---

Advisories, October 10, 2006

Debian GNU/Linux


Debian Security Advisory DSA-1195-1 security@debian.org
http://www.debian.org/security/
Noah Meyerhans
October 10, 2006


Package : openssl096
Vulnerability : denial of service (multiple)
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-2940 CVE-2006-3738 CVE-2006-4343

Multiple vulnerabilities have been discovered in the OpenSSL
cryptographic software package that could allow an attacker to
launch a denial of service attack by exhausting system resources or
crashing processes on a victim’s computer.

CVE-2006-3738

Tavis Ormandy and Will Drewry of the Google Security Team
discovered a buffer overflow in SSL_get_shared_ciphers utility
function, used by some applications such as exim and mysql. An
attacker could send a list of ciphers that would overrun a
buffer.

CVE-2006-4343

Tavis Ormandy and Will Drewry of the Google Security Team
discovered a possible DoS in the sslv2 client code. Where a client
application uses OpenSSL to make a SSLv2 connection to a malicious
server that server could cause the client to crash.

CVE-2006-2940

Dr S N Henson of the OpenSSL core team and Open Network Security
recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). When the test
suite was run against OpenSSL a DoS was discovered. Certain types
of public key can take disproportionate amounts of time to process.
This could be used by an attacker in a denial of service
attack.

For the stable distribution (sarge) these problems have been
fixed in version 0.9.6m-1sarge4

This package exists only for compatibility with older software,
and is not present in the unstable or testing branches of
Debian.

We recommend that you upgrade your openssl096 package. Note that
services linking against the openssl shared libraries will need to
be restarted. Common examples of such services include most Mail
Transport Agents, SSH servers, and web servers.

Upgrade instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 3.1 (stable)


Stable updates are available for alpha, amd64, arm, hppa, i386,
ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge4.diff.gz

    Size/MD5 checksum: 21115
9019caf796eb866f24d5949503b1cdb5
  http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m.orig.tar.gz

    Size/MD5 checksum: 2184918
1b63bfdca1c37837dddde9f1623498f9
  http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge4.dsc

    Size/MD5 checksum: 617
7d60c6c3ecdf502734068ab2a8b32118

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_alpha.deb

    Size/MD5 checksum: 1966534
9f78dcc0f9685641a7fc3d927370d819

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_amd64.deb

    Size/MD5 checksum: 578632
f1574a0058e85cb0e2c6cff996530c97

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_arm.deb

    Size/MD5 checksum: 519304
66fa4a65d803f0115dd80d5359944a2d

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_hppa.deb

    Size/MD5 checksum: 587946
353d46f3351d5a19dfdaf22f605fc627

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_i386.deb

    Size/MD5 checksum: 1756270
2747688d91dfe1cd00430a74bdef6265

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_ia64.deb

    Size/MD5 checksum: 815662
45a5b6503ed631149fea28b37a980e21

m68k architecture (Motorola Mc680x0)

  http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_m68k.deb

    Size/MD5 checksum: 477288
da4ddff773fd7d6af0604363719b368a

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_mips.deb

    Size/MD5 checksum: 577284
d2bf3c9d86dbba15bbb9d1cb93a6fc51

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_mipsel.deb

    Size/MD5 checksum: 569246
75d69f033f833b7928a8ca521efb95ea

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_powerpc.deb

    Size/MD5 checksum: 582928
72be71aae8b781ca5a7b1d1b2e738541

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_s390.deb

    Size/MD5 checksum: 602874
e671b41d37d34b7d2055eaca112be269

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_sparc.deb

    Size/MD5 checksum: 1460162
acfb3e17f005c32268fa1def17ea884b

These files will probably be moved into the stable distribution
on its next update.


For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Mandriva Linux


Mandriva Linux Security Advisory MDKSA-2006:181
http://www.mandriva.com/security/


Package : python
Date : October 10, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi
Network Firewall 2.0


Problem Description:

A vulnerability in python’s repr() function was discovered by
Benjamin C. Wiley Sittler. It was found that the function did not
properly handle UTF-32/UCS-4 strings, so an application that used
repr() on certin untrusted data could possibly be exploited to
execute arbitrary code with the privileges of the user running the
python application.

Updated packages have been patched to correct this issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980


Updated Packages:

Mandriva Linux 2006.0:
a9eb2b13c925cc7e81dd1ba574d8c4c3
2006.0/i586/libpython2.4-2.4.1-5.1.20060mdk.i586.rpm
15c9eead6fd85533159526eed7a6b17e
2006.0/i586/libpython2.4-devel-2.4.1-5.1.20060mdk.i586.rpm
c9fc746fac4125d21b7651043573e4b7
2006.0/i586/python-2.4.1-5.1.20060mdk.i586.rpm
92c82f611c1ef25ea32dcd08104773af
2006.0/i586/python-base-2.4.1-5.1.20060mdk.i586.rpm
016687d3639c92954d181a05b0624359
2006.0/i586/python-docs-2.4.1-5.1.20060mdk.i586.rpm
1d6e5e8f6ce12a7c6e210ab9456f479f
2006.0/i586/tkinter-2.4.1-5.1.20060mdk.i586.rpm
0a76a89bc5835828c8219673cbd0b435
2006.0/SRPMS/python-2.4.1-5.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
3bbf6ed37ce7c4e7529f5fc9d17b7291
2006.0/x86_64/lib64python2.4-2.4.1-5.1.20060mdk.x86_64.rpm
5de894eeb7ec4973bebc25bb1f72d814
2006.0/x86_64/lib64python2.4-devel-2.4.1-5.1.20060mdk.x86_64.rpm

4db5d1a3e39c3f40c4e5050dba3d918a
2006.0/x86_64/python-2.4.1-5.1.20060mdk.x86_64.rpm
4a5a6952e53ab7db8fe5c9471aeae89a
2006.0/x86_64/python-base-2.4.1-5.1.20060mdk.x86_64.rpm
1465a11b9501586f7d9973a2f95fb0cc
2006.0/x86_64/python-docs-2.4.1-5.1.20060mdk.x86_64.rpm
3ff58332759b527310ed3366bad87f04
2006.0/x86_64/tkinter-2.4.1-5.1.20060mdk.x86_64.rpm
0a76a89bc5835828c8219673cbd0b435
2006.0/SRPMS/python-2.4.1-5.1.20060mdk.src.rpm

Mandriva Linux 2007.0:
44c48f7600b0f089117a96e5f4357a0c
2007.0/i586/libpython2.4-2.4.3-3.1mdv2007.0.i586.rpm
a6c07dd5029afd05daf0b5d427f5cef5
2007.0/i586/libpython2.4-devel-2.4.3-3.1mdv2007.0.i586.rpm
4244b1bbd76123e60f19c75764b00e98
2007.0/i586/python-2.4.3-3.1mdv2007.0.i586.rpm
0b694e436e0cd6628d7369f41ffa3fd9
2007.0/i586/python-base-2.4.3-3.1mdv2007.0.i586.rpm
829c1d6b7eb792bcbd3f7ecbe3f972d5
2007.0/i586/python-docs-2.4.3-3.1mdv2007.0.i586.rpm
48bff204449435e63e9cb24da3f77628
2007.0/i586/tkinter-2.4.3-3.1mdv2007.0.i586.rpm
dea3c153d446fb676f7af3ca5c369db3
2007.0/SRPMS/python-2.4.3-3.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
3d068b19380f7fc08adb905186d8ef59
2007.0/x86_64/lib64python2.4-2.4.3-3.1mdv2007.0.x86_64.rpm
9399b2fbd78929a705d5d8fdeaf660f0
2007.0/x86_64/lib64python2.4-devel-2.4.3-3.1mdv2007.0.x86_64.rpm

c06b2b6d69781cfd9bd9cb9fae3f8f7f
2007.0/x86_64/python-2.4.3-3.1mdv2007.0.x86_64.rpm
a7a7ea9f8a6d49f928af411baa3e4087
2007.0/x86_64/python-base-2.4.3-3.1mdv2007.0.x86_64.rpm
4433860f8f42cab135453a2e8eac3f46
2007.0/x86_64/python-docs-2.4.3-3.1mdv2007.0.x86_64.rpm
d5d22b53dc48a4150c6d1285f4bb6f33
2007.0/x86_64/tkinter-2.4.3-3.1mdv2007.0.x86_64.rpm
dea3c153d446fb676f7af3ca5c369db3
2007.0/SRPMS/python-2.4.3-3.1mdv2007.0.src.rpm

Corporate 3.0:
5a2c39e43f59a0e808fdfcec11a843eb
corporate/3.0/i586/libpython2.3-2.3.3-2.3.C30mdk.i586.rpm
675afdbb8b04974243da9ba7879d901e
corporate/3.0/i586/libpython2.3-devel-2.3.3-2.3.C30mdk.i586.rpm
e858609c19e443be487eb1d43f874e10
corporate/3.0/i586/python-2.3.3-2.3.C30mdk.i586.rpm
2836f6544001bfea5d14e8a83c2711fc
corporate/3.0/i586/python-base-2.3.3-2.3.C30mdk.i586.rpm
de9492862633cf0ca0408c536c618a19
corporate/3.0/i586/python-docs-2.3.3-2.3.C30mdk.i586.rpm
91e09f9a6d27c0632994bf89a8fb4822
corporate/3.0/i586/tkinter-2.3.3-2.3.C30mdk.i586.rpm
39b14fc06738e67295a8e1c5e50e3006
corporate/3.0/SRPMS/python-2.3.3-2.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
604a86031285aa8476f791f4467fda00
corporate/3.0/x86_64/lib64python2.3-2.3.3-2.3.C30mdk.x86_64.rpm
6cd54d8501656d40c61e2871b3a9e912
corporate/3.0/x86_64/lib64python2.3-devel-2.3.3-2.3.C30mdk.x86_64.rpm

a44195d776e49f8a9b509b5012a64071
corporate/3.0/x86_64/python-2.3.3-2.3.C30mdk.x86_64.rpm
d5833670de0bdad6f6e475c8c7c94340
corporate/3.0/x86_64/python-base-2.3.3-2.3.C30mdk.x86_64.rpm
f4abca5edfaa50d55f6f728d667affd1
corporate/3.0/x86_64/python-docs-2.3.3-2.3.C30mdk.x86_64.rpm
9a26abb38c938537832cdd272d02c178
corporate/3.0/x86_64/tkinter-2.3.3-2.3.C30mdk.x86_64.rpm
39b14fc06738e67295a8e1c5e50e3006
corporate/3.0/SRPMS/python-2.3.3-2.3.C30mdk.src.rpm

Corporate 4.0:
cfe0f9797465852f67e2d478949d302e
corporate/4.0/i586/libpython2.4-2.4.1-5.1.20060mlcs4.i586.rpm
c14e242aa3ea60dfd6c7ba0524a98d11
corporate/4.0/i586/libpython2.4-devel-2.4.1-5.1.20060mlcs4.i586.rpm

542595eed49d7a9abf4891f3643ced62
corporate/4.0/i586/python-2.4.1-5.1.20060mlcs4.i586.rpm
67fdcb87b005d001c04d678416c543a9
corporate/4.0/i586/python-base-2.4.1-5.1.20060mlcs4.i586.rpm
818e3c1c31594c11a1ae6d93896f4800
corporate/4.0/i586/python-docs-2.4.1-5.1.20060mlcs4.i586.rpm
f900fb338b7f134ac22dfee88c0fe886
corporate/4.0/i586/tkinter-2.4.1-5.1.20060mlcs4.i586.rpm
7b2b6581795c3df4c2f1ee84323599b7
corporate/4.0/SRPMS/python-2.4.1-5.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
9035ef7c55d505b760a793f35bd5a1b9
corporate/4.0/x86_64/lib64python2.4-2.4.1-5.1.20060mlcs4.x86_64.rpm

1e911935ec4cb22679936deafcef042a
corporate/4.0/x86_64/lib64python2.4-devel-2.4.1-5.1.20060mlcs4.x86_64.rpm

1ed352a1529a6776574888b5d8c92767
corporate/4.0/x86_64/python-2.4.1-5.1.20060mlcs4.x86_64.rpm
c1cd58bb170bea659c1473597390a467
corporate/4.0/x86_64/python-base-2.4.1-5.1.20060mlcs4.x86_64.rpm

cc941f3e8b7f8bfe90350202fdfde139
corporate/4.0/x86_64/python-docs-2.4.1-5.1.20060mlcs4.x86_64.rpm

70a8606fa34b86d046a1c2276d46dc30
corporate/4.0/x86_64/tkinter-2.4.1-5.1.20060mlcs4.x86_64.rpm
7b2b6581795c3df4c2f1ee84323599b7
corporate/4.0/SRPMS/python-2.4.1-5.1.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
0cd4a9b86999ad5685b4e44ecaad9ed3
mnf/2.0/i586/libpython2.3-2.3.3-2.3.M20mdk.i586.rpm
c5e4c526e8b32dd61d8153ceaf9be7bf
mnf/2.0/i586/libpython2.3-devel-2.3.3-2.3.M20mdk.i586.rpm
97943f39f6ffcb1fd9707a8027b1c23f
mnf/2.0/i586/python-2.3.3-2.3.M20mdk.i586.rpm
974ac1a02271c5e59daf4f978d9d14a1
mnf/2.0/i586/python-base-2.3.3-2.3.M20mdk.i586.rpm
fb2f664290a9af406af50f2114e7d33c
mnf/2.0/i586/python-docs-2.3.3-2.3.M20mdk.i586.rpm
5820e40a69985f5d9a7da3c639244c21
mnf/2.0/i586/tkinter-2.3.3-2.3.M20mdk.i586.rpm
d4f5afc158538b5424a000ca984aa695
mnf/2.0/SRPMS/python-2.3.3-2.3.M20mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Ubuntu


Ubuntu Security Notice USN-360-1 October 10, 2006
awstats vulnerabilities
CVE-2006-3681, CVE-2006-3682


A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
awstats 6.3-1ubuntu0.4

Ubuntu 5.10:
awstats 6.4-1ubuntu1.3

Ubuntu 6.06 LTS:
awstats 6.5-1ubuntu1.2

In general, a standard system upgrade is sufficient to effect
the necessary changes.

Details follow:

awstats did not fully sanitize input, which was passed directly
to the user’s browser, allowing for an XSS attack. If a user was
tricked into following a specially crafted awstats URL, the user’s
authentication information could be exposed for the domain where
awstats was hosted. (CVE-2006-3681)

awstats could display its installation path under certain
conditions. However, this might only become a concern if awstats is
installed into an user’s home directory. (CVE-2006-3682)

Updated packages for Ubuntu 5.04:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.3-1ubuntu0.4.diff.gz

      Size/MD5: 27234
dfd36e862db2211270ccfcda1b9f4d3a
    http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.3-1ubuntu0.4.dsc

      Size/MD5: 595
967d4b14c6a5bb7e2c69c3843d15eb0a
    http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.3.orig.tar.gz

      Size/MD5: 938794
edb73007530a5800d53b9f1f90c88053

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.3-1ubuntu0.4_all.deb

      Size/MD5: 726704
52d471f9299e0bb5495c6e7db4fcc5fd

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.4-1ubuntu1.3.diff.gz

      Size/MD5: 20294
23e7714e08623dd464a76b5d2618c9fa
    http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.4-1ubuntu1.3.dsc

      Size/MD5: 595
e4ae507c9fc431a95b43fdc00f4a94e1
    http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.4.orig.tar.gz

      Size/MD5: 918435
056e6fb0c7351b17fe5bbbe0aa1297b1

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.4-1ubuntu1.3_all.deb

      Size/MD5: 728744
ca061e390d9ed9056bb58e14bd8bbece

Updated packages for Ubuntu 6.06 LTS:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.5-1ubuntu1.2.diff.gz

