---

Home Security

Advisories, March 14, 2005

By

Debian GNU/Linux

Debian Security Advisory DSA 998-1 [email protected]
http://www.debian.org/security/
Martin Schulze
March 14th, 2006 http://www.debian.org/security/faq

Package : libextractor
Vulnerability : several
Problem type : local (remote)
Debian-specific: no

Derek Noonburg has fixed several potential vulnerabilities in
xpdf, which are also present in libextractor, a library to extract
arbitrary meta-data from files.

The old stable distribution (woody) does not contain
libextractor packages.

For the stable distribution (sarge) these problems have been
fixed in version 0.4.2-2sarge3.

For the unstable distribution (sarge) these problems have been
fixed in version 0.5.10-1.

We recommend that you upgrade your libextractor package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge3.dsc

      Size/MD5 checksum: 778
43398b1e244e3a9925a42c6dbfde1c46
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge3.diff.gz

      Size/MD5 checksum: 6846
c37de96765c43be868734fc93878df39
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2.orig.tar.gz

      Size/MD5 checksum: 5887095
d99e1b13a017d39700e376a0edbf7ba2

Alpha architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge3_alpha.deb

      Size/MD5 checksum: 19456
429f49b84dd247290bd9e1478ec25665
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge3_alpha.deb

      Size/MD5 checksum: 5804800
32826c64b29bba234f50490a64ce375d
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge3_alpha.deb

      Size/MD5 checksum: 19236
f9303f2eb6ad4fac552f618f23449ad0

AMD64 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge3_amd64.deb

      Size/MD5 checksum: 18126
4ac43d1a9057e4892828fedf5a4c063b
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge3_amd64.deb

      Size/MD5 checksum: 5641380
d1994720e66f9650f3be187c37c677b3
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge3_amd64.deb

      Size/MD5 checksum: 17396
dca82293c4777dc4dc6290d375801b57

ARM architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge3_arm.deb

      Size/MD5 checksum: 17500
b8500538fd3a699e22a07fe3454f1f27
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge3_arm.deb

      Size/MD5 checksum: 5710678
5f575719f2c8c16f931b4ad882ead9e9
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge3_arm.deb

      Size/MD5 checksum: 16812
42397e6c92e678558df53d1a079db934

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge3_i386.deb

      Size/MD5 checksum: 17660
3d32de185c5f4f2d31bc55e61601cb20
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge3_i386.deb

      Size/MD5 checksum: 5713356
d324204d3e422f5602b221af3c2d1c9b
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge3_i386.deb

      Size/MD5 checksum: 16580
1d7baa696af1dc692ae0bdd4f79f0bc5

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge3_ia64.deb

      Size/MD5 checksum: 20430
e1652925fef447333e645fb8ce1d400c
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge3_ia64.deb

      Size/MD5 checksum: 5905422
00be377daf52493cc06f8b185eeb1bf3
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge3_ia64.deb

      Size/MD5 checksum: 19170
aa0957b648b52b878362bf0cc7d2f566

HP Precision architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge3_hppa.deb

      Size/MD5 checksum: 18580
40a38e6f4b5d03eb74fcbf74d209eba3
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge3_hppa.deb

      Size/MD5 checksum: 5687338
5ea0b2f2ab7aed09aa9e78f2802a5028
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge3_hppa.deb

      Size/MD5 checksum: 17738
477ce78dd4b7692e81ad59a2a0dc4aaa

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge3_m68k.deb

      Size/MD5 checksum: 17206
c76459b8927ba0091eb157c77112151e
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge3_m68k.deb

      Size/MD5 checksum: 5708302
c7dd6362930fdfca97e14fcedd92fc25
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge3_m68k.deb

      Size/MD5 checksum: 16432
6ce38e6996610bfcca52ac13534e53cd

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge3_mips.deb

      Size/MD5 checksum: 18450
f6dac9d2d670bdfbfa35fd1a15d87d42
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge3_mips.deb

      Size/MD5 checksum: 5729184
54960fffa7340fe7c0a0f7520f27685a
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge3_mips.deb

      Size/MD5 checksum: 17740
acbce430af4d191773ea3796b2581b4e

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge3_mipsel.deb

      Size/MD5 checksum: 18494
35713c7ff1c93a69ad96626eda5530cc
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge3_mipsel.deb

      Size/MD5 checksum: 5726976
10a8fb798d4b9b7b3b2d1bd2c2cf5c15
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge3_mipsel.deb

