---

Advisories: October 13, 2005

Debian GNU/Linux


Debian Security Advisory DSA 864-1 [email protected]
http://www.debian.org/security/
Martin Schulze
October 13th, 2005 http://www.debian.org/security/faq


Package : ruby1.8
Vulnerability : programming error
Problem type : local
Debian-specific: no
CVE ID : CAN-2005-2337
CERT advisory : VU#160012
Debian Bug : 332742

Yutaka Oiwa discovered a bug in Ruby, the interpreter for the
object-oriented scripting language, that can cause illegal program
code to bypass the safe level and taint flag protections check and
be executed. The following matrix lists the fixed versions in our
distributions:

  old stable (woody) stable (sarge) unstable (sid)
ruby 1.6.7-3woody5 n/a n/a
ruby1.6 n/a 1.6.8-12sarge1 1.6.8-13
ruby1.8 n/a 1.8.2-7sarge2 1.8.3-1

We recommend that you upgrade your ruby packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2.dsc

      Size/MD5 checksum: 1024
02c4885bf1d3d6272be11978e8d9418d
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2.diff.gz

      Size/MD5 checksum: 531380
ce444a411b23c9d971653956b2225448
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2.orig.tar.gz

      Size/MD5 checksum: 3623780
4bc5254bec262d18cf1ceef03aae8bdf

Architecture independent components:

    http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.2-7sarge2_all.deb

      Size/MD5 checksum: 166200
950967e1aebed573ce5dc7dfb3aa92c5
    http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.2-7sarge2_all.deb

      Size/MD5 checksum: 234134
c88180c3fa145702ee4b06d2249a807d
    http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.2-7sarge2_all.deb

      Size/MD5 checksum: 704562
2d2569f0b3ff912984e9420bd2b7c973
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.2-7sarge2_all.deb

      Size/MD5 checksum: 142306
4ecdb2f1dba4d8bb7b900b618eecb767
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.2-7sarge2_all.deb

      Size/MD5 checksum: 216314
246b7704cea26b42539e57c6398e3a0c

Alpha architecture:

    http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_alpha.deb

      Size/MD5 checksum: 135712
e0195f6fdd8d8fd69014682b57baada8
    http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_alpha.deb

      Size/MD5 checksum: 137264
937ffdaae7b454b8125baa73059d8c35
    http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_alpha.deb

      Size/MD5 checksum: 237336
a612c26a6b1bf421b22cd001858740e1
    http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_alpha.deb

      Size/MD5 checksum: 133182
fbf454b5428a59fee911aada58a924eb
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_alpha.deb

      Size/MD5 checksum: 1468302
386db9fc15b60d25dd34552e24e3c50d
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_alpha.deb

      Size/MD5 checksum: 826734
b821379165dd8cdeec62c679ef577589
    http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_alpha.deb

      Size/MD5 checksum: 1449910
be28287997258e39caccd9badbdfd95c
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_alpha.deb

      Size/MD5 checksum: 151744
afb890dc2b87799d2460dc8b2bbfb96b
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_alpha.deb

      Size/MD5 checksum: 795230
4d27009b3cb959baedd807e65821f824

AMD64 architecture:

    http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_amd64.deb

      Size/MD5 checksum: 135068
0609f0501dec9b3b9f4d19bd308af45c
    http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_amd64.deb

      Size/MD5 checksum: 136550
1f876514bb9cd3d6192b4f9eda1f48a1
    http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_amd64.deb

      Size/MD5 checksum: 233800
745f578b197d85af57dc165f710cd0a2
    http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_amd64.deb

      Size/MD5 checksum: 132396
74635cf281b1f404c0520794f9da880f
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_amd64.deb

      Size/MD5 checksum: 1392074
bfd324fb43c1f2ebfcf7ed8d8673cbcd
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_amd64.deb

      Size/MD5 checksum: 780174
085f001489367e205362a7043bcbebdd
    http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_amd64.deb

      Size/MD5 checksum: 1446526
f334b10112d05e862370d691d0a365d8
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_amd64.deb

      Size/MD5 checksum: 151404
cebe1b6d7ba283e369ddd03945384537
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_amd64.deb

      Size/MD5 checksum: 648656
9d20209d15264b47f4ce654be0a47bb1

ARM architecture:

    http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_arm.deb

      Size/MD5 checksum: 134114
fa9211a4e8304655a753993adbf20912
    http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_arm.deb

      Size/MD5 checksum: 135222
286133802cc9ba542ece606eae42c5ea
    http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_arm.deb

      Size/MD5 checksum: 222152
e8ea65dc3ca8ce1cd01850f07885d507
    http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_arm.deb

      Size/MD5 checksum: 131500
7ec64be742a6629bffa489e69b0a8c23
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_arm.deb

      Size/MD5 checksum: 1348038
af53111ae865a0eca2f0349e2608e2fc
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_arm.deb

      Size/MD5 checksum: 743418
727f40cb8768e64989b84b4b3b5f647d
    http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_arm.deb

      Size/MD5 checksum: 1440846
8f693fa58826b96ce0074eb1a78b9a31
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_arm.deb

      Size/MD5 checksum: 151244
beb813b6236b405c7496051581493838
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_arm.deb

      Size/MD5 checksum: 659752
e4877ae85dbce5d6cded5553085b2108

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_i386.deb

      Size/MD5 checksum: 134666
fd4689a103dcec74f07ef1409ad5096c
    http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_i386.deb

      Size/MD5 checksum: 135912
6c161489efd29807f71152870fda6242
    http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_i386.deb

      Size/MD5 checksum: 224632
f7c2f927c8a9894c19250dbce94af541
    http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_i386.deb

      Size/MD5 checksum: 131662
a493cb06911381c7f512f11d33e659c6
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_i386.deb

      Size/MD5 checksum: 1349200
6bb9adddc422b7f433516a7fa1edb737
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_i386.deb

      Size/MD5 checksum: 757702
b27bc494dcbf9043645ea471f6b56135
    http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_i386.deb

      Size/MD5 checksum: 1439766
99077386fc533b577c7caff5788065a0
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_i386.deb

      Size/MD5 checksum: 151256
a279b83da66c1b526a6ad69b887ce4eb
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_i386.deb

      Size/MD5 checksum: 621964
db987b32db00808ea5597196eb488828

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_ia64.deb

      Size/MD5 checksum: 138330
aaeb7943f7c095a6f1dec2692ab2c1ad
    http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_ia64.deb

      Size/MD5 checksum: 140154
8b0c62eebd9e0f467113d04874330832
    http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_ia64.deb

      Size/MD5 checksum: 265406
1b24c64e5771209f96e769ca8bfe56f4
    http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_ia64.deb

      Size/MD5 checksum: 135534
d55c51c13c612ef185b3c57681a245c5
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_ia64.deb

      Size/MD5 checksum: 1703448
4d184281f1f59426b9bdea84afe70267
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_ia64.deb

      Size/MD5 checksum: 997842
66576d718b46cd0b128807b67f987fe1
    http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_ia64.deb

      Size/MD5 checksum: 1462706
5a2fcbfe348590bdb12801378c330587
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_ia64.deb

      Size/MD5 checksum: 152160
060844ff66807aa635d4c498e64d76e1
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_ia64.deb

      Size/MD5 checksum: 867056
fd92260fbba9381725d41399a2df94ec

HP Precision architecture:

    http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_hppa.deb

      Size/MD5 checksum: 136278
38e3ec76e1ab906443cf6fec69dc0e05
    http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_hppa.deb

      Size/MD5 checksum: 137940
6fc19a4ccdcf112b12e1c9accb66ab8c
    http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_hppa.deb

      Size/MD5 checksum: 246626
8295811621cf2a9d70e7e23cbdcbae85
    http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_hppa.deb

      Size/MD5 checksum: 133462
a5d6a0a89122f820aec8abd77185fa5a
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_hppa.deb

      Size/MD5 checksum: 1500658
17492c24e92970dc0aa9cb5e4aca4c9a
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_hppa.deb

      Size/MD5 checksum: 839388
e54b0657edcddf4a6ce8227c7fa31612
    http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_hppa.deb

      Size/MD5 checksum: 1453434
be279ff8d716abe7bd603cf0c1d6d2e0
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_hppa.deb

      Size/MD5 checksum: 151812
9b4c3047a843aa5958c96dc31a6ca033
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_hppa.deb

      Size/MD5 checksum: 735402
a873a095e04b47c39f12cf200b7ec146

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_m68k.deb

      Size/MD5 checksum: 134148
77e347fef526b6d7c91af179c04c8c0d
    http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_m68k.deb

      Size/MD5 checksum: 135542
3e87769580c19d394630fe5a4b72566c
    http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_m68k.deb

      Size/MD5 checksum: 230520
3afcc5c8b461a80207c6cc02fb50fccd
    http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_m68k.deb

      Size/MD5 checksum: 131838
b38660f2ca7420e371a7f7d876e6e950
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_m68k.deb

      Size/MD5 checksum: 1332586
96b2e8e4d3b0b86153110c7c81907194
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_m68k.deb

      Size/MD5 checksum: 729728
3ed2ad31db64434c6ddfc7dc06e6ad23
    http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_m68k.deb

      Size/MD5 checksum: 1439160
b45b47d802584b54dfad1c6bd8b886d3
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_m68k.deb

      Size/MD5 checksum: 151196
54f4736454fcb961a617b9662c89c932
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_m68k.deb

      Size/MD5 checksum: 552676
ebc099ac3da1a205131a7cd98abf8c4e

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_mips.deb

      Size/MD5 checksum: 133922
5574b80e82c88ba25d711c102a50f95d
    http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_mips.deb

      Size/MD5 checksum: 135298
5372b46d24125108b393e2cc24222cf5
    http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_mips.deb

      Size/MD5 checksum: 215232
1afd304916248bd18edfa5f55d7a3cd3
    http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_mips.deb

      Size/MD5 checksum: 131400
817e2f45f9e272be8a3b993eca4a7985
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_mips.deb

      Size/MD5 checksum: 1355746
8a6f98d621f55e78dc84f7061c2b358c
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_mips.deb

      Size/MD5 checksum: 763368
2852fbb514587ab0abb3ebc2ad415df7
    http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_mips.deb

      Size/MD5 checksum: 1435716
29878f0fc435dc1c33010220cc837d37
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_mips.deb

      Size/MD5 checksum: 151958
dc0fd07a7d9e9ccadeef95bde0351817
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_mips.deb

      Size/MD5 checksum: 683474
ac97f82253f46913151efd5c3099c551

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_mipsel.deb

      Size/MD5 checksum: 133944
f12935c8449caa200cbb7b735de6ada6
    http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_mipsel.deb

      Size/MD5 checksum: 135310
8011dc5dce4768864419996c3f6d9a48
    http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_mipsel.deb

      Size/MD5 checksum: 214456
c5778a3a1a07a8cd80b9ab077cde5074
    http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_mipsel.deb

      Size/MD5 checksum: 131344
1b0e29645c8a3f9077910c96b48a1359
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_mipsel.deb

      Size/MD5 checksum: 1357228
df7e72e3b3cf00080b0c69c2e2001887
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_mipsel.deb

      Size/MD5 checksum: 756232
8fef45d81f7764d2d427dd5bac4dba0a
    http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_mipsel.deb

      Size/MD5 checksum: 1435972
155c5044db95709e01c01659ef93a135
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_mipsel.deb

      Size/MD5 checksum: 151934
5e865f509796fe53b0d2a1b5a5c9c72d
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_mipsel.deb

      Size/MD5 checksum: 677334
8dec776253eb64b42035a7a7589bb970

PowerPC architecture:

    http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_powerpc.deb

      Size/MD5 checksum: 136508
eb8794cafa6e7a9d5e31ffce9fdf2694
    http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_powerpc.deb

      Size/MD5 checksum: 137652
a22f7061882f801c20c4907d61d9cd62
    http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_powerpc.deb

      Size/MD5 checksum: 224840
3b55b937e39bf8c5dafbaebf05f32b9c
    http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_powerpc.deb

      Size/MD5 checksum: 133562
bb942bdf0d032ecd717704e47ccc1cd2
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_powerpc.deb

      Size/MD5 checksum: 1405880
896f47ccbc5e50dd6a78cba52a59c6b6
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_powerpc.deb

      Size/MD5 checksum: 969794
1e912d075c159fbeb6411d1d72e880df
    http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_powerpc.deb

      Size/MD5 checksum: 1444114
94110d9d029066fd53add4a26a98cff4
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_powerpc.deb

      Size/MD5 checksum: 153102
09c2d4538d43322dad1d5470e772cecb
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_powerpc.deb

      Size/MD5 checksum: 620568
ecfe1728330b3da2c6d0f6f8a6e7e16f

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_s390.deb

      Size/MD5 checksum: 135552
4f867891b8b39115f577b783155781eb
    http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_s390.deb

      Size/MD5 checksum: 136898
3ec59c86a92fc1701aea5bc1c7f0de67
    http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_s390.deb

      Size/MD5 checksum: 239628
e5cf477060d233cbd8fd7d9e830a6e95
    http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_s390.deb

      Size/MD5 checksum: 132888
7c4f2d122a8f104f6da6fee3251662f3
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_s390.deb

      Size/MD5 checksum: 1430880
8fffb3c762493b245e1e446c4e5c9425
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_s390.deb

      Size/MD5 checksum: 907026
feb133e3bb6acd170fb4b9202f0f0b39
    http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_s390.deb

      Size/MD5 checksum: 1447002
3f8391fea58a78e222224d8214758af6
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_s390.deb

      Size/MD5 checksum: 151486
fea474393cc04d3de74061bf04f537cd
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_s390.deb

      Size/MD5 checksum: 674232
83aed4af46b6f3bb1b1f0dbabb4e58c5

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_sparc.deb

      Size/MD5 checksum: 134400
9eed1234d06c62465aab5ae4e65eed8a
    http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_sparc.deb

      Size/MD5 checksum: 135594
4ed728b82c57df8e6e0b9e59148379b6
    http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_sparc.deb

      Size/MD5 checksum: 228836
99ead3d7d81c4829545e076dc8d6350d
    http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_sparc.deb

      Size/MD5 checksum: 131752
ee4391927a34eefdeea3d8221f65380c
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_sparc.deb

      Size/MD5 checksum: 1372598
f1d3a7ee86e225463216ce941ce2e53b
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_sparc.deb

      Size/MD5 checksum: 747546
125894cb5762503df22983895697ad5a
    http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_sparc.deb

      Size/MD5 checksum: 1441758
d1a84594180334347f17fd7bff0dad3b
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_sparc.deb

      Size/MD5 checksum: 151248
dca393d8688579270f35d31fc731b8cc
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_sparc.deb

      Size/MD5 checksum: 646070
f5375c053ef3cf8f517581ece10a1e86

These files will probably be moved into the stable distribution
on its next update.



Debian Security Advisory DSA 865-1 [email protected]
http://www.debian.org/security/
Martin Schulze
October 13th, 2005 http://www.debian.org/security/faq


Package : hylafax
Vulnerability : insecure temporary files
Problem type : local
Debian-specific: no
CVE ID : CAN-2005-3069

Javier Fernández-Sanguino Peña discovered that
several scripts of the hylafax suite, a flexible client/server fax
software, create temporary files and directories in an insecure
fashion, leaving them vulnerable to symlink exploits.

For the old stable distribution (woody) this problem has been
fixed in version 4.1.1-3.2.

For the stable distribution (sarge) this problem has been fixed
in version 4.2.1-5sarge1.

For the unstable distribution (sid) this problem has been fixed
in version 4.2.2-1.

We recommend that you upgrade your hylafax packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

    http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1-3.2.dsc

      Size/MD5 checksum: 739
a26715f7b967614e4aa3afb4657fb20e
    http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1-3.2.diff.gz

      Size/MD5 checksum: 116099
ad9d74b7d995655df44c6a257cfb8e1f
    http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1.orig.tar.gz

      Size/MD5 checksum: 1287689
1ed081750be70a800708699b7568e17e

Architecture independent components:

    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-doc_4.1.1-3.2_all.deb

      Size/MD5 checksum: 318302
49ee14fc07e1ca12ea191ec01209831f

Alpha architecture:

    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.2_alpha.deb

      Size/MD5 checksum: 556336
2ca7177d8d4e45ad08052612d31e3286
    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.2_alpha.deb

      Size/MD5 checksum: 1362414
98b7c46d94841981577a46965982daf3

ARM architecture:

    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.2_arm.deb

      Size/MD5 checksum: 445654
7fd22812bb3e50f5915a3d5ca56c3412
    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.2_arm.deb

      Size/MD5 checksum: 1095664
3b56df8d25e56adbf657f35f6add331d

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.2_i386.deb

      Size/MD5 checksum: 462410
1b6ef2d2bc9a013abc3ca5c88d9517ef
    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.2_i386.deb

      Size/MD5 checksum: 1132566
fe019575d929c90497da4da532dd0e14

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.2_ia64.deb

      Size/MD5 checksum: 615710
80614f594990528f32d72f29a25059aa
    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.2_ia64.deb

      Size/MD5 checksum: 1491748
1fefde2f9ef1e1f29f2f3e538746e826

HP Precision architecture:

    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.2_hppa.deb

      Size/MD5 checksum: 501634
a6d82e052b47ec50dcb2074b97bc9118
    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.2_hppa.deb

      Size/MD5 checksum: 1231286
21b6141ceb425b35dca9ba8350cea477

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.2_m68k.deb

      Size/MD5 checksum: 451276
e7bcefc8e040c5dd61993cce93f8463f
    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.2_m68k.deb

      Size/MD5 checksum: 1099994
35967ff6911e340a8ad03677e314bdb6

PowerPC architecture:

    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.2_powerpc.deb

      Size/MD5 checksum: 450830
a81c00ffe35a3596f2a1cba944e25369
    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.2_powerpc.deb

      Size/MD5 checksum: 1104318
49a486d5ad824024d1aee622f38bca9b

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.2_s390.deb

      Size/MD5 checksum: 441260
40081bae3595b7b5d409129f2658ce6c
    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.2_s390.deb

      Size/MD5 checksum: 1086846
a5db5a237b9af20c976adc66ae5186d0

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.2_sparc.deb

      Size/MD5 checksum: 433626
5ff8d52490ad2d2a9f77c0371662f757
    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.2_sparc.deb

      Size/MD5 checksum: 1082548
78c8ee6392656ad57d66dc03e9619451

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.2.1-5sarge1.dsc

      Size/MD5 checksum: 746
b6ffe5782b520108a41be7da0e65f212
    http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.2.1-5sarge1.diff.gz

      Size/MD5 checksum: 51332
486108ce920ac6adfed78ea503a429d5
    http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.2.1.orig.tar.gz

      Size/MD5 checksum: 1412035
05430e41a279d0fff6d6e4b444440829

Architecture independent components:

    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-doc_4.2.1-5sarge1_all.deb

      Size/MD5 checksum: 372500
f5f4b31a5efcfe1c906ee102d03d306c

Alpha architecture:

    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_alpha.deb

      Size/MD5 checksum: 373904
a8b07000fe5e9fe40c8729411c8c8bdd
    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_alpha.deb

      Size/MD5 checksum: 863548
5ea99f1e2b7770a1f9467081ba076484

AMD64 architecture:

    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_amd64.deb

      Size/MD5 checksum: 350818
0bcd173184e7fa51589b2f54ccfb15c5
    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_amd64.deb

      Size/MD5 checksum: 801080
9f72610133beab92ca221215e0263b68

ARM architecture:

    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_arm.deb

      Size/MD5 checksum: 342470
117f8e70e33830ca07f04babd116927d
    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_arm.deb

      Size/MD5 checksum: 808824
74f5d116878343c02269a2577e06d945

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_i386.deb

      Size/MD5 checksum: 348094
c81c1b6d04a35e3a6d317449b8ec2801
    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_i386.deb

      Size/MD5 checksum: 805734
4fcc081ed2e9b0865025cfe2e719d203

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_ia64.deb

      Size/MD5 checksum: 402470
6ad9857e7c46d2c51479271a20bb78c7
    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_ia64.deb

      Size/MD5 checksum: 924518
b98f0ff9f1bae59d39956d5f3fef96bc

HP Precision architecture:

    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_hppa.deb

      Size/MD5 checksum: 402304
6f5944f958c4a4fb1297391387547006
    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_hppa.deb

      Size/MD5 checksum: 911470
a9b443693d95bc152977114b054ebec4

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_m68k.deb

      Size/MD5 checksum: 345324
d0dd8395c48a88e9d080e26fe7beb333
    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_m68k.deb

      Size/MD5 checksum: 784366
bd761bc6035a6ba2a52e072476d36d47

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_mips.deb

      Size/MD5 checksum: 352702
7227bc9a47689297868b622a0f1328b2
    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_mips.deb

      Size/MD5 checksum: 836084
e7a9cf31efe92f03cf8be2f34e6ae4d3

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_mipsel.deb

      Size/MD5 checksum: 350218
faf1361beefc28c5b3f7feab9703c2a9
    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_mipsel.deb

      Size/MD5 checksum: 831058
44c131e3f464cfd9b6e05ce2cb93658d

PowerPC architecture:

    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_powerpc.deb

      Size/MD5 checksum: 356594
f25e009fcdbd2cf4e867293f894dab7d
    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_powerpc.deb

      Size/MD5 checksum: 819646
3330a4499a03d26f8baf0ad71307a23d

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_s390.deb

      Size/MD5 checksum: 339420
fb65b63a8de4e4725730b973e4e3ea27
    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_s390.deb

      Size/MD5 checksum: 767898
2e7a83d6bd2c026b1b2af53797e63a21

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_sparc.deb

      Size/MD5 checksum: 328882
502e63cbc6728737c66b39686ff2f1c5
    http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_sparc.deb

      Size/MD5 checksum: 759848
2ba892225d8368372a475ecc12acc942

These files will probably be moved into the stable distribution
on its next update.


For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: [email protected]

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Ubuntu Linux


Ubuntu Security Notice USN-203-1 October 13, 2005
abiword vulnerabilities
CAN-2005-2972


A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

abiword

The problem can be corrected by upgrading the affected package
to version 2.0.7+cvs.2004.05.05-1ubuntu3.3 (for Ubuntu 4.10), or
2.2.2-1ubuntu2.2 (for Ubuntu 5.04). After a standard system upgrade
you have to restart Abiword to effect the necessary changes.

Details follow:

Chris Evans discovered several buffer overflows in the RTF
import module of AbiWord. By tricking a user into opening an RTF
file with specially crafted long identifiers, an attacker could
exploit this to execute arbitrary code with the privileges of the
AbiWord user.

Updated packages for Ubuntu 4.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.3.diff.gz

      Size/MD5: 53513
e4e2d3d54c83a168e82d70b137ee057c
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.3.dsc

      Size/MD5: 1157
037c7c524016edeaa473c6c0d062bce8
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.0.7+cvs.2004.05.05.orig.tar.gz

      Size/MD5: 21903248
665596f852d4e8d0c31c17fc292d6b29

Architecture independent packages: