Debian Security Advisory DSA 1207-2 security@debian.org
http://www.debian.org/security/
Moritz Muehlenhoff
November 19th, 2006 http://www.debian.org/security/faq
Package : phpmyadmin
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-1678 CVE-2006-2418 CVE-2005-3621 CVE-2005-3665
CVE-2006-5116
Debian Bug : 339437 340438 362567 368082 391090
The phpmyadmin update in DSA 1207 introduced a regression. This
update corrects this flaw. For completeness, the original advisory
text below:
Several remote vulnerabilities have been discovered in
phpMyAdmin, a program to administrate MySQL over the web. The
Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2005-3621
CRLF injection vulnerability allows remote attackers to conduct
HTTP response splitting attacks.
CVE-2005-3665
Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary web script or HTML via the (1)
HTTP_HOST variable and (2) various scripts in the libraries
directory that handle header generation.
CVE-2006-1678
Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary web script or HTML via scripts in the
themes directory.
CVE-2006-2418
A cross-site scripting (XSS) vulnerability allows remote
attackers to inject arbitrary web script or HTML via the db
parameter of footer.inc.php.
CVE-2006-5116
A remote attacker could overwrite internal variables through the
_FILES global variable.
For the stable distribution (sarge) these problems have been
fixed in version 2.6.2-3sarge3.
For the upcoming stable release (etch) and unstable distribution
(sid) these problems have been fixed in version 2.9.0.3-1.
We recommend that you upgrade your phpmyadmin package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge3.dsc
Size/MD5 checksum: 604
32ee16f4370604bc150d93c5676fface
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge3.diff.gz
Size/MD5 checksum: 38520
f27c4b99bbdb3dc13fb71aef99749247
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2.orig.tar.gz
Size/MD5 checksum: 2654418
05e33121984824c43d94450af3edf267
Architecture independent components:
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge3_all.deb
Size/MD5 checksum: 2769182
00f14fb52a14546e92ece84c16cd249f
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA-1212-1 security@debian.org
http://www.debian.org/security/
Noah Meyerhans
November 15, 2006
Package : openssh (1:3.8.1p1-8.sarge.6)
Vulnerability : Denial of service
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2006-4924 CVE-2006-5051
BugTraq ID : 20216 20241
Debian Bug : 392428
Two denial of service vulnerabilities have been found in the
OpenSSH server.
CVE-2006-4924
The sshd support for ssh protcol version 1 does not properly
handle duplicate incoming blocks. This could allow a remote
attacker to cause sshd to consume significant CPU resources leading
to a denial of service.
CVE-2006-5051
A signal handler race condition could potentially allow a remote
attacker to crash sshd and could theoretically lead to the ability
to execute arbitrary code.
For the stable distribution (sarge), these problems have been
fixed in version 1:3.8.1p1-8.sarge.6
For the unstable and testing distributions, these problems have
been fixed in version 1:4.3p2-4
We recommend that you upgrade your openssh package.
