Advisories: July 12, 2005

Debian GNU/Linux

Debian Security Advisory DSA 745-1 security@debian.org
http://www.debian.org/security/
Michael Stone
July 10, 2005 http://www.debian.org/security/faq

Package : drupal
Vulnerability : arbitrary command execution
Problem type : input validation errors
Debian-specific: no
CVE Id(s) : CAN-2005-1921, CAN-2005-2106, CAN-2005-2116

Two input validation errors were discovered in drupal and its
bundled xmlrpc module. These errors can lead to the execution of
arbitrary commands on the web server running drupal.

drupal was not included in the old stable distribution
(woody).

For the current stable distribution (sarge), these problems have
been fixed in version 4.5.3-3.

For the unstable distribution (sid), these problems have been
fixed in version 4.5.4-1.

We recommend that you upgrade your drupal package.

Upgrade instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 3.1 (sarge)

sarge was released for alpha, arm, hppa, i386, ia64, m68k, mips,
mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-3.dsc

Size/MD5 checksum: 609 0eb3f7233e0c83f4524784381338ddda

http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3.orig.tar.gz

Size/MD5 checksum: 471540 bf093c4c8aca7bba62833ea1df35702f

http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-3.diff.gz

Size/MD5 checksum: 43573 42582f8972fd4adb5d7e08712f80912c

Architecture independent packages:

http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-3_all.deb

Size/MD5 checksum: 487404 0af9a174268a7bfb83b523b452076e7b

Debian Security Advisory DSA 747-1 security@debian.org
http://www.debian.org/security/
Michael Stone
July 10, 2005 http://www.debian.org/security/faq

Package : egroupware
Vulnerability : remote command execution
Problem type : input validation error
Debian-specific: no
CVE Id(s) : CAN-2005-1921

A vulernability has been identified in the xmlrpc library
included in the egroupware package. This vulnerability could lead
to the execution of arbitrary commands on the server running
egroupware.

The old stable distribution (woody) did not include
egroupware.

For the current stable distribution (sarge), this problem is
fixed in version 1.0.0.007-2.dfsg-2sarge1.

For the unstable distribution (sid), this problem is fixed in
version 1.0.0.007-3.dfsg-1.

We recommend that you upgrade your egroupware package.

Upgrade instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 3.1 (sarge)

sarge was released for alpha, arm, hppa, i386, ia64, m68k, mips,
mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg.orig.tar.gz

Size/MD5 checksum: 12699187 462f5ea377c4d0c04f16ffe8037b9d6a

http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge1.diff.gz

Size/MD5 checksum: 33321 2ae91aca7f89d1f3d5f725fa09384ed8

http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge1.dsc

Size/MD5 checksum: 1285 1849e8a4639068df7ac9f8f72272ef86

Architecture independent packages:

http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 4212 6edb07699896314d8c0ce641e2228cc5

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-forum_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 51144 e611af77c5bd0c4b75cd9227ca50e115

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-ftp_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 37840 78e388f8967593e544992cc18fc47096

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-sitemgr_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 486306 ff7956754ab17b48938bc290171ab6c6

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-jinn_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 204810 0f4c3f9ce74980dc5102bbabb2909b49

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-stocks_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 26322 88c9d54ae0e23842f0b59b3cdc3de55f

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-news-admin_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 50530 d9407cff76325b2e597d30b16b55f35b

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-emailadmin_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 37916 a0c6fc6f8c2138e8377dc24933a45772

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-addressbook_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 148770 d96b5a43c0a29dd8dbc13d001831a45c

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpsysinfo_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 115750 d94de6dbaf9135a6fb45a1f01ffc09f4

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-manual_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 17100 2b837171f92886b79dab136b4cbed1b0

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-filemanager_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 172670 e35d2a3af12432147711a39e31d0a194

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-tts_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 92442 a1e6eacb42d3cf26bc2fe22086ee2332

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-comic_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 255838 b00219a9f18f65b56cde18564dbcdfc6

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-fudforum_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 1486218 7b8b470bf2a5f2279a322723ff74d031

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-infolog_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 202082 ef4836ce08f0edfba3d7d2dee6f13225

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-bookmarks_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 124930 bfdacc1755efb6e43133808bf77a1200

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpbrain_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 119060 6588409cc9526dca31479a4d1a464cb6

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-core_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 3771642 078dcb7065c3ced38e7e837d15003dde

