Debian Security Advisory DSA 1086-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
June 2nd, 2006 http://www.debian.org/security/faq
Package : xmcd
Vulnerability : design flaw
Problem type : local
Debian-specific: no
CVE ID : CVE-2006-2542
Debian Bug : 366816
The xmcdconfig creates directories world-writeable allowing
local users to fill the /usr and /var partition and hence cause a
denial of service. This problem has been half-fixed since version
2.3-1.
For the old stable distribution (woody) this problem has been
fixed in version 2.6-14woody1.
For the stable distribution (sarge) this problem has been fixed
in version 2.6-17sarge1.
For the unstable distribution (sid) this problem has been fixed
in version 2.6-18.
We recommend that you upgrade your xmcd package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1.dsc
Size/MD5 checksum: 619
42038224877b80e57969e82e14a6ee5a
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1.diff.gz
Size/MD5 checksum: 19169
3144b9f7dc78b1a0a668eff06ded3b08
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6.orig.tar.gz
Size/MD5 checksum: 553934
ce3208e21d8e37059e44ce9310d08f5f
Alpha architecture:
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_alpha.deb
Size/MD5 checksum: 65648
d4beba33b15cdef57c315666e9dbeaf3
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_alpha.deb
Size/MD5 checksum: 458520
da2013cefff5009ed770397ea7cf23fe
ARM architecture:
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_arm.deb
Size/MD5 checksum: 60464
2a9f06c9a2f888ea56ac62bdfe2eb05e
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_arm.deb
Size/MD5 checksum: 378038
932f832766a947aac29d9b40f2f8a026
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_i386.deb
Size/MD5 checksum: 58970
506435aef6b9a12c0715e73dea67eefd
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_i386.deb
Size/MD5 checksum: 324960
2eba0f70812dada62ec2fb3f3b054318
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_ia64.deb
Size/MD5 checksum: 66140
6d3eff9fdf1d9c6052c9554bc4dd584a
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_ia64.deb
Size/MD5 checksum: 543700
dce5ff73c754b4425fe642117a52f5fa
HP Precision architecture:
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_hppa.deb
Size/MD5 checksum: 60954
f48d59a10a2891bdb1842da42fe0b0f4
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_hppa.deb
Size/MD5 checksum: 406294
2b12245768fce9c5f57cc4a8818ea1be
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_m68k.deb
Size/MD5 checksum: 58890
ce57236e978ed6310d23cf1cfede3224
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_m68k.deb
Size/MD5 checksum: 309832
0de1924af1c4981505849da8e6b8c7af
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_mips.deb
Size/MD5 checksum: 61476
8a4dcea7adbfb4a1c3294a2622e05d15
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_mips.deb
Size/MD5 checksum: 377170
91d622c19970fe0dcda24f63e85c7350
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_mipsel.deb
Size/MD5 checksum: 61436
27eaa3e4c2365f2e4b49c526acc3df00
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_mipsel.deb
Size/MD5 checksum: 378122
c9b63596911f83c72a4c9b7fbd01abf0
PowerPC architecture:
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_powerpc.deb
Size/MD5 checksum: 60998
74e9b62e02f69db4dfedab57100904dd
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_powerpc.deb
Size/MD5 checksum: 364402
28547836494d0142a84c2bf58888c6bf
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_s390.deb
Size/MD5 checksum: 59818
8d3d1ca6ff1fd1ceb32c42b73d4fe3bb
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_s390.deb
Size/MD5 checksum: 347966
dd3cc13ee026156516f315b77cb1f06b
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_sparc.deb
Size/MD5 checksum: 62724
597ddc3fe6e1c56a3ecb78e2b46c7fd4
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_sparc.deb
Size/MD5 checksum: 361214
e93e33fe714c4b5429eb7a2bce8ba0ea
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1.dsc
Size/MD5 checksum: 619
25a530a0383c4ab2cbc2d23a6c95d5f2
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1.diff.gz
Size/MD5 checksum: 20482
d9ce89eebe6f068df0c1d49eacc0bb4b
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6.orig.tar.gz
Size/MD5 checksum: 553934
ce3208e21d8e37059e44ce9310d08f5f
Alpha architecture:
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_alpha.deb
Size/MD5 checksum: 62480
d99e5ad3da64edbfbc6a9e5c610683e1
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_alpha.deb
Size/MD5 checksum: 452252
19bf881ff9a11a1d398d97ef2158f07c
AMD64 architecture:
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_amd64.deb
Size/MD5 checksum: 60974
d14a6718ad2f95983d0af699aa585df2
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_amd64.deb
Size/MD5 checksum: 375978
1064343cbef2794c637ce6431935280b
ARM architecture:
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_arm.deb
Size/MD5 checksum: 60052
870eb636eb62c6b3d5fc310d82e9ae2c
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_arm.deb
Size/MD5 checksum: 363752
cf23e90fa86d845a66c297a12de2c887
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_i386.deb
Size/MD5 checksum: 59976
95f0064a7b485df46d6275e3ba98b28e
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_i386.deb
Size/MD5 checksum: 347032
2e5dfd037ca6a7d7e7ef77fa5b3cdd6a
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_ia64.deb
Size/MD5 checksum: 64146
9cf8c9c4c9aa5a6bf8da06ff9079e4df
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_ia64.deb
Size/MD5 checksum: 521072
6759905bab7f05d9cba71fa19b7b971d
HP Precision architecture:
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_hppa.deb
Size/MD5 checksum: 61618
578d619050afd48ba63fbb103a443673
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_hppa.deb
Size/MD5 checksum: 399428
b7c61aa93ff2efd42cb4375940b675df
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_m68k.deb
Size/MD5 checksum: 59428
a95f8b6d48635de344faf79d8dce01f5
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_m68k.deb
Size/MD5 checksum: 311534
313f9f8e4db059b0c58bc37ef61fe6cd
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_mips.deb
Size/MD5 checksum: 61656
35c929f75f4ab0989ab7fe94afe08a3d
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_mips.deb
Size/MD5 checksum: 379520
57b63417bfb1d07afb79767268e56022
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_mipsel.deb
Size/MD5 checksum: 61688
63b48f033d11adeb78d933e36ad0a904
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_mipsel.deb
Size/MD5 checksum: 381286
0e05464ae0243e4c6abfa50d21bf032c
PowerPC architecture:
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_powerpc.deb
Size/MD5 checksum: 60740
5bfc0950afeb05321af3623f90b015e4
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_powerpc.deb
Size/MD5 checksum: 372902
e1706bbfe5c2e920465f339824c3639a
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_s390.deb
Size/MD5 checksum: 60742
95dcd70b6713309c6f0d57017b024ed7
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_s390.deb
Size/MD5 checksum: 364676
0e28c9bf8c98276469af3b7a906f9c39
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_sparc.deb
Size/MD5 checksum: 59944
6057d32cd180068884fa63923163cc92
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_sparc.deb
Size/MD5 checksum: 354052
51387f66a75f9ab56fa036b970ace931
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 1087-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
June 3rd, 2006 http://www.debian.org/security/faq
Package : postgresql
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-2313 CVE-2006-2314
Several encoding problems have been discovered in PostgreSQL, a
popular SQL database. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2006-2313
Akio Ishida and Yasuo Ohgaki discovered a weakness in the
handling of invalidly-encoded multibyte text data which could allow
an attacker to inject arbitrary SQL commands.
CVE-2006-2314
A similar problem exists in client-side encodings (such as SJIS,
BIG5, GBK, GB18030, and UHC) which contain valid multibyte
characters that end with the backslash character. An attacker could
supply a specially crafted byte sequence that is able to inject
arbitrary SQL commands.
This issue does not affect you if you only use single-byte (like
SQL_ASCII or the ISO-8859-X family) or unaffected multibyte (like
UTF-8) encodings.
psycopg and python-pgsql use the old encoding for binary data
and may have to be updated.
The old stable distribution (woody) is affected by these
problems but we’re unable to correct the package.
For the stable distribution (sarge) these problems have been
fixed in version 7.4.7-6sarge2.
For the unstable distribution (sid) these problems have been
fixed in version 7.4.13-1.
We recommend that you upgrade your postgresql packages.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2.dsc
Size/MD5 checksum: 985
78d63a976c27999c86bbd57f70eae80d
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2.diff.gz
Size/MD5 checksum: 189611
577fb231aac4f86692e935b6a30eb1f4
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7.orig.tar.gz
Size/MD5 checksum: 9952102
d193c58aef02a745e8657c48038587ac
Architecture independent components:
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-doc_7.4.7-6sarge2_all.deb
Size/MD5 checksum: 2266882
86068a0b0bd5f3353746555933d29317
Alpha architecture:
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_alpha.deb
Size/MD5 checksum: 239980
bb173b640c9f206c320d20b554d724fa
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_alpha.deb
Size/MD5 checksum: 104826
0d4a8d8aea91799bc70617f9e47b5b29
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_alpha.deb
Size/MD5 checksum: 82408
f4a3dad48412573e5b993c4d9e7400f1
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_alpha.deb
Size/MD5 checksum: 61972
7cc403fea81613636d180358568638ca
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_alpha.deb
Size/MD5 checksum: 139496
bede365b3e3505f79cb734747744fd5e
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_alpha.deb
Size/MD5 checksum: 4153162
86740fcfb886861702c8bccbcfb7a8be
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_alpha.deb
Size/MD5 checksum: 614270
16108bc1a5cc9d7d51337597e2f5090c
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_alpha.deb
Size/MD5 checksum: 701704
de550242e2d5cbbf0d9c24aad75a4977
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_alpha.deb
Size/MD5 checksum: 546150
d9c95cc8ac6e21509b13640d0589c46c
AMD64 architecture:
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_amd64.deb
Size/MD5 checksum: 210208
602e081a5b8ef164d0d7114cfbb002e2
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_amd64.deb
Size/MD5 checksum: 96442
ecdcbc5b59750b9871d49e3319a18fb8
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_amd64.deb
Size/MD5 checksum: 79380
ca54542f754ac5da8c992f5889c12cc9
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_amd64.deb
Size/MD5 checksum: 56212
364aaa1ac5a22e12262b90314f060d33
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_amd64.deb
Size/MD5 checksum: 131638
82fcd52b9cb9c93afb1e9545df89ee28
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_amd64.deb
Size/MD5 checksum: 3887452
f408a28bc585b4f98e72e343813316be
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_amd64.deb
Size/MD5 checksum: 559516
2b31c9a4fc43ab7ca0d9dd2f55dd1bb9
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_amd64.deb
Size/MD5 checksum: 654962
0b5970688a0f4ed4476ea80196b3e33d
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_amd64.deb
Size/MD5 checksum: 519740
b291ff79aa9dcf4c94b4f544222b6e3c
ARM architecture:
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_arm.deb
Size/MD5 checksum: 216872
60267ccd42ebc905fbed60faf15ce7c8
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_arm.deb
Size/MD5 checksum: 92170
6f866dbf0695c4857d73dbd9c538caa7
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_arm.deb
Size/MD5 checksum: 76290
53279156767dd6b03ebde6a1a7a6e9d5
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_arm.deb
Size/MD5 checksum: 56338
14809b9f1149cc9a09b2b7f65efffd07
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_arm.deb
Size/MD5 checksum: 124098
72f5fa7ae580925a88a2d3dd8fc96c3d
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_arm.deb
Size/MD5 checksum: 3789942
b819ecda4f08a2f321942e6efd760e35
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_arm.deb
Size/MD5 checksum: 534538
b1cd2927aaf7a59ebe9274e9d88beff9
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_arm.deb
Size/MD5 checksum: 628216
a94c9d9207b560b6eed5fd823bdd5406
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_arm.deb
Size/MD5 checksum: 518454
db9f0c0c6ab0c0c3a504c5a1faf93d54
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_i386.deb
Size/MD5 checksum: 207204
aafafd90bea915cfce42e4cc8997a7ae
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_i386.deb
Size/MD5 checksum: 95146
fbccb71b54ddae5b4f0100262e546edd
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_i386.deb
Size/MD5 checksum: 78032
c2199f8932f9af670103bae577da7928
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_i386.deb
Size/MD5 checksum: 55678
ba9771127582d3c4d041d0ebd54714f8
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_i386.deb
Size/MD5 checksum: 128310
fcdcfa9995f3929c4af97fa75540fdf8
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_i386.deb
Size/MD5 checksum: 3799030
0d851c1ad83ba723ca81009464c69f71
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_i386.deb
Size/MD5 checksum: 539660
c3511e4e1935e5e741e630b33828492f
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_i386.deb
Size/MD5 checksum: 625940
32bb7a6139270dd119f72a7b708a6c54
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_i386.deb
Size/MD5 checksum: 516050
9aa8818dec80c8830fde3b0d6849d310
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_ia64.deb
