---

Home Security

Advisories, July 24, 2006

By

Debian GNU/Linux

Debian Security Advisory DSA 1121-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
July 24th, 2006 http://www.debian.org/security/faq

Package : postgrey
Vulnerability : format string
Problem type : remote
Debian-specific: no
CVE ID : CVE-2005-1127

Peter Bieringer discovered that postgrey, an greylisting
implementation for Postfix, is vulnerable to a format string attack
that allows remote attackers to the daemon.

For the stable distribution (sarge) this problem has been fixed
in version 1.21-1sarge1.

For the stable distribution (sarge) this problem has also been
fixed in version 1.21-1volatile4 in the volatile archive.

For the unstable distribution (sid) this problem has been fixed
in version 1.22-1.

We recommend that you upgrade your postgrey package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/p/postgrey/postgrey_1.21-1sarge1.dsc

      Size/MD5 checksum: 628
2a0d8c903c9f47b374a9fa871056b5df
    http://security.debian.org/pool/updates/main/p/postgrey/postgrey_1.21-1sarge1.diff.gz

      Size/MD5 checksum: 13354
96eefd0e11745edf1cce5fa833d83396
    http://security.debian.org/pool/updates/main/p/postgrey/postgrey_1.21.orig.tar.gz

      Size/MD5 checksum: 25934
1274e073be5178445e0892a9dcc6fe98

Architecture independent components:

    http://security.debian.org/pool/updates/main/p/postgrey/postgrey_1.21-1sarge1_all.deb

      Size/MD5 checksum: 41526
43de6a5366b7df928212489a84ec127f

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 1122-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
July 24th, 2005 http://www.debian.org/security/faq

Package : libnet-server-perl
Vulnerability : format string
Problem type : remote
Debian-specific: no
CVE ID : CVE-2005-1127
Debian Bug : 378640

Peter Bieringer discovered that the “log” function in the
Net::Server Perl module, an extensible, general perl server engine,
is not safe against format string exploits.

The old stable distribution (woody) does not contain this
package.

For the stable distribution (sarge) this problem has been fixed
in version 0.87-3sarge1.

For the unstable distribution (sid) this problem has been fixed
in version 0.89-1.

We recommend that you upgrade your libnet-server-perl
package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/libn/libnet-server-perl/libnet-server-perl_0.87-3sarge1.dsc

      Size/MD5 checksum: 692
9790e3935bc81150adb54a5d5a3fa692
    http://security.debian.org/pool/updates/main/libn/libnet-server-perl/libnet-server-perl_0.87-3sarge1.diff.gz

      Size/MD5 checksum: 8220
59438319c03603473e174c61009b0d7c
    http://security.debian.org/pool/updates/main/libn/libnet-server-perl/libnet-server-perl_0.87.orig.tar.gz

      Size/MD5 checksum: 69235
0b8553db414dac4c43b9f9282f8e149c

Architecture independent components:

    http://security.debian.org/pool/updates/main/libn/libnet-server-perl/libnet-server-perl_0.87-3sarge1_all.deb

      Size/MD5 checksum: 126808
5f8a62959bae9000ec8e64a23263d072

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 1123-1 security@debian.org
http://www.debian.org/security/
Moritz Muehlenhoff
July 24th, 2006 http://www.debian.org/security/faq

Package : libdumb
Vulnerability : buffer overflow
Problem-Type : local(remote)
Debian-specific: no
CVE ID : CVE-2006-3668
Debian Bug : 379064

Luigi Auriemma discovered that DUMB, a tracker music library,
performs insufficient sanitising of values parsed from IT music
files, which might lead to a buffer overflow and execution of
arbitrary code if manipulated files are read.

For the stable distribution (sarge) this problem has been fixed
in version 0.9.2-6.

For the unstable distribution (sid) this problem has been fixed
in version 0.9.3-5.

We recommend that you upgrade your libdumb packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/libd/libdumb/libdumb_0.9.2-6.dsc

      Size/MD5 checksum: 634
32242f365a1433e66ca9e46a004523df
    http://security.debian.org/pool/updates/main/libd/libdumb/libdumb_0.9.2-6.diff.gz

      Size/MD5 checksum: 3914
65aa4b7596e81c622e830bbe1d32ff22
    http://security.debian.org/pool/updates/main/libd/libdumb/libdumb_0.9.2.orig.tar.gz

      Size/MD5 checksum: 145722
0ce45f64934e6d5d7b82a55108596680

Alpha architecture:

    http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0_0.9.2-6_alpha.deb

      Size/MD5 checksum: 75276
b7f57922166c536f19b965d3ab0d88fe
    http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0-dev_0.9.2-6_alpha.deb

      Size/MD5 checksum: 6090
06c293edff58a482fcf6084c4b5d934a
    http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0_0.9.2-6_alpha.deb

      Size/MD5 checksum: 121546
715574ff400819fd703793d4ecf75fad
    http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0-dev_0.9.2-6_alpha.deb

      Size/MD5 checksum: 72390
31d5b7901bc0812b9348eb876cc15b8d

AMD64 architecture:

    http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0_0.9.2-6_amd64.deb

      Size/MD5 checksum: 74780
04d899dbf1e150f1f9568457d34b6fdd
    http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0-dev_0.9.2-6_amd64.deb

      Size/MD5 checksum: 5244
d0bdb1d783d860280176b190677a4052
    http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0_0.9.2-6_amd64.deb

      Size/MD5 checksum: 109360
712603865afd1d04e536c453bf1ae373
    http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0-dev_0.9.2-6_amd64.deb

      Size/MD5 checksum: 52534
87514a167dc9e6a00ee98c496721b2ae

ARM architecture:

    http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0_0.9.2-6_arm.deb

      Size/MD5 checksum: 73954
edb9623bfb0753b9ac8adf7fba5acfd1
    http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0-dev_0.9.2-6_arm.deb

      Size/MD5 checksum: 4738
f5afa9198afce1f16e625e7e41618f71
    http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0_0.9.2-6_arm.deb

      Size/MD5 checksum: 110002
542706c4b04ca773be469d066cce125b
    http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0-dev_0.9.2-6_arm.deb

      Size/MD5 checksum: 54256
6f59fabcf506f6508e86b42ae6ae78ad

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0_0.9.2-6_i386.deb

      Size/MD5 checksum: 74484
1c721ae454752d3a252f1cfc9a773d41
    http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0-dev_0.9.2-6_i386.deb

      Size/MD5 checksum: 4738
e4b77e2545480a205f675e39017efc58
    http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0_0.9.2-6_i386.deb

      Size/MD5 checksum: 108496
ead6a0b39172a059491c864b9985101f
    http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0-dev_0.9.2-6_i386.deb

      Size/MD5 checksum: 47478
a0d02ff38ef6791845756ca2394a4bc5

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0_0.9.2-6_ia64.deb

      Size/MD5 checksum: 76358
88a9e82bf0c85d8f0b6db2a718c40a9a
    http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0-dev_0.9.2-6_ia64.deb

      Size/MD5 checksum: 6312
953f7b5387e0d99715cf0c7b047bef9a
    http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0_0.9.2-6_ia64.deb

      Size/MD5 checksum: 134560
53dae1f7002cd4c795c8d42990470973
    http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0-dev_0.9.2-6_ia64.deb

      Size/MD5 checksum: 78760
0b70e7b9b4e67399e0e7cdfb94c2122d

HP Precision architecture:

    http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0_0.9.2-6_hppa.deb

      Size/MD5 checksum: 75286
7817acef6001881bcea7611ffd538b7d
    http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0-dev_0.9.2-6_hppa.deb

      Size/MD5 checksum: 5414
b399bd5949caccf4cb02ada6a4b7d4f3
    http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0_0.9.2-6_hppa.deb

      Size/MD5 checksum: 116320
a69a36e0c23670499781c2a77611bfae
    http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0-dev_0.9.2-6_hppa.deb

      Size/MD5 checksum: 57774
032d891a6aeda5932fcc8ad6fa64d372

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0_0.9.2-6_m68k.deb

      Size/MD5 checksum: 74204
43c5cd2ae45c7871e27bcb0fc948b17e
    http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0-dev_0.9.2-6_m68k.deb