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-messenger_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 31966 3f1306aa4e31ce8518a967d5b6c8de23

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-etemplate_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 1363034 bdc3797f41136a032488e458e090b729

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-calendar_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 382010 4725c5ad39c9abf8ab116f8a5dd0bb57

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-headlines_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 74732 2a08f46a7af3a0084426e317ffacf083

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-ldap_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 6942 2504ff9fa488181edfd5484ebab583b0

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-wiki_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 92404 18e426330d98178d6acf7b1f04e7a616

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-email_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 1243590 14104d7117c1ddcfe4013e64cdf4f427

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-projects_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 302036 275669f1b8eae13a4fa091423506aa65

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpldapadmin_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 139354 664038c40ad93e64daf975e5e50d3550

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-felamimail_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 275144 361b4166509e4dd861c907c2f9f846f5

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-polls_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 35878 069b89e524f57fff58dfa91e19380ee0

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-registration_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 99618 264116d3f03eddeae48e2ac1b5e74bb0

http://security.debian.org/pool/updates/main/e/egroupware/egroupware-developer-tools_1.0.0.007-2.dfsg-2sarge1_all.deb

Size/MD5 checksum: 53220 de815addc18f090c263b582db7025af3

Debian Security Advisory DSA 748-1 security@debian.org
http://www.debian.org/security/
Michael Stone
July 10, 2005 http://www.debian.org/security/faq

Package : ruby1.8
Vulnerability : arbitrary command execution
Problem type : bad default value
Debian-specific: no
CVE ID : CAN-2005-1992

A vulnerability has been discovered in ruby1.8 that could allow
arbitrary command execution on a server running the ruby xmlrpc
server.

The old stable distribution (woody) did not include ruby1.8.

This problem is fixed for the current stable distribution
(sarge) in version 1.8.2-7sarge1.

This problem is fixed for the unstable distribution in version
1.8.2-8.

We recommend that you upgrade your ruby1.8 package.

Upgrade instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 3.1 (sarge)

sarge was released for alpha, arm, hppa, i386, ia64, m68k, mips,
mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1.dsc

Size/MD5 checksum: 1024 d14377473cdeb0a26538b6137faa5c66

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1.diff.gz

Size/MD5 checksum: 529167 25de3bdf1775f90246f76e50a6aba24a

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2.orig.tar.gz

Size/MD5 checksum: 3623780 4bc5254bec262d18cf1ceef03aae8bdf

Architecture independent packages:

http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.2-7sarge1_all.deb

Size/MD5 checksum: 704400 f9004f2fedac63615c50bf6dab046fda

http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.2-7sarge1_all.deb

Size/MD5 checksum: 166072 60511fe4d9427eaf5a1d8df2ecba2e36

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.2-7sarge1_all.deb

Size/MD5 checksum: 216196 b08d57bed7996624c1a601e866329fc0

http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.2-7sarge1_all.deb

Size/MD5 checksum: 234004 47a6c5a62e9f73f4a34d04824874bc99

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.2-7sarge1_all.deb

Size/MD5 checksum: 142196 bcf34b40ab001265127728099452f800

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1_alpha.deb

Size/MD5 checksum: 151536 7ad683fac513e46996628a20ff6d3356

http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge1_alpha.deb

Size/MD5 checksum: 135552 c553fb4dce8871a275bb896848355bbb

http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge1_alpha.deb

Size/MD5 checksum: 137110 920de906ca471e12ced86b56ff8f9366

http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge1_alpha.deb

Size/MD5 checksum: 1468148 8a3ac95d4886583af1b97d937d849370

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge1_alpha.deb

Size/MD5 checksum: 795320 d8d640aab99c18fa596b09f03c8c4d2d

http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge1_alpha.deb

Size/MD5 checksum: 826790 c148490eceaa8969e138592020813f6f

http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge1_alpha.deb

Size/MD5 checksum: 133032 b7c0d0e594dc012ecc73c8490f1b9ba6

http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge1_alpha.deb

Size/MD5 checksum: 1449782 56d55e6c9df86dd7fb46c2fd939408ea

http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge1_alpha.deb

Size/MD5 checksum: 237188 7d45e77345bc580ca8382f29203c7cb1

arm architecture (ARM)

http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge1_arm.deb

Size/MD5 checksum: 743330 564d6353a5d64d77417f5a6ffcf9a9e7

http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge1_arm.deb

Size/MD5 checksum: 1440694 24737b7854ab18b09bb9e6b4f303c2a3

http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge1_arm.deb

Size/MD5 checksum: 1347836 8f79580b86d089a5b43236c756dd471e

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1_arm.deb

Size/MD5 checksum: 151074 7846a4af8f3038d0b54c9e31979ddaa8

http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge1_arm.deb

Size/MD5 checksum: 131352 69bccef101a65da4e60f46fc7cdebc3d

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge1_arm.deb

Size/MD5 checksum: 659604 ed60810b767dbac00807c055dffb077c

http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge1_arm.deb

Size/MD5 checksum: 133974 03f175228880f3e67884278964af9c44

http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge1_arm.deb

Size/MD5 checksum: 135070 f0c48c0fcded7fad805d52c9ba11a374

http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge1_arm.deb

Size/MD5 checksum: 221986 59fea0388c3f8d69e5665d67686e419f

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge1_hppa.deb

Size/MD5 checksum: 136124 aa4ec29a5603524a3a99068328bd2890

http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge1_hppa.deb

Size/MD5 checksum: 133314 06831884efd70902c8aaad45bf6418a9

http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge1_hppa.deb

Size/MD5 checksum: 246472 e18f8e843b24a50f132667ffdd37b066

http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge1_hppa.deb

Size/MD5 checksum: 1500408 0f9edd9f4b205e7b9ca0cad505229564

http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge1_hppa.deb

Size/MD5 checksum: 1453302 f6ae09a3da2cef1f52baead88a7fe8eb

http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge1_hppa.deb

Size/MD5 checksum: 839358 ed8caa18b5becb20c142ca5f5f4b3d10

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge1_hppa.deb

Size/MD5 checksum: 735292 747451a46dcd4b2f4eab683ecbfb1b1a

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1_hppa.deb

Size/MD5 checksum: 151662 d86c380a9955d76caa3c5f926ffab9c9

http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge1_hppa.deb

Size/MD5 checksum: 137786 a3289420dcbf65defb518e7baa9e5664

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge1_i386.deb

Size/MD5 checksum: 757634 1c4eacc0d440daf346b9840ff4906a02

http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge1_i386.deb

Size/MD5 checksum: 1439660 16ebd5860eb7ce78e2c5207269abd1ae

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge1_i386.deb

Size/MD5 checksum: 621934 5ff7f6069562d4552425b42d5f36a44b

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1_i386.deb

Size/MD5 checksum: 151160 09a9272d40c33d8405609c0e0ce9f6ff

http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge1_i386.deb

Size/MD5 checksum: 135784 9d2429dc457718bd993150d535b72992

http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge1_i386.deb

Size/MD5 checksum: 134530 e3bd1cfa5f649d7a20bb51ef66a348de

http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge1_i386.deb

Size/MD5 checksum: 224488 3b87ea10a0cc9caebc2fdb6b57298dae

http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge1_i386.deb

Size/MD5 checksum: 131534 3b90f35710b1f797ca33ec942bbdc061

http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge1_i386.deb

Size/MD5 checksum: 1349126 1ee770bca87a88e399c8c4f77a3ccfdf

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge1_ia64.deb

Size/MD5 checksum: 866786 4062c4ab81135dd456ab1e7db46557f1

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1_ia64.deb

Size/MD5 checksum: 151990 0097a803bdb56626f3c1875fd5befd4f

http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge1_ia64.deb

Size/MD5 checksum: 138178 fc8c3461455ffbf6592a5eacf5972a42

http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge1_ia64.deb

Size/MD5 checksum: 265250 3872b4240e71ab5a86c3ebfe00c5749c

http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge1_ia64.deb

Size/MD5 checksum: 1703116 d7f9a2384dd0db85e342916155b68740

http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge1_ia64.deb

Size/MD5 checksum: 1462560 d7a7c73d4e83e59b803828adde5f097d

http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge1_ia64.deb

Size/MD5 checksum: 135386 13759baab835003fddbac010632c867d

http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge1_ia64.deb

Size/MD5 checksum: 140004 7dd9e61a7abbdeacd3264250d9d9cf78

http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge1_ia64.deb

Size/MD5 checksum: 997468 8357023376acc0f4363f6d7d986562f8

m68k architecture (Motorola Mc680x0)

http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge1_m68k.deb

Size/MD5 checksum: 230308 48024963051c3ccf8458b9ee4b6e5ab1

http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge1_m68k.deb

Size/MD5 checksum: 134000 58b3e21ca9e7c1b06d5ae24cf7d1fcb6

http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge1_m68k.deb

Size/MD5 checksum: 1332362 35568fb709d0a8bb45a18ef93133b4dd

http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge1_m68k.deb

Size/MD5 checksum: 1438972 bb805f3e9f2db92d1c2d5d0e3feb6901

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1_m68k.deb

Size/MD5 checksum: 151028 02689b83b0d0dc0cc8755a062a2527c3

http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge1_m68k.deb

Size/MD5 checksum: 135380 21db9337dae209c4e49ec6acb1fcfcf6

http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge1_m68k.deb

Size/MD5 checksum: 729576 f94a068b39584d74537e5f65cfaa9a99

http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge1_m68k.deb

Size/MD5 checksum: 131684 3ad3d523ebeee21d80f719e9a787cefe

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge1_m68k.deb

Size/MD5 checksum: 552530 74670dad735e6a189b0d47789e1e2a43

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge1_mips.deb

Size/MD5 checksum: 683568 56200fb8806a1375f0e6bcc95accb229

http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge1_mips.deb

Size/MD5 checksum: 763272 8f8ae4dd98b5c2636db18ad2f759526f

http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge1_mips.deb

Size/MD5 checksum: 133774 4b975e5153049d8ed451b62fda972f98

http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge1_mips.deb

Size/MD5 checksum: 1435686 b519dffb4ea63ce422676a9726d5a293

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1_mips.deb

Size/MD5 checksum: 151812 14b9bc2f30a6b1bbbbdd488f67089507

http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge1_mips.deb

Size/MD5 checksum: 215090 383d30a807b65a4d640362c0a17d61ec

http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge1_mips.deb

Size/MD5 checksum: 1355828 1ceede1d947d90aa282f691125e772d1

http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge1_mips.deb

Size/MD5 checksum: 135142 7b4848c09eb350b78a21f20c31f0d037

http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge1_mips.deb

Size/MD5 checksum: 131258 650422e74a3224c83febcc808f12dfad

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge1_mipsel.deb

Size/MD5 checksum: 756344 0902f6e34ac2da00ccb6a8f497785a51

http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge1_mipsel.deb

Size/MD5 checksum: 133792 a156c60a8da03d4fb2a5a6d2a543f099

http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge1_mipsel.deb

Size/MD5 checksum: 135158 8e97465aa547f8101a351df74617adfe

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1_mipsel.deb

Size/MD5 checksum: 151796 1d678358ebb525b0ad99e1e21c0678b6

http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge1_mipsel.deb

Size/MD5 checksum: 1435836 99e1916c1e373d607b181be087e20c0d

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge1_mipsel.deb

Size/MD5 checksum: 677402 335fd9c10febcccf380ac6483611485b

http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge1_mipsel.deb

Size/MD5 checksum: 214298 32568fc97cb013a5ae69269364236dd6

http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge1_mipsel.deb

Size/MD5 checksum: 1357300 c9139962bd699085ce93af7e7e38bea8

http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge1_mipsel.deb

Size/MD5 checksum: 131204 01c4c965d5806407775720c4aa7c6758

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge1_powerpc.deb

Size/MD5 checksum: 136366 307c39c6ba0b8859c926add812959f1b

http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge1_powerpc.deb

Size/MD5 checksum: 224690 d6cbd4ea63e218a9f7d3ffd885ca5812

http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge1_powerpc.deb

Size/MD5 checksum: 137434 df4659294003b02b2775b1fc06241a02

http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge1_powerpc.deb

Size/MD5 checksum: 1405706 8e1764862dc1a8bd4dab3ce803d46c97

http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge1_powerpc.deb

Size/MD5 checksum: 969804 ad56b9d0845fae35ad9d2c355e097e0e

http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge1_powerpc.deb

Size/MD5 checksum: 1444018 e72ce9936c5f1fa7e2f03685f575678e

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge1_powerpc.deb

Size/MD5 checksum: 620414 b5c4a9ee758871b12ade251370acdafa

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1_powerpc.deb

Size/MD5 checksum: 152960 208e5b3c9eea867bf5f22a157f1780a3

http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge1_powerpc.deb

Size/MD5 checksum: 133426 a3085fd784eb8ffa69433fbbc7989e2e

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge1_s390.deb

Size/MD5 checksum: 674136 1c8f6d61b5c1a5b64f739356cab851b1

http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge1_s390.deb

Size/MD5 checksum: 1430890 391dc5d38b4296d1d130a7e3180fcb8b

http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge1_s390.deb

Size/MD5 checksum: 136752 afca1f7aad665e4ef2eaf575063568df

http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge1_s390.deb

Size/MD5 checksum: 239460 31b887aab09ddcd2e4c73b59a763e9f7

http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge1_s390.deb

Size/MD5 checksum: 1446898 c68eebe3a5aefd2481c5f2be11d1b288

http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge1_s390.deb

Size/MD5 checksum: 907170 ef7a778b5c3ff7d7018249d12ed1cc42

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1_s390.deb

Size/MD5 checksum: 151324 7b6eef790b8521af70caccc2222648b1

http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge1_s390.deb

Size/MD5 checksum: 132744 9ad294790e0671a9554f51e9e98dcfae

http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge1_s390.deb

Size/MD5 checksum: 135400 9316718a838de0e4eb70d2219f62deda

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1_sparc.deb

Size/MD5 checksum: 151092 6c8703faeef65dbe01c8bc3ca58eb21c

http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge1_sparc.deb

Size/MD5 checksum: 228680 f42008816718184b32ed9fbc9e9792de

http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge1_sparc.deb

Size/MD5 checksum: 134242 1454796bb631a487b1a09c0b79f74612

http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge1_sparc.deb

Size/MD5 checksum: 1441658 a8f4b6b51a04f34d5af8e42b9aaca089

http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge1_sparc.deb

Size/MD5 checksum: 135444 e863c95f206b5f962f6e54cacd4d86d1

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge1_sparc.deb

Size/MD5 checksum: 645918 f37ee519426241b04c45696ebec8e0fe

http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge1_sparc.deb

Size/MD5 checksum: 747554 475e9a0ca6eb5bda8f902aa072a83778

http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge1_sparc.deb

Size/MD5 checksum: 131602 5e7709c25e545b412f7dfda412b35e6d

http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge1_sparc.deb

Size/MD5 checksum: 1372542 1afe6cef5b2a0bde500017af7f8fab05

Debian Security Advisory DSA 749-1 security@debian.org
http://www.debian.org/security/
Michael Stone
July 10, 2005 http://www.debian.org/security/faq

Package : ettercap
Vulnerability : arbitrary code execution
Problem type : format string error
Debian-specific: no
CVE Id(s) : CAN-2005-1796

A vulnerability was discovered in the ettercap package which
could allow a remote attacker to execute arbitrary code on the
system running ettercap.

The old stable distribution (woody) did not include
ettercap.

For the stable distribution (sarge), this problem has been fixed
in version 0.7.1-1sarge1.

For the unstable distribution (sid), this problem has been fixed
in version 0.7.3-1.

We recommend that you upgrade your ettercap package.

Upgrade instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 3.1 (sarge)

sarge was released for alpha, arm, hppa, i386, ia64, m68k, mips,
mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1.orig.tar.gz

Size/MD5 checksum: 1121758 f769039e0e967e9e09d0365fe358d683

http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1.diff.gz

Size/MD5 checksum: 4027 409603f119d07401bf7671b317e8ccef

http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1.dsc

Size/MD5 checksum: 746 12b96cbc18bdb3bd7b431efbbfa73c34

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_alpha.deb

Size/MD5 checksum: 262674 3360122f7ee141aa6f2d410f4f834933

http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_alpha.deb

Size/MD5 checksum: 318266 4b09b93eba161a30b2f6cd28c33d0f1d

http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_alpha.deb

Size/MD5 checksum: 221836 dbe0a871072bcd8d90318b271af1952b

arm architecture (ARM)

http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_arm.deb

Size/MD5 checksum: 202390 6feb651f0b27a18e36612804388356e8

http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_arm.deb

Size/MD5 checksum: 288022 062a0e8b4fdc2985a5bf9f5a0bc14fc4

http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_arm.deb

Size/MD5 checksum: 169426 b08226c852071b61b66c16fd012412ec

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_hppa.deb

Size/MD5 checksum: 304744 59be8a0479f3b0c9512e5193865c6bc2

http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_hppa.deb

Size/MD5 checksum: 227462 c364ecfec15360338b93176d45d759f3

http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_hppa.deb

Size/MD5 checksum: 190422 abbb689c039c829ab4358c4983c96c96

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_i386.deb

Size/MD5 checksum: 208398 91059e61c393851e8edb3b841450b46d

http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_i386.deb

Size/MD5 checksum: 286292 be3fff62821300e02ee004deb7a3bf91

http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_i386.deb

Size/MD5 checksum: 173010 cba1a300d2d2add3c7c8720c287a7d10

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_ia64.deb

Size/MD5 checksum: 331966 f316f4df7dfc6ea666288f7aa1ef955b

http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_ia64.deb

Size/MD5 checksum: 256862 64f34b09f95832daa6de66f4e5a9be0b

http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_ia64.deb

Size/MD5 checksum: 304328 6781371e63adcedd74db7a9435f77a64

m68k architecture (Motorola Mc680x0)

http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_m68k.deb

Size/MD5 checksum: 153950 310081b9ca119d2ce58c4cc779ea93c9

http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_m68k.deb

Size/MD5 checksum: 182234 6cea01aa78d8ab57b7365bcf1977f26a

http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_m68k.deb

Size/MD5 checksum: 284704 9fb2cbc636754bc116bb92136cd662c2

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_mips.deb

Size/MD5 checksum: 180014 430dad7d762ab3d21ffdf5452d038a6f

http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_mips.deb

Size/MD5 checksum: 296628 9dceaed8c2623ddb45a82b95f3c44480

http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_mips.deb

Size/MD5 checksum: 210476 53c398ef40193a1fc5eede9f8b6d5e76

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_mipsel.deb

Size/MD5 checksum: 298032 f599e9ca6ecf52622ccfcb3ac6f20bf3

http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_mipsel.deb

Size/MD5 checksum: 182216 1ea0f7044b6b65c56b0d7ebd23842705

http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_mipsel.deb

Size/MD5 checksum: 212338 c8e0734ab8090a77c84d63b57086dc06

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_powerpc.deb

Size/MD5 checksum: 322336 e7ab6f5e567b2cc271f180cb16f70476

http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_powerpc.deb

Size/MD5 checksum: 179370 b1f750e38e742030932ab076d4e62eac

http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_powerpc.deb

Size/MD5 checksum: 212186 96860165bf4e4e796eeaaea7d8ea4e51

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_s390.deb

Size/MD5 checksum: 296358 e2d6fac489aaca1da105b103dcf3c84c

http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_s390.deb

Size/MD5 checksum: 183506 d181a9d198e471ad6634c9b7b3fb6b18

http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_s390.deb

Size/MD5 checksum: 216164 f480772db37197c2ed364b61185e90f6

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_sparc.deb

Size/MD5 checksum: 289156 f3de4592a6ec6678c36499fe6ed59915

http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_sparc.deb

Size/MD5 checksum: 169062 880af57dc7c562dbd0a668878115b5f4

http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_sparc.deb

Size/MD5 checksum: 201582 08f5653424161a44534bb0c5346cab53

Debian Security Advisory DSA 750-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
July 11th, 2005 http://www.debian.org/security/faq

Package : dhcpcd
Vulnerability : out-of-bound memory access Problem-Type :
remote
Debian-specific: no
CVE ID : CAN-2005-1848

“infamous42md” discovered that dhcpcd, a DHCP client for
automatically configuring IPv4 networking, can be tricked into
reading past the end of the supplied DHCP buffer which could lead
to the daemon crashing.

The old stable distribution (woody) is not affected by this
problem.

For the stable distribution (sarge) this problem has been fixed
in version 1.3.22pl4-21sarge1.

For the unstable distribution (sid) this problem has been fixed
in version 1.3.22pl4-22.

We recommend that you upgrade your dhcpcd package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

Advisories: July 12, 2005

Debian GNU/Linux

Get the Free Newsletter!

Must Read

Tangram Is an Interesting Linux Web Browser

How to Verify Debian and Ubuntu Packages Using MD5 Checksums

Oracle Brings Its Version of Leapp In-Place Upgrade Tool to OpenELA

How to Install Apache Kafka on Ubuntu 24.04

openSUSE’s Agama Installer Lands with Enhanced Web UI

Our Brands