---

Home Security

Advisories: July 6, 2005

By

Debian GNU/Linux

Debian Security Advisory DSA 737-1 security@debian.org
http://www.debian.org/security/
Michael Stone
July 05, 2005 http://www.debian.org/security/faq

Package : clamav
Vulnerability : various DOS vulnerabilities
Problem type : remote DOS
Debian-specific: no
CVE Id(s) : CAN-2005-1922, CAN-2005-1923, CAN-2005-2056,
CAN-2005-2070

A number of potential remote DOS vulnerabilities have been
identified in ClamAV. In addition to the four issues identified by
CVE ID above, there are fixes for issues in libclamav/cvd.c and
libclamav/message.c. Together, these issues could allow a carefully
crafted message to crash a ClamAV scanner or exhaust various
resources on the machine running the scanner.

For the stable distribution (sarge), these problems have been
fixed in version 0.84-2.sarge.1.

We recommend that you upgrade your clamav package.

Upgrade instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 3.1 (sarge)

Sarge was released for alpha, arm, hppa, i386, ia64, m68k, mips,
mipsel, powerpc, s390 and sparc.

Source archives:


http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1.dsc

Size/MD5 checksum: 990 45ab13b2916ea6e124ea508589dc2513

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1.diff.gz

Size/MD5 checksum: 165385 4b728b8f0fc9bd18cdbb9362369f9374

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz

Size/MD5 checksum: 4006624 c43213da01d510faf117daa9a4d5326c

Architecture independent packages:


http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.1_all.deb

Size/MD5 checksum: 153988 20db24662262e0b9dfa7aa75e97f5571

http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.1_all.deb

Size/MD5 checksum: 122964 2dee7ac0a4733f43062055198abdadc1

http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.1_all.deb

Size/MD5 checksum: 689196 96e29e17789a201af6f3dbb735aa8e86

alpha architecture (DEC Alpha)


http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_alpha.deb

Size/MD5 checksum: 2176330 e1ce57da96c8f7ba1d9e69f392870658

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_alpha.deb

Size/MD5 checksum: 74680 c0182e60e49ae35ab39c30920878bcdc

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_alpha.deb

Size/MD5 checksum: 283114 3e84390b59d5af7774971b8b4c450e39

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_alpha.deb

Size/MD5 checksum: 253394 58e508402215780d700c04f511ee8d7d

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_alpha.deb

Size/MD5 checksum: 42122 6bd307350ce2b26acf5f4de59f497794

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_alpha.deb

Size/MD5 checksum: 48772 d5a7634ec79fd31b2ed99ec622a96c40

arm architecture (ARM)


http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_arm.deb

Size/MD5 checksum: 2171212 92dd89faef07eadb80b1e2bbb487ccc5

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_arm.deb

Size/MD5 checksum: 37296 86712c3b9f80f020284c1e47c29b9ee6

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_arm.deb

Size/MD5 checksum: 39508 766654a8a9995a0f9d3a8b109d333b99

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_arm.deb

Size/MD5 checksum: 172722 4702e8e11065c3e23590b64291631914

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_arm.deb

Size/MD5 checksum: 247434 179dfac5e8992a9258cba01f489ca7bc

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_arm.deb

Size/MD5 checksum: 63810 0f39f35595799adba1e1289108f5ea53

hppa architecture (HP PA RISC)


http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_hppa.deb

Size/MD5 checksum: 68188 ff19cd8aca67fa7aad210d88864a453b

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_hppa.deb

Size/MD5 checksum: 2173628 62ec88ef2b2f3112659dccf0ef66613f

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_hppa.deb

Size/MD5 checksum: 43238 9b571f93adeaf8020371aa59f541dfeb

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_hppa.deb

Size/MD5 checksum: 280704 d517965637074ba48f158c0bddb82d9a

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_hppa.deb

Size/MD5 checksum: 39460 3d0a7396633a88f9066e124a1001b673

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_hppa.deb

Size/MD5 checksum: 200322 9ee598c6a6fa684611b9d29241bd1d09

i386 architecture (Intel ia32)


http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_i386.deb

Size/MD5 checksum: 251926 51b46d70e05f5417532aab94c7dd6eae

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_i386.deb

Size/MD5 checksum: 65170 04f2a69b6266171654fd57d7577305cf

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_i386.deb

Size/MD5 checksum: 40224 7eb9bd0badd30123381cdc2244dff6d6

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_i386.deb

Size/MD5 checksum: 157906 bd7b53ae3468b06f356e3e3370035bd6

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_i386.deb

Size/MD5 checksum: 38068 3ef8d62ca2f8af2027db477f04c93979

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_i386.deb

Size/MD5 checksum: 2171548 f02b058573d0ce47f1e0f8a4f6599f33

ia64 architecture (Intel ia64)


http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_ia64.deb

Size/MD5 checksum: 55088 b6aa3ba3880bc3d5aebf6c1bc3951326

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_ia64.deb

Size/MD5 checksum: 2180072 214adf5f285ad624e6744e9128e06f34

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_ia64.deb

Size/MD5 checksum: 49192 29a386cfac367dd659430e1aca3e04dd

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_ia64.deb

Size/MD5 checksum: 81704 a0c11d330719a27c296b88634b953d7a

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_ia64.deb

Size/MD5 checksum: 314816 e3854f4a055f16bf563515ef83e5abf4

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_ia64.deb

Size/MD5 checksum: 249462 063fe07e837dee3f52f5ba47a66d29d3

m68k architecture (Motorola Mc680x0)


http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_m68k.deb

Size/MD5 checksum: 144754 44a88bbe267a6cbf7ea55e42e58671ec

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_m68k.deb

Size/MD5 checksum: 35068 f507ca3a8730f37330d816beaa56e168

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_m68k.deb

Size/MD5 checksum: 38088 6858b82dec09fa97770fcc8e10865cba

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_m68k.deb

Size/MD5 checksum: 2170444 3e3cdaa835838fe85177b36fccb3a843

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_m68k.deb

Size/MD5 checksum: 62458 847986f045f59c26905116889b2066d1

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_m68k.deb

Size/MD5 checksum: 248324 f26c08e0192d43000a8df2596aa38bcb

mips architecture (MIPS (Big Endian))


http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_mips.deb

Size/MD5 checksum: 2172960 897382cb5c5ba5d8a9d110bd79a19e09

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_mips.deb

Size/MD5 checksum: 193560 4835e74c37f560ca8044db911a6358d7

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_mips.deb

Size/MD5 checksum: 43664 d17e5f89d441d6d83dde9969f3b1fb37

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_mips.deb

Size/MD5 checksum: 67852 f27d620c68cd6304e9bc463602d77c01

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_mips.deb

Size/MD5 checksum: 37670 107b733da72668d17220fe0bdfa805d4

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_mips.deb

Size/MD5 checksum: 255276 edfe71ac3f6d24a7ea824f9ace06f482

mipsel architecture (MIPS (Little Endian))


http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_mipsel.deb

Size/MD5 checksum: 2172922 94bad9cc0de7538cc4f71ba7c6b7d7df

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_mipsel.deb

Size/MD5 checksum: 189818 9c26e78b9dbfc1819bc9c0e4db51ffde

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_mipsel.deb

Size/MD5 checksum: 252688 f85304c4271406913ec7f4912bd549a3

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_mipsel.deb

Size/MD5 checksum: 43480 592fba9185897c20d9f80676f4e82d30

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_mipsel.deb

Size/MD5 checksum: 67494 3c72fac489ac473bc7ae7c3b853df115

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_mipsel.deb

Size/MD5 checksum: 37960 c14d7359a8861769f99ced4bc8e79ab6

powerpc architecture (PowerPC)


