Home Security

Advisories, May 9, 2006

By

May 10, 2006

Debian GNU/Linux

Debian Security Advisory DSA 1053-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
May 9th, 2006 http://www.debian.org/security/faq

Package : mozilla
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-1993
CERT advisory : VU#866300
BugTraq ID : 17671

Martijn Wargers and Nick Mott described crashes of Mozilla due
to the use of a deleted controller context. In theory this could be
abused to execute malicious code.

For the stable distribution (sarge) this problem has been fixed
in version 1.7.8-1sarge6.

For the unstable distribution (sid) this problem will be fixed
soon.

We recommend that you upgrade your mozilla packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6.dsc

Size/MD5 checksum: 1123
46496c13d9bbf31e70a30a75c7c036c5
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6.diff.gz

Size/MD5 checksum: 473137
2558004214b55808e0b0fe068b65848d
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz

Size/MD5 checksum: 30589520
13c0f0331617748426679e8f2e9f537a

Alpha architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_alpha.deb

Size/MD5 checksum: 168072
fd51a6032a4038644185ba42d76612cd
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_alpha.deb

Size/MD5 checksum: 146398
99802c860372f1144c96b82025352f50
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_alpha.deb

Size/MD5 checksum: 184934
7a7fff15ff1cc8baa45010da2bf5d806
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_alpha.deb

Size/MD5 checksum: 856004
e409a2fe8da3f0215ffe3637adfdbfbe
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_alpha.deb

Size/MD5 checksum: 1034
2cb3fd1f941e797f8adfd14ad9e7e1d6
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_alpha.deb

Size/MD5 checksum: 11477506
f5360780f7f66e9f6ba9eecc3af988c9
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_alpha.deb

Size/MD5 checksum: 403270
55f1e5834e4135c2aff95d6fe650a9dc
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_alpha.deb

Size/MD5 checksum: 158334
15707b9920fd1231d8e3c24558c5ac1e
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_alpha.deb

Size/MD5 checksum: 3357278
9e9ea74c8c227f387062ce356ca058cb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_alpha.deb

Size/MD5 checksum: 122288
c332dc61330339af10c92de993c2fd4f
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_alpha.deb

Size/MD5 checksum: 204150
36b4a2719823507b9bb058299e3e053e
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_alpha.deb

Size/MD5 checksum: 1937080
51e2db56a854c04d2b6fa0fb3285c528
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_alpha.deb

Size/MD5 checksum: 212400
6044a9f0baa8723ee74e82eb170d1939

AMD64 architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_amd64.deb

Size/MD5 checksum: 168076
d9afd6f232ed5c716dd4a0c2e771a355
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_amd64.deb

Size/MD5 checksum: 145530
c162ca0375ff9316bd4e9fc9158e6483
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_amd64.deb

Size/MD5 checksum: 184942
5cdc83d3c9b6cfa39100736aab2a5cb5
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_amd64.deb

Size/MD5 checksum: 714382
0f002b28b068e483fd31e3ea54540e6b
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_amd64.deb

Size/MD5 checksum: 1038
ad8d53c0e52ebb58a430a743ffb4f2b5
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_amd64.deb

Size/MD5 checksum: 10945894
9fa739e52dee0153b376cd2d5c8844e9
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_amd64.deb

Size/MD5 checksum: 403286
a2245c4e556b3f17623bc830d44061d7
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_amd64.deb

Size/MD5 checksum: 158326
3dedb0e836b39da2504d907c5ffdbd3d
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_amd64.deb

Size/MD5 checksum: 3351334
a6e589be976a34845954d988c57dda5b
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_amd64.deb

Size/MD5 checksum: 121186
88a81d81454871acdabe23c83642821b
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_amd64.deb

Size/MD5 checksum: 204154
1d9a676728b24b50657af17620bd904e
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_amd64.deb

Size/MD5 checksum: 1936016
f00575de568e089909a57d19ae6c165d
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_amd64.deb

Size/MD5 checksum: 204346
32e7a762c21f5e649ba41c1cdc36f0a1

ARM architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_arm.deb

Size/MD5 checksum: 168074
1e5df434f469fa0c069ebf4542de9181
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_arm.deb

Size/MD5 checksum: 123890
e232f965819d40d1d9466d1f942706a1
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_arm.deb

Size/MD5 checksum: 184960
0565cf1cdf465d01a5d4384a865ef133
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_arm.deb

Size/MD5 checksum: 631594
274eb11303d3cc9679b2296895bb6177
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_arm.deb

Size/MD5 checksum: 1034
248191bf66bc183f4197855d2dd51441
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_arm.deb

