This holiday weekend’s security advisories: awstats, lynx,
lynx-ssl, tiff, mysql-dfsg, dovecot, libextractor,
kernel-image-2.4.17-hppa, kernel-image-2.4.17-ia64,
kernel-image-2.4.17-s390, kernel-patch-2.4.17-apus,
kernel-patch-2.4.17-mips, kernel-patch-2.4.17-s390, and
kernel-source-2.4.17 (Debian GNU/Linux); mpg123 (Mandriva Linux);
kernel and quagga (Trustix Secure Linux); and nagios,
postgresql-7.4/-8.0, postgresql, psycopg, and python-pgsql (Ubuntu
Linux).
Debian GNU/Linux
Debian Security Advisory DSA 1075-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
May 26th, 2006 http://www.debian.org/security/faq
Package : awstats
Vulnerability : programming error
Problem type : remote
Debian-specific: no
Debian Bug : 365910
Hendrik Weimer discovered that awstats can execute arbitrary
commands under the user id the web-server runs when users are
allowed to supply arbitrary configuration files. Even though, this
bug was referenced in DSA 1058 accidently, it was not fixed
yet.
The new default behaviour is not ao accept arbitrary
configuration directories from the user. This can be overwritten by
the AWSTATS_ENABLE_CONFIG_DIR environment variable when users are
to be trusted.
The old stable distribution (woody) does not seem to be affected
by this problem.
For the stable distribution (sarge) this problem has been fixed
in version 6.4-1sarge3.
For the unstable distribution (sid) this problem has been fixed
in version 6.5-2.
We recommend that you upgrade your awstats package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/a/awstats/awstats_6.4-1sarge3.dsc
Size/MD5 checksum: 589
c89ec8be4c06c290950e1da615b4e215
http://security.debian.org/pool/updates/main/a/awstats/awstats_6.4-1sarge3.diff.gz
Size/MD5 checksum: 19145
fb59598c0a1ddd970c48bed857c0b364
http://security.debian.org/pool/updates/main/a/awstats/awstats_6.4.orig.tar.gz
Size/MD5 checksum: 918435
056e6fb0c7351b17fe5bbbe0aa1297b1
Architecture independent components:
http://security.debian.org/pool/updates/main/a/awstats/awstats_6.4-1sarge3_all.deb
Size/MD5 checksum: 728706
395a9e5acb69dcc50da9cf88ed9a89da
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 1076-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
May 26th, 2006 http://www.debian.org/security/faq
Package : lynx
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2004-1617
BugTraq ID : 11443
Debian Bug : 296340
Michal Zalewski discovered that lynx, the popular text-mode WWW
Browser, is not able to grok invalid HTML including a TEXTAREA tag
with a large COLS value and a large tag name in an element that is
not terminated, and loops forever trying to render the broken
HTML.
For the old stable distribution (woody) this problem has been
fixed in version 2.8.4.1b-3.4.
For the stable distribution (sarge) this problem has been fixed
in version 2.8.5-2sarge2.
For the unstable distribution (sid) this problem has been fixed
in version 2.8.5-2sarge2.
We recommend that you upgrade your lynx package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4.dsc
Size/MD5 checksum: 581
a9853909c61c5ef2fcc8868599f9b875
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4.diff.gz
Size/MD5 checksum: 16334
74bce8912c28f979c33055a012cf29d6
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b.orig.tar.gz
Size/MD5 checksum: 2557510
053a10f76b871e3944c11c7776da7f7a
Alpha architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_alpha.deb
Size/MD5 checksum: 1610344
3e1ec04a0c6532506519e8051a0067b6
ARM architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_arm.deb
Size/MD5 checksum: 1487906
a06ad20f4d8a0ce1cc0d59a0dfa24e9b
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_i386.deb
Size/MD5 checksum: 1444914
cb6449afd1e3029d06606bf823e0f064
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_ia64.deb
Size/MD5 checksum: 1762966
cb0b05d5cb148372fd2cd3d2e99843cc
HP Precision architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_hppa.deb
Size/MD5 checksum: 1555454
79392b2914654a7d4519247d9584e816
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_m68k.deb
Size/MD5 checksum: 1405980
1df4dff2fc4191ee512811e0ac42c361
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_mips.deb
Size/MD5 checksum: 1508022
d5b58fc5611b1ea1d37bc5a1034478f1
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_mipsel.deb
Size/MD5 checksum: 1504120
1078ef11583d9664fecd2d9d5712ecad
PowerPC architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_powerpc.deb
Size/MD5 checksum: 1491256
2967d2f0c3a722b4b42a2b06510aabcc
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_s390.deb
Size/MD5 checksum: 1463536
5a5692d6d572ef301d052e7e8c62d004
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_sparc.deb
Size/MD5 checksum: 1492926
6bb21df62a773736a1f694cedacea3de
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2.dsc
Size/MD5 checksum: 616
241c00a777c333b7270d8dbdaa4ad210
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2.diff.gz
Size/MD5 checksum: 17357
22b394977569bbeda207bfb5bcb42175
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5.orig.tar.gz
Size/MD5 checksum: 2984352
5f516a10596bd52c677f9bfd9579bc28
Alpha architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_alpha.deb
Size/MD5 checksum: 1994618
4a23d6234470f59a47100bcd13d18a51
AMD64 architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_amd64.deb
Size/MD5 checksum: 1881876
046312043fffdbcf5ad218074e21e119
ARM architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_arm.deb
Size/MD5 checksum: 1853176
0d33e5835a479accab8c3282cdc19c14
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_i386.deb
Size/MD5 checksum: 1854894
1e525c61aac1e0fac0ddad4d9e15d8f6
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_ia64.deb
Size/MD5 checksum: 2128572
78bfa4c383e41d352b67595da80904c9
HP Precision architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_hppa.deb
Size/MD5 checksum: 1909746
371fb69c98ff2e510861ba210ec11bda
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_m68k.deb
Size/MD5 checksum: 1780836
bdf8b0d6a711cf21202ef86189cfb8bf
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_mips.deb
Size/MD5 checksum: 1894118
9be5baba4f5e3f99b618553c4252b289
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_mipsel.deb
Size/MD5 checksum: 1889604
11840739365387bb4741099f9310c77c
PowerPC architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_powerpc.deb
Size/MD5 checksum: 1878302
4885a52c8ad1992335f5c9f87ef522cf
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_s390.deb
Size/MD5 checksum: 1866982
8125a8d85817c29d3984fdb2d2ac4df6
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_sparc.deb
Size/MD5 checksum: 1861484
407b283a4c8656a0ef1a5935780c8204
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 1077-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
May 26th, 2006 http://www.debian.org/security/faq
Package : lynx-ssl
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2004-1617
BugTraq ID : 11443
Debian Bug : 296340
Michal Zalewski discovered that lynx, the popular text-mode WWW
Browser, is not able to grok invalid HTML including a TEXTAREA tag
with a large COLS value and a large tag name in an element that is
not terminated, and loops forever trying to render the broken HTML.
The same code is present in lynx-ssl.
For the old stable distribution (woody) this problem has been
fixed in version 2.8.4.1b-3.3.
The stable distribution (sarge) does not contain lynx-ssl
packages anymore.
The unstable distribution (sid) does not contain lynx-ssl
packages anymore.
We recommend that you upgrade your lynx-ssl package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3.dsc
Size/MD5 checksum: 611
7ee1218eb5536e5a79b644dd7b56af53
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3.diff.gz
Size/MD5 checksum: 89483
c46454ac050fff129e77eb0f4b151517
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b.orig.tar.gz
Size/MD5 checksum: 2557510
053a10f76b871e3944c11c7776da7f7a
Alpha architecture:
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_alpha.deb
Size/MD5 checksum: 1617522
9dd7997b45df6331c660e2afca324840
ARM architecture:
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_arm.deb
Size/MD5 checksum: 1491938
de3a7656d192e5bca1cb9d3bd1ff84ff
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_i386.deb
Size/MD5 checksum: 1450298
ef8c2a423c1530b21a79a834776abba7
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_ia64.deb
Size/MD5 checksum: 1769276
ad79ec138883ce575cb528346fb7b074
HP Precision architecture:
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_hppa.deb
Size/MD5 checksum: 1559678
4e725d8701a1721784d490f000da3199
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_m68k.deb
Size/MD5 checksum: 1410804
f8a1018bc195fc4972cff586e9694163
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_mips.deb
Size/MD5 checksum: 1512074
5c395f3cbda76895a061e79913633853
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_mipsel.deb
Size/MD5 checksum: 1508018
ead159d28f1fb4a60f25e077e4c122f0
PowerPC architecture:
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_powerpc.deb
Size/MD5 checksum: 1497258
512c921d1ef663439d51b4ba7cc203ef
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_s390.deb
Size/MD5 checksum: 1468830
7ccab81df77cd4ffd0553707adf820a6
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_sparc.deb
Size/MD5 checksum: 1497292
40f28922fce6ad486d5c46c56fa822f1
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 1078-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
May 27th, 2006 http://www.debian.org/security/faq
Package : tiff
Vulnerability : out-of-bounds read
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2006-2120
BugTraq ID : 17809
Debian Bug : 366588
Andrey Kiselev discovered a problem in the TIFF library that may
allow an attacker with a specially crafted TIFF image with Yr/Yg/Yb
values that exceed the YCR/YCG/YCB values to crash the library and
hence the surrounding application.
The old stable distribution (woody) is not affected by this
problem.
For the stable distribution (sarge) this problem has been fixed
in version 3.7.2-4.
The unstable distribution (sid) is not affected by this
problem.
We recommend that you upgrade your tiff packages and restart the
programs using it.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-4.dsc
Size/MD5 checksum: 736
e0021d24806e337d1fbb1f07de784ba2
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-4.diff.gz
Size/MD5 checksum: 11234
cca061e95cccee07e8536d0c019e466c
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2.orig.tar.gz
Size/MD5 checksum: 1252995
221679f6d5c15670b3c242cbfff79a00
Alpha architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_alpha.deb
Size/MD5 checksum: 46854
d9bfc8b23ef18313f418a6428a997ab3
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_alpha.deb
Size/MD5 checksum: 243572
cfc1c2e69fd26f6fd00e80fc2060e214
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_alpha.deb
Size/MD5 checksum: 478314
f169fa8a48b6e88fc0caea7d55fdcf04
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_alpha.deb
Size/MD5 checksum: 309820
ff5d90bfd292db105f8613d618124084
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_alpha.deb
Size/MD5 checksum: 40962
d5a3d88cb65ccde5243a576de9f32801
AMD64 architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_amd64.deb
Size/MD5 checksum: 45776
3dcbd8b4f6738375e596faf777a4f824
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_amd64.deb
Size/MD5 checksum: 217792
ed3b23887f2406380aecf5c87f0ca471
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_amd64.deb
Size/MD5 checksum: 459322
1b5e6430f73c9862a6771a5f48fe82f8
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_amd64.deb
Size/MD5 checksum: 266904
814c8a97e386f73def4ed6612e2dbbf6
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_amd64.deb
Size/MD5 checksum: 40548
8bd17da7fc319403082125b6b16d8e05
ARM architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_arm.deb
Size/MD5 checksum: 45296
db835b005471c02c8e70f9307f575799
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_arm.deb
Size/MD5 checksum: 208400
c257593052a9b59bf4a8ce0f002c7648
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_arm.deb
Size/MD5 checksum: 453488
32f3da61807b63176b0867b196c8e737
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_arm.deb
Size/MD5 checksum: 265160
1be7d1c3ad694b68d29fa545e901b56e
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_arm.deb
Size/MD5 checksum: 40030
7c9131c151c161977d1b7fa5976e691e
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_i386.deb
Size/MD5 checksum: 45132
1fc191c2b6c8439a5d4679790770191b
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_i386.deb
Size/MD5 checksum: 206130
7f5797ca49fe57dd94b5a1f017e40665
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_i386.deb
Size/MD5 checksum: 452520
a1d15c07bef2bc43d64e9e934e2bb156
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_i386.deb
Size/MD5 checksum: 251650
2f5aaeae03e06396d277d537b3bce2ba
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_i386.deb
Size/MD5 checksum: 40582
461d11f346fa421e48c3b5de8873a3d0
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_ia64.deb
Size/MD5 checksum: 48250
3ecaec89588a5d8d76fb870f57272d24
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_ia64.deb
Size/MD5 checksum: 268880
5ee821331c1b69fcf1ab5730292886a5
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_ia64.deb
Size/MD5 checksum: 511114
3509eed54bbd43554dd230e70f785660
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_ia64.deb
Size/MD5 checksum: 330812
fc93932aa45b25f04f215364c5bb304a
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_ia64.deb
Size/MD5 checksum: 42172
ceb9f32b06db1abe66bb7a4d6d433dcf
HP Precision architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_hppa.deb
Size/MD5 checksum: 41814
767e8a29ea8e12fad3bd508acb0cc3ed
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_hppa.deb
Size/MD5 checksum: 230076
4b841231ed80cacd9b0c49170bf15a97
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_hppa.deb
Size/MD5 checksum: 473032
c97e959fedf65c3dc45a3b0ac20a111f
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_hppa.deb
Size/MD5 checksum: 281566
7f00d2017a1ead25083a775b9a14bf92
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_hppa.deb
Size/MD5 checksum: 41230
d66a6ec6d56eab8abd045a1af38ac41c
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_m68k.deb
Size/MD5 checksum: 45148
71ce37b7ab06f65c85d3e3df96df4629
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_m68k.deb
Size/MD5 checksum: 193400
3dddfa40c162c52a68f7bb408f120a43
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_m68k.deb
Size/MD5 checksum: 442684
f7c40c9c6ef836bf2355a127a7ee0427
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_m68k.deb
Size/MD5 checksum: 234430
97bc16b9a0c118354244195626b4c41f
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_m68k.deb
Size/MD5 checksum: 40194
7595030ca4135f7119bb3129b0932ea9
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_mips.deb
Size/MD5 checksum: 46040
107792cc52f67039d7052d45f24aac70
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_mips.deb
Size/MD5 checksum: 252122
f81805bf9f8a009a56d9527fc46b33fe
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_mips.deb
Size/MD5 checksum: 458562
70444e106a768d8833ddaa02eceff020
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_mips.deb
Size/MD5 checksum: 280456
e8610464e76cecdb9a99bb0c0c013567
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_mips.deb
Size/MD5 checksum: 40822
cb372f45ca6c88d866f757e1a4c01929
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_mipsel.deb
Size/MD5 checksum: 46002
a5300e63a5566259670cd1327c451771
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_mipsel.deb
Size/MD5 checksum: 252594
386bedb09b018f558e54b05c3525aa55
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_mipsel.deb
Size/MD5 checksum: 458910
10053a120d4c5565e844dd6e90ee238b
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_mipsel.deb
Size/MD5 checksum: 280324
ae4d54a959ce4b4c572f2403ead36c6d
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_mipsel.deb
Size/MD5 checksum: 40798
1c05b23e49ccd41db8f4d9c876e2e36c
PowerPC architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_powerpc.deb
Size/MD5 checksum: 47210
fe939778aa55beafd89336df1b3c322e
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_powerpc.deb
Size/MD5 checksum: 235362
defadd716ddb33d75ba14000cdbe0076
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_powerpc.deb
Size/MD5 checksum: 460564
566779844370fed3702c02b4416dba49
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_powerpc.deb
Size/MD5 checksum: 272002
3a34ea3b3eb8691d5e2679d0fa6247e6
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_powerpc.deb
Size/MD5 checksum: 42394
0193c740ac4c629eb3c80ce28f3cfb11
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_s390.deb
Size/MD5 checksum: 46166
ea2bda56e24b29c06d91e3bd1c63cff7
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_s390.deb
Size/MD5 checksum: 213746
211d29444ac8596b177f40a650a4bee2
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_s390.deb
Size/MD5 checksum: 465962
c465a95587ba28c39a0bc213f04a2b18
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_s390.deb
Size/MD5 checksum: 266682
bdeb0f604b6a6c6420f94defb9a0d930
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_s390.deb
Size/MD5 checksum: 40812
e5b76ee32d41a8094cfde0af0566356b
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_sparc.deb
Size/MD5 checksum: 45466
c798e777f7714a44a8c25747ee34f94c
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_sparc.deb
Size/MD5 checksum: 205304
766577556058b3a3387ae82a1139f4e5
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_sparc.deb
Size/MD5 checksum: 454738
b8b94ac00a5a78f5aad3b8c0f8c13a7d
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_sparc.deb
Size/MD5 checksum: 257860
64d54fae38c0647f0fab3b5127432a29
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_sparc.deb
Size/MD5 checksum: 40540
543e3e614f20101d54ebe9aacf6a4cbf
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 1079-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
May 29th, 2006 http://www.debian.org/security/faq
Package : mysql-dfsg
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-0903 CVE-2006-1516 CVE-2006-1517
CVE-2006-1518
CERT advisory : VU#602457
BugTraq IDs : 16850 17780
Debian Bugs : 366044 366049 366163
Several vulnerabilities have been discovered in MySQL, a popular
SQL database. The Common Vulnerabilities and Exposures Project
identifies the following problems:
CVE-2006-0903
Improper handling of SQL queries containing the NULL character
allow local users to bypass logging mechanisms.
CVE-2006-1516
Usernames without a trailing null byte allow remote attackers to
read portions of memory.
CVE-2006-1517
A request with an incorrect packet length allows remote
attackers to obtain sensitive information.
CVE-2006-1518
Specially crafted request packets with invalid length values
allow the execution of arbitrary code.
The following vulnerability matrix shows which version of MySQL
in which distribution has this problem fixed:
woody | sarge | sid | |
mysql | 3.23.49-8.15 | n/a | n/a |
mysql-dfsg | n/a | 4.0.24-10sarge2 | n/a |
mysql-dfsg-4.1 | n/a | 4.1.11a-4sarge3 | n/a |
mysql-dfsg-5.0 | n/a | n/a | 5.0.21-3 |
We recommend that you upgrade your mysql packages.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10sarge2.dsc
Size/MD5 checksum: 966
42f14bb83f832f0f88bdabb317f62df8
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10sarge2.diff.gz
Size/MD5 checksum: 98938
9aaf7d794c14faa63a05d7630f683383
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24.orig.tar.gz
Size/MD5 checksum: 9923794
aed8f335795a359f32492159e3edfaa3
Architecture independent components:
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-common_4.0.24-10sarge2_all.deb
Size/MD5 checksum: 34566
f4aa726f5f9ec79e42799a40faabcf17
Alpha architecture:
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_alpha.deb
Size/MD5 checksum: 356730
97904c2a773bc61c643e4dce283a2862
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_alpha.deb
Size/MD5 checksum: 4533478
8edafbc553d062864c4bb17cbca3211b
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_alpha.deb
Size/MD5 checksum: 520712
5883aef348e2eb1321b21051cdd604be
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_alpha.deb
Size/MD5 checksum: 4890620
824e4c4c078ef73612fccbea7e209651
AMD64 architecture:
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_amd64.deb
Size/MD5 checksum: 309490
c7943142f1f618987c87073c5893174e
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_amd64.deb
Size/MD5 checksum: 3182676
e62cc19620500c5430447978b7e645c6
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_amd64.deb
Size/MD5 checksum: 434022
55e3f43e8ac136951fc1b679df820cd1
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_amd64.deb
Size/MD5 checksum: 3878414
5ab561357abca1720b9942c9f8e78a4e
ARM architecture:
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_arm.deb
Size/MD5 checksum: 288180
6869739c00a8151a181ec8cfffe1ec70
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_arm.deb
Size/MD5 checksum: 2848430
945158edc0fba528a04f98170fe55921
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_arm.deb
Size/MD5 checksum: 414176
8ecea50cf576d50bd5ceb6424915da52
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_arm.deb
Size/MD5 checksum: 3482538
ae6cb51798ea91d7b6009dcd80a55e43
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_i386.deb
Size/MD5 checksum: 296570
7cdd0f7a094215ab98249514031ef9a0
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_i386.deb
Size/MD5 checksum: 2922132
84cffb8467493bcf0cf49ef3a21caa67
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_i386.deb
Size/MD5 checksum: 415162
7bb2bfd6b9853d51abbf958eeed5b23f
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_i386.deb
Size/MD5 checksum: 3645982
b2d2991bee2e019a45cbaa39fa7e9f6b
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_ia64.deb
Size/MD5 checksum: 395396
b03b6af8b0e21c8e80bbc8d2ef5c7817
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_ia64.deb
Size/MD5 checksum: 4472590
aa5afd6648c2034fd0d254100e2e42fc
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_ia64.deb
Size/MD5 checksum: 562984
e357eebc432a81d9f8f4c94f365528d4
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_ia64.deb
Size/MD5 checksum: 5328582
1f528438e2282f4b51c13932d70875fd
HP Precision architecture:
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_hppa.deb
Size/MD5 checksum: 329948
864b11f30e86d7d2921caeda238f22f9
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_hppa.deb
Size/MD5 checksum: 3314390
12c74247254b89c93dc5aecf74c3249f
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_hppa.deb
Size/MD5 checksum: 456078
cf903d0dcb745d67f4ad66ad3a4b66f2
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_hppa.deb
Size/MD5 checksum: 3947304
f8feb350cc9a6db2979d215ea6735bda
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_m68k.deb
Size/MD5 checksum: 279504
9a202261b9627190d15ab5bb7e98d0e2
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_m68k.deb
Size/MD5 checksum: 2665612
e49f8b011912473604c9df82047fd244
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_m68k.deb
Size/MD5 checksum: 390304
d04f65d12c590a0239408e3293c80714
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_m68k.deb
Size/MD5 checksum: 3293046
8a049030853d08742488a1e4dabc504d
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_mips.deb
Size/MD5 checksum: 314170
41c279180276fcf8effa8573fe75a158
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_mips.deb
Size/MD5 checksum: 3182296
f9fe3b82095434f04871092f1431d2d1
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_mips.deb
Size/MD5 checksum: 457290
19243ed43a65f65a3dee76657274f365
http://security.debian.org/pool/updates/main/m/my