      Size/MD5 checksum: 17778
7433d5de634c7effe7d3b2122de63129

PowerPC architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge3_powerpc.deb

      Size/MD5 checksum: 19626
6e364bf667fa538733bfdf5e8f00488c
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge3_powerpc.deb

      Size/MD5 checksum: 5677936
a4392e5a87678411dbb9dbebc6b69766
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge3_powerpc.deb

      Size/MD5 checksum: 17594
4dc90b883a07645210b06ec57877d47d

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge3_s390.deb

      Size/MD5 checksum: 18006
8f7de8e4170ae2b8e16ff3427cec715b
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge3_s390.deb

      Size/MD5 checksum: 5768090
5d88318410b264854e17b088ebe1e29d
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge3_s390.deb

      Size/MD5 checksum: 17954
a49676d3f4e1cb2aa0de431d9b1357e1

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge3_sparc.deb

      Size/MD5 checksum: 17510
e832663cd365a7bd6922132fc0c88812
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge3_sparc.deb

      Size/MD5 checksum: 5752222
ac871a065cd30895bb9dce7c213a63bd
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge3_sparc.deb

      Size/MD5 checksum: 16730
7e49654cfd636e030f049ba2f9fb8d35

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 999-1 [email protected]
http://www.debian.org/security/
Martin Schulze
March 14th, 2006 http://www.debian.org/security/faq

Package : lurker
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-1062 CVE-2006-1063 CVE-2006-1064

Several security related problems have been discovered in
lurker, an archive tool for mailing lists with integrated search
engine. The Common Vulnerability and Exposures project identifies
the following problems:

CVE-2006-1062

Lurker’s mechanism for specifying configuration files was
vulnerable to being overridden. As lurker includes sections of
unparsed config files in its output, an attacker could manipulate
lurker into reading any file readable by the www-data user.

CVE-2006-1063

It is possible for a remote attacker to create or overwrite
files in any writable directory that is named “mbox”.

CVE-2006-1064

Missing input sanitising allows an attacker to inject arbitrary
web script or HTML.

The old stable distribution (woody) does not contain lurker
packages.

For the stable distribution (sarge) these problems have been
fixed in version 1.2-5sarge1.

For the unstable distribution (sid) these problems have been
fixed in version 2.1-1.

We recommend that you upgrade your lurker package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2-5sarge1.dsc

      Size/MD5 checksum: 604
ac6e3c86ae34b5416c0ea6417247d9c0
    http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2-5sarge1.diff.gz

      Size/MD5 checksum: 31019
a155c855f422c82b52e9d976c6aa232b
    http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2.orig.tar.gz

      Size/MD5 checksum: 273185
393391e4c2489fb1c76c5f7c8e9bb099

Alpha architecture:

    http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2-5sarge1_alpha.deb

      Size/MD5 checksum: 595110
9b1951daf2bfe5c06a74691b25ee8687

AMD64 architecture:

    http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2-5sarge1_amd64.deb

      Size/MD5 checksum: 502676
32950eaafb13f6cf2f3a61a6a6018434

ARM architecture:

    http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2-5sarge1_arm.deb

      Size/MD5 checksum: 778864
a45dc0f8374560b6af8e834b3c1654fd

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2-5sarge1_i386.deb

      Size/MD5 checksum: 510092
450251b9af338b820ccb3f1304230dff

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2-5sarge1_ia64.deb

      Size/MD5 checksum: 699168
d3ac8def3863d63fb8a2fb17fbdf0cb8

HP Precision architecture:

    http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2-5sarge1_hppa.deb

      Size/MD5 checksum: 674812
eb2c1f8b41f5be23cf0beea38fe6f5d1

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2-5sarge1_m68k.deb

      Size/MD5 checksum: 527322
200b159f8f64466b196418e6604345bd

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2-5sarge1_mips.deb

      Size/MD5 checksum: 561622
a08aec38ef1f279b0b5dd0d4def9fe35

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2-5sarge1_mipsel.deb

      Size/MD5 checksum: 558324
5901e771172ad8c9b185f53f21686ad6

PowerPC architecture:

    http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2-5sarge1_powerpc.deb

      Size/MD5 checksum: 528602
cb4b2f7d3ffc496b907dd4e99ba1d1e5

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2-5sarge1_s390.deb

      Size/MD5 checksum: 482062
45a70fc4c4245b5018fb0b8523a414d6

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2-5sarge1_sparc.deb

      Size/MD5 checksum: 503982
7bc575d404d9bc6a4e8554bea7d2e74c

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 1000-1 [email protected]
http://www.debian.org/security/
Martin Schulze
March 14th, 2006 http://www.debian.org/security/faq

Package : libapreq2-perl
Vulnerability : design error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-0042
BugTraq ID : 16710
Debian Bug : 354060

An algorithm weakness has been discovered in Apache2::Request,
the generic request library for Apache2 which can be exploited
remotely and cause a denial of service via CPU consumption.

The old stable distribution (woody) does not contain this
package.

For the stable distribution (sarge) this problem has been fixed
in version 2.04-dev-1sarge1.

For the unstable distribution (sid) this problem has been fixed
in version 2.07-1.

We recommend that you upgrade your libapreq2,
libapache2-mod-apreq2 and libapache2-request-perl packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapreq2-perl_2.04-dev-1sarge1.dsc

      Size/MD5 checksum: 840
e05f06bbcf0a77fd8f91375ff92e6330
    http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapreq2-perl_2.04-dev-1sarge1.diff.gz

      Size/MD5 checksum: 21273
583cae5823d1013ac0363a8d1e0953b8
    http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapreq2-perl_2.04-dev.orig.tar.gz

      Size/MD5 checksum: 592748
1f5dd762c877b716f3774d502f575196

Alpha architecture:

    http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapache2-request-perl_2.04-dev-1sarge1_alpha.deb

      Size/MD5 checksum: 237880
c41519d07f33192e0f7f1bb4b00f56b9

AMD64 architecture:

    http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapache2-request-perl_2.04-dev-1sarge1_amd64.deb

      Size/MD5 checksum: 218974
58192c2df5518b05589680a15839bf99

ARM architecture:

    http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapache2-request-perl_2.04-dev-1sarge1_arm.deb

      Size/MD5 checksum: 214924
2156f22e32f2503b39de86713ab706d9

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapache2-request-perl_2.04-dev-1sarge1_i386.deb

      Size/MD5 checksum: 215826
7cc67ca5f23ceb25e161e480c726525d

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapache2-request-perl_2.04-dev-1sarge1_ia64.deb

      Size/MD5 checksum: 259570
b18239c048dd4211c1d5ebb3fe5b3243

HP Precision architecture:

    http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapache2-request-perl_2.04-dev-1sarge1_hppa.deb

      Size/MD5 checksum: 234912
6db855381435b2a28c8852743b16bf5c

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapache2-request-perl_2.04-dev-1sarge1_m68k.deb

      Size/MD5 checksum: 204986
089018663ca222d6dafdf1430056621d

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapache2-request-perl_2.04-dev-1sarge1_mips.deb

      Size/MD5 checksum: 215360
327d3b1ab50fddc3f45868e8c997b718

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapache2-request-perl_2.04-dev-1sarge1_mipsel.deb

      Size/MD5 checksum: 215564
16ec45c84a2871de52bab87fc1742bd0

PowerPC architecture:

    http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapache2-request-perl_2.04-dev-1sarge1_powerpc.deb

      Size/MD5 checksum: 227382
f64f463245ec1600abf4f2fc4afaca86

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapache2-request-perl_2.04-dev-1sarge1_s390.deb

      Size/MD5 checksum: 220808
df74fab8fdab7369aa71eab1c38e2c75

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapache2-request-perl_2.04-dev-1sarge1_sparc.deb

      Size/MD5 checksum: 215054
4c2a6b678df521cb5395d463476eba7a

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 1001-1 [email protected]
http://www.debian.org/security/
Moritz Muehlenhoff
March 14th, 2006 http://www.debian.org/security/faq

Package : crossfire
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-1010

It was discovered that Crossfire, a multiplayer adventure game,
performs insufficient bounds checking on network packets when run
in “oldsocketmode”, which may possibly lead to the execution of
arbitrary code.

For the old stable distribution (woody) this problem has been
fixed in version 1.1.0-1woody1.

For the stable distribution (sarge) this problem has been fixed
in version 1.6.0.dfsg.1-4sarge1.

For the unstable distribution (sid) this problem has been fixed
in version 1.9.0-1.

We recommend that you upgrade your crossfire packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.1.0-1woody1.dsc

      Size/MD5 checksum: 646
4ff35e7baf70ac9b4d876a343df40523
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.1.0-1woody1.diff.gz

      Size/MD5 checksum: 46407
7071659d9ec374fb41e20c5016f3a238
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.1.0.orig.tar.gz

      Size/MD5 checksum: 3057431
824e6d9a91ee0321629a9e99ad4e264f

Architecture independent components:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-doc_1.1.0-1woody1_all.deb

      Size/MD5 checksum: 584300
aa7bf89a453427102d7eec4901958158

Alpha architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_alpha.deb

      Size/MD5 checksum: 193680
4553b585641d5db5f9d3e903cbbe6398
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_alpha.deb

      Size/MD5 checksum: 2097780
26d3b684b495b0f76fa405baffff8a9c

ARM architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_arm.deb

      Size/MD5 checksum: 156280
fb833dd6ddea050831a878f4d5dac277
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_arm.deb

      Size/MD5 checksum: 1993866
fc828be05ece9869a8b09efda952ac47

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_i386.deb

      Size/MD5 checksum: 141064
04096cf1a3b3f82ad6a1b2d75e125990
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_i386.deb

      Size/MD5 checksum: 1954024
24b5735f4f798b110e11cab773b94e5f

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_ia64.deb

      Size/MD5 checksum: 243704
13d507b4def182c7eb01b0aaa3542e29
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_ia64.deb

      Size/MD5 checksum: 2223706
5ff21345dda8ae6f76165f9b96834b0b

HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_hppa.deb

      Size/MD5 checksum: 175512
7a53530fe3a05303eef58f1306c761dc
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_hppa.deb

      Size/MD5 checksum: 2047542
77c5b0976be319841e9f7d9a494633e9

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_m68k.deb

      Size/MD5 checksum: 134514
73f71be557835f00d90110c0e26b585c
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_m68k.deb

      Size/MD5 checksum: 1925234
7b19ddb9146470eed7476a9ddcb6df9d

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_mips.deb

      Size/MD5 checksum: 170386
64dcc9e48ef8cad2c7f49d912c48af4c
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_mips.deb

      Size/MD5 checksum: 2034962
8c961860a9608559ffcbb3491e3aa91d

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_mipsel.deb

      Size/MD5 checksum: 169156
128739ca220efa5f4c99aa75ba372e48
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_mipsel.deb

      Size/MD5 checksum: 2034944
d4c48f6b3321ab16858019fb24a990f4

PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_powerpc.deb

      Size/MD5 checksum: 159470
9b7d6cd71d50bf74c0d86de967583e95
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_powerpc.deb

      Size/MD5 checksum: 1998154
e22fc08568e1ad53d00232974ae4a9b1

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_s390.deb

      Size/MD5 checksum: 146038
77725d3b5096df841f4cc07122c7c374
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_s390.deb

      Size/MD5 checksum: 1969130
3419823da4526d93c4ff51422944b292

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_sparc.deb

      Size/MD5 checksum: 156446
5c15333247f6b01c5fe0f82f74793a05
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_sparc.deb

      Size/MD5 checksum: 1986454
86501cb8bbdde74d5ed1daa3e28fa1b1

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.6.0.dfsg.1-4sarge1.dsc

      Size/MD5 checksum: 710
47cf0dc050c3dc4db58feeac549aed6a
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.6.0.dfsg.1-4sarge1.diff.gz

      Size/MD5 checksum: 283564
f407edbb32e765296efe129e603fec6f
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.6.0.dfsg.1.orig.tar.gz

      Size/MD5 checksum: 4329330
67c8ee71b0539d369231764b19cc787e

Architecture independent components:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-doc_1.6.0.dfsg.1-4sarge1_all.deb

      Size/MD5 checksum: 888620
2fe92277b2bd97e3440234fb65817fac

Alpha architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_alpha.deb

      Size/MD5 checksum: 374622
e83523a6abcb34c15d1c9f32c371089c
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_alpha.deb

      Size/MD5 checksum: 2758858
28c6d5160b86915dfcdac14bdb4f06c7

AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_amd64.deb

      Size/MD5 checksum: 340890
80a175aa2524814233248fac42766563
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_amd64.deb

      Size/MD5 checksum: 2643524
6e1771cf2c74e2154c6cc22c62f4681d

ARM architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_arm.deb

      Size/MD5 checksum: 333436
6def0c031898c5ec8246ccc0dd2511e6
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_arm.deb

      Size/MD5 checksum: 2639280
95872038843c495c25793f95c9ba2580

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_i386.deb

      Size/MD5 checksum: 331954
aedcbf3efa10e18e2853d67006aa21d1
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_i386.deb

      Size/MD5 checksum: 2625970
47c01f7b6c84046dfbf9a6a2915ae175

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_ia64.deb

      Size/MD5 checksum: 409386
3f688ee42afd52b1ee6a7a3a46435c14
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_ia64.deb

      Size/MD5 checksum: 2853944
8de1e21285619250aef448616a577bed

HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_hppa.deb

      Size/MD5 checksum: 351444
8ee33d936f8e4a07e4035e1160a84036
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_hppa.deb

      Size/MD5 checksum: 2681792
d0a273db4abcfc9231a19332ad843c1d

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_m68k.deb

      Size/MD5 checksum: 307588
9908a5d79b36a911c4f46215ebd02862
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_m68k.deb

      Size/MD5 checksum: 2569634
222e9afbaa4bcb7182031ed72af4bc28

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_mips.deb

      Size/MD5 checksum: 348636
f750bed26179ba592aea5e4d79f3e2bb
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_mips.deb

      Size/MD5 checksum: 2657484
432448d5d3ae242f95604aee81edc252

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_mipsel.deb

      Size/MD5 checksum: 346952
32515c7690ce503fbe1651122b7795ad
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_mipsel.deb

      Size/MD5 checksum: 2656172
7ff1f217d75468a101f09c67e6674604

PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_powerpc.deb

      Size/MD5 checksum: 339274
7d54740e5324c9d50b6114c6cb84ccb2
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_powerpc.deb

      Size/MD5 checksum: 2651374
973073875b386fd8ac3fbfa7b77b2147

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_s390.deb

      Size/MD5 checksum: 336618
acb44c42b2a086051324c1a647875bb4
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_s390.deb

      Size/MD5 checksum: 2641718
5713c0271c677bb6d172ce0df82f7b96

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_sparc.deb

      Size/MD5 checksum: 330882
32e90607bd43ebb138af8fb5ba168934
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_sparc.deb

      Size/MD5 checksum: 2626822
e763b98558e078806c0bb357ec3fc2ee

These files will probably be moved into the stable distribution
on its next update.

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: [email protected]

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Fedora Core

Fedora Update Notification
FEDORA-2006-147
2006-03-13

Product : Fedora Core 4
Name : gnupg
Version : 1.4.2.2
Release : 1
Summary : A GNU utility for secure communication and data
storage.

Description :
GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and
creating digital signatures. GnuPG has advanced key management
capabilities and is compliant with the proposed OpenPGP Internet
standard described in RFC2440. Since
GnuPG doesn’t use any patented algorithm, it is not compatible with
any version of PGP2 (PGP2.x uses only IDEA for symmetric-key
encryption, which is patented worldwide).

Update Information:

Tavis Ormandy discovered a flaw in the way GnuPG verifies
cryptographically signed data with inline signatures. It is
possible for an attacker to add unsigned text to a signed message
in such a way so that when the signed text is extracted, the
unsigned text is extracted as well, appearing as if it had been
signed. The Common Vulnerabilities and Exposures project assigned
the name CVE-2006-0049 to this issue.

  • Fri Mar 10 2006 Nalin Dahyabhai <[email protected]> –
    1.4.2.2-1

    • update to 1.4.2.2 to fix detection of unsigned data
      (CVE-2006-0049, #184557)

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

399347d86a34ec777de3fa46a8931774bf425679
SRPMS/gnupg-1.4.2.2-1.src.rpm
a42396ca1e3828f725c903f3a38a03096bea3e91
ppc/gnupg-1.4.2.2-1.ppc.rpm
d080a2ac636e7200970f7bca2cde0897d9949910
ppc/debug/gnupg-debuginfo-1.4.2.2-1.ppc.rpm
5f0cb70184126988f240c3487fe38ed37bae0df6
x86_64/gnupg-1.4.2.2-1.x86_64.rpm
bc935e3520882a6461ddb27318fa909ebd9d47b4
x86_64/debug/gnupg-debuginfo-1.4.2.2-1.x86_64.rpm
fa64b2b2645982e7abe49a2ca0ae85c899d65eff
i386/gnupg-1.4.2.2-1.i386.rpm
8c146199cc14d0dbfaebbc2c4b8fbeb17e9589f1
i386/debug/gnupg-debuginfo-1.4.2.2-1.i386.rpm

This update can be installed with the ‘yum’ update program. Use
‘yum update package-name’ at the command line. For more
information, refer to ‘Managing Software with yum,’ available at
http://fedora.redhat.com/docs/yum/.

Mandriva Linux

Mandriva Linux Security Advisory MDKSA-2006:055
http://www.mandriva.com/security/

Package : gnupg
Date : March 13, 2006
Affected: 10.2, 2006.0, Corporate 3.0, Multi Network Firewall
2.0

Problem Description:

Another vulnerability, different from that fixed in
MDKSA-2006:043 (CVE-2006-0455), was discovered in gnupg in the
handling of signature files.

This vulnerability is corrected in gnupg 1.4.2.2 which is being
provided with this update.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0049

Updated Packages:

Mandriva Linux 10.2:
78bc5edadc4c09cc79301e92e769792b
10.2/RPMS/gnupg-1.4.2.2-0.1.102mdk.i586.rpm
a64138f15d9d24c9fd342a9d58739629
10.2/SRPMS/gnupg-1.4.2.2-0.1.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
921557b980e6831d91f67c1be03ff221
x86_64/10.2/RPMS/gnupg-1.4.2.2-0.1.102mdk.x86_64.rpm
a64138f15d9d24c9fd342a9d58739629
x86_64/10.2/SRPMS/gnupg-1.4.2.2-0.1.102mdk.src.rpm

Mandriva Linux 2006.0:
ff09cfa3b8f71b9e5ddf4a7639696b9d
2006.0/RPMS/gnupg-1.4.2.2-0.1.20060mdk.i586.rpm
22b6b9305f47570652dc276cf8f18401
2006.0/SRPMS/gnupg-1.4.2.2-0.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
388c4bca33be3cccb9a44e87b1a34964
x86_64/2006.0/RPMS/gnupg-1.4.2.2-0.1.20060mdk.x86_64.rpm
22b6b9305f47570652dc276cf8f18401
x86_64/2006.0/SRPMS/gnupg-1.4.2.2-0.1.20060mdk.src.rpm

Corporate 3.0:
cd7fbec4de29eabcc31fdeb90e05f674
corporate/3.0/RPMS/gnupg-1.4.2.2-0.1.C30mdk.i586.rpm
54fa6da091d1124b661a9fbc4f21abe1
corporate/3.0/SRPMS/gnupg-1.4.2.2-0.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
f43a3a505f7874324542f16398243786
x86_64/corporate/3.0/RPMS/gnupg-1.4.2.2-0.1.C30mdk.x86_64.rpm
54fa6da091d1124b661a9fbc4f21abe1
x86_64/corporate/3.0/SRPMS/gnupg-1.4.2.2-0.1.C30mdk.src.rpm

Multi Network Firewall 2.0:
3a998c3c9451bba3ac118df3a8b74955
mnf/2.0/RPMS/gnupg-1.4.2.2-0.1.M20mdk.i586.rpm
18cfe29d05e64e08c77bab8683517798
mnf/2.0/SRPMS/gnupg-1.4.2.2-0.1.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Slackware Linux

[slackware-security] Slackware 10.1 kdegraphics
(SSA:2006-072-01)

A new kdegraphics package is available for Slackware 10.1 to fix
a security issue. A portion of the recent security patch was
missing in the version that was applied to kdegraphics-3.3.2 in
Slackware 10.1. Other versions of Slackware are not affected by
this specific missing patch issue.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0746

Here are the details from the Slackware 10.1 ChangeLog:
+————————–+
patches/packages/kdegraphics-3.3.2-i486-5.tgz: Recompiled to fix a
missing kpdf security patch.
For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0746

(* Security fix *)
+————————–+

Where to find the new package:

Updated package for Slackware 10.1:

ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/kdegraphics-3.3.2-i486-5.tgz

MD5 signature:

Slackware 10.1 package:
74376c7f068a39a44ec83d7af6afc41f kdegraphics-3.3.2-i486-5.tgz

Installation instructions:

Upgrade the package as root:
# upgradepkg kdegraphics-3.3.2-i486-5.tgz

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
[email protected]

[slackware-security] gnupg (SSA:2006-072-02)

New GnuPG packages are available for Slackware 9.0, 9.1, 10.0,
10.1, 10.2, and -current to fix security issues.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0455

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0049

Here are the details from the Slackware 10.2 ChangeLog:
+————————–+
patches/packages/gnupg-1.4.2.2-i486-1.tgz: Upgraded to
gnupg-1.4.2.2.
There have been two security related issues reported recently with
GnuPG.
From the GnuPG 1.4.2.1 and

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.