Size/MD5 checksum: 250406
02e0cd73738b871e12fe07d435f502e8
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_ia64.deb
Size/MD5 checksum: 117496
0b12feda47694da718abaa8b82e3a7df
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_ia64.deb
Size/MD5 checksum: 91804
c75fd48f53fa84033593c5000c4e2ba1
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_ia64.deb
Size/MD5 checksum: 60582
c81d60f2b9fcafc17bf2c890f62a67af
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_ia64.deb
Size/MD5 checksum: 152570
657268cc59f43720a4fbcd7401f68a51
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_ia64.deb
Size/MD5 checksum: 4408476
6b9c54e4e402f7f2dd0bab017b53b066
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_ia64.deb
Size/MD5 checksum: 682300
919925ab2e1e3f0214223ec4d557198f
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_ia64.deb
Size/MD5 checksum: 776054
17a52e7ee887815ea0eca17db214e143
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_ia64.deb
Size/MD5 checksum: 543558
304d71b16b2de34209431a6e4f5f47b4
HP Precision architecture:
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_hppa.deb
Size/MD5 checksum: 217744
7ea61b426c2ead22a87d8e6b2b8cbc06
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_hppa.deb
Size/MD5 checksum: 104378
cb8adb9c1dd2bc415a6157fa12f928e5
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_hppa.deb
Size/MD5 checksum: 83740
3799d1cfececc128d9a6a790c08a86c7
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_hppa.deb
Size/MD5 checksum: 58682
3caab961a85db146b0d37f982af37622
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_hppa.deb
Size/MD5 checksum: 134686
5a730cd2793948c69aacb82d00124259
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_hppa.deb
Size/MD5 checksum: 4263326
56aa2f4f1caab2fddf15b8c0c960c426
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_hppa.deb
Size/MD5 checksum: 572462
2989c44d3ed16aff10af1bbdfee973f8
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_hppa.deb
Size/MD5 checksum: 686150
ad186c53d5cf30ec79bd5f7a8de97a7c
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_hppa.deb
Size/MD5 checksum: 523900
eb948f532e5cfdebe504925a73103c9d
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_m68k.deb
Size/MD5 checksum: 194254
60cb0f51cdb1e8c270bf5092b8d8255c
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_m68k.deb
Size/MD5 checksum: 89926
557536dec7b52d56abd80da0e3395204
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_m68k.deb
Size/MD5 checksum: 76946
8d5b8aaaad2faef72647dab6bf74a706
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_m68k.deb
Size/MD5 checksum: 53920
d8a7c7dfde0b9848c9b820b1b021013b
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_m68k.deb
Size/MD5 checksum: 125348
e2a9707ad1ac5f7fe1c1f2455242bc2c
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_m68k.deb
Size/MD5 checksum: 3974176
da72953d869784679784c9753972128f
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_m68k.deb
Size/MD5 checksum: 510460
0c3be055f6a3e09377c5669e25ee6cc3
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_m68k.deb
Size/MD5 checksum: 608894
52181b4b31ca796c2a67737706c2d732
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_m68k.deb
Size/MD5 checksum: 507366
b47589dc8e2cba5f2484136ae1360bd8
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_mips.deb
Size/MD5 checksum: 209612
24ecb0017cc2d0213c9ae14def963f7c
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_mips.deb
Size/MD5 checksum: 95740
7bc16022786a15ce296cc450bad14690
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_mips.deb
Size/MD5 checksum: 80856
4ae6337bf3f0749e5646398025b4ca3a
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_mips.deb
Size/MD5 checksum: 56260
32e7db2cc80977c8202f4dd11e4d37c0
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_mips.deb
Size/MD5 checksum: 128346
19627a5e0dab29be81b092ef9a064f1c
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_mips.deb
Size/MD5 checksum: 4171356
e97e1b50aa6ce9f1b3963d9ab20eeacc
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_mips.deb
Size/MD5 checksum: 582144
804d77b5e1089b5b39e57eb228836aca
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_mips.deb
Size/MD5 checksum: 641800
4b006574dbeda3bcedc514ca12433b10
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_mips.deb
Size/MD5 checksum: 521302
8d1b8b6bc9bc640761909527c425083a
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_mipsel.deb
Size/MD5 checksum: 207620
1b974ad276e845a8b9da8afb88b20118
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_mipsel.deb
Size/MD5 checksum: 95932
06b9e5d8fd2e82c622febe7faf7b2be7
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_mipsel.deb
Size/MD5 checksum: 80612
7a2d7bbd54b8f08aa09c2cd307d3d2be
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_mipsel.deb
Size/MD5 checksum: 56322
22475b9bc5de36f15ad8560795455133
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_mipsel.deb
Size/MD5 checksum: 128422
f6fbc5968a69601bcf94d71ad0f88532
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_mipsel.deb
Size/MD5 checksum: 3862226
e4424c77620f0c30beb7d8ac0e253d9f
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_mipsel.deb
Size/MD5 checksum: 581426
ed5a9b2a615bdfcc7036287667502038
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_mipsel.deb
Size/MD5 checksum: 641240
dc49d2bcf81a25280664c73b1af8797b
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_mipsel.deb
Size/MD5 checksum: 521720
5ff500cb5542403582240c7e37bbcdda
PowerPC architecture:
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_powerpc.deb
Size/MD5 checksum: 210904
48e1dd207b4b025e80b35406d75b43ee
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_powerpc.deb
Size/MD5 checksum: 100428
901be88d71fc0e06ccf3e50fb4151b93
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_powerpc.deb
Size/MD5 checksum: 84596
72fbac10fd10eedcc4ef1673e5ad57b2
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_powerpc.deb
Size/MD5 checksum: 55326
96fcce34e09b75e683c09e63d94b0ac2
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_powerpc.deb
Size/MD5 checksum: 129898
6467b522f8bcf577a5a5eac47e695e5f
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_powerpc.deb
Size/MD5 checksum: 4203052
1f019762641079d46b162b4ad2837458
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_powerpc.deb
Size/MD5 checksum: 565430
a305cd9acfcec0d648edb56eaae2f605
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_powerpc.deb
Size/MD5 checksum: 686040
3d34c6d9faf50a6c88c736364895cbdf
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_powerpc.deb
Size/MD5 checksum: 516676
c2e91f20faa7669ab94fae166f94cac5
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_s390.deb
Size/MD5 checksum: 208296
1ceaec0962943f05b7cb930c5a8ec5f0
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_s390.deb
Size/MD5 checksum: 97814
73b521d57581888ffa97f4c519aa2b78
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_s390.deb
Size/MD5 checksum: 80456
704e9ef41e3f89e610f7400c998ce88c
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_s390.deb
Size/MD5 checksum: 56994
b135a1197a5b47a4070a07ffceb33348
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_s390.deb
Size/MD5 checksum: 133966
f80f2bfb7a971fd9ff4f3266c9fdddcd
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_s390.deb
Size/MD5 checksum: 4161698
8dac213b26c2f64b394ead91cf796c8e
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_s390.deb
Size/MD5 checksum: 549568
a82366bd7a49ca2e2c3f84a0f99b61b2
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_s390.deb
Size/MD5 checksum: 665482
6d7faf109031c6f295966e65bd69ed79
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_s390.deb
Size/MD5 checksum: 520664
3ebbbcd84b599632d3b74a6aa5cfbd9e
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_sparc.deb
Size/MD5 checksum: 205870
9fe5eac55d9ecb77cde27081e43fa2e2
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_sparc.deb
Size/MD5 checksum: 93606
1ef27ddd79e25a9de9f65673076ccbed
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_sparc.deb
Size/MD5 checksum: 77926
525d22dd799578af00d5ee3e09718dbd
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_sparc.deb
Size/MD5 checksum: 56150
07daedfabe9931672c7fced5ef515708
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_sparc.deb
Size/MD5 checksum: 127594
e488f86dcbce2df62c3dbfe56766d1c2
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_sparc.deb
Size/MD5 checksum: 4091222
6c3cbbb9965d35a5813ea78abac52645
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_sparc.deb
Size/MD5 checksum: 535876
f914be88ee8da6b67cc3af31db4ef42b
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_sparc.deb
Size/MD5 checksum: 633208
f23620f4d6708b1946e85349372e3048
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_sparc.deb
Size/MD5 checksum: 514344
6d8417121070e1faa09936e6ac9b943f
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 1088-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
June 3rd, 2006 http://www.debian.org/security/faq
Package : centericq
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2005-3863
BugTraq ID : 15600
Debian Bug : 340959
Mehdi Oudad and Kevin Fernandez discovered a buffer overflow in
the ktools library which is used in centericq, a text-mode
multi-protocol instant messenger client, which may lead local or
remote attackers to execute arbitrary code.
For the old stable distribution (woody) this problem has been
fixed in version 4.5.1-1.1woody2.
For the stable distribution (sarge) this problem has been fixed
in version 4.20.0-1sarge4.
For the unstable distribution (sid) this problem has been fixed
in version 4.21.0-6.
We recommend that you upgrade your centericq package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2.dsc
Size/MD5 checksum: 603
792e9548d8f6d540c26fa0fdbdd1df57
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2.diff.gz
Size/MD5 checksum: 3827
dc51504b36a05b003de1d22c2c879223
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1.orig.tar.gz
Size/MD5 checksum: 680625
e50121ea43a54140939b7bec8efdefe0
Alpha architecture:
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_alpha.deb
Size/MD5 checksum: 868742
1e533bd67111dbaca069ec6a7e9122ec
ARM architecture: