 2006 Jason Vas Dias <jvdias@redhat.com> –
    0.6.10-3
    • rebuild for broken mono deps
  • Tue Jun 6 2006 Jason Vas Dias <jvdias@redhat.com> –
    0.6.10-2
    • fix bug 194203: fix permissions on /var/run/avahi-daemon
  • Tue May 30 2006 Jason Vas Dias <jvdias@redhat.com> –
    0.6.10-1
    • Upgrade to upstream version 0.6.10
    • fix bug 192080: split avahi-compat-libdns_sd into separate
      package

(same goes for avahi-compat-howl)


This update can be downloaded from:

    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

b01dbf83412f1b631396b847e1cb8b310572c2b6
SRPMS/avahi-0.6.11-3.fc5.src.rpm
b01dbf83412f1b631396b847e1cb8b310572c2b6
noarch/avahi-0.6.11-3.fc5.src.rpm
7f925f8323faa20936ea8d96995485f9399a1510
ppc/avahi-qt3-0.6.11-3.fc5.ppc.rpm
7d9c72855552c82b6cd71e0c875574e762c7626b
ppc/avahi-devel-0.6.11-3.fc5.ppc.rpm
a3db6cc323d158698d68f86d8ba78c004cfe2258
ppc/debug/avahi-debuginfo-0.6.11-3.fc5.ppc.rpm
bc5a82fd6caecf5a3fb65047cf429dd5f7528f79
ppc/avahi-compat-howl-devel-0.6.11-3.fc5.ppc.rpm
ea818680bfdfab2ead934e64f9e124c0d4804dff
ppc/avahi-glib-devel-0.6.11-3.fc5.ppc.rpm
e27f3163396568b7b74742316d84e0babb768606
ppc/avahi-0.6.11-3.fc5.ppc.rpm
4d1e24090b6cd9b369795ea17b6d328fdab61d9a
ppc/avahi-compat-libdns_sd-0.6.11-3.fc5.ppc.rpm
217252824665083566a65ed6cdbc33033fbe4499
ppc/avahi-sharp-0.6.11-3.fc5.ppc.rpm
5f40395031b840be55d3527d8e14c318f03a3f70
ppc/avahi-compat-howl-0.6.11-3.fc5.ppc.rpm
bdaf22b561e27213fed12e34a82b1e96a9599b07
ppc/avahi-compat-libdns_sd-devel-0.6.11-3.fc5.ppc.rpm
75f4cabc9c154c516bb0d9bfd9d628853e03f34e
ppc/avahi-tools-0.6.11-3.fc5.ppc.rpm
34e928f003f88e4170a5cd03629e0f971e805b32
ppc/avahi-qt3-devel-0.6.11-3.fc5.ppc.rpm
62377cb9206444dd6d6a4252c0315842331d29b9
ppc/avahi-glib-0.6.11-3.fc5.ppc.rpm
9aa18e9988fbb4ae5b4933a8aafe7ce02ad1d950
x86_64/debug/avahi-debuginfo-0.6.11-3.fc5.x86_64.rpm
9c81cea8f8e7bfa87902333065eee500386ed6bc
x86_64/avahi-compat-howl-0.6.11-3.fc5.x86_64.rpm
ef4aec742161ef0b4654136e7d30869c6c7c5b8b
x86_64/avahi-compat-libdns_sd-devel-0.6.11-3.fc5.x86_64.rpm
e71d4e057ed81bb37a0e110e841952ac74c7c97b
x86_64/avahi-tools-0.6.11-3.fc5.x86_64.rpm
b838b206d627959f0a679a3a7234c3ea1c0ea05c
x86_64/avahi-glib-0.6.11-3.fc5.x86_64.rpm
1e6d80d421a0ddeb080d2c458c12c099ad736ef2
x86_64/avahi-0.6.11-3.fc5.x86_64.rpm
b93177ae822424ca2b30070182bd40673abd81d4
x86_64/avahi-qt3-0.6.11-3.fc5.x86_64.rpm
8ae22542f95a359d4a3fb9a6d083b64e32b03fdd
x86_64/avahi-qt3-devel-0.6.11-3.fc5.x86_64.rpm
11aaa6721bbcea2f5f12fd987659c58d5a87797a
x86_64/avahi-devel-0.6.11-3.fc5.x86_64.rpm
10e3c611deb39c0b227fee31ce1b864027f117d7
x86_64/avahi-compat-libdns_sd-0.6.11-3.fc5.x86_64.rpm
2d311fc29cc57c585be6a7c745d3fb368e952781
x86_64/avahi-sharp-0.6.11-3.fc5.x86_64.rpm
ec28ecefa644d493a8b0eb3b0710637cdc57ca8a
x86_64/avahi-compat-howl-devel-0.6.11-3.fc5.x86_64.rpm
89ec848c906ee0561a6b0e1a88a074f72f9d5e9c
x86_64/avahi-glib-devel-0.6.11-3.fc5.x86_64.rpm
df75711a7b29d309819ddca7b5ba89b7472f6855
i386/avahi-sharp-0.6.11-3.fc5.i386.rpm
9ff37604e6f3ac9982aaf2a0c643423e3ad15cf8
i386/avahi-compat-howl-0.6.11-3.fc5.i386.rpm
292ff2d69694b5031b1d9a6ba33c42e1b07b5a4a
i386/avahi-compat-howl-devel-0.6.11-3.fc5.i386.rpm
8a5cb1da102e9ddd03f8c22b1b48e20e9714ef3b
i386/avahi-glib-devel-0.6.11-3.fc5.i386.rpm
721025866c12cf18dc3019a61b41fdde385351ec
i386/avahi-tools-0.6.11-3.fc5.i386.rpm
bd44fde300294686dd87a6a4bea68af06dc20968
i386/avahi-0.6.11-3.fc5.i386.rpm
07f1f76afde5f0184c0a3182cd9c00b45609ad77
i386/avahi-glib-0.6.11-3.fc5.i386.rpm
8b0943ab980b8329eaf03478d8c2f56293f851d0
i386/avahi-devel-0.6.11-3.fc5.i386.rpm
6b31212d6fdeb03963726b361b847fe267246b04
i386/avahi-qt3-0.6.11-3.fc5.i386.rpm
f6d8143a90419a6fcf639d46c3e170487907cc36
i386/avahi-compat-libdns_sd-0.6.11-3.fc5.i386.rpm
1fdb1ee9276c9110499fcdf61daabb9834543240
i386/avahi-qt3-devel-0.6.11-3.fc5.i386.rpm
2d31df6b26f65db784bc49521bebf89702a963ca
i386/avahi-compat-libdns_sd-devel-0.6.11-3.fc5.i386.rpm
80a926710b2fea263c57649b5c048788f6a40115
i386/debug/avahi-debuginfo-0.6.11-3.fc5.i386.rpm

This update can be installed with the ‘yum’ update program. Use
‘yum update package-name’ at the command line. For more
information, refer to ‘Managing Software with yum,’ available at
http://fedora.redhat.com/docs/yum/.

Advertisement

Ubuntu


Ubuntu Security Notice USN-398-3 January 04, 2007
firefox-themes-ubuntu regression
https://launchpad.net/bugs/76871


A security issue affects the following Ubuntu releases:

Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.10:
firefox-themes-ubuntu 0.5.4.1~6.10

After a standard system upgrade you need to restart Firefox to
effect the necessary changes.

Details follow:

USN-398-1 fixed vulnerabilities in Firefox. Due to the updated
version, a flaw was uncovered in the Firefox Themes bundle, which
erroneously reported to be incompatible with the updated Firefox.
This update fixes the problem.

We apologize for the inconvenience.

Updated packages for Ubuntu 6.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-themes-ubuntu/firefox-themes-ubuntu_0.5.4.1~6.10.dsc

      Size/MD5: 686
b3ee34c6ef4af852f2418db6694a891a
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-themes-ubuntu/firefox-themes-ubuntu_0.5.4.1~6.10.tar.gz

      Size/MD5: 187370
11706b8b8fd00c59973ed1497ce8dabe

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-themes-ubuntu/firefox-themes-ubuntu_0.5.4.1~6.10_all.deb

      Size/MD5: 1917682
37795bf1756250a0c4d22d41c248022b


Ubuntu Security Notice USN-400-1 January 04, 2007
mozilla-thunderbird vulnerabilities
CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501,
CVE-2006-6502, CVE-2006-6503, CVE-2006-6505


A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:

mozilla-thunderbird 1.5.0.9-0ubuntu0.5.10
mozilla-thunderbird-dev 1.5.0.9-0ubuntu0.5.10

Ubuntu 6.06 LTS:

mozilla-thunderbird 1.5.0.9-0ubuntu0.6.06
mozilla-thunderbird-dev 1.5.0.9-0ubuntu0.6.06

Ubuntu 6.10:

mozilla-thunderbird 1.5.0.9-0ubuntu0.6.10
mozilla-thunderbird-dev 1.5.0.9-0ubuntu0.6.10

After a standard system upgrade you need to restart Thunderbird
to effect the necessary changes.

Details follow:

Georgi Guninski and David Bienvenu discovered that long
Content-Type and RFC2047-encoded
headers we vulnerable to heap overflows. By tricking the user into
opening a specially crafted email, an attacker could execute
arbitrary code with user privileges. (CVE-2006-6506)

Various flaws have been reported that allow an attacker to
execute arbitrary code with user privileges or bypass internal XSS
protections by tricking the user into opening a malicious email
containing JavaScript. Please note that JavaScript is disabled by
default for emails, and it is not recommended to enable it.
(CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501,
CVE-2006-6502, CVE-2006-6503)

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.5.10.diff.gz

      Size/MD5: 451886
9f56038195cbfd504e30d728afffd839
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.5.10.dsc

      Size/MD5: 960
9355d95244a407ed2e186cebeec17227

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.9-0ubuntu0.5.10_amd64.deb

      Size/MD5: 3527900
d42e7fe575f44c47df2be82c8822f118
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.9-0ubuntu0.5.10_amd64.deb

      Size/MD5: 190564
84bc6710da5797f6d2602ee4e1706c03
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.9-0ubuntu0.5.10_amd64.deb

      Size/MD5: 55790
3c54969a4c202ad37a22852dc09218fa
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.5.10_amd64.deb

      Size/MD5: 11992084
d6f7b1e835dc1698fa7b9b610eb774d7

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.9-0ubuntu0.5.10_i386.deb

      Size/MD5: 3519308
e36f9544ba777426ff48cd6cd98598b7
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.9-0ubuntu0.5.10_i386.deb

      Size/MD5: 183926
071d1aeb37a7be4b270ad72d8e3fe83e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.9-0ubuntu0.5.10_i386.deb

      Size/MD5: 51408
edb40af1565a0ad0449172dffc05bdf2
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.5.10_i386.deb

      Size/MD5: 10301946
1d5a89a3c62003e78bb524470d1df0bd

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.9-0ubuntu0.5.10_powerpc.deb

      Size/MD5: 3524840
bf72063909f218ea644be71bb24fa978
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.9-0ubuntu0.5.10_powerpc.deb

      Size/MD5: 187280
0c2a5965a1f167ebd39ed2ac510dd25f
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.9-0ubuntu0.5.10_powerpc.deb

      Size/MD5: 54980
3eaf7a9964f9fe19e394497d2d011c91
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.5.10_powerpc.deb

      Size/MD5: 11544152
03bba83cdba82a9d3cf5668f5481fa3f

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.9-0ubuntu0.5.10_sparc.deb

      Size/MD5: 3521026
fce40c573d51c4ec6ed7e1bba5d3371b
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.9-0ubuntu0.5.10_sparc.deb

      Size/MD5: 184710
6a69cad59a1296f6c937f32e936759c2
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.9-0ubuntu0.5.10_sparc.deb

      Size/MD5: 52872
d2cb21977046d1e02596ddbe349712c1
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.5.10_sparc.deb

      Size/MD5: 10782152
b4408f24a49a98056ae912ecc5bcb245

Updated packages for Ubuntu 6.06 LTS:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.6.06.diff.gz

      Size/MD5: 455145
8e3dd9a42c535cf3dbbfa7d3f43c10d4
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.6.06.dsc

      Size/MD5: 960
b80db5c275a3c7f4a2ea7842e17fec6d

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.9-0ubuntu0.6.06_amd64.deb

      Size/MD5: 3532510
5592350d1dd0bb6b70394b14f8fde2c2
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.9-0ubuntu0.6.06_amd64.deb

      Size/MD5: 194024
e5871c35e2aef3f1768b447019b379f1
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.9-0ubuntu0.6.06_amd64.deb

      Size/MD5: 59274
79e2c030c89eb8297d1ff24a7597b6d7
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.6.06_amd64.deb

      Size/MD5: 12001616
02611be9890cbfccd812db689cb94e19

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.9-0ubuntu0.6.06_i386.deb

      Size/MD5: 3524028
aa54f8fb63106674dc23514edf7f452e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.9-0ubuntu0.6.06_i386.deb

      Size/MD5: 187396
a0d317c47f12847d79cba7c6393100e9
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.9-0ubuntu0.6.06_i386.deb

      Size/MD5: 54784
af53dd218d88562c6daaabfbf6e2eb28
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.6.06_i386.deb

      Size/MD5: 10300500
7703c64dd2d715a77fd1ee8e7d4106af

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.9-0ubuntu0.6.06_powerpc.deb

      Size/MD5: 3530092
ae5f0e37440660e41982ae2d879d5a1c
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.9-0ubuntu0.6.06_powerpc.deb

      Size/MD5: 190730
fd4a74ad4c46b884420187435095f986
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.9-0ubuntu0.6.06_powerpc.deb

      Size/MD5: 58386
6159f387a03d0a328ff3c077e259700f
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.6.06_powerpc.deb

      Size/MD5: 11572978
4da87cee0aa4392bb9172ffca7d5cbd3

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.9-0ubuntu0.6.06_sparc.deb

      Size/MD5: 3525958
21c5b90c693a918e435ec19dac264768
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.9-0ubuntu0.6.06_sparc.deb

      Size/MD5: 188194
88f2e1008358728615ffe26a2671d4cc
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.9-0ubuntu0.6.06_sparc.deb

      Size/MD5: 56276
ee1009439286856271c676fdb8abecf8
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.6.06_sparc.deb

      Size/MD5: 10772130
2798c0f5b0ed07c22f783ea321f18757

Updated packages for Ubuntu 6.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.6.10.diff.gz

      Size/MD5: 455145
bd31793ada82bc8f7f188fce4996ad94
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.6.10.dsc

      Size/MD5: 960
3954fe275c0b3a6fbc4069e85d27ce87
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9.orig.tar.gz

      Size/MD5: 35610990
511100300f92ef07dc733c5f0a8aadf6

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.9-0ubuntu0.6.10_amd64.deb

      Size/MD5: 3532362
6f54066cee692a33b4261eda37c77f7a
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.9-0ubuntu0.6.10_amd64.deb

      Size/MD5: 194160
49fe3e145ccd8986d089e6625de45a42
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.9-0ubuntu0.6.10_amd64.deb

      Size/MD5: 59302
5437dc8ca65ddcbe1b54269ecca513d1
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.6.10_amd64.deb

      Size/MD5: 11996524
c592f4f62e077ee6832d752f1630c9f1

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.9-0ubuntu0.6.10_i386.deb

      Size/MD5: 3528062
4009f219f4ebbb0b57a9ea809eef8fdd
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.9-0ubuntu0.6.10_i386.deb

      Size/MD5: 188812
70ec0e513c5ff23ee5ea1ae9b6f146b7
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.9-0ubuntu0.6.10_i386.deb

      Size/MD5: 55920
1700eb2f625cc68c58ecd64c6b52918e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.6.10_i386.deb

      Size/MD5: 10756290
43b607dd453f4f2344f9631c7883a45b

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.9-0ubuntu0.6.10_powerpc.deb

      Size/MD5: 3530100
39a904eea3487e877ed89099b093182e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.9-0ubuntu0.6.10_powerpc.deb

      Size/MD5: 191248
89fd5cfb1d7ce4232714bad58cc8c4e5
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.9-0ubuntu0.6.10_powerpc.deb

      Size/MD5: 58958
e8883e10a4adc2d5175faa4871c45db3
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.6.10_powerpc.deb

      Size/MD5: 11702722
9e1ac70b40fadc13540ed8e1346ebd96

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.9-0ubuntu0.6.10_sparc.deb

      Size/MD5: 3526070
8a172512a876f136335b42ec2fb64b5e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.9-0ubuntu0.6.10_sparc.deb

      Size/MD5: 188646
efee0c9e23d240797f5963223a8e27a3
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.9-0ubuntu0.6.10_sparc.deb

      Size/MD5: 56344
74beaea8578051a5f1cf4e0acf6a93c1
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.9-0ubuntu0.6.10_sparc.deb

      Size/MD5: 10969616
0327abc5d649e757c03e5763b2469bce


Ubuntu Security Notice USN-401-1 January 04, 2007
dbus vulnerability
CVE-2006-6107


A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
dbus 0.36.2-0ubuntu7.1

Ubuntu 6.06 LTS:
dbus 0.60-6ubuntu8.1

Ubuntu 6.10:
dbus 0.93-0ubuntu3.1

After a standard system upgrade you need to reboot your computer
to effect the necessary changes.

Details follow:

Kimmo H. discovered that local users could delete other users’
D-Bus match rules. Applications would stop receiving D-Bus
messages, resulting in a local denial of service, and potential
data loss for applications that depended on D-Bus for storing
information.

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_0.36.2-0ubuntu7.1.diff.gz

      Size/MD5: 20079
c9da5415d9c40e3e7d8c8a0a42a5a8af
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_0.36.2-0ubuntu7.1.dsc

      Size/MD5: 1481
678473638ffb542af376a9288b7e9894
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_0.36.2.orig.tar.gz

      Size/MD5: 1601374
45468e46967d3e70f082d0d0e6049225

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-doc_0.36.2-0ubuntu7.1_all.deb

      Size/MD5: 1383452
824c945c895bd5ca3a1632ebf8781bd9

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-utils_0.36.2-0ubuntu7.1_amd64.deb

      Size/MD5: 195764
712e8501c1c1c5565a8bb12acbb51a4d
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_0.36.2-0ubuntu7.1_amd64.deb

      Size/MD5: 310368
60e21a4aa8c9d645455af9fb25cd81c6
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-1-1_0.36.2-0ubuntu7.1_amd64.deb

      Size/MD5: 241070
bc6ba41be6e038289ef183bc1c87e181
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-1-cil_0.36.2-0ubuntu7.1_amd64.deb

      Size/MD5: 170960
950c9bbff0dfb5ef4df5ac6973fa04c3
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-1-dev_0.36.2-0ubuntu7.1_amd64.deb

      Size/MD5: 300864
7fb845375f9e670ac3d4227606fe392d
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-glib-1-1_0.36.2-0ubuntu7.1_amd64.deb

      Size/MD5: 180612
df5d59d9d9c29f95f972b5e2c256ce50
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-glib-1-dev_0.36.2-0ubuntu7.1_amd64.deb

      Size/MD5: 193072
86e23e014f4c77a76151a1757c1b3be1
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-qt-1-1c2_0.36.2-0ubuntu7.1_amd64.deb

      Size/MD5: 157726
39d7412bb822f791d92350a2696b9887
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-qt-1-dev_0.36.2-0ubuntu7.1_amd64.deb

      Size/MD5: 163258
8027be432eb55cfb227c5bef071280c1
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/python2.4-dbus_0.36.2-0ubuntu7.1_amd64.deb

      Size/MD5: 251134
6fe6da35ea09b517f10a024fd46358a3

i386 architecture (x86 compatible Intel/AMD)

    

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.