http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_powerpc.deb

Size/MD5 checksum: 185860 a16ed6de40309ebf5416be527979b0ab

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_powerpc.deb

Size/MD5 checksum: 38872 1935692d1134cbbf6645ec0cd309834d

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_powerpc.deb

Size/MD5 checksum: 69234 4296d8fe45db28c94ecacc983409b951

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_powerpc.deb

Size/MD5 checksum: 262318 498c34c716b47a93ad0eba5a6aaaa3dc

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_powerpc.deb

Size/MD5 checksum: 44578 d031213f49f04f9bd7b2418e21943911

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_powerpc.deb

Size/MD5 checksum: 2173540 a9f0d11dbed04bd72f94b1eac97ca41f

s390 architecture (IBM S/390)


http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_s390.deb

Size/MD5 checksum: 266996 360bb7b5bd2593d8601c00a663ed5a38

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_s390.deb

Size/MD5 checksum: 67782 5245801f0b13779b9b4a99974ca19bea

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_s390.deb

Size/MD5 checksum: 2172862 f7908b1ecf02aa2caef7778e440c1d93

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_s390.deb

Size/MD5 checksum: 43422 17abea4bf457a747d8b62c27af78d504

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_s390.deb

Size/MD5 checksum: 38936 8ec95f29d7cee631b1451ecc9cc97e09

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_s390.deb

Size/MD5 checksum: 180852 604d74d06225f105763b0844af66cfe3

sparc architecture (Sun SPARC/UltraSPARC)


http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_sparc.deb

Size/MD5 checksum: 2171084 89a8fdbef7aa886bfc85da3e32969641

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_sparc.deb

Size/MD5 checksum: 174352 15b7ec68667d8c919ddfb242c1fbba35

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_sparc.deb

Size/MD5 checksum: 36848 8c982ca9f8c9305aa04ebb5054180061

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_sparc.deb

Size/MD5 checksum: 64332 72ec3fe2dcf04bda145acc1e1737eb2c

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_sparc.deb

Size/MD5 checksum: 262698 90ef80c039a660e566196483ba07f488

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_sparc.deb

Size/MD5 checksum: 39380 1641564e1819fb17cf8962c0a58ee38c

Debian Security Advisory DSA 738-1 security@debian.org
http://www.debian.org/security/
Michael Stone
July 05, 2005 http://www.debian.org/security/faq

Package : razor
Vulnerability : email header parsing error
Problem type : remote DOS
Debian-specific: no
CVE Id(s) : CAN-2005-2024

A vulnerability was discovered in the way that Razor parses
certain email headers that could potentially be used to crash the
Razor program, causing a denial of service (DOS).

For the stable distribution (sarge), this problem has been fixed
in version 2.670-1sarge2.

The old stable distribution (woody) is not affected by this
issue.

We recommend that you upgrade your razor package.

Upgrade instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 3.1 (sarge)

sarge was released for alpha, arm, hppa, i386, ia64, m68k, mips,
mipsel, powerpc, s390 and sparc.

Source archives:


http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2.dsc

Size/MD5 checksum: 799 88b6def693d8e884f636acf9337344f1

http://security.debian.org/pool/updates/main/r/razor/razor_2.670.orig.tar.gz

Size/MD5 checksum: 86705 0118b6030ea261ea85e73a55cc7eac8e

http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2.diff.gz

Size/MD5 checksum: 10699 ed53476451c87dbf876697e198083973

alpha architecture (DEC Alpha)


http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_alpha.deb

Size/MD5 checksum: 117030 ab3c6043749da7b66aa468f8fec794a7

arm architecture (ARM)


http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_arm.deb

Size/MD5 checksum: 115572 01ee173b14d45f1f576dd3b4db6ba3e8

hppa architecture (HP PA RISC)


http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_hppa.deb

Size/MD5 checksum: 117146 82889def9ab647e075cedf658a2e7707

i386 architecture (Intel ia32)


http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_i386.deb

Size/MD5 checksum: 116070 9171153ba7bf5c0c679c14a8303d777d

ia64 architecture (Intel ia64)


http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_ia64.deb

Size/MD5 checksum: 118378 d1ed58ed88d490cad82b8cde72745b6d

m68k architecture (Motorola Mc680x0)


http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_m68k.deb

Size/MD5 checksum: 115938 6a620f25c1895e3ac80ba94c57931874

mips architecture (MIPS (Big Endian))