      Size/MD5 checksum: 4596
560f752f7433cf6a743a18d4b7636e1d
    http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0_0.9.2-6_m68k.deb

      Size/MD5 checksum: 105372
785d07eaebf837f71a5ad3b017100f88
    http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0-dev_0.9.2-6_m68k.deb

      Size/MD5 checksum: 44940
606b5f441e61305b304f58a3bdd1ab5b

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0_0.9.2-6_mips.deb

      Size/MD5 checksum: 74418
d88ed88421fd473176eda13e168b2ae5
    http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0-dev_0.9.2-6_mips.deb

      Size/MD5 checksum: 5484
fcdfa364a97466a423aa8bf9646fe904
    http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0_0.9.2-6_mips.deb

      Size/MD5 checksum: 111414
01edc258404ab63fe164fea1930476f2
    http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0-dev_0.9.2-6_mips.deb

      Size/MD5 checksum: 56954
99e88c70e885558040177fb634c0a027

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0_0.9.2-6_mipsel.deb

      Size/MD5 checksum: 74416
0eda36c34e3962aa3dd84c1a0092372a
    http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0-dev_0.9.2-6_mipsel.deb

      Size/MD5 checksum: 5468
13f0d69dda9223f444a94ea0ca1d6843
    http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0_0.9.2-6_mipsel.deb

      Size/MD5 checksum: 111572
f82a7f553c8e1fe5b40bb6d676e7af77
    http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0-dev_0.9.2-6_mipsel.deb

      Size/MD5 checksum: 57134
c41f1608565019146d563859d8df849f

PowerPC architecture:

    http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0_0.9.2-6_powerpc.deb

      Size/MD5 checksum: 75934
15e1e9c231b1fa79002285249aa1868f
    http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0-dev_0.9.2-6_powerpc.deb

      Size/MD5 checksum: 4932
bda0bd686f1711f9ba4d9fefb6cd1df4
    http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0_0.9.2-6_powerpc.deb

      Size/MD5 checksum: 112666
450a7cc5c2c6134dda51bbe17bedade0
    http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0-dev_0.9.2-6_powerpc.deb

      Size/MD5 checksum: 53122
8c7ef44c26a5eb803456b1484e86780b

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0_0.9.2-6_s390.deb

      Size/MD5 checksum: 75080
69120a96775c9ce4da1005e88285bfc7
    http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0-dev_0.9.2-6_s390.deb

      Size/MD5 checksum: 5118
c80b9f07677b5cd0efef90d75e4f2226
    http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0_0.9.2-6_s390.deb

      Size/MD5 checksum: 114394
171899c4214e870b72c0be62113d866b
    http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0-dev_0.9.2-6_s390.deb

      Size/MD5 checksum: 53434
b0d7b9822aae29da009fbe70602992c6

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0_0.9.2-6_sparc.deb

      Size/MD5 checksum: 74112
dfeda909f974a6ca36404bbe87887d5a
    http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0-dev_0.9.2-6_sparc.deb

      Size/MD5 checksum: 4782
9dcd795ae35d0136d30e36634278a44f
    http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0_0.9.2-6_sparc.deb

      Size/MD5 checksum: 111376
9e364aa1a08ef44ee0b1704158f9649a
    http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0-dev_0.9.2-6_sparc.deb

      Size/MD5 checksum: 51554
c2d5966066dd655303b3f431bd09de4d

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 1124-1 security@debian.org
http://www.debian.org/security/
Moritz Muehlenhoff
July 24th, 2006 http://www.debian.org/security/faq

Package : fbi
Vulnerability : typo
Problem-Type : local
Debian-specific: no
CVE ID : CVE-2006-3119

Toth Andras discovered that the fbgs framebuffer postscript/PDF
viewer contains a typo, which prevents the intended filter against
malicious postscript commands from working correctly. This might
lead to the deletion of user data when displaying a postscript
file.

For the stable distribution (sarge) this problem has been fixed
in version 2.01-1.2sarge2.

For the unstable distribution (sid) this problem will be fixed
soon.

We recommend that you upgrade your fbi package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2.dsc

      Size/MD5 checksum: 735
36d0568b3c180e41cb1f6df809ff5e5b
    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2.diff.gz

      Size/MD5 checksum: 5088
3b4e9623e4aa9d333c3aee47c42f3422
    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01.orig.tar.gz

      Size/MD5 checksum: 205822
7bf21eae612fd457155533a83ab075c2

Alpha architecture:

    http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_alpha.deb

      Size/MD5 checksum: 29542
b0a4b4a73a93bda7243fea211f5ead9f
    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_alpha.deb

      Size/MD5 checksum: 67686
303fed22421dda6d18e541425c6a945f

AMD64 architecture:

    http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_amd64.deb

      Size/MD5 checksum: 24528
359cf3eadf6294c39b4fe2b185aa1167
    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_amd64.deb

      Size/MD5 checksum: 57384
cb5af6bbe2bd5ea99966eab903f220bf

ARM architecture:

    http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_arm.deb

      Size/MD5 checksum: 22494
4a750437cdd4fcb2049e8c33b5231b64
    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_arm.deb

      Size/MD5 checksum: 51232
240a6f9509c00477bcbefe80a0fb7e70

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_i386.deb

      Size/MD5 checksum: 22712
809f7d0fcfce407e5679305b07b69967
    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_i386.deb

      Size/MD5 checksum: 52200
e2b4fdc29c3787d0a843415c5e62bcc1

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_ia64.deb

      Size/MD5 checksum: 33896
a60373a4938640174dc80b34c65dadc4
    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_ia64.deb

      Size/MD5 checksum: 79814
6b6bfc5816ca014e4d290b05834eceac

HP Precision architecture:

    http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_hppa.deb

      Size/MD5 checksum: 26914
164ccc167aa0fda01d9535c65db000cc
    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_hppa.deb

      Size/MD5 checksum: 60222
c215390ee5bef416b5a9eb9ad0b16a2e

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_m68k.deb

      Size/MD5 checksum: 20754
006ed3c7e982e08d14860282ac312fad
    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_m68k.deb

      Size/MD5 checksum: 47324
63732b97562e3b2e8f801128faf8b8b4

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_mips.deb

      Size/MD5 checksum: 26048
211c8a4c5398e403b7d7f4a1a4bb3c4f
    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_mips.deb

      Size/MD5 checksum: 59498
6e68121650840d81e04b1bec82156f5c

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_mipsel.deb

      Size/MD5 checksum: 26122
74ffc8475a2acf27af99b83b7cd0cbc6
    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_mipsel.deb

      Size/MD5 checksum: 59234
6b976898ad8c23b7da53449d6af2c3e0

PowerPC architecture:

    http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_powerpc.deb

      Size/MD5 checksum: 25978
ec0d5e88f5e7c908ce7c053485ca415a
    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_powerpc.deb

      Size/MD5 checksum: 57298
996b2e6523767b439583dad7c511df83

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_s390.deb

      Size/MD5 checksum: 24472
8c030047c8d631a6a1c01079e7d352e7
    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_s390.deb

      Size/MD5 checksum: 58050
e5bebfa9b1c7ab4a0cfac3bc8f5f4541

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_sparc.deb

      Size/MD5 checksum: 23074
5c0854fb34e3c6da7c12991dedae0910
    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_sparc.deb

      Size/MD5 checksum: 52484
72496fbe05968cfb7bd185414629033f

These files will probably be moved into the stable distribution
on its next update.

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>;

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200607-08

http://security.gentoo.org/

Severity: Normal
Title: GIMP: Buffer overflow
Date: July 23, 2006
Bugs: #139524
ID: 200607-08

Synopsis

GIMP is prone to a buffer overflow which may lead to the
execution of arbitrary code when loading specially crafted XCF
files.

Background

GIMP is the GNU Image Manipulation Program. XCF is the native
image file format used by GIMP.

Affected packages

     Package         /  Vulnerable  /                       Unaffected

  1  media-gfx/gimp      < 1.2.12                            >= 1.2.12

Description

Henning Makholm discovered that the “xcf_load_vector()” function
is vulnerable to a buffer overflow when loading a XCF file with a
large “num_axes” value.

Impact

An attacker could exploit this issue to execute arbitrary code
by enticing a user to open a specially crafted XCF file.

Workaround

There is no known workaround at this time.

Resolution

All GIMP users should update to the latest stable version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-gfx/gimp-1.2.12"

References

[ 1 ] CVE-2006-3404

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3404

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200607-08.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Ubuntu Linux

Ubuntu Security Notice USN-322-1 July 24, 2006
kdelibs vulnerability
CVE-2006-3672

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
kdelibs 4:3.4.0-0ubuntu3.6

Ubuntu 5.10:
kdelibs 4:3.4.3-0ubuntu2.1

Ubuntu 6.06 LTS:
kdelibs 4:3.5.2-0ubuntu18.1

In general, a standard system upgrade is sufficient to effect
the necessary changes.

Details follow:

A Denial of Service vulnerability has been reported in the
replaceChild() method in KDE’s DOM handler. A malicious remote web
page could exploit this to cause Konqueror to crash.

Updated packages for Ubuntu 5.04:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0-0ubuntu3.6.diff.gz

      Size/MD5: 359009
80e19fdd5fc4e09de50e0abc08dbdc64
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0-0ubuntu3.6.dsc

      Size/MD5: 1334
8e9db12a120c7d9aa45ce4a89748150c
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0.orig.tar.gz

      Size/MD5: 20024253
471740de13cfed37d35eb180fc1b9b38

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.4.0-0ubuntu3.6_all.deb

      Size/MD5: 8013322
0f58397ee85bc8e94222bd887e3e3ed8
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.4.0-0ubuntu3.6_all.deb

      Size/MD5: 12073276
d64b80c5e3f2761a1fee42c4ac61aceb
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0-0ubuntu3.6_all.deb

      Size/MD5: 20560
b926d8254eae60a6dfc2f2383c749e8b

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.0-0ubuntu3.6_amd64.deb

      Size/MD5: 921980
3b24d216d30e42fe76f114af2ef79e23
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.0-0ubuntu3.6_amd64.deb

      Size/MD5: 1303886
02fdf7d27c3b4191041e1f1ba65dbec3
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4_3.4.0-0ubuntu3.6_amd64.deb

      Size/MD5: 8970482
e4d884c6087a940ed951975ecaf70a16

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.0-0ubuntu3.6_i386.deb

      Size/MD5: 839684
a51679f1f9d6b0819f1aeaff2929cdb8
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.0-0ubuntu3.6_i386.deb

      Size/MD5: 1301354
d5a5d6777bac0d83976ee5d2514a5e36
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4_3.4.0-0ubuntu3.6_i386.deb

      Size/MD5: 8397572
e536bdbc12511bec8e8adcf755d10369

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.0-0ubuntu3.6_powerpc.deb

      Size/MD5: 904730
5eb02eab700a7844b86ed5337f202f57
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.0-0ubuntu3.6_powerpc.deb

      Size/MD5: 1304646
7bc4878395c8c57f20642fb76f0cf0f2
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4_3.4.0-0ubuntu3.6_powerpc.deb

      Size/MD5: 8368206
920ad16060f913092914e2de01bbf533

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.1.diff.gz

      Size/MD5: 328824
90ae45cf60a62394b61877f0b8829bb7
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.1.dsc

      Size/MD5: 1523
ce890db0541122c30d10b77ce8d65871
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3.orig.tar.gz

      Size/MD5: 19981388
36e7a8320bd95760b41c4849da170100

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.4.3-0ubuntu2.1_all.deb

      Size/MD5: 6969950
9e99951cfed9d47e7a6aa15c4bc8b2a6
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.4.3-0ubuntu2.1_all.deb

      Size/MD5: 29296526
6bbe20ef6d29c14fda945f62465cba72
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.1_all.deb

      Size/MD5: 30588
32c58feabf9a01d39f0d320f515c47b4

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.1_amd64.deb

      Size/MD5: 926460
4d3048c061d7ff0bac8fce46b5a36dbd
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.1_amd64.deb

      Size/MD5: 1308904
acee80a54853c4c5f20fd103c33624bf
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.1_amd64.deb

      Size/MD5: 22552926
4e764557784428203e4c92cf5ab59fde
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.1_amd64.deb

      Size/MD5: 9109020
781b3293a2da56aa1d72726b9b12ead7

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.1_i386.deb

      Size/MD5: 814588
85c95ac51f23734d95f1486e6aea688e
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.1_i386.deb

      Size/MD5: 1305556
b4b84167dd7440030468f38f7aa09f9d
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.1_i386.deb

      Size/MD5: 19410458
ad2963d64c42c42af65b5bbcfa2e2bd7
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.1_i386.deb

      Size/MD5: 8072046
d3a08494ba8830d09f7023bcbfe3fa58

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.1_powerpc.deb

      Size/MD5: 909832
0070a9f392c1d25b32c44d7ba198a825
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.1_powerpc.deb

      Size/MD5: 1310248
6a4b7ed6b9dee4232bc3bf56f226faeb
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.1_powerpc.deb

      Size/MD5: 22763910
3248431f4b054df3c004d0694e35cc38
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.1_powerpc.deb

      Size/MD5: 8434102
f3b488d7a18ee6c26f0bd64d44fbc847

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.1_sparc.deb

      Size/MD5: 831116
ae7b8c8545f312a482715610f91af41d
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.1_sparc.deb

      Size/MD5: 1306984
405ed2017fe27e07bf9e6c7dec3dc8d0
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.1_sparc.deb

      Size/MD5: 20031522
6269f1c9b33b15613bc2c4a4cd8cda3f
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.1_sparc.deb

      Size/MD5: 8240954
734ee524e79cd4804ada703584251b31

Updated packages for Ubuntu 6.06 LTS:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.1.diff.gz

      Size/MD5: 467654
3c060d4dce003028018d064c01749b55
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.1.dsc

      Size/MD5: 1611
5d2d8fc33079c007c003a7a59f9746dd
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2.orig.tar.gz

      Size/MD5: 18775353
00c878d449522fb8aa2769a4c5ae1fde

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.2-0ubuntu18.1_all.deb

      Size/MD5: 7083812
b2a70a68acd6063dbb978b458c11dd2b
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.2-0ubuntu18.1_all.deb

      Size/MD5: 41489526
bd20265c944ec0426da7dcac34cadeb4
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.1_all.deb

      Size/MD5: 35620
c0fefa42c68b682b3826828ac78b14ee

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.1_amd64.deb

      Size/MD5: 925402
49c8981901ab09a874acbd8fa26a8116
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.1_amd64.deb

      Size/MD5: 26451710
625479b3435ed1c03a86eecfa2677a67
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.1_amd64.deb

      Size/MD5: 1355502
9beb852dc6851eab35c21c566c02aeda
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.1_amd64.deb

      Size/MD5: 9406952
2bab09a35129dda1b9e0dc878c3baa5f

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.1_i386.deb

      Size/MD5: 814926
50317f1790612a4aa22efe9f47588f53
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.1_i386.deb

      Size/MD5: 22925228
f5716faf161488b0a947f3e70b46199d
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.1_i386.deb

      Size/MD5: 1352158
70f006f893b64aa97649b0d706660286
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.1_i386.deb

      Size/MD5: 8334302
356f67a801d8216a4933af023075a75a

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.1_powerpc.deb

      Size/MD5: 905982
fb4dbd4f51f9ef9081410018aaeea11e
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.1_powerpc.deb

      Size/MD5: 26718448
cc90559402793050714ebc19e478f9e2
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.1_powerpc.deb

      Size/MD5: 1356906
d56198454fe16ac81f5d6667f88d5295
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.1_powerpc.deb

      Size/MD5: 8689514
dc64ea6dc0a52b403403c21959b2d689

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.1_sparc.deb

      Size/MD5: 826778
7cde821cf1da20929486ac2d5fdd6d10
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.1_sparc.deb

      Size/MD5: 23623304
9fbe439b0a5ca2862d14cc6b3bddceff
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.1_sparc.deb

      Size/MD5: 1353282
76cfc95fb82cc564f130c6f578746b65
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.1_sparc.deb

      Size/MD5: 8491430
590d37dae7987f6f75cc3f1315f5cd6d

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.