Debian GNU/Linux
Debian Security Advisory DSA 980-1 [email protected]
http://www.debian.org/security/
Moritz Muehlenhoff
February 22nd, 2006 http://www.debian.org/security/faq
Package : tutos
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE IDs : CVE-2004-2161 CVE-2004-2162
Debian Bug : 318633
Joxean Koret discovered several security problems in tutos, a
web-based team organization software. The Common Vulnerabilities
and Exposures Project identifies the following problems:
CVE-2004-2161
An SQL injection vulnerability allows the execution of SQL
commands through the link_id parameter in file_overview.php.
CVE-2004-2162
Cross-Site-Scripting vulnerabilities in the search function of
the address book and in app_new.php allow the execution of web
script code.
The old stable distribution (woody) does not contain tutos
packages.
For the stable distribution (sarge) these problems have been
fixed in version 1.1.20031017-2+1sarge1.
The unstable distribution (sid) does no longer contain tutos
packages.
We recommend that you upgrade your tutos package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/t/tutos/tutos_1.1.20031017-2+1sarge1.dsc
Size/MD5 checksum: 575
7babaefc5a7e57afc2fb421d5829c4cf
http://security.debian.org/pool/updates/main/t/tutos/tutos_1.1.20031017-2+1sarge1.tar.gz
Size/MD5 checksum: 4955293
c9c539f0d5504d69377e326870db18c3
Architecture independent components:
http://security.debian.org/pool/updates/main/t/tutos/tutos_1.1.20031017-2+1sarge1_all.deb
Size/MD5 checksum: 4760050
39bb9b2f3e9655c7060f04a5dac83e09
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 981-1 [email protected]
http://www.debian.org/security/
Moritz Muehlenhoff
February 26th, 2006 http://www.debian.org/security/faq
Package : bmv
Vulnerability : integer overflow
Problem-Type : local(remote)
Debian-specific: no
CVE ID : CVE-2005-3278
Debian Bug : 335497
“felinemalice” discovered an integer overflow in BMV, a post
script viewer for SVGAlib, that may lead to the execution of
arbitrary code through specially crafted Postscript files.
For the old stable distribution (woody) this problem has been
fixed in version 1.2-14.3.
For the stable distribution (sarge) this problem has been fixed
in version 1.2-17sarge1.
For the unstable distribution (sid) this problem has been fixed
in version 1.2-18.
We recommend that you upgrade your bmv package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2-14.3.dsc
Size/MD5 checksum: 565
1898d7719bc8b5c0c5de50107d52ba3a
http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2-14.3.diff.gz
Size/MD5 checksum: 14144
34d0323edc6916afcef9496205c54be4
http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2.orig.tar.gz
Size/MD5 checksum: 50755
40c881800edac6b1d2ce75ea8da6e6b4
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2-14.3_i386.deb
Size/MD5 checksum: 21932
19eba9d127882013b807744c866d89d9
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2-17sarge1.dsc
Size/MD5 checksum: 569
3f041ac1b04a613eef6164f657ef7a14
http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2-17sarge1.diff.gz
Size/MD5 checksum: 13051
90f228f3dadc268c9d1e16d986c10484
http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2.orig.tar.gz
Size/MD5 checksum: 50755
40c881800edac6b1d2ce75ea8da6e6b4
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2-17sarge1_i386.deb
Size/MD5 checksum: 24246
ee390b0280d154d7a7ccef558d7ecca8
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 984-1 [email protected]
http://www.debian.org/security/
Martin Schulze
March 2nd, 2006 http://www.debian.org/security/faq
Package : xpdf
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
Derek Noonburg has fixed several potential vulnerabilities in
xpdf, the Portable Document Format (PDF) suite.
The old stable distribution (woody) does not seem to be
affected.
For the stable distribution (sarge) these problems have been
fixed in version 3.00-13.6.
For the unstable distribution (sid) these problems have been
fixed in version 3.01-7.
We recommend that you upgrade your xpdf packages.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.6.dsc
Size/MD5 checksum: 781
3b09a41551eb88e135d4c1545edc3897
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.6.diff.gz
Size/MD5 checksum: 51817
20487e64403271f8193ddc959ff46d06
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00.orig.tar.gz
Size/MD5 checksum: 534697
95294cef3031dd68e65f331e8750b2c2
Architecture independent components:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.00-13.6_all.deb
Size/MD5 checksum: 56592
49fcfd17053fba4b288e0ce69660f108
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.6_all.deb
Size/MD5 checksum: 1284
91afb670cc3c9c19fb1e153c650f5fc1
Alpha architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_alpha.deb
Size/MD5 checksum: 802784
6db7693ed94beda4f4918e8a639e0165
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_alpha.deb
Size/MD5 checksum: 1528860
edaa31b0b8c87b8605f4fddbe5197826
AMD64 architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_amd64.deb
Size/MD5 checksum: 668468
6038c7858722032cef42823af1ceb27d
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_amd64.deb
Size/MD5 checksum: 1275066
cad43af52cea66d5e2e046eaf0b0c734
ARM architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_arm.deb
Size/MD5 checksum: 675102
933e77479fa35243f25b9cf0a7af9960
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_arm.deb
Size/MD5 checksum: 1279998
a2618d91a020e91f4a543526b00bab7e
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_i386.deb
Size/MD5 checksum: 657110
7da2961c7030f4753ea677d40c7e8264
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_i386.deb
Size/MD5 checksum: 1242800
1fe93e71851091093ad61e0fc9e207ef
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_ia64.deb
Size/MD5 checksum: 951326
055fe0db7d1f7111cc6370f65d45f439
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_ia64.deb
Size/MD5 checksum: 1802816
f9168deac0eda96b115bde2fbbf422e6
HP Precision architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_hppa.deb
Size/MD5 checksum: 833234
53a85c49c0d0ed760da1ac5bd256cc1c
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_hppa.deb
Size/MD5 checksum: 1581132
b830198ef741369f777e4a231c2b2352
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_m68k.deb
Size/MD5 checksum: 586338
a951da441c2a3288622b116932faa42d
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_m68k.deb
Size/MD5 checksum: 1117564
2fa1b6c62f770dbae84a02ca274fc0be
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_mips.deb
Size/MD5 checksum: 808166
590198eb28d9ed0d6b32be9d1bac320b
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_mips.deb
Size/MD5 checksum: 1525622
64de5bac988b7dc970cbf4e2ac5c991e
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_mipsel.deb
Size/MD5 checksum: 798476
f269b9c1fc2ed4b90c32f4c53b0a8c91
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_mipsel.deb
Size/MD5 checksum: 1504284
998fc34caadad1809fcb5bfe8d9dccd1
PowerPC architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_powerpc.deb
Size/MD5 checksum: 694632
bc97e0eb5dbaa07f107507d5f956f1c6
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_powerpc.deb
Size/MD5 checksum: 1313730
8851ce3bb1bc3fd71a3e6ced3080e392
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_s390.deb
Size/MD5 checksum: 631038
0ffbacdcf61d48ba58c27c3a21156520
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_s390.deb
Size/MD5 checksum: 1199354
3d551ef88027086a58bbe6e2312728fe
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_sparc.deb
Size/MD5 checksum: 626786
9ab324a84408a8ab36b6d334d8ca0a65
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_sparc.deb
Size/MD5 checksum: 1182350
bc265faf7e76574c8256e33d17b6faeb
These files will probably be moved into the stable distribution
on its next update.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>
Fedora Core
Fedora Update Notification
FEDORA-2006-131
2006-03-02
Product : Fedora Core 4
Name : kernel
Version : 2.6.15
Release : 1.1833_FC4
Summary : The Linux kernel (the core of the Linux operating
system)
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of
any Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation,
device input and output, etc.
Update Information:
This update rebases to the latest -stable release (2.6.15.5),
which fixes a number of security problems.
- sys_mbind failed to sanity check its arguments, leading to a
potential local DoS. - A specially crafted ELF executable could cause Intel EM64T
boxes to crash. (CVE-2006-0741) - Normal users could panic NFS clients with direct I/O
(CVE-2006-0555)
Further information on 2.6.15.5 changes can be found in the
upstream changelog at
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5
Further Fedora specific changes are detailed below.
- Wed Mar 1 2006 Dave Jones <[email protected]>
[2.6.15-1.1833_FC4]- 2.6.15.5
- Tue Feb 21 2006 Dave Jones <[email protected]>
- Add boot delay debug patch.
- Mon Feb 20 2006 Dave Jones <[email protected]>
- Make monitor mode work for ipw2200
- Add another mp3 player to the usb unusual device list.
(#176584)
- Sun Feb 19 2006 Dave Jones <[email protected]>
- Bump minimum requirements for module-init-tools & udev
- Make 16C950 UARTs work.
- Thu Feb 16 2006 Dave Jones <[email protected]>
- Fix PMTU NAT bug.
- Thu Feb 16 2006 John W. Linville <[email protected]>
- Set ipw2200 hwcrypto option to 0 to avoid firmware
restarts.
- Set ipw2200 hwcrypto option to 0 to avoid firmware
- Fri Feb 10 2006 Dave Jones <[email protected]>
[2.6.15-1.1832_FC4]- 2.6.15.4
- Thu Feb 9 2006 Dave Jones <[email protected]>
- Disable SMP in x86-64 UP kernels. (Whoops).
- Thu Feb 9 2006 David Woodhouse <[email protected]>
- Fix PPC64 FP exception setup
- Fix brain damage in usb_find_interface (#176333)
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
7682f506eeb41aee31371405d55e7fa93e01360f
SRPMS/kernel-2.6.15-1.1833_FC4.src.rpm
f37c270a5d32bf752b4b9b50dec21766ac5f72a0
ppc/kernel-2.6.15-1.1833_FC4.ppc.rpm
624e1525a3feb8c35c154aa0d1dade7b2c5bf0d1
ppc/kernel-devel-2.6.15-1.1833_FC4.ppc.rpm
53138aeb74ff50e5c13a96b5c87c37488cb4ddb5
ppc/kernel-smp-2.6.15-1.1833_FC4.ppc.rpm
d0024ab26bd3d2b0476f5142be5866f0d653fb27
ppc/kernel-smp-devel-2.6.15-1.1833_FC4.ppc.rpm
0c607cfa3944a0000ea89143f3dc5fc2f8203a26
ppc/debug/kernel-debuginfo-2.6.15-1.1833_FC4.ppc.rpm
64cd60e3c7595c2c23dc24ce7922218323678687
ppc/kernel-doc-2.6.15-1.1833_FC4.noarch.rpm
3de514a4c888cbf92b6b6c2269e8b0cc69977577
x86_64/kernel-2.6.15-1.1833_FC4.x86_64.rpm
9d637ea0323f5a37172a0a06d04cee7064ed5e2a
x86_64/kernel-devel-2.6.15-1.1833_FC4.x86_64.rpm
8b63fd524c20e9d10f5de872545cccb3a66f8323
x86_64/kernel-smp-2.6.15-1.1833_FC4.x86_64.rpm
1e6b05ecbc2f5f4e6d68fe8606bff50666028d11
x86_64/kernel-smp-devel-2.6.15-1.1833_FC4.x86_64.rpm
fc4e5b2d7ea78ac7ef97cd2b78762e85c0c96e7f
x86_64/debug/kernel-debuginfo-2.6.15-1.1833_FC4.x86_64.rpm
64cd60e3c7595c2c23dc24ce7922218323678687
x86_64/kernel-doc-2.6.15-1.1833_FC4.noarch.rpm
ad545cc747ef07f8b9ece878e057c24e997d0e47
i386/kernel-2.6.15-1.1833_FC4.i586.rpm
cd001d16945ccd001e9adece7f4a4b44a6099bf9
i386/kernel-devel-2.6.15-1.1833_FC4.i586.rpm
ed35c8709004507af2b9cc720afcb2b4a5f35e42
i386/debug/kernel-debuginfo-2.6.15-1.1833_FC4.i586.rpm
98e78f254935b01d42f4b3bc5d165a00b85dfdd8
i386/kernel-2.6.15-1.1833_FC4.i686.rpm
f0a6bcda29f5a936fbd9f45f5dbc3fd8162f1260
i386/kernel-devel-2.6.15-1.1833_FC4.i686.rpm
1801e8f001ee4f06198094ded3ab5431e4284442
i386/kernel-smp-2.6.15-1.1833_FC4.i686.rpm
0eaae08ab5d54182a5da346943e66ab0a9db94e7
i386/kernel-smp-devel-2.6.15-1.1833_FC4.i686.rpm
73c80a317d968cd0909cd3d1dfea903afa2bb314
i386/debug/kernel-debuginfo-2.6.15-1.1833_FC4.i686.rpm
64cd60e3c7595c2c23dc24ce7922218323678687
i386/kernel-doc-2.6.15-1.1833_FC4.noarch.rpm
This update can be installed with the ‘yum’ update program. Use
‘yum update package-name’ at the command line. For more
information, refer to ‘Managing Software with yum,’ available at
http://fedora.redhat.com/docs/yum/.
Fedora Legacy
Fedora Legacy Update Advisory
Synopsis: Updated perl-DBI package fixes security issue
Advisory ID: FLSA:178989
Issue date: 2006-03-01
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-0077
1. Topic:
An updated perl-DBI package that fixes a temporary file flaw in
DBI::ProxyServer is now available.
DBI is a database access Application Programming Interface (API)
for the Perl programming language.
2. Relevant releases/architectures:
Red Hat Linux 7.3 – i386
Red Hat Linux 9 – i386
Fedora Core 1 – i386
Fedora Core 2 – i386
3. Problem description:
The Debian Security Audit Project discovered that the DBI
library creates a temporary PID file in an insecure manner. A local
user could overwrite or create files as a different user who
happens to run an application which uses DBI::ProxyServer. The
Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CVE-2005-0077 to this issue.
Users should update to this erratum package which disables the
temporary PID file unless configured.
4. Solution:
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade.
Only those RPMs which are currently installed will be updated.
Those RPMs which are not installed but included in the list will
not be updated. Note that you can also use wildcards (*.rpm) if
your current directory only contains the desired RPMs.
Please note that this update is also available via yum and apt.
Many people find this an easier way to apply updates. To use yum
issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that
you have yum or apt-get configured for obtaining Fedora Legacy
content. Please visit http://www.fedoralegacy.org/docs
for directions on how to configure yum and apt-get.
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178989
6. RPMs required:
Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/perl-DBI-1.21-1.1.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/perl-DBI-1.21-1.1.legacy.i386.rpm
Red Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/perl-DBI-1.32-5.1.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/perl-DBI-1.32-5.1.legacy.i386.rpm
Fedora Core 1:
SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/perl-DBI-1.37-1.1.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/perl-DBI-1.37-1.1.legacy.i386.rpm
Fedora Core 2:
SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/perl-DBI-1.40-4.1.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/perl-DBI-1.40-4.1.legacy.i386.rpm
7. Verification:
SHA1 sum Package Name
847cb03e61abf1bbb965b2fa6e7c0f812e7edde1
redhat/7.3/updates/i386/perl-DBI-1.21-1.1.legacy.i386.rpm
7c0c13670d8da3620d6bdc0d24f96201ff3feee8
redhat/7.3/updates/SRPMS/perl-DBI-1.21-1.1.legacy.src.rpm
2e473b5822a019a10b7b9577f4de60933e75fecc
redhat/9/updates/i386/perl-DBI-1.32-5.1.legacy.i386.rpm
19934b803bf33b0cc93466ae43e2ac14302ac0df
redhat/9/updates/SRPMS/perl-DBI-1.32-5.1.legacy.src.rpm
50a02fd2d68f47d35f76bc690281253bbdf9a486
fedora/1/updates/i386/perl-DBI-1.37-1.1.legacy.i386.rpm
0018ffba083fd98b88a4bcec3383005ed32d5e6a
fedora/1/updates/SRPMS/perl-DBI-1.37-1.1.legacy.src.rpm
69a623c7db409341705bfc125b5fd6f0c056af7b
fedora/2/updates/i386/perl-DBI-1.40-4.1.legacy.i386.rpm
4443111b0e9137bd1624183b9d209b2cada204dd
fedora/2/updates/SRPMS/perl-DBI-1.40-4.1.legacy.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our
key is available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm –checksig -v <filename>
If you only wish to verify that each package has not been
corrupted or tampered with, examine only the sha1sum with the
following command:
sha1sum <filename>
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0077
9. Contact:
The Fedora Legacy security contact is <[email protected]>.
More project details at http://www.fedoralegacy.org
Mandriva Linux
Mandriva Linux Security Advisory MDKSA-2006:052
http://www.mandriva.com/security/
Package : mozilla-thunderbird
Date : March 2, 2006
Affected: 2006.0
Problem Description:
The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and
earlier allows user-complicit attackers to bypass javascript
security settings and obtain sensitive information or cause a crash
via an e-mail containing a javascript URI in the SRC attribute of
an IFRAME tag, which is executed when the user edits the
e-mail.
Updated packages have been patched to address this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0884
Updated Packages:
Mandriva Linux 2006.0:
646abf3bc3c25a904498d9541dea7a58
2006.0/RPMS/mozilla-thunderbird-1.0.6-7.5.20060mdk.i586.rpm
2c68bd202ca52fe8cf1b029f0230c594
2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.5.20060mdk.i586.rpm
e0d0c47265afb383f57e6f4ac7fa06d1
2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.5.20060mdk.i586.rpm
0be8e091708def590ae501da074072d9
2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.5.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
d247e98e223e3fcb1a8580035d6bb064
x86_64/2006.0/RPMS/mozilla-thunderbird-1.0.6-7.5.20060mdk.x86_64.rpm
6fef56fe569049c4f543d3cd69c83615
x86_64/2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.5.20060mdk.x86_64.rpm
2dcbb24281171d71e78116d5f336b995
x86_64/2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.5.20060mdk.x86_64.rpm
0be8e091708def590ae501da074072d9
x86_64/2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.5.20060mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
Ubuntu Linux
Ubuntu Security Notice USN-259-1 March 01, 2006
irssi-text vulnerability
CVE-2006-0458
A security issue affects the following Ubuntu releases:
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
irssi-text
The problem can be corrected by upgrading the affected package
to version 0.8.9+0.8.10rc5-0ubuntu4.1. After a standard system
upgrade you need to restart irssi to effect the necessary
changes.
Details follow:
A Denial of Service vulnerability was discoverd in irssi. The
DCC ACCEPT command handler did not sufficiently verify the remotely
specified arguments. A remote attacker could exploit this to crash
irssi by sending a specially crafted DCC commands.
Source archives:
Size/MD5: 12568
50ec4fee5eaf55ba7a312373bbaca462
http://security.ubuntu.com/ubuntu/pool/main/i/irssi-text/irssi-text_0.8.9+0.8.10rc5-0ubuntu4.1.dsc
Size/MD5: 739
23ccac99b2a8f82d47cb1cc5f9a51ac8
http://security.ubuntu.com/ubuntu/pool/main/i/irssi-text/irssi-text_0.8.9+0.8.10rc5.orig.tar.gz
Size/MD5: 1192158
7c0b6c1533c85e918f41ded1238e4ca1
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
Size/MD5: 955832
134ebeda2593d742a808a79b78a9f488
i386 architecture (x86 compatible Intel/AMD)
Size/MD5: 851690
854b0e9e9ff3a73160a71d1b5445d850
powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 937644
73f7b5547d9905e95006889dbc92082b