Gentoo Linux Security Advisory GLSA 200611-22
Severity: Normal
Title: Ingo H3: Folder name shell command injection
Date: November 27, 2006
Bugs: #153927
ID: 200611-22
Ingo H3 is vulnerable to arbitrary shell command execution when
handling procmail rules.
Ingo H3 is a generic frontend for editing Sieve, procmail,
maildrop and IMAP filter rules.
Package / Vulnerable / Unaffected
1 www-apps/horde-ingo < 1.1.2 >= 1.1.2
Ingo H3 fails to properly escape shell metacharacters in
procmail rules.
A remote authenticated attacker could craft a malicious rule
which could lead to the execution of arbitrary shell commands on
the server.
Don’t use procmail with Ingo H3.
All Ingo H3 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/horde-ingo-1.1.2"
[ 1 ] CVE-2006-5449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5449
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200611-22.xml
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Gentoo Linux Security Advisory GLSA 200611-23
Severity: Normal
Title: Mono: Insecure temporary file creation
Date: November 28, 2006
Bugs: #150264
ID: 200611-23
Mono is vulnerable to linking attacks, potentially allowing a
local user to overwrite arbitrary files.
Mono provides the necessary software to develop and run .NET
client and server applications.
Package / Vulnerable / Unaffected
1 dev-lang/mono < 1.1.13.8.1 >= 1.1.13.8.1
Sebastian Krahmer of the SuSE Security Team discovered that the
System.CodeDom.Compiler classes of Mono create temporary files with
insecure permissions.
A local attacker could create links in the temporary file
directory, pointing to a valid file somewhere on the filesystem.
When an affected class is called, this could result in the file
being overwritten with the rights of the user running the
script.
There is no known workaround at this time.
All Mono users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/mono-1.1.13.8.1"
[ 1 ] CVE-2006-5072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5072
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200611-23.xml
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Gentoo Linux Security Advisory GLSA 200611-24
Severity: Normal
Title: LHa: Multiple vulnerabilities
Date: November 28, 2006
Bugs: #151252
ID: 200611-24
LHa is affected by several vulnerabilities including the remote
execution of arbitrary code.
LHa is a console-based program for packing and unpacking LHarc
archives.
Package / Vulnerable / Unaffected
1 app-arch/lha < 114i-r6 >= 114i-r6
Tavis Ormandy of the Google Security Team discovered several
vulnerabilities in the LZH decompression component used by LHa. The
make_table function of unlzh.c contains an array index error and a
buffer overflow vulnerability. The build_tree function of unpack.c
contains a buffer underflow vulnerability. Additionally, unlzh.c
contains a code that could run in an infinite loop.
By enticing a user to uncompress a specially crafted archive, a
remote attacker could cause a Denial of Service by CPU consumption
or execute arbitrary code with the rights of the user running the
application.
There is no known workaround at this time.
All LHa users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/lha-114i-r6"
[ 1 ] CVE-2006-4335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335
[ 2 ] CVE-2006-4336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336
[ 3 ] CVE-2006-4337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337
[ 4 ] CVE-2006-4338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200611-24.xml
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Gentoo Linux Security Advisory GLSA 200611-25
Severity: Normal
Title: OpenLDAP: Denial of Service vulnerability
Date: November 28, 2006
Bugs: #154349
ID: 200611-25
A flaw in OpenLDAP allows remote unauthenticated attackers to
cause a Denial of Service.
OpenLDAP is a suite of LDAP-related applications and development
tools.
Package / Vulnerable / Unaffected
1 net-nds/openldap < 2.3.27-r3 >= 2.3.27-r3
*>= 2.2.28-r5
*>= 2.1.30-r8
Evgeny Legerov has discovered that the truncation of an incoming
authcid longer than 255 characters and ending with a space as the
255th character will lead to an improperly computed name length.
This will trigger an assert in the libldap code.
By sending a BIND request with a specially crafted authcid
parameter to an OpenLDAP service, a remote attacker can cause the
service to crash.
There is no known workaround at this time.
All OpenLDAP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose "net-nds/openldap"
[ 1 ] CVE-2006-5779
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5779
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200611-25.xml
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Mandriva Linux Security Advisory MDKSA-2006:219
http://www.mandriva.com/security/
Package : tar
Date : November 28, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi
Network Firewall 2.0
Problem Description:
GNU tar 1.16 and 1.15.1, and possibly other versions, allows
user-assisted attackers to overwrite arbitrary files via a tar file
that contains a GNUTYPE_NAMES record with a symbolic link, which is
not properly handled by the extract_archive function in extract.c
and extract_mangle function in mangle.c, a variant of
CVE-2002-1216.
The updated packages have been patched to address this
issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097
Updated Packages:
Mandriva Linux 2006.0:
162f61a8fd27d2056e0412ca2db835ec
2006.0/i586/tar-1.15.1-5.2.20060mdk.i586.rpm
ff8a8b9a0438f72f01fc81ee7d36f303
2006.0/SRPMS/tar-1.15.1-5.2.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
811ff45e7001afef069d024c496eaaf4
2006.0/x86_64/tar-1.15.1-5.2.20060mdk.x86_64.rpm
ff8a8b9a0438f72f01fc81ee7d36f303
2006.0/SRPMS/tar-1.15.1-5.2.20060mdk.src.rpm
Mandriva Linux 2007.0:
2f2b45550cb57234a437143e78a92ce1
2007.0/i586/tar-1.15.91-1.1mdv2007.0.i586.rpm
7adbb2a696af7e9fbc87702c21555c9e
2007.0/SRPMS/tar-1.15.91-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
ad0aa3bb29ff3cad8842dc0b72054761
2007.0/x86_64/tar-1.15.91-1.1mdv2007.0.x86_64.rpm
7adbb2a696af7e9fbc87702c21555c9e
2007.0/SRPMS/tar-1.15.91-1.1mdv2007.0.src.rpm
Corporate 3.0:
4f64d5d13fc887e2698b59f908d144fd
corporate/3.0/i586/tar-1.13.25-11.1.C30mdk.i586.rpm
6f470c1fd005021c072627f4ed720f0b
corporate/3.0/SRPMS/tar-1.13.25-11.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
e7ddc900476c0c202abdcedd28cc7893
corporate/3.0/x86_64/tar-1.13.25-11.1.C30mdk.x86_64.rpm
6f470c1fd005021c072627f4ed720f0b
corporate/3.0/SRPMS/tar-1.13.25-11.1.C30mdk.src.rpm
Corporate 4.0:
23aaf07731b8a40a67fbd1a0d1f282ad
corporate/4.0/i586/tar-1.15.1-5.2.20060mlcs4.i586.rpm
feab531719ee55b58cdb14183d84cfc6
corporate/4.0/SRPMS/tar-1.15.1-5.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
633ca84b42d52bce291a58c348b1a823
corporate/4.0/x86_64/tar-1.15.1-5.2.20060mlcs4.x86_64.rpm
feab531719ee55b58cdb14183d84cfc6
corporate/4.0/SRPMS/tar-1.15.1-5.2.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
3f07efd5980e45ce55f05364f0e1f4bd
mnf/2.0/i586/tar-1.13.25-11.1.M20mdk.i586.rpm
0b6cd4ea429d91884e9c2fffbd8d0dbc
mnf/2.0/SRPMS/tar-1.13.25-11.1.M20mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
Trustix Secure Linux Security Advisory #2006-0066
Package names: openldap, proftpd
Summary: Multiple vulnerabilities
Date: 2006-11-28
Affected versions: Trustix Secure Linux 2.2 Trustix Secure Linux
3.0 Trustix Operating System – Enterprise Server 2
Package description:
openldap
OpenLDAP is an open-source suite of LDAP (Lightweight Directory
Access Protocol) applications and development tools. LDAP is a set
of protocols for accessing directory services (usually phone book
style information, but other information is possible) over the
Internet, similar to the way DNS (Domain Name System) information
is propagated over the Internet. This package contains the slapd
and slurpd servers, migration scripts, and related files.
proftpd
ProFTPd is an enhanced FTP server with a focus toward simplicity,
security, and ease of configuration. It features a very Apache-like
configuration syntax, and a highly customizable server
infrastructure, including support for multiple ‘virtual’ FTP
servers, anonymous FTP, and permission-based directory
visibility.
Problem description:
openldap < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
The Common Vulnerabilities and Exposures project has assigned
the name CVE-2006-5779 to this issue.
proftpd < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CVE-2006-5815 to this issue.
Action:
We recommend that all systems with this package installed be
upgraded. Please note that if you do not need the functionality
provided by this package, you may want to remove it from your
system.
Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers.
With focus on security and stability, the system is painlessly kept
safe and up to date from day one using swup, the automated software
updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using ‘swup –upgrade’.
Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>
Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>
The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.2/>
and
<URI:http://www.trustix.org/errata/trustix-3.0/>
or directly at
<URI:http://www.trustix.org/errata/2006/0066/>
MD5sums of the packages:
f13bcc4d373d7af3945bbe23da21ba07
3.0/rpms/openldap-2.2.27-4tr.i586.rpm
f22f61307123faed3afe09eb9fc4b557
3.0/rpms/openldap-devel-2.2.27-4tr.i586.rpm
af3a00c321962082fc0d4f640f8e2550
3.0/rpms/openldap-libs-2.2.27-4tr.i586.rpm
2b6c9d0c3b2a7400091c32a6c43b63dd
3.0/rpms/openldap-servers-2.2.27-4tr.i586.rpm
845ea741f8592807c6c3fb0b2f20a7fa
3.0/rpms/openldap-utils-2.2.27-4tr.i586.rpm
9ccb3b101a29f535d8b9f03bb32da9e8
3.0/rpms/proftpd-1.3.0-3tr.i586.rpm
9276c628f10a30216dbf66ede6f241a5
2.2/rpms/openldap-2.1.30-7tr.i586.rpm
2c3f290caf04262f4b73d4e68d9e8da2
2.2/rpms/openldap-devel-2.1.30-7tr.i586.rpm
fa0857dcf95b51f5e95eac89fc8ce686
2.2/rpms/openldap-libs-2.1.30-7tr.i586.rpm
b25f676b33591a8d915ef66409ee65b8
2.2/rpms/openldap-servers-2.1.30-7tr.i586.rpm
de7b3cb63cede912babe1bcac41a8a2e
2.2/rpms/openldap-utils-2.1.30-7tr.i586.rpm
37f1f8032fe88b2b09b181bdca0f362f
2.2/rpms/proftpd-1.2.10-11tr.i586.rpm
Trustix Security Team
Ubuntu Security Notice USN-386-1 November 28, 2006
imagemagick vulnerability
CVE-2006-5868
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.10:
libmagick6 6:6.2.3.4-1ubuntu1.5
Ubuntu 6.06 LTS:
libmagick9 6:6.2.4.5-0.6ubuntu0.4
In general, a standard system upgrade is sufficient to effect
the necessary changes.
Details follow:
Daniel Kobras discovered multiple buffer overflows in
ImageMagick’s SGI file format decoder. By tricking a user or an
automated system into processing a specially crafted SGI image,
this could be exploited to execute arbitrary code with the user’s
privileges.
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.5.diff.gz
Size/MD5: 144276
f71b4df055bac9231c6d4794256d5732
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.5.dsc
Size/MD5: 899
0d1a0c35f2564b75e27af6a0a757f4c5
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4.orig.tar.gz
Size/MD5: 5769194
7e9a3edd467a400a74126eb4a18e31ef
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.5_amd64.deb
Size/MD5: 1334044
f1442ba90c54cfdd1dd0266828407376
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.5_amd64.deb
Size/MD5: 259516
52c4772274427c11fe93dbc2ddb7445a
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.5_amd64.deb
Size/MD5: 171564
65bdac06e239398ee62f9ca67ce67e81
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.5_amd64.deb
Size/MD5: 1671240
27f858940a212d836d37f197e1d558a7
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.5_amd64.deb
Size/MD5: 1320974
c92c95369bd473aacb1741aa986df746
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.5_amd64.deb
Size/MD5: 169642
7a89a61459b01be5af738d7694b6977c
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.5_i386.deb
Size/MD5: 1333074
ea2b1d5399c1a419ed9267f3ac8ec3e4
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.5_i386.deb
Size/MD5: 236018
c3b15c5532ce75a066bd7acb21053d42
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.5_i386.deb
Size/MD5: 170892
9bb90b14ddfe5b083402b55220523ae7
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.5_i386.deb
Size/MD5: 1522170
254d36fb51155e07a65cf50f601fb90e
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.5_i386.deb
Size/MD5: 1224904
55afca2d998171a389b0f485660361ab
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.5_i386.deb
Size/MD5: 164948
c366d85731e2bfe7e7d7d89586c094f6
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.5_powerpc.deb
Size/MD5: 1338026
a2df1ca024545fe1063712634f2fe411
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.5_powerpc.deb
Size/MD5: 260500
65b4ac7834603aef286b67c2bb3909e1
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.5_powerpc.deb
Size/MD5: 164128
e5994c1f4c2820c2ce1fbb181cc608da
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.5_powerpc.deb
Size/MD5: 1874614
5e3a953a21b30afd852e0e3d4f847329
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.5_powerpc.deb
Size/MD5: 1258432
3e2222299d98ae6b102fa55f4f2879a7
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.5_powerpc.deb
Size/MD5: 164090
419ffc1569e88008d0ce592d84fd09f0
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.5_sparc.deb
Size/MD5: 1333274
89495b2b8d2a0ccda003983c7aa4f6db
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.5_sparc.deb
Size/MD5: 237160
0fa436044e24fbd7fd46668adf54d4d8
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.5_sparc.deb
Size/MD5: 169068
21ddda496ae6571fd253f620c1f413ff
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.5_sparc.deb
Size/MD5: 1782496
c334cad8f7c7c61261e3b6f260f5642b
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.5_sparc.deb
Size/MD5: 1324138
7964183b384bb4499af877946ca17617
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.5_sparc.deb
Size/MD5: 166410
9b29cba341a3c614306c5cf79fdf6a32
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.4.diff.gz
Size/MD5: 35503
22a98409b1626040601ef609b2422565
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.4.dsc
Size/MD5: 914
ce09e6ff2f5312abe01eb8c2519ba982
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.orig.tar.gz
Size/MD5: 6085147
8d790a280f355489d0cfb6d36ce6751f
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.4_amd64.deb
Size/MD5: 1616098
5aff32ee6d06a4ffae450b8e24d72cab
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.4_amd64.deb
Size/MD5: 249280
e479fe98f23010e188aa4223d95a74e1
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.4_amd64.deb
Size/MD5: 170144
4f476605b89a199ac213167dd1d5477e
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.4_amd64.deb
Size/MD5: 1702592
0dac576b130935bca9cb63b6c73a38a9
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.4_amd64.deb
Size/MD5: 1347986
2aeafd90dcb307d49aeac231dcbcef66
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.4_amd64.deb
Size/MD5: 171946
ca96ca3cfec1dc1bd78e45f3b198f88d
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.4_i386.deb
Size/MD5: 1614892
7ddc2989b4ebf3841fa9e06f2d7794a7
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.4_i386.deb
Size/MD5: 227128
ca9829f99fd35e1f8fbe1344d2cbabc7
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.4_i386.deb
Size/MD5: 168498
23d8ffe52e57c13a20cc1aecc08a439e
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.4_i386.deb
Size/MD5: 1555966
bd23debc4d7803cf8b2ab5ead32e4d7b
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.4_i386.deb
Size/MD5: 1247120
2c59b3f89970d4c77312948a30ebaa12
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.4_i386.deb
Size/MD5: 167310
a9ed294c57834eb2228ea32b85af28eb
powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 1619732
97cb89c8ce5e0e8378a29434f93c725e
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.4_powerpc.deb
Size/MD5: 251472
7ff2a19b6112bdf2341ad83b6c8180d7
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.4_powerpc.deb
Size/MD5: 162446
19ceac2db725b255eb53cfef09122732
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.4_powerpc.deb
Size/MD5: 1905982
dd93d9deb2d3c73df4a99f26e2b38cb8
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.4_powerpc.deb
Size/MD5: 1283844
c74d5c533e5473fa2f7355f006786ad4
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.4_powerpc.deb
Size/MD5: 166318
06e8b7a4327f7c8b916c8a1ddbed28b6
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.4_sparc.deb
Size/MD5: 1615414
01bb86d55782b5fd8740374c9e591f8d
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.4_sparc.deb
Size/MD5: 229276
08e0696804312268381fb7ff9d68a567
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.4_sparc.deb
Size/MD5: 167300
92fb400448110ffa689136e60c8e42d1
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.4_sparc.deb
Size/MD5: 1807446
be2efd78d9b95b8610e40efa51068589
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.4_sparc.deb
Size/MD5: 1343858
df210de3e91f2391b5a811b896266a3a
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.4_sparc.deb
Size/MD5: 169028
370a73f08c265367fb29e86cdc2139b0
Ubuntu Security Notice USN-387-1 November 28, 2006
dovecot vulnerability
CVE-2006-5973
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
dovecot-common 1.0.beta3-3ubuntu5.4
Ubuntu 6.10:
dovecot-common 1.0.rc2-1ubuntu2.1
In general, a standard system upgrade is sufficient to effect
the necessary changes.
Details follow:
Dovecot was discovered to have an error when handling its index
cache files. This error could be exploited by authenticated POP and
IMAP users to cause a crash of the Dovecot server, or possibly to
execute arbitrary code. Only servers using the non-default option
“mmap_disable=yes” were vulnerable.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.rc2-1ubuntu2.1.diff.gz
Size/MD5: 472729
09b338e6892e572e2e9d91ec22a5f05e
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.rc2-1ubuntu2.1.dsc
Size/MD5: 900
da748b07fc335d054629a3cb1446a63e
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.rc2.orig.tar.gz
Size/MD5: 1257435
e27a248b2ee224e4618aa2f020150041
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc2-1ubuntu2.1_amd64.deb
Size/MD5: 936252
52c327408a863459f9fcb2a42039bffc
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc2-1ubuntu2.1_amd64.deb
Size/MD5: 386922
0811212d24e3f5f4d8460f2b3627b443
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc2-1ubuntu2.1_amd64.deb
Size/MD5: 353150
a7f7601e4552eff649aeda9f7ef49350
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc2-1ubuntu2.1_i386.deb
Size/MD5: 833658
e8185521fb7cf53f1c78ccd95f6f9eef
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc2-1ubuntu2.1_i386.deb
Size/MD5: 354136
d89074a01b639a0403394895c47efac4
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc2-1ubuntu2.1_i386.deb
Size/MD5: 323488
9d248269d8a33944a06d619affd62e28
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc2-1ubuntu2.1_powerpc.deb
Size/MD5: 924944
9bda9397cc41f6e515d474d1f335d49c
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc2-1ubuntu2.1_powerpc.deb
Size/MD5: 385242
cc72e58c0d04d0271c8b7cc8a303fc77
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc2-1ubuntu2.1_powerpc.deb
Size/MD5: 351952
2bef7431d4c0861d9edd30119bed79f0
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc2-1ubuntu2.1_sparc.deb
Size/MD5: 820430
e28f7336281cdd54c556b9c9ba011819
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc2-1ubuntu2.1_sparc.deb
Size/MD5: 347692
e162121eefe72311585b90c3c6718124
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc2-1ubuntu2.1_sparc.deb
Size/MD5: 316844
4f5ad0b8d5e671a406649676888791db
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.beta3-3ubuntu5.4.diff.gz
Size/MD5: 468953
1518e1cadad0e69bb1e18c77a8a2a06e
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.beta3-3ubuntu5.4.dsc
Size/MD5: 867
f46814c20c38efc63d212d05714461d1
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.beta3.orig.tar.gz
Size/MD5: 1360574
5418f9f7fe99e4f10bb82d9fe504138a
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.beta3-3ubuntu5.4_amd64.deb
Size/MD5: 962792
193171868a6d8c3c9908b68d7a58c14a
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.beta3-3ubuntu5.4_amd64.deb
Size/MD5: 532830
762026328217e82db42fe6ddb98bfc2b
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.beta3-3ubuntu5.4_amd64.deb
Size/MD5: 500920
2f42ee2f548bc1defc33ed4b15b06315
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.beta3-3ubuntu5.4_i386.deb
Size/MD5: 838756
deaa721cec3ccdcec72787e6fac539dc
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.beta3-3ubuntu5.4_i386.deb
Size/MD5: 486042
22d3b5160b983dae1217c1cf19a6f9bc
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.beta3-3ubuntu5.4_i386.deb
Size/MD5: 456818
b3209b05b1650d878954debe4868531b
powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 940686
efe340e32c9834dc455e8a2482fdacb3
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.beta3-3ubuntu5.4_powerpc.deb
Size/MD5: 526556
864fd3fff50a9eb90f70b9db021515f4
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.beta3-3ubuntu5.4_powerpc.deb
Size/MD5: 494276
622cf9cc8104add8e865391b7f73be0c
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.beta3-3ubuntu5.4_sparc.deb
Size/MD5: 855364
6876997d628b53ec054552687e5ab6c2
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.beta3-3ubuntu5.4_sparc.deb
Size/MD5: 492036
818b124ffe5d635e7639271b51d11f4b
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.beta3-3ubuntu5.4_sparc.deb
Size/MD5: 462198
2eea31b7278678dd215fa85b2cd0dcf8
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.