      Size/MD5: 20075
5bdc75b3b0ae69ee240430b254b529aa
    http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.5-1ubuntu1.2.dsc

      Size/MD5: 777
67d418d1283962b1955fffe465ed5d2e
    http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.5.orig.tar.gz

      Size/MD5: 1051780
aef00b2ff5c5413bd2a868299cabd69a

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.5-1ubuntu1.2_all.deb

      Size/MD5: 853276
6213e0f258c78ce25b73a1f7a0152f4e


Ubuntu Security Notice USN-361-1 October 10, 2006
mozilla vulnerabilities
CVE-2006-2788, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807,
CVE-2006-3808, CVE-2006-3809, CVE-2006-3811, CVE-2006-4340,
CVE-2006-4565, CVE-2006-4568, CVE-2006-4570, CVE-2006-4571

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:

libnspr4 2:1.7.13-0ubuntu05.04.2
libnss3 2:1.7.13-0ubuntu05.04.2
mozilla-browser 2:1.7.13-0ubuntu05.04.2
mozilla-mailnews 2:1.7.13-0ubuntu05.04.2
mozilla-psm 2:1.7.13-0ubuntu05.04.2

Ubuntu 5.10:

libnspr4 2:1.7.13-0ubuntu5.10.2
libnss3 2:1.7.13-0ubuntu5.10.2
mozilla-browser 2:1.7.13-0ubuntu5.10.2
mozilla-mailnews 2:1.7.13-0ubuntu5.10.2
mozilla-psm 2:1.7.13-0ubuntu5.10.2

After a standard system upgrade you need to restart Mozilla to
effect the necessary changes.

Details follow:

Various flaws have been reported that allow an attacker to
execute arbitrary code with user privileges by tricking the user
into opening a malicious URL. (CVE-2006-2788, CVE-2006-3805,
CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3811,
CVE-2006-4565, CVE-2006-4568, CVE-2006-4571)

A bug was found in the script handler for automatic proxy
configuration. A malicious proxy could send scripts which could
execute arbitrary code with the user’s privileges.
(CVE-2006-3808)

The NSS library did not sufficiently check the padding of PKCS
#1 v1.5 signatures if the exponent of the public key is 3 (which is
widely used for CAs). This could be exploited to forge valid
signatures without the need of the secret key. (CVE-2006-4340)

Georgi Guninski discovered that even with JavaScript disabled, a
malicous email could still execute JavaScript when the message is
viewed, replied to, or forwarded by putting the script in a remote
XBL file loaded by the message. (CVE-2006-4570)

Updated packages for Ubuntu 5.04:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.13-0ubuntu05.04.2.diff.gz

      Size/MD5: 403767
ad89e14a1a7063ffd40c7966f66f63e6
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.13-0ubuntu05.04.2.dsc

      Size/MD5: 1140
62f9aae0950ae23ab127ed0c608a6cd0
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.13.orig.tar.gz

      Size/MD5: 38788839
db906560b5abe488286ad1edc21d52b6

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu05.04.2_amd64.deb

      Size/MD5: 168066
099a54a14163f7ffe0308530d7f513e8
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu05.04.2_amd64.deb

      Size/MD5: 142106
f8c747f219197d2fc62c7be7532dd09e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu05.04.2_amd64.deb

      Size/MD5: 184956
80462134e344661ebcdb10668703c8cf
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu05.04.2_amd64.deb

      Size/MD5: 711066
2b27ce520e6e2c519145592da529d67c
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu05.04.2_amd64.deb

      Size/MD5: 10618640
187ac84d04bad5af52788263ce85516f
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu05.04.2_amd64.deb

      Size/MD5: 403276
72d272889c297249f811744536aece56
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu05.04.2_amd64.deb

      Size/MD5: 158328
1f81850675d5eb5df3c925b5b1b597ba
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu05.04.2_amd64.deb

      Size/MD5: 3352872
63a790924643bed33c08e1a461978462
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu05.04.2_amd64.deb

      Size/MD5: 121184
1cd6cd71393fad002ac4835bd4d77bc9
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu05.04.2_amd64.deb

      Size/MD5: 204162
87a317642b4ecce9677cd0ed24efab5a
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu05.04.2_amd64.deb

      Size/MD5: 1935960
adb803a894fa3a15852d0733afc74d4c
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu05.04.2_amd64.deb

      Size/MD5: 204574
b3469c0df25b7aab832b7980141c5d37
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu05.04.2_amd64.deb

      Size/MD5: 1036
7e85f8a2bb24b7b598af457fa837a5d9

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu05.04.2_i386.deb

      Size/MD5: 168072
c7690f437e4bd147259cda6352735c39
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu05.04.2_i386.deb

      Size/MD5: 128792
e6b46d8085bb71e0a02bf4df562d5304
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu05.04.2_i386.deb

      Size/MD5: 184958
e577ec3493ceece312868c1b1525a15f
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu05.04.2_i386.deb

      Size/MD5: 640944
58e1b7fa33efd64fc7e76882644d4043
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu05.04.2_i386.deb

      Size/MD5: 9633508
d1e37ae68a659971781656f6538990a5
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu05.04.2_i386.deb

      Size/MD5: 403276
e50f3bbac2e41bb104eb5cc295faaa6a
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu05.04.2_i386.deb

      Size/MD5: 158324
80ee24d10d7096535ca385c31e6c3e15
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu05.04.2_i386.deb

      Size/MD5: 3345344
6fabf6cc2e004b1198e020955dd8ae8d
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu05.04.2_i386.deb

      Size/MD5: 115828
914b74534f1f1acc7ef824213e183207
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu05.04.2_i386.deb

      Size/MD5: 204166
ef89a748349c8b6d8d34669299826c72
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu05.04.2_i386.deb

      Size/MD5: 1780872
46d444ebdc9275f2f6af5e44386fda3a
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu05.04.2_i386.deb

      Size/MD5: 188690
fccd761b19b934c65b85692f48c1762f
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu05.04.2_i386.deb

      Size/MD5: 1040
7e8d5ad979310554776283e3214e3fca

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu05.04.2_powerpc.deb

      Size/MD5: 168068
df3bd44e30b8879676bc16add8f8f8d7
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu05.04.2_powerpc.deb

      Size/MD5: 127516
7581cd6555ad4361a5c71712ef033a3b
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu05.04.2_powerpc.deb

      Size/MD5: 184962
f4acb756cb1e06d318dd47fa116ceb95
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu05.04.2_powerpc.deb

      Size/MD5: 715266
eba1496eaefd0d5518fbf760f2ab797d
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu05.04.2_powerpc.deb

      Size/MD5: 9185774
7ffeea84795d0e04d0c8f322986a93bc
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu05.04.2_powerpc.deb

      Size/MD5: 403266
1a4b5095e6189487f92759c56538a249
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu05.04.2_powerpc.deb

      Size/MD5: 158326
f451a11b17886ab40ffc5a6318a1c3ed
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu05.04.2_powerpc.deb

      Size/MD5: 3340928
84ad67e980f33f3851be557e3925d117
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu05.04.2_powerpc.deb

      Size/MD5: 114572
f0b66f845fa37fb4fe8446390a9febe2
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu05.04.2_powerpc.deb

      Size/MD5: 204162
dbc4ea2f92922d2c4e971f93c0654a8b
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu05.04.2_powerpc.deb

      Size/MD5: 1643070
50861039ddbc58e3af7ea190a3741bc2
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu05.04.2_powerpc.deb

      Size/MD5: 175956
c2ee0dd5fe36227e6ba889f536572404
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu05.04.2_powerpc.deb

      Size/MD5: 1042
294f7978e129035d0ddd01d5c80a28b7

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.13-0ubuntu5.10.2.diff.gz

      Size/MD5: 405485
13b07818d2a9c3a822a3ca8401a7bae1
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.13-0ubuntu5.10.2.dsc

      Size/MD5: 1080
0a4ccbdb5a99be291f96831b89518c40
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.13.orig.tar.gz

      Size/MD5: 38788839
db906560b5abe488286ad1edc21d52b6

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu5.10.2_amd64.deb

      Size/MD5: 168034
7519d27e8092bb5580b1247f2fc5b5d2
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu5.10.2_amd64.deb

      Size/MD5: 144144
a6dc385f53c79685e2b279cb9e36b5d9
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu5.10.2_amd64.deb

      Size/MD5: 184944
7bf1d7cc91284ea519b7b12294ba06f6
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu5.10.2_amd64.deb

      Size/MD5: 719760
d8ad4ba840f6228d44721c4d6659bf03
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu5.10.2_amd64.deb

      Size/MD5: 10677284
95caf43274622ca4d152b69e41794768
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu5.10.2_amd64.deb

      Size/MD5: 403240
36bd0aa4b881b5b5ab233398b94c4b6c
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu5.10.2_amd64.deb

      Size/MD5: 158304
fdb8c415490ed55058213509bef937a4
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu5.10.2_amd64.deb

      Size/MD5: 3348658
b9a541dee238a3ae69187d3fc2f86a99
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu5.10.2_amd64.deb

      Size/MD5: 122354
3bccc7529278385f8a08218911cb4941
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu5.10.2_amd64.deb

      Size/MD5: 204136
604e32b34b597cae8e6f5bb467adf760
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu5.10.2_amd64.deb

      Size/MD5: 1962890
9f389ecdb51eae26a216239cc41f7472
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu5.10.2_amd64.deb

      Size/MD5: 204424
8eb5609b154d3316f93c885869d256af
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu5.10.2_amd64.deb

      Size/MD5: 1030
3a99313ff3bda75788f3c53a98703568

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu5.10.2_i386.deb

      Size/MD5: 168032
0ac1e3dcf83ed167c4dd5b753fc3f86e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu5.10.2_i386.deb

      Size/MD5: 129510
288838a25b84ab3ef0ce8abb78826a70
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu5.10.2_i386.deb

      Size/MD5: 184926
3739546c136ef47131c0c56f215f13b8
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu5.10.2_i386.deb

      Size/MD5: 635804
f3a85be693448a98f32ade7ccf0d572a
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu5.10.2_i386.deb

      Size/MD5: 9192548
87ce9472ff327ee15c061ca894f4c502
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu5.10.2_i386.deb

      Size/MD5: 403242
e10c7357c9abe4ff1c65b98ef04d8cca
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu5.10.2_i386.deb

      Size/MD5: 158306
da45278e8bbb9df31482e44355bb3022
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu5.10.2_i386.deb

      Size/MD5: 3338184
2dc446ab7c26e4e16c06f39e4181b2d6
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu5.10.2_i386.deb

      Size/MD5: 115300
969aeb4a686fe1706d62cac1a55c88ee
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu5.10.2_i386.deb

      Size/MD5: 204136
5c6604b2af81921b94dee9d6ab25fef4
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu5.10.2_i386.deb

      Size/MD5: 1691542
a26eea78868e8b914fdeb244e0a5ce99
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu5.10.2_i386.deb

      Size/MD5: 179006
478f4d4935d60cf5b540bbf2b9584015
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu5.10.2_i386.deb

      Size/MD5: 1032
b0690b4026428358310227b62e86a201

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu5.10.2_powerpc.deb

      Size/MD5: 168044
4b49416501a5cf3dde11c85bca9d4003
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu5.10.2_powerpc.deb

      Size/MD5: 131208
8ae16b24d772df785f7ac7b45994bf81
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu5.10.2_powerpc.deb

      Size/MD5: 184944
c605f3e46e6eec714c52bdca024bf5cd
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu5.10.2_powerpc.deb

      Size/MD5: 697346
57c40323da49beb71ee92e628c513412
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu5.10.2_powerpc.deb

      Size/MD5: 9271350
ab423ec59fdc70062f5475abdf224450
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu5.10.2_powerpc.deb

      Size/MD5: 403248
638114d07b0e92e0dbf53889a93db2e9
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu5.10.2_powerpc.deb

      Size/MD5: 158316
82cf9eec804814c40b80743cfaa40c0c
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu5.10.2_powerpc.deb

      Size/MD5: 3337212
c77a728d100e4a814292c1ebf058b206
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu5.10.2_powerpc.deb

      Size/MD5: 115338
ee431929c1d42fea57deed6af5821222
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu5.10.2_powerpc.deb

      Size/MD5: 204132
d320df4c82bec0dbea9e23eac86e0c52
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu5.10.2_powerpc.deb

      Size/MD5: 1671452
6cfcd9843412b61bb38cc8b6e6347d36
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu5.10.2_powerpc.deb

      Size/MD5: 175960
445a0a66e665dd7fa1e19b17ebbc68e7
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu5.10.2_powerpc.deb

      Size/MD5: 1030
2f1b913bfec084dce97507bcb316184c

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu5.10.2_sparc.deb

      Size/MD5: 168044
b0283b659cac7e9fda0a52903183cc1a
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu5.10.2_sparc.deb

      Size/MD5: 127776
dc6a2efef62c01494a86ce8d1db0cf0d
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu5.10.2_sparc.deb

      Size/MD5: 184934
216d6c3730e6814bb553319b2c38a4a5
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu5.10.2_sparc.deb

      Size/MD5: 631150
18932e443011e4d18ab953eab47fb9b9
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu5.10.2_sparc.deb

      Size/MD5: 9017638
35b2c93ab3e9f139971fc78230d8caf6
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu5.10.2_sparc.deb

      Size/MD5: 403236
89978443b4a64d64da69b7d771baa4b1
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu5.10.2_sparc.deb

      Size/MD5: 158310
f8a4927cb65d95afa9a700214d98cf6d
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu5.10.2_sparc.deb

      Size/MD5: 3336676
0d0b547f174249216f06176b06e6ca1b
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu5.10.2_sparc.deb

      Size/MD5: 113838
a676537e1727286d1cdbe93072d120d2
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu5.10.2_sparc.deb

      Size/MD5: 204134
678ada2642462d3267403d1459e77b54
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu5.10.2_sparc.deb

      Size/MD5: 1629864
ee75fea2ad24654db58d59a72a4a0086
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu5.10.2_sparc.deb

      Size/MD5: 170498
95c70a127d1b1c63e8530d1804e71cf2
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu5.10.2_sparc.deb

      Size/MD5: 1038
0e2e0a04322e4f24d7982cd10e16669d


Ubuntu Security Notice USN-362-1 October 10, 2006
php4, php5 vulnerabilities
CVE-2006-4485, CVE-2006-4486, CVE-2006-4625, CVE-2006-4812

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:

libapache2-mod-php4 4:4.3.10-10ubuntu4.8
php4-cgi 4:4.3.10-10ubuntu4.8
php4-cli 4:4.3.10-10ubuntu4.8

Ubuntu 5.10:

libapache2-mod-php5 5.0.5-2ubuntu1.5
php5-cgi 5.0.5-2ubuntu1.5
php5-cli 5.0.5-2ubuntu1.5

Ubuntu 6.06 LTS:

libapache2-mod-php5 5.1.2-1ubuntu3.3
php5-cgi 5.1.2-1ubuntu3.3
php5-cli 5.1.2-1ubuntu3.3

After a standard system upgrade you need to restart Apache
with

sudo /etc/init.d/apache2 restart

to effect the necessary changes.

Details follow:

The stripos() function did not check for invalidly long or empty
haystack strings. In an application that uses this function on
arbitrary untrusted data this could be exploited to crash the PHP
interpreter. (CVE-2006-4485)

An integer overflow was discovered in the PHP memory allocation
handling. On 64-bit platforms, the “memory_limit” setting was not
enforced correctly. A remote attacker could exploit this to cause a
Denial of Service attack through memory exhaustion.
(CVE-2006-4486)

Maksymilian Arciemowicz discovered that security relevant
configuration options like open_basedir and safe_mode (which can be
configured in Apache’s httpd.conf) could be bypassed and reset to
their default value in php.ini by using the ini_restore()
function.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis