---

Home Security

Advisories: October 25, 2005

By

Debian GNU/Linux

Debian Security Advisory DSA 870-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
October 25th, 2005 http://www.debian.org/security/faq

Package : sudo
Vulnerability : missing input sanitising
Problem type : local
Debian-specific: no
CVE ID : CVE-2005-2959

Tavis Ormandy noticed that sudo, a program that provides limited
super user privileges to specific users, does not clean the
environment sufficiently. The SHELLOPTS and PS4 variables are
dangerous and are still passed through to the program running as
privileged user. This can result in the execution of arbitrary
commands as privileged user when a bash script is executed. These
vulnerabilities can only be exploited by users who have been
granted limited super user privileges.

For the old stable distribution (woody) this problem has been
fixed in version 1.6.6-1.4.

For the stable distribution (sarge) this problem has been fixed
in version 1.6.8p7-1.2.

For the unstable distribution (sid) this problem has been fixed
in version 1.6.8p9-3.

We recommend that you upgrade your sudo package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4.dsc

      Size/MD5 checksum: 587
c22d78e545cc41285b70e928baf5ef2a
    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4.diff.gz

      Size/MD5 checksum: 12353
49b036195d8797105cc48b77343409df
    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6.orig.tar.gz

      Size/MD5 checksum: 333074
4da4bf6cf31634cc7a17ec3b69fdc333

Alpha architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_alpha.deb

      Size/MD5 checksum: 151570
03fce4fe476ae16b4672dab579d5fd69

ARM architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_arm.deb

      Size/MD5 checksum: 141524
9337ba4f86b1bfc23b9c0ac43831e5b8

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_i386.deb

      Size/MD5 checksum: 134978
ad3fa7172bdf1367bcb7ffada5fe8bd1

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_ia64.deb

      Size/MD5 checksum: 172532
a37d469d4b88fbf61ffcf2bfe2ba2ac9

HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_hppa.deb

      Size/MD5 checksum: 147642
48ee191d753ce8231406383ddfeca83b

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_m68k.deb

      Size/MD5 checksum: 132792
661352760c71a856734ed98cf59718f8

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_mips.deb

      Size/MD5 checksum: 144444
8bd20f7ef341e7b4210bf83888288817

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_mipsel.deb

      Size/MD5 checksum: 144320
65cd1110ea9d0a24cfd42a963c2e932c

PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_powerpc.deb

      Size/MD5 checksum: 140708
d46cca27fddf5ba89b3a7ccbce87bfd8

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_s390.deb

      Size/MD5 checksum: 140294
c2b73dd934d2852bd97395021b82bcb1

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_sparc.deb

      Size/MD5 checksum: 143106
7fe864a335c9f438765cedb78b602695

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2.dsc

      Size/MD5 checksum: 571
ee704f9a7147f4af70b7f98c03fe63ca
    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2.diff.gz

      Size/MD5 checksum: 20291
85b39fe73ce73b17f89077f5baff1061
    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7.orig.tar.gz

      Size/MD5 checksum: 585302
ad65d24f20c736597360d242515e412c

Alpha architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_alpha.deb

      Size/MD5 checksum: 176516
f3d8c031b827697735e1fb4c6b30aa05

AMD64 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_amd64.deb

      Size/MD5 checksum: 169978
13c5fb4e10b152a0b8c304c9b5070f33

ARM architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_arm.deb

      Size/MD5 checksum: 163528
08b9302954e490b86915ba1c77ad2e95

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_i386.deb

      Size/MD5 checksum: 159618
b96c7e49de019a22e63b146108d373b2

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_ia64.deb

      Size/MD5 checksum: 195042
ea11fb9d63c42cd5e987cbc426b2d850

HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_hppa.deb

      Size/MD5 checksum: 170464
db7b10db7027d76e9db541e1ecfdf3c5

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_m68k.deb

      Size/MD5 checksum: 154890
984de6ffe0c4148eb4ec2524be48ec93

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_mips.deb

      Size/MD5 checksum: 168394
2915f237172414cd34d5a5f9d7bf9f52

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_mipsel.deb

      Size/MD5 checksum: 168296
1a69c185ad41d450e4cb0ee593e53779

PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_powerpc.deb

      Size/MD5 checksum: 165140
4cef8bdb04fb8c91a69d93a41f14a449

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_s390.deb

      Size/MD5 checksum: 167986
ef2691f0af99039da331c7cc68136a06

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_sparc.deb

      Size/MD5 checksum: 162382
897dd50a90835ff5ffeaa34a6d499506

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 871-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
October 25th, 2005 http://www.debian.org/security/faq

Package : libgda2
Vulnerability : format string
Problem type : local
Debian-specific: no
CVE ID : CAN-2005-2958

Steve Kemp discovered two format string vulnerabilities in
libgda2, the GNOME Data Access library for GNOME2, which may lead
to the execution of arbitrary code in programs that use this
library.

The old stable distribution (woody) is not affected by these
problems.

For the stable distribution (sarge) these problems have been
fixed in version 1.2.1-2sarge1.

For the unstable distribution (sid) these problems will be fixed
soon.

We recommend that you upgrade your libgda2 packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2.dsc

      Size/MD5 checksum: 571
ee704f9a7147f4af70b7f98c03fe63ca
    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2.diff.gz

      Size/MD5 checksum: 20291
85b39fe73ce73b17f89077f5baff1061
    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7.orig.tar.gz

      Size/MD5 checksum: 585302
ad65d24f20c736597360d242515e412c

Alpha architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_alpha.deb

      Size/MD5 checksum: 176516
f3d8c031b827697735e1fb4c6b30aa05

AMD64 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_amd64.deb

      Size/MD5 checksum: 169978
13c5fb4e10b152a0b8c304c9b5070f33

ARM architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_arm.deb

      Size/MD5 checksum: 163528
08b9302954e490b86915ba1c77ad2e95

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_i386.deb

      Size/MD5 checksum: 159618
b96c7e49de019a22e63b146108d373b2

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_ia64.deb

      Size/MD5 checksum: 195042
ea11fb9d63c42cd5e987cbc426b2d850

HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_hppa.deb

      Size/MD5 checksum: 170464
db7b10db7027d76e9db541e1ecfdf3c5

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_m68k.deb

      Size/MD5 checksum: 154890
984de6ffe0c4148eb4ec2524be48ec93

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_mips.deb

      Size/MD5 checksum: 168394
2915f237172414cd34d5a5f9d7bf9f52

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_mipsel.deb

      Size/MD5 checksum: 168296
1a69c185ad41d450e4cb0ee593e53779

PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_powerpc.deb

      Size/MD5 checksum: 165140
4cef8bdb04fb8c91a69d93a41f14a449

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_s390.deb

      Size/MD5 checksum: 167986
ef2691f0af99039da331c7cc68136a06

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_sparc.deb

      Size/MD5 checksum: 162382
897dd50a90835ff5ffeaa34a6d499506

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 871-2 security@debian.org
http://www.debian.org/security/
Martin Schulze
October 25th, 2005 http://www.debian.org/security/faq

Package : libgda2
Vulnerability : format string
Problem type : local
Debian-specific: no
CVE ID : CAN-2005-2958

Steve Kemp discovered two format string vulnerabilities in
libgda2, the GNOME Data Access library for GNOME2, which may lead
to the execution of arbitrary code in programs that use this
library.

The old stable distribution (woody) is not affected by these
problems.

For the stable distribution (sarge) these problems have been
fixed in version 1.2.1-2sarge1.

For the unstable distribution (sid) these problems will be fixed
soon.

We recommend that you upgrade your libgda2 packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2_1.2.1-2sarge1.dsc

      Size/MD5 checksum: 1956
0983c8ab899254d94754a1532e48eea1
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2_1.2.1-2sarge1.diff.gz

      Size/MD5 checksum: 30360
e8ffd1b0b21b2cc2706638824dfee050
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2_1.2.1.orig.tar.gz

      Size/MD5 checksum: 2038045
ca6103ad97d565c08a613b13b6b32f8d

Architecture independent components:

    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-doc_1.2.1-2sarge1_all.deb

      Size/MD5 checksum: 246024
93a6c926e87e3ca38fab8bbbe59492d4

Alpha architecture:

    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_alpha.deb

      Size/MD5 checksum: 19648
41f5a484601c537f3815ca8fae0f2bb6
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_alpha.deb

      Size/MD5 checksum: 19710
d96eb51d024eaddfd0c912d9c940f7a2
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_alpha.deb

      Size/MD5 checksum: 14480
39655f852a4804fb408564d680d82eca
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_alpha.deb

      Size/MD5 checksum: 29722
bb86932a54e2dc69f3adafaa5896ff36
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_alpha.deb

      Size/MD5 checksum: 12932
6cf19ce0b59b1fcb1815f265de809d85
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_alpha.deb

      Size/MD5 checksum: 248180
9d2a4181e899b5d2bc6ba390ed5a51a8
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_alpha.deb

      Size/MD5 checksum: 1773746
5906f24ba71bde9d8b32a92cc0a60960
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_alpha.deb

      Size/MD5 checksum: 311842
ac68f8d028ebc2100da6ac87bff61f22
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_alpha.deb

      Size/MD5 checksum: 474800
817a3cbe5267be730e51c8320f5b4e6f

AMD64 architecture:

    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_amd64.deb

      Size/MD5 checksum: 18576
84774f37ecedf6a3ffc053658fe9e76c
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_amd64.deb

      Size/MD5 checksum: 19134
b555bd0c290787cf06e2db595a52b106
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_amd64.deb

      Size/MD5 checksum: 13484
8287ebfa490ee28927ef35c930c96ba7
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_amd64.deb

      Size/MD5 checksum: 28088
4a52a1d46778c5519b580b942d6b239e
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_amd64.deb

      Size/MD5 checksum: 12226
20ce9bfe72ce78033845e313f9b0651a
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_amd64.deb

      Size/MD5 checksum: 237700
b4681370948309fe02483ea0e46f6fe1
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_amd64.deb

      Size/MD5 checksum: 1755974
4aee4239a1517a614b6f2f059b8b8297
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_amd64.deb

      Size/MD5 checksum: 308448
af015a22131a3fdfd76ac3eabddbf9cf
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_amd64.deb

      Size/MD5 checksum: 311176
84dcaec25ef9b5efbd6081ca0913bfcc

ARM architecture:

    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_arm.deb

      Size/MD5 checksum: 17038
b58dd069a49c28a0c44c23f95e1478ac
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_arm.deb

      Size/MD5 checksum: 16640
66abb2820a97a99a497a1fec9824445c
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_arm.deb

      Size/MD5 checksum: 12100
d6a7ecdd83608a93ddd964520840f834
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_arm.deb

      Size/MD5 checksum: 25972
5a7a9ea4d8a3739aff6375c07d42f590
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_arm.deb

      Size/MD5 checksum: 10430
21d4e6a4d766b2626cd686b587f743f2
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_arm.deb

      Size/MD5 checksum: 210644
03959f16ffc0953639a52147ac410679
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_arm.deb

      Size/MD5 checksum: 1769754
8857b2e5369037ec50810c4a8111792d
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_arm.deb

      Size/MD5 checksum: 303822
4543059e9f81511bfe853a8f48127f82
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_arm.deb

      Size/MD5 checksum: 299246
8a99315a22a45b7c92f2913bfb0834ac

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_i386.deb

      Size/MD5 checksum: 17918
8c46c19db230e31efc018c50e6bf908f
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_i386.deb

      Size/MD5 checksum: 17700
3dad5abf3911159d2645a84f332145b4
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_i386.deb

      Size/MD5 checksum: 13020
04712b106a731c37224283d4fc44ff68
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_i386.deb

      Size/MD5 checksum: 27324
cf81899bb7d64f6da8a26f68b3e976b9
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_i386.deb

      Size/MD5 checksum: 11380
df7e50f1b1df199608cf0a129500fb4a
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_i386.deb

      Size/MD5 checksum: 221002
3a71f03b1f31aa15aff6ad2af6309c9a
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_i386.deb

      Size/MD5 checksum: 1751258
d6b30d0b98ebfa628ecaabc23022557f
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_i386.deb

      Size/MD5 checksum: 305134
0b3fa59fa288430ef26b100082e97d5e
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_i386.deb

      Size/MD5 checksum: 273452
1a7728b84864c006ad5567f4c22affd6

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_ia64.deb

      Size/MD5 checksum: 24134
7063c109de7382226945c61e989b56d5
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_ia64.deb

      Size/MD5 checksum: 23342
addc133865fe528dc152410397af4cd0
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_ia64.deb

      Size/MD5 checksum: 17202
5750cb644a2d1066527592ae10351d1a
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_ia64.deb

      Size/MD5 checksum: 36530
36b585b78310fc8c73d8f99b5da22467
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_ia64.deb

      Size/MD5 checksum: 15454
aeb43bf1553d2f371eaf4062001c9fa8
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_ia64.deb

      Size/MD5 checksum: 270956
adc98292491fc488458838fa50b5d7a8
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_ia64.deb

      Size/MD5 checksum: 1773542
662cc9c3a8778cc220fa82c659398d02
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_ia64.deb

      Size/MD5 checksum: 317356
1968f879e06d22eff34fda2319cca15a
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_ia64.deb

      Size/MD5 checksum: 429516
c8e512fdcfbf957d4d86eb11eb864fa6

HP Precision architecture:

    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_hppa.deb

      Size/MD5 checksum: 21526
2d1bd4655cab5c0864537e9c29348a8d
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_hppa.deb

      Size/MD5 checksum: 21896
c1ba6e374188e33720162e4918fb2d5a
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_hppa.deb

      Size/MD5 checksum: 15336
ac53a3c14b68c4fb94df936acf5dcf45
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_hppa.deb

      Size/MD5 checksum: 33150
d9031ba1f3ca5c4988990d3efbee251c
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_hppa.deb

      Size/MD5 checksum: 13532
89bf619b50a7c68776db38cffe46544f
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_hppa.deb

      Size/MD5 checksum: 256476
b6a4ffb87828ddd805379ccea3267a61
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_hppa.deb

      Size/MD5 checksum: 1734900
fad830aa4983a9b575b0d7a68dbf9a25
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_hppa.deb

      Size/MD5 checksum: 307476
ad4673e441abaaab8ffbda96c9570b5e
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_hppa.deb

      Size/MD5 checksum: 348344
a77961c9cafa742c3dbb112f20f40b42

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_m68k.deb

      Size/MD5 checksum: 18364
d3a207b26d9c5035cc11523fdc8a5478
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_m68k.deb

      Size/MD5 checksum: 19804
acf3adc242e5676524ac376411c5f342
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_m68k.deb

      Size/MD5 checksum: 12568
da581ec8522559241c447bed10130886
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_m68k.deb

      Size/MD5 checksum: 27402
dcd475791f09ba16497fcd310ba1114e
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_m68k.deb

      Size/MD5 checksum: 11772
94a87090f136461fdf41a59899218b26
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_m68k.deb

      Size/MD5 checksum: 234784
6ead5b070ab21011f574cc0972ac7c38
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_m68k.deb

      Size/MD5 checksum: 1725500
246e6d2edbf96f7679e641a75276a5fc
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_m68k.deb

      Size/MD5 checksum: 303868
6d72f5556bbe686558687d1757595a74
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_m68k.deb

      Size/MD5 checksum: 241986
25630bd62705e84a86db5e2dc3999114

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_mips.deb

      Size/MD5 checksum: 16412
94020c0e91c2e40c6e17b8f658772e14
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_mips.deb

      Size/MD5 checksum: 16204
f25d43b0d3beda95f07870aa50fe737d
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_mips.deb

      Size/MD5 checksum: 11168
9f924add37b8c58e5a6639e0e5ff1ada
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_mips.deb

      Size/MD5 checksum: 25296
553b29ec7dbdea366e45141ede4e83c3
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_mips.deb

      Size/MD5 checksum: 10628
bed50e9c80db55bef60388662161d96e
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_mips.deb

      Size/MD5 checksum: 203826
9d1253235d6109a4bf774e8c3672bea0
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_mips.deb

      Size/MD5 checksum: 1744510
b0e8eb8c51e04d57f08fc53aa09ddea4
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_mips.deb

      Size/MD5 checksum: 308648
d2a8b9bd9bcd54ca0e25d00469846dd6
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_mips.deb

      Size/MD5 checksum: 340932
4fc5bde16310babdd019afe4ca1655d7

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_mipsel.deb

      Size/MD5 checksum: 16284
7b4acbc962a3763dc60791d50a895fae
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_mipsel.deb

      Size/MD5 checksum: 15948
d3713a875d56959fe289fb8923373839
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_mipsel.deb

      Size/MD5 checksum: 11116
b61c1b3a25b40d5210653f0b781a1104
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_mipsel.deb

      Size/MD5 checksum: 25330
5d74a6bc3bd240ea8d7d6c6baa476af2
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_mipsel.deb

      Size/MD5 checksum: 10580
0870fabeac2f21f3eb8106fe0e21ebf0
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_mipsel.deb

      Size/MD5 checksum: 203296
e439e33f7ed99d02f63e417de7f4f8d0
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_mipsel.deb

      Size/MD5 checksum: 1775548
e826e8f9a4880717b19f003c43261ca5
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_mipsel.deb

      Size/MD5 checksum: 308730
781d27c6ac3cf85770b76f1f44f37cd0
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_mipsel.deb

      Size/MD5 checksum: 336490
14a7110c30c436a32303e022d16659f8

PowerPC architecture:

    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_powerpc.deb

      Size/MD5 checksum: 18934
d9d17f60a00a46d21c14b8c55119c5b2
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_powerpc.deb

      Size/MD5 checksum: 19644
f23b493c74ff17a553bbc8c847328297
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_powerpc.deb

      Size/MD5 checksum: 13760
98e5c89cdb9338734a867feca99e6457
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_powerpc.deb

      Size/MD5 checksum: 29092
4a7be952221ae1a2b1552bbc9bde8bb2
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_powerpc.deb

      Size/MD5 checksum: 12480
411d44722eab2651bf30408cda108e51
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_powerpc.deb

      Size/MD5 checksum: 229276
25e9bee76bba0147ebd1702297374bf2
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_powerpc.deb

      Size/MD5 checksum: 2938946
168c6214d7c70785e31b476234ca970b
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_powerpc.deb

      Size/MD5 checksum: 309610
3ddd891d14f01b4208d57b403d0d2292
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_powerpc.deb

      Size/MD5 checksum: 314538
095eea9df912eb602cbebe53732927fc

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_s390.deb

      Size/MD5 checksum: 18834
18b1a40ea0d2ec097bb07c49271cc120
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_s390.deb

      Size/MD5 checksum: 19598
aeb7f110280e06a548ac729949ebcdb9
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_s390.deb

      Size/MD5 checksum: 13344
d57b243ae0eebe1bc76796e75d1c78e4
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_s390.deb

      Size/MD5 checksum: 30006
bf493b5cb1bc940d923b5e39e29cb143
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_s390.deb

      Size/MD5 checksum: 12810
9f75abc7ba588cf4de4b5268469cd8da
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_s390.deb

      Size/MD5 checksum: 246206
9ef3c6e979e9193dac1f167e0bea0525
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_s390.deb

      Size/MD5 checksum: 1763810
39d862f8e8888445b018b09969e9a438
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_s390.deb

      Size/MD5 checksum: 307666
43ff240987c3038501860c6e0fe2ec92
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_s390.deb

      Size/MD5 checksum: 307016
1fa5d7f4d3494cd0eb57e8a6b4842bd6

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_sparc.deb

      Size/MD5 checksum: 17880
1abf77947e960a08fc7b7a2418734ad7
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_sparc.deb

      Size/MD5 checksum: 18580
6b8aaba490609a06e891c4f9b886a981
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_sparc.deb

      Size/MD5 checksum: 12248
5d04b907cf9d94c324da12b0afcf06cc
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_sparc.deb

      Size/MD5 checksum: 27748
60556f269964cbaaa86605ef4994cbb2
    http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_sparc.deb

      Size/MD5 checksum: 11258
991e9395c92ca5d183b4ea74df0820fd
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_sparc.deb

      Size/MD5 checksum: 230888
a7566666e83f1bfc59fc4a4f311c412c
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_sparc.deb

      Size/MD5 checksum: 1726606
77a5564c76903717123a1b3fb4831cff
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_sparc.deb

      Size/MD5 checksum: 304002
2d31a52d5d0ca1a1e76f9154bd5bfeee
    http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_sparc.deb

      Size/MD5 checksum: 286736
d2d06bbda0a845b994c8a823ebafcffb

These files will probably be moved into the stable distribution
on its next update.

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>;

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200510-20

http://security.gentoo.org/

Severity: Normal
Title: Zope: File inclusion through RestructuredText
Date: October 25, 2005
Bugs: #109087
ID: 200510-20

Synopsis

Zope is vulnerable to a file inclusion vulnerability when
exposing RestructuredText functionalities to untrusted users.

Background

Zope is an application server that can be used to build content
management systems, intranets, portals or other custom
applications.

Affected packages

     Package        /  Vulnerable  /                        Unaffected



  1  net-zope/zope       < 2.7.8                              >= 2.7.8
     net-zope/zope      == 2.8.0
     net-zope/zope      == 2.8.1

Description

Zope honors file inclusion directives in RestructuredText
objects by default.

Impact

An attacker could exploit the vulnerability by sending malicious
input that would be interpreted in a RestructuredText Zope object,
potentially resulting in the execution of arbitrary Zope code with
the rights of the Zope server.

Workaround

There is no known workaround at this time.

Resolution

All Zope users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose net-zope/zope

References

[ 1 ] Zope Hotfix 2005-10-09 Alert


http://www.zope.org/Products/Zope/Hotfix_2005-10-09/security_alert

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200510-20.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Gentoo Linux Security Advisory GLSA 200510-21

http://security.gentoo.org/

Severity: Normal
Title: phpMyAdmin: Local file inclusion and XSS vulnerabilities
Date: October 25, 2005
Bugs: #110146
ID: 200510-21

Synopsis

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.