Upgrade instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian 3.1 (stable)
Stable updates are available for alpha, amd64, arm, hppa, i386,
ia64, m68k, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/o/openssh/openssh_3.8.1p1-8.sarge.6.dsc
Size/MD5 checksum: 842
b58f3585c4ce713f58096cc8f86e4550
http://security.debian.org/pool/updates/main/o/openssh/openssh_3.8.1p1.orig.tar.gz
Size/MD5 checksum: 795948
9ce6f2fa5b2931ce2c4c25f3af9ad50d
http://security.debian.org/pool/updates/main/o/openssh/openssh_3.8.1p1-8.sarge.6.diff.gz
Size/MD5 checksum: 157942
413fea91d9074513db60e466ca053f0d
alpha architecture (DEC Alpha)
Size/MD5 checksum: 216100
0595066001c0004f181b58e781153ae2
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_alpha.deb
Size/MD5 checksum: 52112
dcca41fba77489a57bf5a7e9c9069e90
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_alpha.deb
Size/MD5 checksum: 886462
71f73c733794ea68f8c8c6e05ca2e8d3
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_alpha.udeb
Size/MD5 checksum: 195114
32b3d7e2b11a5ae016ea19d44380f0d1
amd64 architecture (AMD x86_64 (AMD64))
Size/MD5 checksum: 159608
2d8c050003def7b7a2c8832333f90cf0
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_amd64.deb
Size/MD5 checksum: 51688
ca60feebdef5f772ab0d42b6fd2c61f0
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_amd64.deb
Size/MD5 checksum: 748382
59cebd0c9413b12894b88f9688216847
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_amd64.udeb
Size/MD5 checksum: 176252
d886a611e7b150786b6e3ccdac303018
arm architecture (ARM)
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_arm.deb
Size/MD5 checksum: 673038
a58f22f69602835be4ebe87493d6f006
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_arm.udeb
Size/MD5 checksum: 153938
5c668e80ea8429d686f9f9999b1e450d
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_arm.deb
Size/MD5 checksum: 51028
3fc55eba3c4ec515fb70220b5f64a8d3
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_arm.udeb
Size/MD5 checksum: 144324
f8ca3e9ae3592445e1b18cc84f111f30
hppa architecture (HP PA RISC)
Size/MD5 checksum: 166640
ef7a980dfd7fbb3319d7be72a34783cd
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_hppa.deb
Size/MD5 checksum: 51764
5e5dfa87acf51e46224f54b3caf39814
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_hppa.udeb
Size/MD5 checksum: 176152
480fd653a01de9ec47801b20e28c180a
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_hppa.deb
Size/MD5 checksum: 759876
aaced6680806080745d7e7b1b7e16105
i386 architecture (Intel ia32)
Size/MD5 checksum: 133076
3e8728a64af00a02dd940350512eb5d9
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_i386.deb
Size/MD5 checksum: 688728
15e34bcd846e85fac769f3ac3c90e14b
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_i386.deb
Size/MD5 checksum: 51336
b0c953a6b2a8d04fd3a384bd987be243
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_i386.udeb
Size/MD5 checksum: 146126
d0c4ab7aa9735fa5bd6b5e088cd38fe0
ia64 architecture (Intel ia64)
Size/MD5 checksum: 245060
943b8ef2aa2efebadb1382a17ec73385
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_ia64.deb
Size/MD5 checksum: 52794
d5152cba549f21aea88e1e4f7e1156f9
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_ia64.udeb
Size/MD5 checksum: 223128
c1343bc83aa62b8d4d0669990c890e9a
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_ia64.deb
Size/MD5 checksum: 978348
4df605171fec285cf0d63121dcbdc226
m68k architecture (Motorola Mc680x0)
Size/MD5 checksum: 140424
703a06479b9b06d08fdccb08c3c5a0c6
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_m68k.udeb
Size/MD5 checksum: 126882
d4a4960f8a81e0325e7e51d9de30ccb2
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_m68k.deb
Size/MD5 checksum: 634538
db5bd8d18c409fdd0d32645229cf2b9c
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_m68k.deb
Size/MD5 checksum: 51254
8b350a4b23bfb3791cba5b48fe5ecd5d
mips architecture (MIPS (Big Endian))
