Debian GNU/Linux
Debian Security Advisory DSA 919-2 security@debian.org
http://www.debian.org/security/
Martin Schulze
March 10th, 2006 http://www.debian.org/security/faq
Package : curl
Vulnerability : buffer overflow
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2005-4077
BugTraq ID : 15756 Debian Bugs : 342339 342696
The upstream developer of curl, a multi-protocol file transfer
library, informed us that the former correction to several
off-by-one errors are not sufficient. For completeness please find
the original bug description below:
Stefan Esser discovered several off-by-one errors that allows
local users to trigger a buffer overflow and cause a denial of
service or bypass PHP security restrictions via certain URLs.
For the old stable distribution (woody) these problems have been
fixed in version 7.9.5-1woody2.
For the stable distribution (sarge) these problems have been
fixed in version 7.13.2-2sarge5.
For the unstable distribution (sid) these problems have been
fixed in version 7.15.1-1.
We recommend that you upgrade your libcurl packages.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2.dsc
Size/MD5 checksum: 603
62a08f0dff0d09e2cfb773c04ec9cb39
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2.diff.gz
Size/MD5 checksum: 16679
4f4699069b8b03a75561c00ae346266c
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5.orig.tar.gz
Size/MD5 checksum: 682397
a4df6bb5aa8962c204e73c8f98077928
Alpha architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_alpha.deb
Size/MD5 checksum: 118546
80578b5149b1f85908250d189ffe4fc1
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_alpha.deb
Size/MD5 checksum: 195952
762e8471239a92b0c45b44e0379877f4
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_alpha.deb
Size/MD5 checksum: 116624
fe65a65b7ec0529ee5778f703f45de3d
ARM architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_arm.deb
Size/MD5 checksum: 114494
568f2949df218f0bdc77315eca6bcdc9
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_arm.deb
Size/MD5 checksum: 172996
7d0e29244038b8587dc4f393b800a19e
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_arm.deb
Size/MD5 checksum: 101892
36ded7c5e5844d79bb53b64b0a1e70c6
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_i386.deb
Size/MD5 checksum: 113024
0a4bea4409c4b15554af6d063deff9e6
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_i386.deb
Size/MD5 checksum: 163738
c91953e3083d813d51bc7d28c21cbb26
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_i386.deb
Size/MD5 checksum: 100544
860e88b6f23f13beb96d1adb7e23ccc3
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_ia64.deb
Size/MD5 checksum: 122108
feb536a863d0d317a7fa2ddd05c91ccd
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_ia64.deb
Size/MD5 checksum: 210346
d371446a9efe8b55b22a891599ca0e34
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_ia64.deb
Size/MD5 checksum: 139470
6b282c866dc3d439b54565a85672f73e
HP Precision architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_hppa.deb
Size/MD5 checksum: 116474
6def03bfd72095d967e130947160e149
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_hppa.deb
Size/MD5 checksum: 186410
8a92f7a10893e0e870c3de0008fdb7fb
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_hppa.deb
Size/MD5 checksum: 113016
a1c4e05ee3a19ceb7c501e7a15c79472
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_m68k.deb
Size/MD5 checksum: 112814
fe14e982348adcd471dac277c64318d7
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_m68k.deb
Size/MD5 checksum: 159174
101573ffa60ada3919244812c3e549a4
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_m68k.deb
Size/MD5 checksum: 97210
a679640f9f2a15ebc4cf7ecaab294b17
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_mips.deb
Size/MD5 checksum: 115508
e64d4b2a5f2ca190b5c6d2c35c612875
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_mips.deb
Size/MD5 checksum: 183998
fe09a440ee83320deb8c87e145d5dd1c
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_mips.deb
Size/MD5 checksum: 105278
0a986bde9d964600488d46f86cc13796
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_mipsel.deb
Size/MD5 checksum: 115536
0a953c3fb64b1c2a717bbbedc4590930
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_mipsel.deb
Size/MD5 checksum: 183894
28c9494b916c4f5930fb36a24a9cb15d
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_mipsel.deb
Size/MD5 checksum: 105362
fa9855c9c542dfe80279debbd5c8fe58
PowerPC architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_powerpc.deb
Size/MD5 checksum: 115104
fdd19cc3dc041b832f1400b3095e3272
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_powerpc.deb
Size/MD5 checksum: 181524
ec2f58f83023187dacb2dc28732db05f
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_powerpc.deb
Size/MD5 checksum: 106436
b64010ddab81b1658992b226a644b7b8
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_s390.deb
Size/MD5 checksum: 114424
a5651846cf7bbda1fe3bc7a7da2283e2
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_s390.deb
Size/MD5 checksum: 167550
dabb8ea718530f9dbdd8858619c53157
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_s390.deb
Size/MD5 checksum: 104400
81aa237a8b00e4e418d5a0a85d35e32b
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_sparc.deb
Size/MD5 checksum: 114254
9df1a25a6dccea83b7a6cc7868c37247
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_sparc.deb
Size/MD5 checksum: 173320
948d75e0202f6fda494d6fae9d122940
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_sparc.deb
Size/MD5 checksum: 107996
2d5dade7d687ac5391bdca26016dd28e
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5.dsc
Size/MD5 checksum: 810
5189493504485c0048f38809d1f71eb2
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5.diff.gz
Size/MD5 checksum: 172234
344704b789a63e17795dd47475af6519
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2.orig.tar.gz
Size/MD5 checksum: 2201086
b3bd4a303f35f9a2a3ed3671cedf8329
Alpha architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_alpha.deb
Size/MD5 checksum: 150912
bb6f21223e11353d7d1b373e3d832395
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_alpha.deb
Size/MD5 checksum: 251302
5a594c2e2b9e0e5697ae933cc9710ff2
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_alpha.deb
Size/MD5 checksum: 1010904
9c1ae1862d7dbf45310c42ad1fb7bf29
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_alpha.deb
Size/MD5 checksum: 1279442
0effd00cd0ec6d923e9694ceb7b8347b
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_alpha.deb
Size/MD5 checksum: 132196
e09c305798f2ef2d5232fefc1138743b
AMD64 architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_amd64.deb
Size/MD5 checksum: 148046
72b46b62bb3f3d461b4d6a5734098b9b
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_amd64.deb
Size/MD5 checksum: 239294
121956fb9aae3348fa9a493cdea79740
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_amd64.deb
Size/MD5 checksum: 1004132
0f8d808b09bd0ab935beb218a7e53630
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_amd64.deb
Size/MD5 checksum: 1238024
a447b1dd774b1f4e07b4fc5fefccef5d
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_amd64.deb
Size/MD5 checksum: 119350
fa2554b51b070c1d6fd2d3f76f5038d5
ARM architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_arm.deb
Size/MD5 checksum: 147080
7b4cfc50771d62e0a76ccb6209fe449a
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_arm.deb
Size/MD5 checksum: 232270
e81f1ce1b439ce7778abdf60248f9a21
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_arm.deb
Size/MD5 checksum: 1006548
eb5d3cd6e480e053c835bc4a0e94e45c
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_arm.deb
Size/MD5 checksum: 1236336
9552fc31cae7b84855459502c0f9185f
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_arm.deb
Size/MD5 checksum: 112884
9c790872f1108c9de8ad03581515cd3b
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_i386.deb
Size/MD5 checksum: 147610
950f7978ba6ee3b60416e9056438c6e0
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_i386.deb
Size/MD5 checksum: 237898
46d8c98384d1d545d3e4d58d26d0a94b
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_i386.deb
Size/MD5 checksum: 1003424
fe85527c93e5859685e72cd28ecaa15f
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_i386.deb
Size/MD5 checksum: 1232116
2756464635b53395cbfda1ead83bfb62
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_i386.deb
Size/MD5 checksum: 118554
a977c4931ccbd0d7ab855d4463edabbc
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_ia64.deb
Size/MD5 checksum: 156722
f430eba0b5554535b21fa840baa0953b
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_ia64.deb
Size/MD5 checksum: 279222
57772e931a766e8611b41de5dd82fc44
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_ia64.deb
Size/MD5 checksum: 1014718
69aebd71a0c09184ee5745d38fbe5e57
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_ia64.deb
Size/MD5 checksum: 1293798
072ac6f1e0b505991ded4340e71f3d2d
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_ia64.deb
Size/MD5 checksum: 160790
df3faf481671c5efb79bb4e43df0cd0f
HP Precision architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_hppa.deb
Size/MD5 checksum: 150554
dcf951b1cdc8a8b2808b4ef5a6ed7a06
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_hppa.deb
Size/MD5 checksum: 251200
409ac37bb0adc4a4bd0542c1ac661ad3
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_hppa.deb
Size/MD5 checksum: 1002064
903885cbc63e47e1cca7cafe64d9061d
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_hppa.deb
Size/MD5 checksum: 1253626
b09cfaed0c17cd06e69586d54d426256
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_hppa.deb
Size/MD5 checksum: 132284
33802a367e971182dfaac46ab2f2b3a0
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_m68k.deb
Size/MD5 checksum: 144652
11be6a48cdb019c42852c2a29523c972
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_m68k.deb
Size/MD5 checksum: 227858
b58a8fa28732754776e30b478649262e
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_m68k.deb
Size/MD5 checksum: 998546
3392e518130e36eba7a9598f6308e8f9
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_m68k.deb
Size/MD5 checksum: 1212010
5e901a9ab9336d22ce5bffec68ed3020
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_m68k.deb
Size/MD5 checksum: 108694
4f50040ed1dcb4a129b6cf5ef70196e2
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_mips.deb
Size/MD5 checksum: 149942
9c11cfcc6886af0114f97b2eddb428a7
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_mips.deb
Size/MD5 checksum: 237440
254e37aa6c1fcb96f53b3b38fb599142
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_mips.deb
Size/MD5 checksum: 1007564
fc4147e821a5908cd6b2a67f77fa55f4
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_mips.deb
Size/MD5 checksum: 1246980
5e542160496f4cbe3475ad7f4c085f7e
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_mips.deb
Size/MD5 checksum: 118470
41ca8bc0fb17a1922ab864790a0b583e
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_mipsel.deb
Size/MD5 checksum: 150046
51a993203eefc459a63658dc80ff0fcc
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_mipsel.deb
Size/MD5 checksum: 238022
d52743d13cd115b6a893989af7aef032
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_mipsel.deb
Size/MD5 checksum: 1010958
d3158f45cf6e904681e90608fce6673c
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_mipsel.deb
Size/MD5 checksum: 1247246
5569e170ef9bda1d904b5e7e2b979ef4
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_mipsel.deb
Size/MD5 checksum: 118942
d71e0823fadaeaafff74f3dfa0691621
PowerPC architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_powerpc.deb
Size/MD5 checksum: 150664
2b46df904ee41bfb43c3c375cecd97dd
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_powerpc.deb
Size/MD5 checksum: 243472
ae29ca3aaca1c7b031eea79102315945
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_powerpc.deb
Size/MD5 checksum: 1640526
f9fe8c3eda4eff4db90b3b8a93c10403
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_powerpc.deb
Size/MD5 checksum: 1245292
4fb803a4dba48d506d0aff115fa516de
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_powerpc.deb
Size/MD5 checksum: 124138
55b836d703e3d516fa2e75f018ddd8d8
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_s390.deb
Size/MD5 checksum: 148640
bb07ba73b8e9d90b80fb1d36a1472db6
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_s390.deb
Size/MD5 checksum: 246640
93d40c902692d06f1d3a2d145b10474b
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_s390.deb
Size/MD5 checksum: 1025438
c0778b7435b21cf277a2656f134d47d4
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_s390.deb
Size/MD5 checksum: 1240744
6da2e87d0e60701d03f3da1cc4bf8905
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_s390.deb
Size/MD5 checksum: 127458
80cf6d496e27df3765257fd1303eceb9
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_sparc.deb
Size/MD5 checksum: 147660
905b8cdc96289e709644da1addd5c7a3
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_sparc.deb
Size/MD5 checksum: 236994
8385a7c13cc40517b179cf21689db383
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_sparc.deb
Size/MD5 checksum: 996640
5d5cb641eca75a51659dad9f499673fa
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_sparc.deb
Size/MD5 checksum: 1232354
c8f891808cc67cf1756fe68898baf607
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_sparc.deb
Size/MD5 checksum: 118006
5a4880af8b078ef38b148ba37ac4221a
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 988-1 security@debian.org
http://www.debian.org/security/
Moritz Muehlenhoff
March 8th, 2006 http://www.debian.org/security/faq
Package : squirrelmail
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE IDs : CVE-2006-0377 CVE-2006-0195 CVE-2006-0188
Debian Bug : 354062 354063 354064 355424
Several vulnerabilities have been discovered in Squirrelmail, a
commonly used webmail system. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2006-0188
Martijn Brinkers and Ben Maurer found a flaw in webmail.php that
allows remote attackers to inject arbitrary web pages into the
right frame via a URL in the right_frame parameter.
CVE-2006-0195
Martijn Brinkers and Scott Hughes discovered an interpretation
conflict in the MagicHTML filter that allows remote attackers to
conduct cross-site scripting (XSS) attacks via style sheet
specifiers with invalid (1) “/*” and “*/” comments, or (2) slashes
inside the “url” keyword, which is processed by some web browsers
including Internet Explorer.
CVE-2006-0377
Vicente Aguilera of Internet Security Auditors, S.L. discovered
a CRLF injection vulnerability, which allows remote attackers to
inject arbitrary IMAP commands via newline characters in the
mailbox parameter of the sqimap_mailbox_select command, aka “IMAP
injection.” There’s no known way to exploit this yet.
For the old stable distribution (woody) these problems have been
fixed in version 1.2.6-5.
For the stable distribution (sarge) these problems have been
fixed in version 2:1.4.4-8.
For the unstable distribution (sid) these problems have been
fixed in version 2:1.4.6-1.
We recommend that you upgrade your squirrelmail package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-5.dsc
Size/MD5 checksum: 582
07fe8ca983ec4bf8a3355a91c79c9d78
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-5.diff.gz
Size/MD5 checksum: 24884
a65726611c8f71274582b353e309a9a1
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6.orig.tar.gz
Size/MD5 checksum: 1856087
be9e6be1de8d3dd818185d596b41a7f1
Architecture independent components:
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-5_all.deb
Size/MD5 checksum: 1841716
1d246bc2ffe2323e2503202bfc147d9c
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-8.dsc
Size/MD5 checksum: 678
140546ee9c0534419ddcaf3c7e632110
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-8.diff.gz
Size/MD5 checksum: 24654
15ddd8f4db234006a1ac290087640dfc
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4.orig.tar.gz
Size/MD5 checksum: 575871
f50548b6f4f24d28afb5e6048977f4da
Architecture independent components:
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-8_all.deb
Size/MD5 checksum: 570472
2087dcea05cd5e1c4033f15cf120761a
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 990-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
March 10th, 2006 http://www.debian.org/security/faq
Package : bluez-hcidump
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-0670
Debian Bug : 351881
A denial of service condition has been discovered in
bluez-hcidump, a utility that analyses Bluetooth HCI packets, which
can be triggered remotely.
The old stable distribution (woody) does not contain
bluez-hcidump packages.
For the stable distribution (sarge) this problem has been fixed
in version 1.17-1sarge1
For the unstable distribution (sid) this problem has been fixed
in version 1.30-1.
We recommend that you upgrade your bluez-hcidump package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17-1sarge1.dsc
Size/MD5 checksum: 658
a9dc728db66dd5cd9673061f92a6950d
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17-1sarge1.diff.gz
Size/MD5 checksum: 2264
4664fa6a395fc50dd23a4708f6e54395
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17.orig.tar.gz
Size/MD5 checksum: 112038
4a3f4606dd42d50ef878b4d5a8cce277
Alpha architecture:
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17-1sarge1_alpha.deb
Size/MD5 checksum: 53258
774870d51092d1400868ae99e251c42d
AMD64 architecture:
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17-1sarge1_amd64.deb
Size/MD5 checksum: 49748
797b61bc83145c52f9ca2989ec3bdd78
ARM architecture:
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17-1sarge1_arm.deb
Size/MD5 checksum: 47784
c22b739eb26aa8b8b3f1b342db12333c
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17-1sarge1_i386.deb
Size/MD5 checksum: 45098
a8ee94a33fdbc19b456dc8f739b95e82
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17-1sarge1_ia64.deb
Size/MD5 checksum: 66346
48ffaa40eddc7d02fffad20c3c7573c6
HP Precision architecture:
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17-1sarge1_hppa.deb
Size/MD5 checksum: 52416
3c812ebeb012f698fafc629374afdebc
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17-1sarge1_m68k.deb
Size/MD5 checksum: 40034
a334bbd3fe3046625f9a074e7d87c853
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17-1sarge1_mips.deb
Size/MD5 checksum: 47536
fc8fea7eae6823a9e1dd6dcc28d1e310
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17-1sarge1_mipsel.deb
Size/MD5 checksum: 48020
ee6370aea43bf90324eb61bd01301719
PowerPC architecture:
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17-1sarge1_powerpc.deb
Size/MD5 checksum: 49080
2f47e6fd33df2d810d2c87b937e29b7c
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17-1sarge1_s390.deb
Size/MD5 checksum: 47820
fed2b0bb3fd2c9b7e94c633e20a64608
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17-1sarge1_sparc.deb
Size/MD5 checksum: 48072
60d1888889f8792144d224a7251c9290
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 991-1 security@debian.org
http://www.debian.org/security/
Steve Kemp
March 10th, 2006 http://www.debian.org/security/faq
Package : zoo
Vulnerability : buffer overflow
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2006-0855
BugTraq ID : 16790
Jean-S&etilde;bastien Guay-Leroux discovered a buffer
overflow in zoo, a utility to manipulate zoo archives, that could
lead to the execution of arbitrary code when unpacking a specially
crafted zoo archive.
For the old stable distribution (woody) this problem has been
fixed in version 2.10-9woody0.
For the stable distribution (sarge) this problem has been fixed
in version 2.10-11sarge0.
For the unstable distribution (sid) this problem has been fixed
in version 2.10-17.
We recommend that you upgrade your zoo package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0.dsc
Size/MD5 checksum: 548
ef03c4ed23cd19e2b791305544ad7282
http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0.diff.gz
Size/MD5 checksum: 7728
07d2db9edea11af77aad4e8d5c9b8874
http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10.orig.tar.gz
Size/MD5 checksum: 172629
dca5f2cf71379a51ea1e66b25f1e0294
Alpha architecture:
http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_alpha.deb
Size/MD5 checksum: 93250
aba6e78276c8e01a0925ab6f510ba338
ARM architecture:
http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_arm.deb
Size/MD5 checksum: 75576
2580898865c3e4e33a24c858516e1126
Intel IA-32 architecture:
http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_i386.deb
Size/MD5 checksum: 71756
132e994d1aa2e6b9afdbdc9080096c79
Intel IA-64 architecture:
http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_ia64.deb
Size/MD5 checksum: 101932
a38a4310f844c787336e25e60d68013f
HP Precision architecture:
http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_hppa.deb
Size/MD5 checksum: 82142
7e58124a7a5fe4f3484061760b7ae31d
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_m68k.deb
Size/MD5 checksum: 69256
28c63fd4df6cef9f61107486833b2391
Big endian MIPS architecture:
http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_mips.deb
Size/MD5 checksum: 81414
85b3b61aac7b519436b0807c74b6a454
Little endian MIPS architecture:
http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_mipsel.deb
Size/MD5 checksum: 81482
fe95e1e25a38927bf8f0d00b96175002
PowerPC architecture:
http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_powerpc.deb
Size/MD5 checksum: 77366
9b266ee5e580e116c8c8aac9c431c7d2
IBM S/390 architecture:
http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_s390.deb
Size/MD5 checksum: 75504
0e6e36ba663fe90246be243887588b5f
Sun Sparc architecture:
http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_sparc.deb
Size/MD5 checksum: 78076
723450123fbfce159e283fc050f1d648
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0.dsc
Size/MD5 checksum: 559
18ceb7390f4c0b6585363fa766919740
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0.diff.gz
Size/MD5 checksum: 8094
26b6614990ef9bb1148d3d21bdc6b8e9
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10.orig.tar.gz
Size/MD5 checksum: 172629
dca5f2cf71379a51ea1e66b25f1e0294
Alpha architecture:
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_alpha.deb
Size/MD5 checksum: 77732
3a423d0fe79fba46773d9b0dc9297bc2
AMD64 architecture:
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_amd64.deb
Size/MD5 checksum: 64852
b6a03b631dac2c925c5a12d97ba4edf3
ARM architecture:
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_arm.deb
Size/MD5 checksum: 62264
151f74479f713a9cfda24a992d1633ad
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_i386.deb
Size/MD5 checksum: 59796
1f15aac30cb8c74c5607c7a90b871dd7
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_ia64.deb
Size/MD5 checksum: 85178
e9d753a1327b5f357438b8a0dd6728fa
HP Precision architecture:
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_hppa.deb
Size/MD5 checksum: 68114
80b4ef98bef5ebb1e639878afe3b07e0
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_m68k.deb
Size/MD5 checksum: 55814
e6ed85459200692340233756ae688339
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_mips.deb
Size/MD5 checksum: 70240
b9ccb5f4b939bf9b8e27efbab3de82d6
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_mipsel.deb
Size/MD5 checksum: 70394
4b515292106e987ea13b2dd447337814
PowerPC architecture:
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_powerpc.deb
Size/MD5 checksum: 63886
0fa7b5bd7468b49a6e83887fb027a0a8
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_s390.deb
Size/MD5 checksum: 64796
638e23c7e27ee59cb608a3ef1d8eafd4
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_sparc.deb
Size/MD5 checksum: 60682
e1b1bd3d785f8b154533a48e7931d729
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 992-1 security@debian.org
http://www.debian.org/security/
Moritz Muehlenhoff
March 10th, 2006 http://www.debian.org/security/faq
Package : ffmpeg
Vulnerability : buffer overflow
Problem-Type : local (remote)
Debian-specific: no
CVE ID : CVE-2005-4048
Debian Bug : 342207
Simon Kilvington discovered that specially crafted PNG images
can trigger a heap overflow in libavcodec, the multimedia library
of ffmpeg, which may lead to the execution of arbitrary code.
The old stable distribution (woody) doesn’t contain ffmpeg
packages.
For the stable distribution (sarge) this problem has been fixed
in version 0.cvs20050313-2sarge1.
For the unstable distribution (sid) this problem has been fixed
in version 0.cvs20050918-5.1.
We recommend that you upgrade your ffmpeg package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1.dsc
Size/MD5 checksum: 788
c342177de5cb29b6cbe7466913177eb5
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1.diff.gz
Size/MD5 checksum: 10168
b166812b4f1a0a42958ab688a6a9b5c3
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313.orig.tar.gz