http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_mips.deb

Size/MD5 checksum: 114962 3a771fb3bc2b88b6606121541f4e1c80

mipsel architecture (MIPS (Little Endian))


http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_mipsel.deb

Size/MD5 checksum: 114978 3c6f16f40f9820e4624c277969c85947

powerpc architecture (PowerPC)


http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_powerpc.deb

Size/MD5 checksum: 117502 2860b774a37ed2eaae9efd365e05ceaf

s390 architecture (IBM S/390)


http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_s390.deb

Size/MD5 checksum: 115738 02789063e04d63a1eea5f2bf88745c5f

sparc architecture (Sun SPARC/UltraSPARC)


http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_sparc.deb

Size/MD5 checksum: 115848 8a264ab5802cf6764db4354facdd4ea0

Debian Security Advisory DSA 739-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
July 6th, 2005 http://www.debian.org/security/faq

Package : trac
Vulnerability : missing input sanitising
Problem-Type : remote
Debian-specific: no

Stefan Esser discovered an input validation flaw within Trac, a
wiki and issue tracking system, that allows download/upload of
files and therefore can lead to remote code execution in some
configurations.

The old stable distribution (woody) does not contain the trac
package.

For the stable distribution (sarge) this problem has been fixed
in version 0.8.1-3sarge2.

For the unstable distribution (sid) this problem has been fixed
in version 0.8.4-1.

We recommend that you upgrade your trac package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:


http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge2.dsc

Size/MD5 checksum: 655 17707ec452bb497b18b22a8280b775d6

http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge2.diff.gz

Size/MD5 checksum: 6294 386a1ffa63b1ba8709ad317176f1d419

http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1.orig.tar.gz

Size/MD5 checksum: 236791 1b6c44fae90c760074762b73cdc88c8d

Architecture independent components:


http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge2_all.deb

Size/MD5 checksum: 196864 85fd50e157531cbac57bf6e4901ad039

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 740-1 security@debian.org
http://www.debian.org/security/
Michael Stone
July 06, 2005 http://www.debian.org/security/faq

Package : zlib
Vulnerability : buffer overflow
Problem type : remote DOS
Debian-specific: no
CVE Id(s) : CAN-2005-2096

An error in the way zlib handles the inflation of certain
compressed files can cause a program which uses zlib to crash when
opening an invalid file.

This problem does not affect the old stable distribution
(woody).

For the stable distribution (sarge), this problem has been fixed
in version 1.2.2-4.sarge.1.

For the unstable distribution, this problem has been fixed in
version 1.2.2-7.

We recommend that you upgrade your clamav package.

Upgrade instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 3.1 (sarge)

Sarge was released for alpha, arm, hppa, i386, ia64, m68k, mips,
mipsel, powerpc, s390 and sparc.

Source archives:


http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.1.dsc

Size/MD5 checksum: 807 dc3fcabef1acff1c01e2f0ebf492bf66

http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.1.diff.gz

Size/MD5 checksum: 14253 2b6eeb5cca5debe943582e1266f0b70d

http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2.orig.tar.gz

Size/MD5 checksum: 430700 d43dabe3d374e299f2631c5fc5ce31f5

Alpha architecture:


http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_alpha.deb

Size/MD5 checksum: 30526 7a8a3ee419fbc7917a4c1034d9902474

http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_alpha.deb

Size/MD5 checksum: 82036 3f7d5435d3658a0e6e9026242dd0169b

http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_alpha.deb

Size/MD5 checksum: 533998 20c2841937e5de74fdddd464e81d2ad1

ARM architecture:


http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_arm.deb

Size/MD5 checksum: 25248 dccb0d7c752b806d8c0b43f657cee265

http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_arm.deb

Size/MD5 checksum: 66734 16f44bc4d254ed6398666c2a2a9298cc

http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_arm.deb

Size/MD5 checksum: 498336 9ff727e49b121802ec0de0d55b920f7a

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_i386.deb

Size/MD5 checksum: 25838 7730eb446f1cbf3f4f23955ba4d0a0ad

http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_i386.deb

Size/MD5 checksum: 63196 2bdd404fb56394e4495434c7f6a9b284

http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_i386.deb

Size/MD5 checksum: 487094 2498ca72ccc359a86e8d993b485d275f

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_ia64.deb

Size/MD5 checksum: 39204 4223a66e9097199b94b5de1ca217986c

http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_ia64.deb

Size/MD5 checksum: 93428 17b2187034b9e3961c3a21b221612558

http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_ia64.deb

Size/MD5 checksum: 553636 73a0490e7c575c10a97a3390a11c88ed

HP Precision architecture:


http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_hppa.deb

Size/MD5 checksum: 29260 f26944aa8cfb195b9b9dc30ece012f17

http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_hppa.deb

Size/MD5 checksum: 70356 e92b967975428c72678fdaa6bb483d7d

http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_hppa.deb

Size/MD5 checksum: 512480 1d49177f3c704ea216c0fbd78dc82735

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_m68k.deb

Size/MD5 checksum: 24028 53d352633677d62fd9c194996c60d31f

http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_m68k.deb

Size/MD5 checksum: 58850 2aae7ad830e0ad011b6800025130ff1c

http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_m68k.deb

Size/MD5 checksum: 485972 e4a948ba9ef16ba4ae5b9636ba831879

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_mips.deb

Size/MD5 checksum: 31504 474d31e3ca6b4e058b4e13090238425f

http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_mips.deb

Size/MD5 checksum: 68768 e401a7314e1105b067696f48814de63a

http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_mips.deb

Size/MD5 checksum: 510190 717a0a41c644cdc87125a48520aa9e0b

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_mipsel.deb

Size/MD5 checksum: 31494 0a6a0845e7195161393b1fdb08f69560

http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_mipsel.deb

Size/MD5 checksum: 69098 bafde67f893e248cf7dd16e96bc12edc

http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_mipsel.deb

Size/MD5 checksum: 509520 b147287aec201423bcb951034b68c936

PowerPC architecture:


http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_powerpc.deb

Size/MD5 checksum: 29974 9b0f7475d2a194ea569a10d8999b631c

http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_powerpc.deb

Size/MD5 checksum: 69632 dd73e85b2079144f56b45d43ae0a27ee

http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_powerpc.deb

Size/MD5 checksum: 522806 4aaef30ee2563e810606180e8ff984da

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/z/zlib/lib64z1_1.2.2-4.sarge.1_s390.deb

Size/MD5 checksum: 52588 6d8ec4a1c12fd602af9a4e9f22b66b59

http://security.debian.org/pool/updates/main/z/zlib/lib64z1-dev_1.2.2-4.sarge.1_s390.deb

Size/MD5 checksum: 55514 4f60ea5ef3a0158c3c05ac7d2ce29f05

http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_s390.deb

Size/MD5 checksum: 27186 baf3f833f392985bf22676f0a705e777

http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_s390.deb

Size/MD5 checksum: 67048 5db51f522598fc5fcffbc1fcc4d5b15d

http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_s390.deb

Size/MD5 checksum: 539008 38b2186f712c47abb03fe4b7f12d7a74

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/z/zlib/lib64z1_1.2.2-4.sarge.1_sparc.deb

Size/MD5 checksum: 54532 8ad5d51800c4d2b4a939b30fbe8c0a60

http://security.debian.org/pool/updates/main/z/zlib/lib64z1-dev_1.2.2-4.sarge.1_sparc.deb

Size/MD5 checksum: 57318 cdfcd9fe8ed1e87d3c6cffa831241c91

http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_sparc.deb

Size/MD5 checksum: 25768 ef14f68160c1672db1474406ea92f830

http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_sparc.deb

Size/MD5 checksum: 66868 3a5e4a67ef146cac5a8be1e4a65eb977

http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_sparc.deb

Size/MD5 checksum: 499186 03c0f468129c9b7c03e4f9a7ba39a339

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200507-06

http://security.gentoo.org/

Severity: High
Title: TikiWiki: Arbitrary command execution through XML-RPC
Date: July 06, 2005
Bugs: #97648
ID: 200507-06

Synopsis

TikiWiki includes PHP XML-RPC code, making it vulnerable to
arbitrary command execution.

Background

TikiWiki is a web-based groupware and content management system
(CMS), using PHP, ADOdb and Smarty. TikiWiki includes vulnerable
PHP XML-RPC code.

Affected packages

     Package            /  Vulnerable  /                    Unaffected

  1  www-apps/tikiwiki     < 1.8.5-r1                      >= 1.8.5-r1

Description

TikiWiki is vulnerable to arbitrary command execution as
described in GLSA 200507-01.

Impact

A remote attacker could exploit this vulnerability to execute
arbitrary PHP code by sending specially crafted XML data.

Workaround

There is no known workaround at this time.

Resolution

All TikiWiki users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.8.5-r1"

References

[ 1 ] GLSA 200507-01

http://security.gentoo.org/glsa/glsa-200507-01.xml

[ 2 ] CAN-2005-1921

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1921

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200507-06.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

Red Hat Linux

Red Hat Security Advisory

Synopsis: Important: zlib security update
Advisory ID: RHSA-2005:569-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-569.html

Issue date: 2005-07-06
Updated on: 2005-07-06
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-2096

1) Summary:

Updated Zlib packages that fix a buffer overflow are now
available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact
by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 – i386, x86_64
Red Hat Enterprise Linux ES version 4 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 – i386, ia64, x86_64

3. Problem description:

Zlib is a general-purpose lossless data compression library
which is used by many different programs.

Tavis Ormandy discovered a buffer overflow affecting Zlib
version 1.2 and above. An attacker could create a carefully crafted
compressed stream that would cause an application to crash if the
stream is opened by a user. As an example, an attacker could create
a malicious PNG image file which would cause a web browser or mail
viewer to crash if the image is viewed. The Common Vulnerabilities
and Exposures project assigned the name CAN-2005-2096 to this
issue.

Please note that the versions of Zlib as shipped with Red Hat
Enterprise Linux 2.1 and 3 are not vulnerable to this issue.

All users should update to these erratum packages which contain
a patch from Mark Adler which corrects this issue.

4. Solution:

Before applying this update, make sure all previously released
errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat
Network, launch the Red Hat Update Agent with the following
command:

up2date

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

162391 – CAN-2005-2096 zlib buffer overflow

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/zlib-1.2.1.2-1.1.src.rpm
b09854b7fbd3c6aef59e15379d563bc2 zlib-1.2.1.2-1.1.src.rpm

i386:
b80a549b59a2864e51fce1849ed91714 zlib-1.2.1.2-1.1.i386.rpm
d5db7d5f5a65de792571dffd49abb433
zlib-devel-1.2.1.2-1.1.i386.rpm

ia64:
b80a549b59a2864e51fce1849ed91714 zlib-1.2.1.2-1.1.i386.rpm
cc9e3223c11f5046a24ec68ff98d3a43 zlib-1.2.1.2-1.1.ia64.rpm
c46ed128d73cba13ace294e80e9a48d3
zlib-devel-1.2.1.2-1.1.ia64.rpm

ppc:
0a40389caa51dec8625e0c0b11a44e87 zlib-1.2.1.2-1.1.ppc.rpm
68de3c2b8e24ee086718f888b52d2d1d zlib-1.2.1.2-1.1.ppc64.rpm
b87b7e205c4d450a31b75a7a1ed9be0b zlib-devel-1.2.1.2-1.1.ppc.rpm
1d57bd73dc26f813fed1450dc9c70638
zlib-devel-1.2.1.2-1.1.ppc64.rpm

s390:
95bd5739a0d7e95977c4d1ead6584776 zlib-1.2.1.2-1.1.s390.rpm
87c887b819a7c2d2ed9fb5bf672f8b84
zlib-devel-1.2.1.2-1.1.s390.rpm

s390x:
95bd5739a0d7e95977c4d1ead6584776 zlib-1.2.1.2-1.1.s390.rpm
dfa44b20f0fe492a3c14c4a2e1b18f86 zlib-1.2.1.2-1.1.s390x.rpm
87c887b819a7c2d2ed9fb5bf672f8b84
zlib-devel-1.2.1.2-1.1.s390.rpm
24bb5acdf163d308774d0c05ecf5a5bb
zlib-devel-1.2.1.2-1.1.s390x.rpm

x86_64:
b80a549b59a2864e51fce1849ed91714 zlib-1.2.1.2-1.1.i386.rpm
d033b0a59c082ab7038435862f8f8ea6 zlib-1.2.1.2-1.1.x86_64.rpm
d5db7d5f5a65de792571dffd49abb433
zlib-devel-1.2.1.2-1.1.i386.rpm
93289aa3e51b5f8e0bf2300dc2b97784
zlib-devel-1.2.1.2-1.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/zlib-1.2.1.2-1.1.src.rpm
b09854b7fbd3c6aef59e15379d563bc2 zlib-1.2.1.2-1.1.src.rpm

i386:
b80a549b59a2864e51fce1849ed91714 zlib-1.2.1.2-1.1.i386.rpm
d5db7d5f5a65de792571dffd49abb433
zlib-devel-1.2.1.2-1.1.i386.rpm

x86_64:
b80a549b59a2864e51fce1849ed91714 zlib-1.2.1.2-1.1.i386.rpm
d033b0a59c082ab7038435862f8f8ea6 zlib-1.2.1.2-1.1.x86_64.rpm
d5db7d5f5a65de792571dffd49abb433
zlib-devel-1.2.1.2-1.1.i386.rpm
93289aa3e51b5f8e0bf2300dc2b97784
zlib-devel-1.2.1.2-1.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/zlib-1.2.1.2-1.1.src.rpm
b09854b7fbd3c6aef59e15379d563bc2 zlib-1.2.1.2-1.1.src.rpm

i386:
b80a549b59a2864e51fce1849ed91714 zlib-1.2.1.2-1.1.i386.rpm
d5db7d5f5a65de792571dffd49abb433
zlib-devel-1.2.1.2-1.1.i386.rpm

ia64:
b80a549b59a2864e51fce1849ed91714 zlib-1.2.1.2-1.1.i386.rpm
cc9e3223c11f5046a24ec68ff98d3a43 zlib-1.2.1.2-1.1.ia64.rpm
c46ed128d73cba13ace294e80e9a48d3
zlib-devel-1.2.1.2-1.1.ia64.rpm

x86_64:
b80a549b59a2864e51fce1849ed91714 zlib-1.2.1.2-1.1.i386.rpm
d033b0a59c082ab7038435862f8f8ea6 zlib-1.2.1.2-1.1.x86_64.rpm
d5db7d5f5a65de792571dffd49abb433
zlib-devel-1.2.1.2-1.1.i386.rpm
93289aa3e51b5f8e0bf2300dc2b97784
zlib-devel-1.2.1.2-1.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/zlib-1.2.1.2-1.1.src.rpm
b09854b7fbd3c6aef59e15379d563bc2 zlib-1.2.1.2-1.1.src.rpm

i386:
b80a549b59a2864e51fce1849ed91714 zlib-1.2.1.2-1.1.i386.rpm
d5db7d5f5a65de792571dffd49abb433
zlib-devel-1.2.1.2-1.1.i386.rpm

ia64:
b80a549b59a2864e51fce1849ed91714 zlib-1.2.1.2-1.1.i386.rpm
cc9e3223c11f5046a24ec68ff98d3a43 zlib-1.2.1.2-1.1.ia64.rpm
c46ed128d73cba13ace294e80e9a48d3
zlib-devel-1.2.1.2-1.1.ia64.rpm

x86_64:
b80a549b59a2864e51fce1849ed91714 zlib-1.2.1.2-1.1.i386.rpm
d033b0a59c082ab7038435862f8f8ea6 zlib-1.2.1.2-1.1.x86_64.rpm
d5db7d5f5a65de792571dffd49abb433
zlib-devel-1.2.1.2-1.1.i386.rpm
93289aa3e51b5f8e0bf2300dc2b97784
zlib-devel-1.2.1.2-1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More
contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

SUSE Linux

SUSE Security Announcement

Package: zlib
Announcement ID: SUSE-SA:2005:039
Date: Wed, 06 Jul 2005 14:00:00 +0000
Affected Products: 9.1, 9.2, 9.3 SUSE Linux Enterprise Server 9
Novell Linux Desktop 9 Open Enterprise Server
Vulnerability Type: remote denial of service
Severity (1-10): 7
SUSE Default Package: yes
Cross-References: CAN-2005-2096

Content of This Advisory:

  1. Security Vulnerability Resolved: zlib denial of service attack
    Problem Description
  2. Solution or Work-Around
  3. Special Instructions and Notes
  4. Package Location and Checksums
  5. Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE
    Security Summary Report.
  6. Authenticity Verification and Additional Information

1) Problem Description and Brief Discussion

A denial of service condition was fixed in the zlib library.

Any program using zlib to decompress data can be crashed by a
specially handcrafted invalid data stream. This includes web
browsers or email programs able to view PNG images (which are
compressed by zlib), allowing remote attackers to crash browser
sessions or potentially anti virus programs using this
vulnerability.

This issue is tracked by the Mitre CVE ID CAN-2005-2096.

Since only zlib 1.2.x is affected, older SUSE products are not
affected by this problem.

2) Solution or Work-Around

Install the updated packages.

3) Special Instructions and Notes

Please restart running programs using zlib.

4) Package Location and Checksums

The preferred method for installing security updates is to use
the YaST Online Update (YOU) tool. YOU detects which updates are
required and automatically performs the necessary steps to verify
and install them. Alternatively, download the update packages for
your distribution manually and verify their integrity by the
methods listed in Section 6 of this announcement. Then install the
packages using the command

rpm -Fhv <file.rpm>

to apply the update, replacing <file.rpm> with the
filename of the downloaded RPM package.

Our maintenance customers are notified individually. The
packages are offered for installation from the maintenance web.

x86 Platform:

SUSE Linux 9.3:

ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/zlib-1.2.2-5.2.i586.rpm
69306a26b2f9cbaadd139adafe8ec4ac

ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/zlib-devel-1.2.2-5.2.i586.rpm
e8f2b4dd7ac1a58850ceb78f806167fc

ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/zlib-32bit-9.3-7.1.x86_64.rpm
08a77c7932298f449c1a82808f254110

ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/zlib-devel-32bit-9.3-7.1.x86_64.rpm
5855d394fa83bd00e63c3dd921696ea3

SUSE Linux 9.2:

ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/zlib-1.2.1-74.2.i586.rpm
8f9d09a2d49a351261f4b31eeee7e4cd

ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/zlib-devel-1.2.1-74.2.i586.rpm
2143442ba3f12fa0d76be2fa98b1db8a

ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/zlib-32bit-9.2-200507042003.x86_64.rpm
4850236d95a259a406e4d4d6c93b8859

ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/zlib-devel-32bit-9.2-200507042003.x86_64.rpm
1d559edb263577bff25d1016777ebb55

SUSE Linux 9.1:

ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/zlib-1.2.1-70.9.i586.rpm
51e2ae37c32d4979d1da05b667289640

ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/zlib-devel-1.2.1-70.9.i586.rpm
3a7fd561f637ecfcf2f3b5118e48327a

ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/zlib-32bit-9.1-200507042050.i586.rpm
8070a09339374edeb50cf1d72249964f

ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/zlib-devel-32bit-9.1-200507042050.i586.rpm
91d1551e541e00e4bfefff68afc7ed8f
source rpm(s):

ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/zlib-1.2.1-70.9.src.rpm
c2cf9d2d338d44ab0af7cc4612053ef6

x86-64 Platform:

SUSE Linux 9.3:

ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/zlib-1.2.2-5.2.x86_64.rpm
9d76d7e17c4bd39b76671ae085667e68

ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/zlib-devel-1.2.2-5.2.x86_64.rpm
cc3090fe5ec5abbe7db63cb8f2191643
source rp

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.