Size/MD5 checksum: 9206762
4dff840978b6a8aaf9b9c18a8ac3d312
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_arm.deb

Size/MD5 checksum: 403310
173d3e4bff6c5d8469fb4eaa7de5c633
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_arm.deb

Size/MD5 checksum: 158346
f5984d5da46a0bb547ad1b76824279cc
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_arm.deb

Size/MD5 checksum: 3340792
6a7e72da2379a3c189739a6d92cf4c8e
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_arm.deb

Size/MD5 checksum: 112682
8979756e8d46faa7753bdc9ec87d08fb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_arm.deb

Size/MD5 checksum: 204154
3a3e87e18613d570bc1e9da12d637d86
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_arm.deb

Size/MD5 checksum: 1604408
35dec28401469095d9d17f13b2e40c60
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_arm.deb

Size/MD5 checksum: 168868
b5205334331c55a7cccd1f3604f1832f

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_i386.deb

Size/MD5 checksum: 170348
e1bc96a4ddd122975a8f4aaa3cf98173
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_i386.deb

Size/MD5 checksum: 136366
4ed5d5de40d9428451612c5262fbe620
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_i386.deb

Size/MD5 checksum: 187134
17ab055df354df90b4bf70fa9e1556d3
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_i386.deb

Size/MD5 checksum: 661130
4484cdea9f8c86fdadba37a4887dd8d0
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_i386.deb

Size/MD5 checksum: 1036
5fa7cf89b623e35e5686f9ec49f76742
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_i386.deb

Size/MD5 checksum: 10333018
028d1e2fb75728baa620856540e782cb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_i386.deb

Size/MD5 checksum: 403510
cccbd195c56e7d1935a02e95e1a7c651
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_i386.deb

Size/MD5 checksum: 158352
2f9157bc2301b72aa7c4bbcd97f5db5c
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_i386.deb

Size/MD5 checksum: 3592516
5b5b42a891ae39581e5f3e66eaf29085
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_i386.deb

Size/MD5 checksum: 116682
e776421a5ea762c1b933f302c45d87bb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_i386.deb

Size/MD5 checksum: 204166
a6f15974e674118ab0847c121d761f0c
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_i386.deb

Size/MD5 checksum: 1816048
7a9335c376f3df9b730073e11bea4fe1
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_i386.deb

Size/MD5 checksum: 192636
dbec79d2e9edb833196c1e6dc8c4ca64

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_ia64.deb

Size/MD5 checksum: 168056
5ded9fba54f701543368903b5f8ab563
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_ia64.deb

Size/MD5 checksum: 173902
4eb9bab760f09379733393f8689050ac
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_ia64.deb

Size/MD5 checksum: 184940
26a6d6f1ed2b5a61fc41e644d5f4d3e9
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_ia64.deb

Size/MD5 checksum: 966314
ecfe259cb1c6a47fdd4ff01316c743e7
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_ia64.deb

Size/MD5 checksum: 1034
bc8c91625c1f5256d83a93801792100d
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_ia64.deb

Size/MD5 checksum: 12942916
667732b8b16db84bc4584f4c91af9519
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_ia64.deb

Size/MD5 checksum: 403262
2d17185a555f01eede7e6c96a187403e
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_ia64.deb

Size/MD5 checksum: 158326
19cf2fb90d3caa5f15476ae0faf98f8d
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_ia64.deb

Size/MD5 checksum: 3377068
761e0c9161590d030efcef70d4583e1f
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_ia64.deb

Size/MD5 checksum: 125590
018d272c97ae4fcbf680966d197cf85b
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_ia64.deb

Size/MD5 checksum: 204146
b1784652eef38d2b7affd09537630b39
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_ia64.deb

Size/MD5 checksum: 2302194
5bce4fb8583a8702c3eb2ab81567a882
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_ia64.deb

Size/MD5 checksum: 242672
1e9a6ee92e76736e3dd0a0da3237f160

HP Precision architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_hppa.deb

Size/MD5 checksum: 168076
d604fdbe94f09400aac43c7b0ca1d85e
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_hppa.deb

Size/MD5 checksum: 156466
2aaaf6fed027b73b2403f7e808a50b63
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_hppa.deb

Size/MD5 checksum: 184940
b88c9e1a659d82959315c2bb43982065
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_hppa.deb

Size/MD5 checksum: 754330
c345a7bbbc5b8363c110823e8c1a4cb0
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_hppa.deb

Size/MD5 checksum: 1038
382fcc9b41aa657f7f49f742292f3073
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_hppa.deb

