---

Advisories: October 3, 2005

Debian GNU/Linux


Debian Security Advisory DSA 833-1 [email protected]
http://www.debian.org/security/
Martin Schulze
October 1st, 2005 http://www.debian.org/security/faq


Package : mysql-dfsg-4.1
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CAN-2005-2558
BugTraq ID : 14509

A stack-based buffer overflow in the init_syms function of
MySQL, a popular database, has been discovered that allows remote
authenticated users who can create user-defined functions to
execute arbitrary code via a long function_name field. The ability
to create user-defined functions is not typically granted to
untrusted users.

The following vulnerability matrix explains which version of
MySQL in which distribution has this problem fixed:

  woody sarge sid
mysql 3.23.49-8.14 n/a n/a
mysql-dfsg n/a 4.0.24-10sarge1 4.0.24-10sarge1
mysql-dfsg-4.1 n/a 4.1.11a-4sarge2 4.1.14-2
mysql-dfsg-5.0 n/a n/a 5.0.11beta-3

We recommend that you upgrade your mysql-dfsg-4.1 packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge2.dsc

      Size/MD5 checksum: 1021
ef5b7f754fd69c6ddf96185a9ea99d8c
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge2.diff.gz

      Size/MD5 checksum: 163217
c22faa82cad1a38568146d03a316b4c3
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a.orig.tar.gz

      Size/MD5 checksum: 15771855
3c0582606a8903e758c2014c2481c7c3

Architecture independent components:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.11a-4sarge2_all.deb

      Size/MD5 checksum: 35758
f4c17c57aaed4aba0d06b22391a443ff

Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_alpha.deb

      Size/MD5 checksum: 1589626
326e06854e8cc7b4df3ca853a8776e6f
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_alpha.deb

      Size/MD5 checksum: 7963496
4da7672c7e6ce497cc6c2b72c2438c5f
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_alpha.deb

      Size/MD5 checksum: 1000022
a8edacbc3c87b781c4aae6772c42f2c9
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_alpha.deb

      Size/MD5 checksum: 17484824
d0e8f9bfebd9c492d0ed336c236050ad

AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_amd64.deb

      Size/MD5 checksum: 1450438
8e3eca09ae3044bc15d7332a97eaadb3
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_amd64.deb

      Size/MD5 checksum: 5549144
3b9308fd3c89158b20ae75ab4835d333
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_amd64.deb

      Size/MD5 checksum: 848676
0cdc8e7e48e1821fcbab39aee1c6b22b
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_amd64.deb

      Size/MD5 checksum: 14709814
b602e0bff5fda27efbc2bf52c0b46e32

ARM architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_arm.deb

      Size/MD5 checksum: 1388184
ba83a61338a7b6198754c22e134bdabd
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_arm.deb

      Size/MD5 checksum: 5557760
54ac64644fe2897b5c2554f5332bf402
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_arm.deb

      Size/MD5 checksum: 835900
a29f9b8bfe41d70e24cb6eef94b43bc9
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_arm.deb

      Size/MD5 checksum: 14555832
a482f115a2f27abee4ad2a79dfbd6cd1

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_i386.deb

      Size/MD5 checksum: 1416570
e49242dae5f45b947a47ea1fe728d128
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_i386.deb

      Size/MD5 checksum: 5641688
b3eb7e254df56c09ada9c1fa61fab946
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_i386.deb

      Size/MD5 checksum: 829688
f3cdde3f2a6698f394ba0edfdbd29446
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_i386.deb

      Size/MD5 checksum: 14556498
45421b845326a2e40a720dc44b64985d

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_ia64.deb

      Size/MD5 checksum: 1711912
475cfa72891c402d1c948be09e6a98f7
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_ia64.deb

      Size/MD5 checksum: 7780996
03bd4ba1db9460ef9d9be5b01d880453
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_ia64.deb

      Size/MD5 checksum: 1049796
b8253e96506666bc4a3b659994bdd48a
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_ia64.deb

      Size/MD5 checksum: 18474740
4a483fc2350bda7a6eb2599c7fbf9e0d

HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_hppa.deb

      Size/MD5 checksum: 1550304
aadb8f7fbda0ef84b8afcf7baf76dffb
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_hppa.deb

      Size/MD5 checksum: 6249354
21f0e228f658552c1ecb4d05975e3921
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_hppa.deb

      Size/MD5 checksum: 909194
235968a78d019efc6be2e1df68fb4cb3
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_hppa.deb

      Size/MD5 checksum: 15786932
aee2e68c3f7938d0ba7292289f032bda

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_m68k.deb

      Size/MD5 checksum: 1396882
3ef005165d935a0089c42b9dca782125
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_m68k.deb

      Size/MD5 checksum: 5282906
9becdb0b18c3c42b5211739e9f5f5f46
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_m68k.deb

      Size/MD5 checksum: 803022
43eb1fdfe29144e10d1730f1dcc45507
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_m68k.deb

      Size/MD5 checksum: 14070110
51c9d88be73414000742c7c2961307a1

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_mips.deb

      Size/MD5 checksum: 1477766
fb7a8d1fb9d4607d7172c36032ebcbbb
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_mips.deb

      Size/MD5 checksum: 6051760
6e97430bc9b02e866e04414e627f9f4c
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_mips.deb

      Size/MD5 checksum: 903542
f99636d7c17d9b9647c34d3dd3379c2d
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_mips.deb

      Size/MD5 checksum: 15407442
36eaf9d65e7c4dcaeff920389c6bd890

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_mipsel.deb

      Size/MD5 checksum: 1445350
539eadf9ac7e9b384825c944759ec6b4
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_mipsel.deb

      Size/MD5 checksum: 5969562
bdf9697878b6a439d079528660a67fbc
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_mipsel.deb

      Size/MD5 checksum: 889260
07d1f0071ce62ce433c9c924544fe5fc
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_mipsel.deb

      Size/MD5 checksum: 15103284
5be83f139ae6ac41ffad5a2a7a52ce49

PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_powerpc.deb

      Size/MD5 checksum: 1475432
2fc2f711fd16172952db58a59c17f9cb
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_powerpc.deb

      Size/MD5 checksum: 6025146
f230533abfce5f92e7ee95d0966ea984
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_powerpc.deb

      Size/MD5 checksum: 906432
d566b964257453976d7c36e309b705de
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_powerpc.deb

      Size/MD5 checksum: 15402508
dc78398b45128bc2d2f6881427ff044d

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_s390.deb

      Size/MD5 checksum: 1537572
fc84f1f6e3f72bf3e62ae6d09fd29ed5
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_s390.deb

      Size/MD5 checksum: 5460800
94db267d9e373a8490a0067257ae14a4
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_s390.deb

      Size/MD5 checksum: 883408
9f613cb6264d5fd7da0c216301e34af1
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_s390.deb

      Size/MD5 checksum: 15053922
3d90c52ba65c7550da1558bb7d5ab346

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_sparc.deb

      Size/MD5 checksum: 1459496
478640727168f01c3832f53ada90b8d9
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_sparc.deb

      Size/MD5 checksum: 6205444
427316f73787f388a361c76124e59cb5
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_sparc.deb

      Size/MD5 checksum: 867394
9e2217f00d72fa652b5e45fae5829eb8
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_sparc.deb

      Size/MD5 checksum: 15390434
e79df4002a1dfb61f2253030e8cb1033

These files will probably be moved into the stable distribution
on its next update.



Debian Security Advisory DSA 834-1 [email protected]
http://www.debian.org/security/
Martin Schulze
October 1st, 2005 http://www.debian.org/security/faq


Package : prozilla
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CAN-2005-2961

Tavis Ormandy discovered a buffer overflow in prozilla, a
multi-threaded download accelerator, which may be exploited to
execute arbitrary code.

For the old stable distribution (woody) this problem has been
fixed in version 1.3.6-3woody3.

The stable distribution (sarge) does not contain prozilla
packages.

The unstable distribution (sid) does not contain prozilla
packages.

We recommend that you upgrade your prozilla package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

    http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3.dsc

      Size/MD5 checksum: 612
66c3a184d2185a18a2e20b173c6835c7
    http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3.diff.gz

      Size/MD5 checksum: 9891
32d706f874d8c4fba1c1eed7111cd292
    http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6.orig.tar.gz

      Size/MD5 checksum: 152755
65864dfe72f5cb7d7e595ca6f34fc7d7

Alpha architecture:

    http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_alpha.deb

      Size/MD5 checksum: 78514
6183e73c5841beee0d8e9cc450a6c702

ARM architecture:

    http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_arm.deb

      Size/MD5 checksum: 65506
595b0c25a968731fc39dd9644cccf9ba

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_i386.deb

      Size/MD5 checksum: 64514
8c4c382318cb97f659736dc1ea017335

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_ia64.deb

      Size/MD5 checksum: 93574
ab60cc2fc3cac11774217fec4fe9da56

HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_hppa.deb

      Size/MD5 checksum: 74560
a3443807a553e685573f9f34aa2cbe71

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_m68k.deb

      Size/MD5 checksum: 61492
e295c8293423298836b5ea829ccd2f18

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_mips.deb

      Size/MD5 checksum: 73168
16ebff4a693d9fb1b96c1814045edd22

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_mipsel.deb

      Size/MD5 checksum: 73234
85e2da96f32feb26af7600faeac69820

PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_powerpc.deb

      Size/MD5 checksum: 68628
b95100d9ef36bd36649118b2dee08a0c

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_s390.deb

      Size/MD5 checksum: 65556
bf4165b94d5a28e591d5fdc10b46d94d

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_sparc.deb

      Size/MD5 checksum: 68174
3ff8ca31ef5d0e124a1e8714506a861f

These files will probably be moved into the stable distribution
on its next update.



Debian Security Advisory DSA 835-1 [email protected]
http://www.debian.org/security/
Martin Schulze
October 1st, 2005 http://www.debian.org/security/faq


Package : cfengine
Vulnerability : insecure temporary files
Problem type : local
Debian-specific: no
CVE ID : CAN-2005-2960

Javier Fernández-Sanguino Peña discovered several
insecure temporary file uses in cfengine, a tool for configuring
and maintaining networked machines, that can be exploited by a
symlink attack to overwrite arbitrary files owned by the user
executing cfengine, which is probably root.

For the old stable distribution (woody) these problems have been
fixed in version 1.6.3-9woody1.

For the stable distribution (sarge) these problems have been
fixed in version 1.6.5-1sarge1.

For the unstable distribution (sid) these problems have will be
fixed soon.

We recommend that you upgrade your cfengine package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1.dsc

      Size/MD5 checksum: 697
bb2e5be7b89c57f6c4cf1e3738ecd922
    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1.diff.gz

      Size/MD5 checksum: 38077
1ae76d1eb77ebd60a3333c062a1a7c31
    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3.orig.tar.gz

      Size/MD5 checksum: 867415
19079eafbee44e3d39308c086d4b539b

Architecture independent components:

    http://security.debian.org/pool/updates/main/c/cfengine/cfengine-doc_1.6.3-9woody1_all.deb

      Size/MD5 checksum: 355562
ca9a13fab7548459c6084dc69d426aec

Alpha architecture:

    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_alpha.deb

      Size/MD5 checksum: 405720
7b6364578e2eba666365e77e32507c4b

ARM architecture:

    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_arm.deb

      Size/MD5 checksum: 339210
aa977174967f661d2f212f3433bf6788

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_i386.deb

      Size/MD5 checksum: 303270
a64338d36f68b7935cfc5989c850cd5e

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_ia64.deb

      Size/MD5 checksum: 493172
41bcf6762cf4837c8709be21cff9eb7f

HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_hppa.deb

      Size/MD5 checksum: 386724
e9442e863083edcb1e487a6c5fe93352

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_m68k.deb

      Size/MD5 checksum: 281060
d948916061d5e8efb533e3b77b77a0ab

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_mips.deb

      Size/MD5 checksum: 363318
0bc37a72bb1f08f35a2b579484ffb573

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_mipsel.deb

      Size/MD5 checksum: 361536
c2b6aa55d276d9b6ac74e78b8117f58c

PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_powerpc.deb

      Size/MD5 checksum: 340640
d54511ed3ad4994ae81fa8f5d94bddd2

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_s390.deb

      Size/MD5 checksum: 320202
4bfb085818e449b6a6a294d842fd93ce

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_sparc.deb

      Size/MD5 checksum: 348898
1a5bee66a3136dd0c7c81e389ea6d02c

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1.dsc

      Size/MD5 checksum: 688
0c5710c1edf3c6fdd6823d6db891d299
    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1.diff.gz

      Size/MD5 checksum: 102832
8a282e6d4dde8c710e02a544967c5fe6
    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5.orig.tar.gz

      Size/MD5 checksum: 880066
fc02d8d56433f32020c3030192cad66e

Architecture independent components:

    http://security.debian.org/pool/updates/main/c/cfengine/cfengine-doc_1.6.5-1sarge1_all.deb

      Size/MD5 checksum: 385994
1081dd615fdd1cd5682599b5253936ba

Alpha architecture:

    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_alpha.deb

      Size/MD5 checksum: 420810
2402bacaa76d7763c27589c85a399605

AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_amd64.deb

      Size/MD5 checksum: 353842
953d1eb46f2cce0aedfb78e5f988cc53

ARM architecture:

    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_arm.deb

      Size/MD5 checksum: 340160
83ed417663d90df0727a6a8c2606d11b

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_i386.deb

      Size/MD5 checksum: 323384
18459b30d0c2c5044e6922abde4425ea

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_ia64.deb

      Size/MD5 checksum: 488116
f7a1c07bf59ba6163a82fed6a27666c1

HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_hppa.deb

      Size/MD5 checksum: 373982
778d47c9a7bba6a52c34580e2885a4f0

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_m68k.deb

      Size/MD5 checksum: 289354
a8c67ffa26a9453959be270dd6109a36

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_mips.deb

      Size/MD5 checksum: 366596
5978436e06a6fb7ad82d7f9860d02614

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_mipsel.deb

      Size/MD5 checksum: 365032
4914663ccd6d58abfac5ae149c2b75cb

PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_powerpc.deb

      Size/MD5 checksum: 356614
a98b9bb1a97577472f350ae0f22bf37f

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_s390.deb

      Size/MD5 checksum: 346324
33ac8dfdaa2fcb7ddccf258f901b8531

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_sparc.deb

      Size/MD5 checksum: 338540
21169b41e6976910873d642a7acef495

These files will probably be moved into the stable distribution
on its next update.



Debian Security Advisory DSA 836-1 [email protected]
http://www.debian.org/security/
Martin Schulze
October 1st, 2005 http://www.debian.org/security/faq


Package : cfengine2
Vulnerability : insecure temporary files
Problem type : local
Debian-specific: no
CVE ID : CAN-2005-2960

Javier Fernández-Sanguino Peña discovered insecure
temporary file use in cfengine2, a tool for configuring and
maintaining networked machines, that can be exploited by a symlink
attack to overwrite arbitrary files owned by the user executing
cfengine, which is probably root.

The old stable distribution (woody) is not affected by this
problem.

For the stable distribution (sarge) these problems have been
fixed in version 2.1.14-1sarge1.

For the unstable distribution (sid) these problems will be fixed
soon.

We recommend that you upgrade your cfengine2 package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1.dsc

      Size/MD5 checksum: 825
c3ee62f9ce0b5432069c59049bc0c652
    http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1.diff.gz

      Size/MD5 checksum: 32635
ab7a8c127448eca0dce586c9ba672a85
    http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14.orig.tar.gz

      Size/MD5 checksum: 3513765
bc60a13b6890275ba6b17a07c257cac5

Architecture independent components:

    http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2-doc_2.1.14-1sarge1_all.deb

      Size/MD5 checksum: 510730
0f6ff1887770d9fe9070dddebdcc5edf

Alpha architecture:

    http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_alpha.deb

      Size/MD5 checksum: 827762
5c9ced60f5d41e785a55ba7b4582a796

AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_amd64.deb

      Size/MD5 checksum: 701256
b4888a6dc496aaa48b2a0fdc3715a67f

ARM architecture:

    http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_arm.deb

      Size/MD5 checksum: 685630
a48e6708452f90c1e8d4fe993e3f4771

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_i386.deb

      Size/MD5 checksum: 649868
b77b9785ac4b67f0701039b436a3244c

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_ia64.deb

      Size/MD5 checksum: 984586
3defd29cd3a9d4eea73ee5b4711bd944

HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_hppa.deb

      Size/MD5 checksum: 752410
a53dea0a28cb6e55bb9c707dafe2def7

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_m68k.deb

      Size/MD5 checksum: 566602
b803dacc74b7a3a8fe0d871a994e96d8

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_mips.deb

      Size/MD5 checksum: 721626
f85c4d747912fe55625d993479f45167

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_mipsel.deb

      Size/MD5 checksum: 718708
b667ffc1a228ca13f1fd65642d5504c9

PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_powerpc.deb

      Size/MD5 checksum: 702944
63b9669606bbfc5bb97eaca5bd1f5f55

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_s390.deb

      Size/MD5 checksum: 683930
822f52d113e7d4798be7e5fb9e542f25

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_sparc.deb

      Size/MD5 checksum: 673916
e1cc606ccd6fb6345140839a340e4640

These files will probably be moved into the stable distribution
on its next update.



Debian Security Advisory DSA 837-1 [email protected]
http://www.debian.org/security/
Martin Schulze
October 2nd, 2005 http://www.debian.org/security/faq


Package : mozilla-firefox
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CAN-2005-2871
Debian Bug : 327452

Tom Ferris discovered a bug in the IDN hostname handling of
Mozilla Firefox, which is also present in the other browsers from
the same family that allows remote attackers to cause a denial of
service and possibly execute arbitrary code via a hostname with
dashes.

For the stable distribution (sarge) this problem has been fixed
in version 1.0.4-2sarge4.

For the unstable distribution (sid) this problem has been fixed
in version 1.0.6-5.

We recommend that you upgrade your mozilla-firefox package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4.dsc

      Size/MD5 checksum: 1001
8da49448d0292379ed213ed55b50f636
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4.diff.gz

      Size/MD5 checksum: 323756
9badf2bda14c11b86ab011d90ec281f6
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz

      Size/MD5 checksum: 40212297
8e4ba81ad02c7986446d4e54e978409d

Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_alpha.deb

      Size/MD5 checksum: 11163256
741a6fe56dbd1c917f70ea4a83f5d4f5
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_alpha.deb

      Size/MD5 checksum: 166972
e694067de0f9e51eba3b71fed7192fad
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_alpha.deb

      Size/MD5 checksum: 58796
066536b71dd6ed961be9a17aa79f9ca1

AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_amd64.deb

      Size/MD5 checksum: 9398022
6bc930760808bc9d9b61fb1f01bd860d
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_amd64.deb

      Size/MD5 checksum: 161704
b602c78f8f7ff6071d85639ead31b0d1
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_amd64.deb

      Size/MD5 checksum: 57272
d9f98cb3de4145f0866772bc599f5573

ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_arm.deb

      Size/MD5 checksum: 8216838
391be886f3e02b83cbdf198fc9e64f43
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_arm.deb

      Size/MD5 checksum: 153148
e320c57a33a8d2f90db51e8ccd1fdcbf
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_arm.deb

      Size/MD5 checksum: 52626
f011883c695c1f62417810a7046bfb18

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_i386.deb

      Size/MD5 checksum: 8889628
c2dae022a03416af59f47a124ac04771
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_i386.deb

      Size/MD5 checksum: 156932
f3c968bdc962762016ab5ce7de6c3d49
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_i386.deb

      Size/MD5 checksum: 54188
9c2479ab8ebd935c40f52dc516d1ef9b

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_ia64.deb

      Size/MD5 checksum: 11617372
9e64ba01ab67c89e3496f658495e2d6b
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_ia64.deb

      Size/MD5 checksum: 167278
6c518d35da2f88bc1387391bc413af6e
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_ia64.deb

      Size/MD5 checksum: 61972
b413956fa64c1339729ca8c5fb069d0c

HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_hppa.deb

      Size/MD5 checksum: 10266508
9985b2364613b496578d5aa58335f193
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_hppa.deb

      Size/MD5 checksum: 164684
8d34b3fb5b1d4085eb1905cf8f4b4169
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_hppa.deb

      Size/MD5 checksum: 57774
3c1f6134aa0bedd285693c272156dadf

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_m68k.deb

      Size/MD5 checksum: 8167076
9fbcdcc9c20c9c53bfe0c2e8867505ee
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_m68k.deb

      Size/MD5 checksum: 155844
5e17dab94ba264505d9e976b6cada360
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_m68k.deb

      Size/MD5 checksum: 53438
d65525a81b47a3ffb818044ff0f6c082

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_mips.deb

      Size/MD5 checksum: 9919764
dad3b9c7736be1a76182805decbe4226
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_mips.deb

      Size/MD5 checksum: 154698
ddcb26a6501acc4bfb01f84679c71df1
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_mips.deb

      Size/MD5 checksum: 54444
b05103132d75b1398fd4ac93210f8fa0

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_mipsel.deb

      Size/MD5 checksum: 9803612
9277b9d3635327414a54a0fa5bc43fab
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_mipsel.deb

      Size/MD5 checksum: 154254
9aae814cc1d5dc31ac24a4c573a3d54d
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_mipsel.deb

      Size/MD5 checksum: 54270
df2809a9996ea6eaf4d940420f22e654

PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_powerpc.deb

      Size/MD5 checksum: 8561724
53cb5d609