Size/MD5 checksum: 180468
e5e51b59cb930e454c30464e386354a4
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_mips.deb
Size/MD5 checksum: 51652
dc40a74947d6e20dc1069818b0b509e6
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_mips.udeb
Size/MD5 checksum: 168434
5c60cab56f8114141c2b66ff11fdb27b
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_mips.deb
Size/MD5 checksum: 771620
bbfea051bebdda48d80e2e85e54e59fa
mipsel architecture (MIPS (Little Endian))
Size/MD5 checksum: 51598
f1d94e4df1c066c47b1e8b0da68d1af1
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_mipsel.udeb
Size/MD5 checksum: 168904
2812bd93c1a73475a2f5da2360c6ae84
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_mipsel.udeb
Size/MD5 checksum: 180466
34e765b1bb88443887ab351ca1aed6b5
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_mipsel.deb
Size/MD5 checksum: 773824
b999638c312e9d05bd70550afc44e215
powerpc architecture (PowerPC)
Size/MD5 checksum: 160160
079367a6f51d6b971bb89569098401e3
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_powerpc.deb
Size/MD5 checksum: 52792
232893927edddfe9e90dddf37e746c12
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_powerpc.deb
Size/MD5 checksum: 738392
1b3480543efd3f9314f7a00279b8b995
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_powerpc.udeb
Size/MD5 checksum: 151108
6852aaf3e53763b502d7217ad50d44b3
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_s390.deb
Size/MD5 checksum: 51848
477de6fc5a16e8e9c8a6ee37900a0662
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_s390.udeb
Size/MD5 checksum: 163144
ea1c37908db44852a6a8a3c6e9b46d5e
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_s390.deb
Size/MD5 checksum: 751564
bce6de0298a3e0e644e7732c1e38b92e
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_s390.udeb
Size/MD5 checksum: 174552
31116868d2522f627ad4e03e7a5f83ea
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_sparc.deb
Size/MD5 checksum: 678210
eb8315ac61f84552e5d0960974d8b6b8
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_sparc.udeb
Size/MD5 checksum: 153190
60ad4beeaa93a360212614fee9059e44
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_sparc.deb
Size/MD5 checksum: 51102
b7e318e55dd39c2c5a7b47cdea057005
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_sparc.udeb
Size/MD5 checksum: 142084
b84f6dd4d0209df91c1f436e80526aea
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 1213-1 security@debian.org
http://www.debian.org/security/
Moritz Muehlenhoff
November 19th, 2006 http://www.debian.org/security/faq
Package : imagemagick
Vulnerability : several
Problem-Type : local(remote)
Debian-specific: no
CVE ID : CVE-2006-0082 CVE-2006-4144 CVE-2006-5456
CVE-2006-5868
Debian Bug : 345876 383314 393025
Several remote vulnerabilities have been discovered in
Imagemagick, a collection of image manipulation programs, which may
lead to the execution of arbitrary code. The Common Vulnerabilities
and Exposures project identifies the following problems:
CVE-2006-0082
Daniel Kobras discovered that Imagemagick is vulnerable to
format string attacks in the filename parsing code.
CVE-2006-4144
Damian Put discovered that Imagemagick is vulnerable to buffer
overflows in the module for SGI images.
CVE-2006-5456
M Joonas Pihlaja discovered that Imagemagick is vulnerable to
buffer overflows in the module for DCM and PALM images.
CVE-2006-5868
Daniel Kobras discovered that Imagemagick is vulnerable to
buffer overflows in the module for SGI images.
This update also adresses regressions in the XCF codec, which
were introduced in the previous security update.
For the stable distribution (sarge) these problems have been
fixed in version 6:6.0.6.2-2.8.
For the upcoming stable distribution (etch) these problems have
been fixed in version 7:6.2.4.5.dfsg1-0.11.
For the unstable distribution (sid) these problems have been
fixed in version 7:6.2.4.5.dfsg1-0.11.
We recommend that you upgrade your imagemagick packages.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8.dsc
Size/MD5 checksum: 881
0f3c7174962dcaf0be7b3027312d3438
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8.diff.gz
Size/MD5 checksum: 142001
c2be91d527c1714ee0ece93b090792c7
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2.orig.tar.gz
Size/MD5 checksum: 6824001
477a361ba0154cc2423726fab4a3f57c
Alpha architecture:
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_alpha.deb
Size/MD5 checksum: 1469720
b311ede0075f36157e9c9c244a382cb6
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_alpha.deb
Size/MD5 checksum: 173974
34306082902f34914d4d0823f0e153c8
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_alpha.deb
Size/MD5 checksum: 288800
fa2b7d2ad5708e66fbc5c14f830bace0
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_alpha.deb
Size/MD5 checksum: 1285588
cabe582c14962459c8bc8dffc7d3a516
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_alpha.deb
Size/MD5 checksum: 2204442
080e9f6d25c7b1f1df10dd1828f85273
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_alpha.deb
Size/MD5 checksum: 143902
98099204464269c5386244cb1fee775f
AMD64 architecture:
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_amd64.deb
Size/MD5 checksum: 1466352
d50a197f3c3f0e15f1530d56177a1c72
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_amd64.deb
Size/MD5 checksum: 163602
642d806539f42d3bd3645edb021bae16
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_amd64.deb
Size/MD5 checksum: 228744
9b7c462060e0769f1561da5dcfb32dee
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_amd64.deb
Size/MD5 checksum: 1194980
51182a82a05f1f47c435f246a21469ad
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_amd64.deb
Size/MD5 checksum: 1550348
43d9d80bd42b3dc6f6d611a997a17c2e
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_amd64.deb
Size/MD5 checksum: 231800
6375c61e8edc60fa928665cf45ec011c
ARM architecture:
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_arm.deb
Size/MD5 checksum: 1466148
a0c6fcb562afa6d5f8736beda4dade43
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_arm.deb
Size/MD5 checksum: 149342
9a184c8f6d3d204748ed30a1c57dbd1f
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_arm.deb
Size/MD5 checksum: 234806
0d4865aaf1dd850604ce9b728e65def6
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_arm.deb
Size/MD5 checksum: 1204646
02fbc1c7b8b98d1977e4861211f1255a
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_arm.deb
Size/MD5 checksum: 1647698
cef197d1c2ce919413ab12bd1b99187a
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_arm.deb
Size/MD5 checksum: 230484
5b5dbe487dc580a5f164cf862552ab4d
HP Precision architecture:
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_hppa.deb
Size/MD5 checksum: 1468290
329777db0d2b061398268f9fd8d6a7a7
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_hppa.deb
Size/MD5 checksum: 182170
e190aad821d4e96ba2b84fc4d3b49da8
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_hppa.deb
Size/MD5 checksum: 273890
434201d0f53175e739ce45addbe2ce01
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_hppa.deb
Size/MD5 checksum: 1404728
cfe2739dac2b84497a00f92b5c4b36ad
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_hppa.deb
Size/MD5 checksum: 1827810
14e7e2febd80f1551cfa9b035ed9222c
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_hppa.deb
Size/MD5 checksum: 243804
e4bfc17d51547976f7f4db09f6cc6997
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_i386.deb
Size/MD5 checksum: 1466106
0ee2e904990dbcbeee0b90c2fa95ac62
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_i386.deb
Size/MD5 checksum: 164440
708d64c7a92419a98e7d305089b1b0c4
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_i386.deb
Size/MD5 checksum: 208932
eed51be1f03a91e624194e9dea211ff2
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_i386.deb
Size/MD5 checksum: 1172262
22f32c18dc71c7b24eff16f1fec1c243
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_i386.deb
Size/MD5 checksum: 1507516
ea9e1148fa72e6be94462a46d30304b0
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_i386.deb
Size/MD5 checksum: 233964
e47cbf76b993c0eb44adcf85e125d75c
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_ia64.deb
Size/MD5 checksum: 1468472
6b31e556cf944fe2d89ad8d2c09cc43a
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_ia64.deb
Size/MD5 checksum: 188272
7bf4012fe64aa60c8aac88b263b620c4
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_ia64.deb
Size/MD5 checksum: 295958
dcf1b145b868414bd2357d21ace70fb2
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_ia64.deb
Size/MD5 checksum: 1605554
7ab0f7944f25bbaca6266e3bce816132
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_ia64.deb
Size/MD5 checksum: 2132552
7324f4a81b5496cc7c9182ae2bb082fb
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_ia64.deb
Size/MD5 checksum: 273506
fa943563a08e04b06c0632afe7f4bc92
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_m68k.deb
Size/MD5 checksum: 1466154
1f5c2b36763032352c2b45144517a5b8
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_m68k.deb
Size/MD5 checksum: 159998
624ebcd80f960f7227095411cbdfb90c
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_m68k.deb
Size/MD5 checksum: 210680
91b3bafec7f54823cb2720966fcc4825
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_m68k.deb
Size/MD5 checksum: 1073256
b7f77626db0631d990422a3cae43f517
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_m68k.deb
Size/MD5 checksum: 1288834
fd7af651e4d2d5124b45228d30dc6737
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_m68k.deb
Size/MD5 checksum: 226942
f097f5c845a1159029271cba7112141f
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_mips.deb
Size/MD5 checksum: 1490232
6aff49b4b30fc146abde3fcbefe85d5f
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_mips.deb
Size/MD5 checksum: 155500
416074125be015d5c49a90ac032c5182
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_mips.deb
Size/MD5 checksum: 254800
b8f762578afa79b0210dec43547917a4
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_mips.deb
Size/MD5 checksum: 1119320
6c778533f22c4f7e7c1dd268b5b59c3a
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_mips.deb
Size/MD5 checksum: 1704446
6855a0354042ab9b283bc3966f4f665f
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_mips.deb
Size/MD5 checksum: 131304
74185bb1115a3bcd50085df4fac2e50f
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_mipsel.deb
Size/MD5 checksum: 1490202
bd3a8c344eb9927d656543c20d784f38
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_mipsel.deb
Size/MD5 checksum: 151598
d903083280a2428e35516444c93c7d03
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_mipsel.deb
Size/MD5 checksum: 250056
7c7c6a65f433eee855e775b2e4eafcf3
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_mipsel.deb
Size/MD5 checksum: 1114750
13012fdd898b1aa77267f90b73563e50
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_mipsel.deb
Size/MD5 checksum: 1667906
1aeb160d222b005e4103c715d964b0db
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_mipsel.deb
Size/MD5 checksum: 130912
84b347ac516de3a89060c2e010a63cf0
PowerPC architecture:
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_powerpc.deb
Size/MD5 checksum: 1471774
5e218bb6d5e36cf50c80ebbf77a56abe
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_powerpc.deb
Size/MD5 checksum: 156748
4564f4918218c6e6c60fe587fd25d118
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_powerpc.deb
Size/MD5 checksum: 227722
5eba56a195be2aca1354fce454293a9f
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_powerpc.deb
Size/MD5 checksum: 1169510
92e5f7ca8fdf727e3a88a48262219c8e
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_powerpc.deb
Size/MD5 checksum: 1684852
dc528d0a8080493c028bfca9665dcca3
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_powerpc.deb
Size/MD5 checksum: 270502
cc408c569b2ce9d03576b4bd9bcb0cb0
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_s390.deb
Size/MD5 checksum: 1467494
d1a9308491175f690a73f720caa7532b
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_s390.deb
Size/MD5 checksum: 180486
6693ec2651a6f959a7f3f08efbeeea6f
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_s390.deb
Size/MD5 checksum: 230182
93a55b0f22a8339b13e2816a970ca102
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_s390.deb
Size/MD5 checksum: 1194334
e93c9333e1adc98bb7b99e6d2904d995
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_s390.deb
Size/MD5 checksum: 1530886
db33e6bb01f6d927c02053f0cdd4bf89
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_s390.deb
Size/MD5 checksum: 242114
51baccefbc53499f3514911521d76c76
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_sparc.deb
Size/MD5 checksum: 1465694
d77c64a8e1c40678070a79011abcb8a5
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_sparc.deb
Size/MD5 checksum: 161036
dadfff14cc51b0fb9561bf6469b61a3e
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_sparc.deb
Size/MD5 checksum: 224332
c8ebb9dbff86871dc12e3d5ae275bc12
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_sparc.deb
Size/MD5 checksum: 1249156
461cd22009434968fd4011481ce01044
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_sparc.deb
Size/MD5 checksum: 1684366
00b473e9bf9e417a4f0bcff753ed727b
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_sparc.deb
Size/MD5 checksum: 230898
020b71df283f6391f3a15415be45a375
These files will probably be moved into the stable distribution
on its next update.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>
Gentoo Linux Security Advisory GLSA 200611-09
Severity: Normal
Title: libpng: Denial of Service
Date: November 17, 2006
Bugs: #154380
ID: 200611-09
A vulnerability in libpng may allow a remote attacker to crash
applications that handle untrusted images.
libpng is a free ANSI C library used to process and manipulate
PNG images.
Package / Vulnerable / Unaffected
1 media-libs/libpng < 1.2.13 >= 1.2.13
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered
that a vulnerability exists in the sPLT chunk handling code of
libpng, a large sPLT chunk may cause an application to attempt to
read out of bounds.
A remote attacker could craft an image that when processed or
viewed by an application using libpng causes the application to
terminate abnormally.
There is no known workaround at this time.
All libpng users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.13"
[ 1 ] CVE-2006-5793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200611-09.xml
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Gentoo Linux Security Advisory GLSA 200611-10
Severity: Normal
Title: WordPress: Multiple vulnerabilities
Date: November 17, 2006
Bugs: #153303
ID: 200611-10
Flaws in WordPress allow a Denial of Service, the disclosure of
user metadata and the overwriting of restricted files.
WordPress is a PHP and MySQL based multiuser blogging
system.
Package / Vulnerable / Unaffected
1 www-apps/wordpress < 2.0.5 >= 2.0.5
“random” discovered that users can enter serialized objects as
strings in their profiles that will be harmful when unserialized.
“adapter” found out that user-edit.php fails to effectively deny
non-permitted users access to other user’s metadata. Additionally,
a directory traversal vulnerability in the wp-db-backup module was
discovered.
By entering specially crafted strings in his profile, an
attacker can crash PHP or even the web server running WordPress.
Additionally, by crafting a simple URL, an attacker can read
metadata of any other user, regardless of their own permissions. A
user with the permission to use the database backup plugin can
possibly overwrite files he otherwise has no access to.
There is no known workaround at this time.
All WordPress users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/wordpress-2.0.5"
[ 1 ] CVE-2006-5705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5705
[ 2 ] WordPress Ticket 3142
http://trac.wordpress.org/ticket/3142
[ 3 ] WordPress Ticket 2591
http://trac.wordpress.org/ticket/2591
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200611-10.xml
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Mandriva Linux Security Advisory MDKSA-2006:164-1
http://www.mandriva.com/security/
Package : xorg-x11
Date : November 17, 2006
Affected: 2007.0
Problem Description:
Local exploitation of an integer overflow vulnerability in the
‘CIDAFM()’ function in the X.Org and XFree86 X server could allow
an attacker to execute arbitrary code with privileges of the X
server, typically root (CVE-2006-3739).
Local exploitation of an integer overflow vulnerability in the
‘scan_cidfont()’ function in the X.Org and XFree86 X server could
allow an attacker to execute arbitrary code with privileges of the
X server, typically root (CVE-2006-3740).
Updated packages are patched to address this issue.
Update:
Updated packages for 2007.0 have been patched (libxfont)
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3740
Updated Packages:
Mandriva Linux 2007.0:
450b96572ecc3cc1a58d596fc578a703
2007.0/i586/libxfont1-1.1.0-4.1mdv2007.0.i586.rpm
14062b73ca8dc6a1c8d1b7a4f047b1f4
2007.0/i586/libxfont1-devel-1.1.0-4.1mdv2007.0.i586.rpm
9d594cbb4ce10aa517d1bce91515854b
2007.0/i586/libxfont1-static-devel-1.1.0-4.1mdv2007.0.i586.rpm
be0b07f353c66939d676c139b29d686d
2007.0/SRPMS/libxfont-1.1.0-4.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
236b0e53bb7c9cfa09e50030bb812c1f
2007.0/x86_64/lib64xfont1-1.1.0-4.1mdv2007.0.x86_64.rpm
6ba1392948b5aa507675bb27a4783ff2
2007.0/x86_64/lib64xfont1-devel-1.1.0-4.1mdv2007.0.x86_64.rpm
d484c9490f06a16f71faf6fa2f5e1f21
2007.0/x86_64/lib64xfont1-static-devel-1.1.0-4.1mdv2007.0.x86_64.rpm
3af8ee0086a09
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.