Size/MD5 checksum: 12163096
ca4c3161cda013934910efbdb24949b0
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_hppa.deb

Size/MD5 checksum: 403290
3082c15be3a578867fbd164fe11e4c02
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_hppa.deb

Size/MD5 checksum: 158342
5e696aa2191b2fd14bee3a3f2b906fa9
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_hppa.deb

Size/MD5 checksum: 3357748
5ce31c0589fdb05c43cc627e626526cb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_hppa.deb

Size/MD5 checksum: 123524
3c8ea2bfd915bd1a95c37921bbe5a8ef
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_hppa.deb

Size/MD5 checksum: 204152
7db51695f6612529f36b5b94a0441388
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_hppa.deb

Size/MD5 checksum: 2135134
cd17baa6b30430e6f22188b43fc35212
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_hppa.deb

Size/MD5 checksum: 216156
d3f0edc4cfbb6c0b4740800696b3745a

Motorola 680×0 architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_m68k.deb

Size/MD5 checksum: 168084
2828179c6f90ff81627e886c59e8ce93
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_m68k.deb

Size/MD5 checksum: 125556
041d0b731b29dd92b7657ea7cb8700dc
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_m68k.deb

Size/MD5 checksum: 184988
c58e6af12d16335b0087b24762da2362
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_m68k.deb

Size/MD5 checksum: 599662
e97a96943dec77a3c41c344e511529c4
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_m68k.deb

Size/MD5 checksum: 1042
e3b3b654e4562aca7eb54320aa86f2db
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_m68k.deb

Size/MD5 checksum: 9703552
b0d3087fa3f53fa64ad6b832311ab91a
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_m68k.deb

Size/MD5 checksum: 403328
de4624633b94d423dc99997a6b39cc49
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_m68k.deb

Size/MD5 checksum: 158386
436b3cb1b221adc10d3f4f91487fb95d
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_m68k.deb

Size/MD5 checksum: 3335452
3e0afe82ab5c85df86c17898b912404d
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_m68k.deb

Size/MD5 checksum: 114448
d03b348963414a569222b502560d3b3b
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_m68k.deb

Size/MD5 checksum: 204182
ceba6c2491ac7ca1e90a3068781516dd
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_m68k.deb

Size/MD5 checksum: 1683028
9df65956b8aedd47511ca513d9f7c392
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_m68k.deb

Size/MD5 checksum: 174744
21601ec5747654e997bcf31a9dd5ca62

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_mips.deb

Size/MD5 checksum: 168068
29c3a6d84037031a7e2260f14c582bb0
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_mips.deb

Size/MD5 checksum: 140430
d4d5742d214ef356d92b47f7db08e8b2
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_mips.deb

Size/MD5 checksum: 184944
0b8b31b9ecffb3ebb250842f70fc6c77
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_mips.deb

Size/MD5 checksum: 725406
2fe07024db285b88558c01519186e97c
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_mips.deb

Size/MD5 checksum: 1036
039c4d29321b32b30da6e17938bacbd4
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_mips.deb

Size/MD5 checksum: 10728064
03b0df29956a41290f80999e902a8296
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_mips.deb

Size/MD5 checksum: 403300
3b917495fcbc728d29cc80cb40d8e34e
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_mips.deb

Size/MD5 checksum: 158338
a4a0966a627b0faa510b957b4980fa16
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_mips.deb

Size/MD5 checksum: 3357314
c844c405881b9780db90aadf12e7c6db
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_mips.deb

Size/MD5 checksum: 117616
cc7b51b151dddc8e9f2167f5b356861a
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_mips.deb

Size/MD5 checksum: 204160
a46d2a84ac1ac355e5f61a18bad6b670
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_mips.deb

Size/MD5 checksum: 1795496
d4d4aedcba5c7c34a0098796b41703ce
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_mips.deb

Size/MD5 checksum: 189884
9f44f232b5d5f21e48d26fd64c0966c5

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_mipsel.deb

Size/MD5 checksum: 168076
0d912618b7df98b61713412291481d16
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_mipsel.deb

Size/MD5 checksum: 140390
c1c97fa9fd4c2d6f18aba1423d8c1f6e
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_mipsel.deb

Size/MD5 checksum: 184958
d8ee579e95af3094fd549eeccdc9769c
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_mipsel.deb

Size/MD5 checksum: 714850
47d195b6c0fc034c9d0fb3b749a21893
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_mipsel.deb

Size/MD5 checksum: 1038
b81d1b3b5a657c12a4e1e5930702bcc0
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_mipsel.deb

Size/MD5 checksum: 10603054
043a8b3c3b55a1318797c4e9447b6e1b
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_mipsel.deb

Size/MD5 checksum: 403306
a3ea4cd5e04b63d76d1d6a15f4828677
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_mipsel.deb

Size/MD5 checksum: 158356
362126c740ec2bbf84d2d64d7eb9d5b5
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_mipsel.deb

Size/MD5 checksum: 3357908
bbb658b5f77111eb36f82ae536f5e290
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_mipsel.deb

Size/MD5 checksum: 117206
e457c383ca6da670616cf0f53c8d1e97
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_mipsel.deb

Size/MD5 checksum: 204164
1adab829fb96ecd09b6cd37428b63ea4
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_mipsel.deb

Size/MD5 checksum: 1777568
189e91cd5722dbffb02307325d42d933
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_mipsel.deb

Size/MD5 checksum: 187434
53d610ef976324813135bc014abcf0c7

PowerPC architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_powerpc.deb

Size/MD5 checksum: 168074
6adc6fc90aa9ed991a3fe0f44ba9cf6b
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_powerpc.deb

Size/MD5 checksum: 130898
57a336d8e4a99a12bef99dbb0cc29b9f
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_powerpc.deb

Size/MD5 checksum: 184934
4b4628bf889e47d4f771c219c3699816
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_powerpc.deb

Size/MD5 checksum: 718600
8f9cd2cb3793558ffcefa81554534c6e
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_powerpc.deb

Size/MD5 checksum: 1034
c6f56998ae1a67f12a824c25c710356f
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_powerpc.deb

Size/MD5 checksum: 9702898
e640803c722e44bf1893e6adae9594fa
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_powerpc.deb

Size/MD5 checksum: 403284
03dd1f7da767f52e3cd9687e67b36a65
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_powerpc.deb

Size/MD5 checksum: 158334
3c1805cf8aff1f18f4bfbc4296e8425e
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_powerpc.deb

Size/MD5 checksum: 3339648
dd290b0471fab52733fc0d478be82e1a
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_powerpc.deb

Size/MD5 checksum: 114588
9665d6ace8e42e6cdaec57b9c2b2ed42
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_powerpc.deb

Size/MD5 checksum: 204160
619e6806cb2252979deb912081da75e6
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_powerpc.deb

Size/MD5 checksum: 1642980
15ad96270ea756471daba8330fbf3aa4
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_powerpc.deb

Size/MD5 checksum: 175664
0ab0c49b4a261f3b09d190e554a77f67

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_s390.deb

Size/MD5 checksum: 168076
74c3fdfdb043dade2ff387e4fbf312da
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_s390.deb

Size/MD5 checksum: 156208
23c8e2acb419c70aa10d8f5d7c491c33
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_s390.deb

Size/MD5 checksum: 184932
fc38cbadb10990b87f70e069f501cc21
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_s390.deb

Size/MD5 checksum: 798594
cf5a50b4b93384cec5174d262b9c6040
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_s390.deb

Size/MD5 checksum: 1038
25acca7f96f3bf92c64bbfd94800a05f
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_s390.deb

Size/MD5 checksum: 11325218
27197c826f43411d8cc5f7fece043b95
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_s390.deb

Size/MD5 checksum: 403308
65996ca6b43d6b0f0f2c1efd351e4daa
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_s390.deb

Size/MD5 checksum: 158350
e8ff0cee0271ab591822eafec2469a80
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_s390.deb

Size/MD5 checksum: 3352164
3826b426e54de0471d91292a3f87c1e9
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_s390.deb

Size/MD5 checksum: 121350
e1a7149c57ca36d3f9a00ab95770ca8b
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_s390.deb

Size/MD5 checksum: 204168
11c161fd88b404cb2f30ac9b58d1ded3
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_s390.deb

Size/MD5 checksum: 1944710
cdc344d61faf3851759e530a5efd6fdb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_s390.deb

Size/MD5 checksum: 213436
975ec193e66982ac318c0ba118c3569e

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_sparc.deb

Size/MD5 checksum: 168072
e6c720a04654e35f44956fb2d391837b
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_sparc.deb

Size/MD5 checksum: 128110
b2e3472a4a47ca88dc13adaa521baf8d
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_sparc.deb

Size/MD5 checksum: 184960
ffba73ff29a87999295dc32791b25bd5
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_sparc.deb

Size/MD5 checksum: 672374
a121a25eb35cc82dd3c073c47556f440
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_sparc.deb

Size/MD5 checksum: 1042
e27bf3a1491eb1b84547c19df1eed336
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_sparc.deb

Size/MD5 checksum: 9373052
c1d44b9f7c43734908825b07ac622d4d
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_sparc.deb

Size/MD5 checksum: 403274
616c663eb1b55f17e3b4e7e45e535696
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_sparc.deb

Size/MD5 checksum: 158338
436fa26f8f842fa09ae404c2bfb104d1
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_sparc.deb

Size/MD5 checksum: 3340712
0ed39d284b2a960ad6e4e6d726411629
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_sparc.deb

Size/MD5 checksum: 112516
4586fc8d6dc38b230741f3a4906d06be
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_sparc.deb

Size/MD5 checksum: 204154
0028c2a21bf254ab510d948d4f73579a
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_sparc.deb

Size/MD5 checksum: 1583738
d92f8d2a073e45efb6d65dc5b157107c
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_sparc.deb

Size/MD5 checksum: 168008
16a730934dd4914ca2a100b81f3ed3f4

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 1054-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
May 9th, 2006 http://www.debian.org/security/faq

Package : tiff
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CAN-2006-2024 CAN-2006-2025 CAN-2006-2026
BugTraq IDs : 17730 17732 17733

Tavis Ormandy discovered several vulnerabilities in the TIFF
library that can lead to a denial of service or the execution of
arbitrary code. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2006-2024

Multiple vulnerabilities allow attackers to cause a denial of
service.

CVE-2006-2025

An integer overflows allows attackers to cause a denial of
service and possibly execute arbitrary code.

CVE-2006-2026

A double-free vulnerability allows attackers to cause a denial
of service and possibly execute arbitrary code.

For the old stable distribution (woody) these problems have been
fixed in version 3.5.5-7woody1.

For the stable distribution (sarge) these problems have been
fixed in version 3.7.2-3sarge1.

For the unstable distribution (sid) these problems will be fixed
soon.

We recommend that you upgrade your libtiff packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7woody1.dsc

Size/MD5 checksum: 637
cf22045e1a49b2742c91b7f0a905adeb
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7woody1.diff.gz

Size/MD5 checksum: 38424
d087fb3914b10aef86959b9ed52ec955
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz

Size/MD5 checksum: 693641
3b7199ba793dec6ca88f38bb0c8cc4d8

Alpha architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_alpha.deb

Size/MD5 checksum: 141492
484fe914264072028ef4b02b97300ea8
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_alpha.deb

Size/MD5 checksum: 106130
65673af7006686eb2718f45abfb39130
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_alpha.deb

Size/MD5 checksum: 423888
2bc86fdbf9c751ac7173889e53d6ddcc

ARM architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_arm.deb

Size/MD5 checksum: 117008
1f272257c4987092ff80563840acd4e3
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_arm.deb

Size/MD5 checksum: 91560
e84fa486a3f25e69d7d6b093a8d890e4
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_arm.deb

Size/MD5 checksum: 404854
b709c95f40e52e4e1003dbf6e5c768f7

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_i386.deb

Size/MD5 checksum: 112074
0f9fb0719cb1ed7b5954b8c70d9c9049
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_i386.deb

Size/MD5 checksum: 82018
c8f11403adfa3ec5695d5468f56401b2
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_i386.deb

Size/MD5 checksum: 387406
1c2350b56c49cde7b899d6e8261397ec

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_ia64.deb

Size/MD5 checksum: 158788
883e3b5861f0f3610e6d1005ca760d3d
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_ia64.deb

Size/MD5 checksum: 136620
846e662216862a10e53e282a316400a6
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_ia64.deb

Size/MD5 checksum: 447038
73838b902a9dd1bb26146a397eb692db

HP Precision architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_hppa.deb

Size/MD5 checksum: 128282
eea419b6a514c4971d8cce8afe701b6e
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_hppa.deb

Size/MD5 checksum: 107664
b71f9194d14e10758a13259654fcc410
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_hppa.deb

Size/MD5 checksum: 420756
235956ededa69f803954040c8be01033

Motorola 680×0 architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtif

Complete Story

Previous articleNewsForge: My Desktop OS: PCLinuxOS 0.92

Next articleThe R Zone: Computer Stability Explained: Why Your Computer Crashes, And What You Can Do About It

Advisories, May 9, 2006

Debian GNU/Linux

Get the Free Newsletter!

Must Read

How to Debloat (or Swap) an Ubuntu System (Ultimate Guide)

6 Best Free and Open-Source Web Application Firewalls

Clonezilla Live Is Now Patched Against the XZ Backdoor, Powered by Linux 6.7

Pop!_OS’s COSMIC Pre-Alpha Shows Impressive Progress

Volla Tablet Launches on Kickstarter with Support for Ubuntu Touch

Our Brands