---

Home Security

Advisories: October 31, 2006

By

Debian GNU/Linux

Debian Security Advisory DSA 1201-1 security@debian.org
http://www.debian.org/security/
Moritz Muehlenhoff
October 31st, 2006 http://www.debian.org/security/faq

Package : ethereal
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-4574 CVE-2006-4805
Debian Bug : 396258

Several remote vulnerabilities have been discovered in the
Ethereal network scanner. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2005-4574

It was discovered that the MIME multipart dissector is
vulnerable to denial of service caused by an off-by-one
overflow.

CVE-2006-4805

It was discovered that the XOT dissector is vulnerable to denial
of service caused by memory corruption.

For the stable distribution (sarge) these problems have been
fixed in version 0.10.10-2sarge9. Due to technical problems with
the security buildd infrastructure this update lacks builds for the
hppa and sparc architecture. They will be released as soon as the
problems are resolved.

For the unstable distribution (sid) these problems will be fixed
soon.

We recommend that you upgrade your ethereal packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9.dsc

      Size/MD5 checksum: 855
4111fa99ac63f549e0ed3e2db668e542
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9.diff.gz

      Size/MD5 checksum: 178221
6566de4d9fc112f25f6bfaf45ad77faa
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz

      Size/MD5 checksum: 7411510
e6b74468412c17bb66cd459bfb61471c

Alpha architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_alpha.deb

      Size/MD5 checksum: 543092
c89ff6f8bdc7e6f7eb2650d5076f03e6
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_alpha.deb

      Size/MD5 checksum: 5476386
e2a8e648f15a347d05f5e5cd624edb4c
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_alpha.deb

      Size/MD5 checksum: 154592
5e0d5c37c0cc589d05d6e748e51e03ea
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_alpha.deb

      Size/MD5 checksum: 106306
f23e0e55dc96d7bdcb0fb95cdfba5548

AMD64 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_amd64.deb

      Size/MD5 checksum: 486550
ffd006375c90a4d059af7a024188776e
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_amd64.deb

      Size/MD5 checksum: 5334530
341c8645167abbae9ae6147b83649edb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_amd64.deb

      Size/MD5 checksum: 154598
b1d1d14d3d41120c1c5c65ce89f08ab2
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_amd64.deb

      Size/MD5 checksum: 99588
fdf5d3d8677e03c3edf2cfff04fba4ec

ARM architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_arm.deb

      Size/MD5 checksum: 473062
9a901ea673c269ccbf41ecdff1df53dd
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_arm.deb

      Size/MD5 checksum: 4688102
09120393788e912b7ac18182b09fcd2e
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_arm.deb

      Size/MD5 checksum: 154596
e539e5c413c0c39957c0abb9b34c9cfb
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_arm.deb

      Size/MD5 checksum: 95664
2131328ee58a900aedf3766ddbbfc98e

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_i386.deb

      Size/MD5 checksum: 443698
7693be67596d17632cf4723f8a54d047
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_i386.deb

      Size/MD5 checksum: 4529248
0139a1d19b4957c004df779e38a24a59
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_i386.deb

      Size/MD5 checksum: 154592
9c0525063d401ee054b27ce38d634e33
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_i386.deb

      Size/MD5 checksum: 90942
96abf559fb9430b1692d2d90a66ecc5c

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_ia64.deb

      Size/MD5 checksum: 674472
4abd34b813b05e024043da18bb3e402c
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_ia64.deb

      Size/MD5 checksum: 6630134
99f54db4831942d42296ab0a95342478
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_ia64.deb

      Size/MD5 checksum: 154594
97f03089c5a2f20ba38344f6cec55b30
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_ia64.deb

      Size/MD5 checksum: 129198
1112f7607579fcd8b9ca08f71343f634

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_m68k.deb

      Size/MD5 checksum: 447802
232f5842aa0e6adb46d20a7bb185f96d
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_m68k.deb

      Size/MD5 checksum: 5565136
fb513962f4e20d66c623a73b5ee9e885
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_m68k.deb

      Size/MD5 checksum: 154662
a3b9b1d5863b3aa898f0cc99c1cd6698
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_m68k.deb

      Size/MD5 checksum: 90952
dd7d57c87b84651cf379e89001605323

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_mips.deb

      Size/MD5 checksum: 462804
d4684b24816cc54d47cfad4ce32bd0b5
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_mips.deb

      Size/MD5 checksum: 4723362
7656bd956876056e532df9ecaec97471
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_mips.deb

      Size/MD5 checksum: 154588
8645620716b8d688475fd2ca631ab986
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_mips.deb

      Size/MD5 checksum: 94788
40066b71cfc3a122453e130e537c2302

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_mipsel.deb

      Size/MD5 checksum: 458076
1ac138ade7fd91253806ae4d8480154b
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_mipsel.deb

      Size/MD5 checksum: 4460986
7e9ca725df417dae65208e865ea329d6
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_mipsel.deb

      Size/MD5 checksum: 154606
ce8c4b32631676bc7817c3f4dfa5f6ca
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_mipsel.deb

      Size/MD5 checksum: 94696
d9525ded73ae609c0dc7672f1279626a

PowerPC architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_powerpc.deb

      Size/MD5 checksum: 455752
8e5806f6f6a86f8b066c6366fbdaacfe
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_powerpc.deb

      Size/MD5 checksum: 5067972
c832d4ee9e201fffe698c4e5e8c064d6
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_powerpc.deb

      Size/MD5 checksum: 154602
ec05dd9cb9fda2cb532fc4a02b73870d
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_powerpc.deb

      Size/MD5 checksum: 94360
811445845ed5bc677c68597f4dc57553

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_s390.deb

      Size/MD5 checksum: 479716
1f9523a1563752c8b3f3ae3b77ee9e15
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_s390.deb

      Size/MD5 checksum: 5621732
36e4ce1ddaf99edf598933bc8af19c7b
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_s390.deb

      Size/MD5 checksum: 154590
5b08647010fc5275a27ded68e63d4859
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_s390.deb

      Size/MD5 checksum: 99946
93cb4151f77499728d2734c64a04f8c2

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 1202-1 security@debian.org
http://www.debian.org/security/
Moritz Muehlenhoff
October 31st, 2006 http://www.debian.org/security/faq

Package : screen
Vulnerability : programming error
Problem-Type : local(remote)
Debian-specific: no
CVE ID : CVE-2006-4573
Debian Bug : 395225 395999

“cstone” and Rich Felker discovered that specially crafted UTF-8
sequences may lead an out of bands memory write when displayed
inside the screen terminal multiplexer, allowing denial of service
and potentially the execution of arbitrary code.

For the stable distribution (sarge) this problem has been fixed
in version 4.0.2-4.1sarge1. Due to technical problems with the
security buildd infrastructure this update lacks a build for the
Sun Sparc architecture. It will be released as soon as the problems
are resolved.

For the unstable distribution (sid) this problem has been fixed
in version 4.0.3-0.1.

We recommend that you upgrade your screen package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1.dsc

      Size/MD5 checksum: 636
e49dbc2f884aef5f5be87ee4e81c3d83
    http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1.diff.gz

      Size/MD5 checksum: 33782
659bf15bbbb31817ebad9372c8827618
    http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2.orig.tar.gz

      Size/MD5 checksum: 840519
ed68ea9b43d9fba0972cb017a24940a1

Alpha architecture:

    http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_alpha.deb

      Size/MD5 checksum: 629958
ed0ff830958e515c4cfe7578c3cbd43b

AMD64 architecture:

    http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_amd64.deb

      Size/MD5 checksum: 599552
c6b981d25812347be756677294dbb91e

ARM architecture:

    http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_arm.deb

      Size/MD5 checksum: 588386
a6a0e9b44c193c70207977a0a850a33c

HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_hppa.deb

      Size/MD5 checksum: 605298
312f40458406384986d369c69fec651f

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_i386.deb

      Size/MD5 checksum: 581822
0d04f818e84bba320ae7af77463a83f3

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_ia64.deb

      Size/MD5 checksum: 682540
f1ffda25938b5e08e80ed581a24a0311

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_m68k.deb

      Size/MD5 checksum: 560314
693600b1df1c4a87f281365a1102d780

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_mips.deb

      Size/MD5 checksum: 603124
4eb62645164745cbb946539e0c11af7c

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_mipsel.deb

      Size/MD5 checksum: 603336
8225a911fb5206aefafc8bd16813ce48

PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_powerpc.deb

      Size/MD5 checksum: 593248
8fab93a81f23a478171c8dab6b21bc78

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_s390.deb

      Size/MD5 checksum: 597560
5bb4d6445f7e433f8adab4b33e9e51fc

These files will probably be moved into the stable distribution
on its next update.

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Mandriva Linux

Mandriva Linux Security Advisory MDKSA-2006:193
http://www.mandriva.com/security/

Package : ImageMagick
Date : October 30, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0

Problem Description:

Multiple buffer overflows in GraphicsMagick before 1.1.7 and
ImageMagick 6.0.7 allow user-assisted attackers to cause a denial
of service and possibly execute execute arbitrary code via (1) a
DCM image that is not properly handled by the ReadDCMImage function
in coders/dcm.c, or (2) a PALM image that is not properly handled
by the ReadPALMImage function in coders/palm.c.

Updated packages have been patched to correct these issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456

Updated Packages:

Mandriva Linux 2006.0:
9cff2af0f77ac36aa384c7c4514f36f0
2006.0/i586/ImageMagick-6.2.4.3-1.3.20060mdk.i586.rpm
8405ecc145ef62333e6b4e786c3c140e
2006.0/i586/ImageMagick-doc-6.2.4.3-1.3.20060mdk.i586.rpm
296450899da34bbde2d56e5259686d96
2006.0/i586/libMagick8.4.2-6.2.4.3-1.3.20060mdk.i586.rpm
bc576e4aa2425b60d38c97d783c982c0
2006.0/i586/libMagick8.4.2-devel-6.2.4.3-1.3.20060mdk.i586.rpm
2154b0021e296482ea3e3d8880559dcb
2006.0/i586/perl-Image-Magick-6.2.4.3-1.3.20060mdk.i586.rpm
5302895646e0bccbe9c0c5c1f4e11cec
2006.0/SRPMS/ImageMagick-6.2.4.3-1.3.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
37c26759a68c17030f75043060cfc2b4
2006.0/x86_64/ImageMagick-6.2.4.3-1.3.20060mdk.x86_64.rpm
4f88d24083c634afe7860e24075151ca
2006.0/x86_64/ImageMagick-doc-6.2.4.3-1.3.20060mdk.x86_64.rpm
274785820d8543a27aa254ff6a086ef2
2006.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.3.20060mdk.x86_64.rpm
02a7e7432374fcb5ace201bab9a6e1d7
2006.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.3.20060mdk.x86_64.rpm

ac8846ce3a292e4b1ffc791c10a20a74
2006.0/x86_64/perl-Image-Magick-6.2.4.3-1.3.20060mdk.x86_64.rpm
5302895646e0bccbe9c0c5c1f4e11cec
2006.0/SRPMS/ImageMagick-6.2.4.3-1.3.20060mdk.src.rpm

Mandriva Linux 2007.0:
259fc249b1dbbf6c58257b6908532140
2007.0/i586/ImageMagick-6.2.9.2-1.1mdv2007.0.i586.rpm
c8ff934b06f802278f7bcd3c9d3bab96
2007.0/i586/ImageMagick-doc-6.2.9.2-1.1mdv2007.0.i586.rpm
b72caa9c374ca69892255cddc521b073
2007.0/i586/libMagick10.4.0-6.2.9.2-1.1mdv2007.0.i586.rpm
0a6d767cf14550aa8a20215e01873272
2007.0/i586/libMagick10.4.0-devel-6.2.9.2-1.1mdv2007.0.i586.rpm
259991496195ecf4e7d75cc96f4f4235
2007.0/i586/perl-Image-Magick-6.2.9.2-1.1mdv2007.0.i586.rpm
5db799ea7e3150a4d124cc8468418163
2007.0/SRPMS/ImageMagick-6.2.9.2-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
5957de896d84e071fc73e32d184b9ff5
2007.0/x86_64/ImageMagick-6.2.9.2-1.1mdv2007.0.x86_64.rpm
2b91a2815b70a243f99b88c62664b5dc
2007.0/x86_64/ImageMagick-doc-6.2.9.2-1.1mdv2007.0.x86_64.rpm
92b14592306acfab456d2b6fe0c335cd
2007.0/x86_64/lib64Magick10.4.0-6.2.9.2-1.1mdv2007.0.x86_64.rpm
779dd5bf3491a3a3fffcbe542e761d79
2007.0/x86_64/lib64Magick10.4.0-devel-6.2.9.2-1.1mdv2007.0.x86_64.rpm

173459bbde013ce76a500b3316cac9eb
2007.0/x86_64/perl-Image-Magick-6.2.9.2-1.1mdv2007.0.x86_64.rpm
5db799ea7e3150a4d124cc8468418163
2007.0/SRPMS/ImageMagick-6.2.9.2-1.1mdv2007.0.src.rpm

Corporate 3.0:
3c3e93caa3752c6a83bf258a7c13f3dc
corporate/3.0/i586/ImageMagick-5.5.7.15-6.8.C30mdk.i586.rpm
280341a8df9e0505ab906e8da7ad0558
corporate/3.0/i586/ImageMagick-doc-5.5.7.15-6.8.C30mdk.i586.rpm
650c884639355e492ee879a7cfbddbc7
corporate/3.0/i586/libMagick5.5.7-5.5.7.15-6.8.C30mdk.i586.rpm
13ccb4cb86f566cd0c811109a9dc0dd1
corporate/3.0/i586/libMagick5.5.7-devel-5.5.7.15-6.8.C30mdk.i586.rpm

48035e977de33e09b908a3f512f94e72
corporate/3.0/i586/perl-Magick-5.5.7.15-6.8.C30mdk.i586.rpm
c7894af769352505f059b0e16b9a34cc
corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.8.C30mdk.src.rpm

Corporate 3.0/X86_64:
a096885d2bcaa9820c17e1a4dd71b5e3
corporate/3.0/x86_64/ImageMagick-5.5.7.15-6.8.C30mdk.x86_64.rpm
77d7216b6c3c92802470c929bf3fadc1
corporate/3.0/x86_64/ImageMagick-doc-5.5.7.15-6.8.C30mdk.x86_64.rpm

b8831dbe0e86ef1d86219c6d9e66f62e
corporate/3.0/x86_64/lib64Magick5.5.7-5.5.7.15-6.8.C30mdk.x86_64.rpm

e86dd59f34359230ea5fc7b58cb2a59e
corporate/3.0/x86_64/lib64Magick5.5.7-devel-5.5.7.15-6.8.C30mdk.x86_64.rpm

a6d2ee48d4c91ba79b31d26b5f1e83b4
corporate/3.0/x86_64/perl-Magick-5.5.7.15-6.8.C30mdk.x86_64.rpm
c7894af769352505f059b0e16b9a34cc
corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.8.C30mdk.src.rpm

Corporate 4.0:
44b50bffc31a13fa724e923e407e5704
corporate/4.0/i586/ImageMagick-6.2.4.3-1.3.20060mlcs4.i586.rpm
5efe5a1942bed2207adf2d3b2c36e46b
corporate/4.0/i586/ImageMagick-doc-6.2.4.3-1.3.20060mlcs4.i586.rpm

558d6f229a8fe1748bbded9e768810e7
corporate/4.0/i586/libMagick8.4.2-6.2.4.3-1.3.20060mlcs4.i586.rpm

ebe94e9238780355631db170fc2aaaad
corporate/4.0/i586/libMagick8.4.2-devel-6.2.4.3-1.3.20060mlcs4.i586.rpm

fc13aa3e6ecfc36940080b9da42950a3
corporate/4.0/i586/perl-Image-Magick-6.2.4.3-1.3.20060mlcs4.i586.rpm

343443bbd8220c90bb032d524f63e503
corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
670292a2b380dd9fdc7643f13a9e3599
corporate/4.0/x86_64/ImageMagick-6.2.4.3-1.3.20060mlcs4.x86_64.rpm

decb45c0eada9bd5c51426b798ecc95e
corporate/4.0/x86_64/ImageMagick-doc-6.2.4.3-1.3.20060mlcs4.x86_64.rpm

3ceb638aef243a6e9c3a26cc33809f0b
corporate/4.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.3.20060mlcs4.x86_64.rpm

6c4535cf487832fbed1e37ff9cd225a7
corporate/4.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.3.20060mlcs4.x86_64.rpm

3987e468326d5a5d647312e8da336b09
corporate/4.0/x86_64/perl-Image-Magick-6.2.4.3-1.3.20060mlcs4.x86_64.rpm

343443bbd8220c90bb032d524f63e503
corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.3.20060mlcs4.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2006:194
http://www.mandriva.com/security/

Package : postgresql
Date : October 30, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0

Problem Description:

A vulnerability in PostgreSQL 8.1.x allowed remote authenticated
users to cause a Denial of Service (daemon crash) via certain
aggregate functions in an UPDATE statement which were not handled
correctly (CVE-2006-5540).

Another DoS issue in PostgreSQL 7.4.x, 8.0.x, and 8.1.x allowed
remote authenticated users to crash the daemon via a coercion of an
unknown element to ANYARRAY (CVE-2006-5541).

Finally, another vulnerability in 8.1.x could allow a remote
authenticated user to cause a DoS related to duration logging of
V3-protocol Execute message for COMMIT and ROLLBACK statements
(CVE-2006-5542).

This updated provides the latest 8.0.x and 8.1.x PostgreSQL
versions and patches the version of PostgreSQL shipped with
Corporate 3.0.

After installing this upgrade, you will need to execute “service
postgresql restart” for it to take effect.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5540

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5541

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5542

Updated Packages:

Mandriva Linux 2006.0:
1fb571748d2c90bd15e3cd8fd8f2ce44
2006.0/i586/libecpg5-8.0.9-0.1.20060mdk.i586.rpm
ed4f5712c8981cad55401043600820cf
2006.0/i586/libecpg5-devel-8.0.9-0.1.20060mdk.i586.rpm
0466a77d44a3b0dadd9c4f3e50339eb5
2006.0/i586/libpq4-8.0.9-0.1.20060mdk.i586.rpm
1149c289545be7a75d702665672d5191
2006.0/i586/libpq4-devel-8.0.9-0.1.20060mdk.i586.rpm
01bf40cba5982c032fe7c30890ea4ba3
2006.0/i586/postgresql-8.0.9-0.1.20060mdk.i586.rpm
43b86ce619e0e838dabe50a4db0de4b5
2006.0/i586/postgresql-contrib-8.0.9-0.1.20060mdk.i586.rpm
d04bbd08d8a46211738e8ce6f1bf4e32
2006.0/i586/postgresql-devel-8.0.9-0.1.20060mdk.i586.rpm
0ca91af936b21233550407b77a062d17
2006.0/i586/postgresql-docs-8.0.9-0.1.20060mdk.i586.rpm
9d7db675ef8020751378eddff8472940
2006.0/i586/postgresql-jdbc-8.0.9-0.1.20060mdk.i586.rpm
8b02452736d9b74b563f859f14427f26
2006.0/i586/postgresql-pl-8.0.9-0.1.20060mdk.i586.rpm
d6044790a99203e54f036bd81b236bb6
2006.0/i586/postgresql-plperl-8.0.9-0.1.20060mdk.i586.rpm
2fda8e8a6fa08089aac4b0862b68553b
2006.0/i586/postgresql-plpgsql-8.0.9-0.1.20060mdk.i586.rpm
eff79cf24be0c26d58ee2995b12bb130
2006.0/i586/postgresql-plpython-8.0.9-0.1.20060mdk.i586.rpm
fd72f96206ef85c1b55488bb68462408
2006.0/i586/postgresql-pltcl-8.0.9-0.1.20060mdk.i586.rpm
f5904aecf7f0eaf88d5ec7cf80a910da
2006.0/i586/postgresql-server-8.0.9-0.1.20060mdk.i586.rpm
1477b09a635ca665aef8ba43d6ee5c2e
2006.0/i586/postgresql-test-8.0.9-0.1.20060mdk.i586.rpm
ff24736bd204ad38a014215bd32a006a
2006.0/SRPMS/postgresql-8.0.9-0.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
5fc89eca9286a691155eb5e53519af42
2006.0/x86_64/lib64ecpg5-8.0.9-0.1.20060mdk.x86_64.rpm
00de88aa7317e47520524e433df4983d
2006.0/x86_64/lib64ecpg5-devel-8.0.9-0.1.20060mdk.x86_64.rpm
cf2533c6dd26873da1df50f310669acd
2006.0/x86_64/lib64pq4-8.0.9-0.1.20060mdk.x86_64.rpm
8ea480eb47f34581a647820f3a9b2a6c
2006.0/x86_64/lib64pq4-devel-8.0.9-0.1.20060mdk.x86_64.rpm
f021ef750b2705421014f90ade870d43
2006.0/x86_64/postgresql-8.0.9-0.1.20060mdk.x86_64.rpm
adbdd69d8ae11e1b068c58f25d8f64eb
2006.0/x86_64/postgresql-contrib-8.0.9-0.1.20060mdk.x86_64.rpm
e35b8a7ee77fd1a5a6a031016514b195
2006.0/x86_64/postgresql-devel-8.0.9-0.1.20060mdk.x86_64.rpm
314b05df0f065843135a4d4920fc2599
2006.0/x86_64/postgresql-docs-8.0.9-0.1.20060mdk.x86_64.rpm
5a6d3aaa058ea31eb1e05e54104d5350
2006.0/x86_64/postgresql-jdbc-8.0.9-0.1.20060mdk.x86_64.rpm
32fb058d2d478c505a1f3957dcb7c994
2006.0/x86_64/postgresql-pl-8.0.9-0.1.20060mdk.x86_64.rpm
f1a1d5a54e4ac529744eeca2de780066
2006.0/x86_64/postgresql-plperl-8.0.9-0.1.20060mdk.x86_64.rpm
76665f281a7696f710fc2dc9a8138374
2006.0/x86_64/postgresql-plpgsql-8.0.9-0.1.20060mdk.x86_64.rpm
ff50a1b54276a6d5d80689ef1d8069ff
2006.0/x86_64/postgresql-plpython-8.0.9-0.1.20060mdk.x86_64.rpm
19ea6350ab699a2224325b2de5ebd84b
2006.0/x86_64/postgresql-pltcl-8.0.9-0.1.20060mdk.x86_64.rpm
bdaf40227e8352392a33be14f546bf72
2006.0/x86_64/postgresql-server-8.0.9-0.1.20060mdk.x86_64.rpm
f3729161d74e40ec9755f4d6ed00719c
2006.0/x86_64/postgresql-test-8.0.9-0.1.20060mdk.x86_64.rpm
ff24736bd204ad38a014215bd32a006a
2006.0/SRPMS/postgresql-8.0.9-0.1.20060mdk.src.rpm

Mandriva Linux 2007.0:
ac56fa5052022abcd0e14020b358f405
2007.0/i586/libecpg5-8.1.5-1.1mdv2007.0.i586.rpm
3478d9db597de1ca4301f215dc0d723b
2007.0/i586/libecpg5-devel-8.1.5-1.1mdv2007.0.i586.rpm
8a3118cd7c30bd148f8c28eb67634ed4
2007.0/i586/libpq4-8.1.5-1.1mdv2007.0.i586.rpm
faf39e2ca0b08d3f3fecb653c29cb3ee
2007.0/i586/libpq4-devel-8.1.5-1.1mdv2007.0.i586.rpm
9455b83b95b34dcc4f63cae6bb09ba43
2007.0/i586/postgresql-8.1.5-1.1mdv2007.0.i586.rpm
73ad9b8f3b64f30606df8df0c9c50cae
2007.0/i586/postgresql-contrib-8.1.5-1.1mdv2007.0.i586.rpm
f413df37137b6442f8f0f98f90cdd0f2
2007.0/i586/postgresql-devel-8.1.5-1.1mdv2007.0.i586.rpm
1ea0dbdee49b367698c4a154328a9c2a
2007.0/i586/postgresql-docs-8.1.5-1.1mdv2007.0.i586.rpm
4c05a60ab179ccf2bf0d26b516976abf
2007.0/i586/postgresql-pl-8.1.5-1.1mdv2007.0.i586.rpm
25e2b5df178be8deb2f2f2bfeae29d48
2007.0/i586/postgresql-plperl-8.1.5-1.1mdv2007.0.i586.rpm
eee6444693f723372a287d62dc2ea0da
2007.0/i586/postgresql-plpgsql-8.1.5-1.1mdv2007.0.i586.rpm
08044754f6a3bb70aab008e0f91395f1
2007.0/i586/postgresql-plpython-8.1.5-1.1mdv2007.0.i586.rpm
a75b7c287e4946f3ff4c2b66be1f8931
2007.0/i586/postgresql-pltcl-8.1.5-1.1mdv2007.0.i586.rpm
46150f94055d88e114d6d7563a0a2af6
2007.0/i586/postgresql-server-8.1.5-1.1mdv2007.0.i586.rpm
c1c48e44ea40621c7b9166161bafbdbd
2007.0/i586/postgresql-test-8.1.5-1.1mdv2007.0.i586.rpm
2445c13c47075faa93f8a74c1dff9b15
2007.0/SRPMS/postgresql-8.1.5-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
c9f5a2bd635f3a8f71a642fdb0c61a70
2007.0/x86_64/lib64ecpg5-8.1.5-1.1mdv2007.0.x86_64.rpm
97356c96c606e93ea935929817e1bdf9
2007.0/x86_64/lib64ecpg5-devel-8.1.5-1.1mdv2007.0.x86_64.rpm
df65534147d923dfd8aed7cecd15d2b1
2007.0/x86_64/lib64pq4-8.1.5-1.1mdv2007.0.x86_64.rpm
88b41f69996829f9113afbc526630431
2007.0/x86_64/lib64pq4-devel-8.1.5-1.1mdv2007.0.x86_64.rpm
c721cb020ae8d47d3953a9b5d3942b58
2007.0/x86_64/postgresql-8.1.5-1.1mdv2007.0.x86_64.rpm
92a27c6b77e20e943781dcf117e36439
2007.0/x86_64/postgresql-contrib-8.1.5-1.1mdv2007.0.x86_64.rpm
67ba2ad1be4c65c711f443178a32364e
2007.0/x86_64/postgresql-devel-8.1.5-1.1mdv2007.0.x86_64.rpm
4ed8e29d73fffe92e7d90a8cd913ca18
2007.0/x86_64/postgresql-docs-8.1.5-1.1mdv2007.0.x86_64.rpm
932fb1d2b0592953fa9d6a931140d6a2
2007.0/x86_64/postgresql-pl-8.1.5-1.1mdv2007.0.x86_64.rpm
299452ce74af7d7a5913a292bf649ac2
2007.0/x86_64/postgresql-plperl-8.1.5-1.1mdv2007.0.x86_64.rpm
f0477ff759d4026051e68a927f7ee0d4
2007.0/x86_64/postgresql-plpgsql-8.1.5-1.1mdv2007.0.x86_64.rpm
0dd0e8a435d403ea8fffcc8f4d708070
2007.0/x86_64/postgresql-plpython-8.1.5-1.1mdv2007.0.x86_64.rpm
a42972ca797bebef9faa861fd32917fa
2007.0/x86_64/postgresql-pltcl-8.1.5-1.1mdv2007.0.x86_64.rpm
201faf962540b78f49fb1c6ad6657c57
2007.0/x86_64/postgresql-server-8.1.5-1.1mdv2007.0.x86_64.rpm
f307467b7567da24cd4e46fb8745e05f
2007.0/x86_64/postgresql-test-8.1.5-1.1mdv2007.0.x86_64.rpm
2445c13c47075faa93f8a74c1dff9b15
2007.0/SRPMS/postgresql-8.1.5-1.1mdv2007.0.src.rpm

Corporate 3.0:
ea5314d8ea3b3f18c0075aff95bc7200
corporate/3.0/i586/libecpg3-7.4.1-2.7.C30mdk.i586.rpm
23c6670398f27abf928992a9812fc578
corporate/3.0/i586/libecpg3-devel-7.4.1-2.7.C30mdk.i586.rpm
101e16a7faf1a6920d24af4ccc66e319
corporate/3.0/i586/libpgtcl2-7.4.1-2.7.C30mdk.i586.rpm
ca2d39a28d8c86fa1ff2e1f8ed510e89
corporate/3.0/i586/libpgtcl2-devel-7.4.1-2.7.C30mdk.i586.rpm
bc955518e6ad3315226fe5ab14ffc6d7
corporate/3.0/i586/libpq3-7.4.1-2.7.C30mdk.i586.rpm
f65ec0a99e111f76e7bb6e515648cd0a
corporate/3.0/i586/libpq3-devel-7.4.1-2.7.C30mdk.i586.rpm
e47e849098af0d788b406a982391edbe
corporate/3.0/i586/postgresql-7.4.1-2.7.C30mdk.i586.rpm
4435fecede0b88db775c2c9aee378158
corporate/3.0/i586/postgresql-contrib-7.4.1-2.7.C30mdk.i586.rpm
033ad03ff0dd8632d420f16993a7d7ec
corporate/3.0/i586/postgresql-devel-7.4.1-2.7.C30mdk.i586.rpm
4b795893f10706b85f51502e403b4044
corporate/3.0/i586/postgresql-docs-7.4.1-2.7.C30mdk.i586.rpm
7e784bcba9573e52774256c8b3219c1e
corporate/3.0/i586/postgresql-jdbc-7.4.1-2.7.C30mdk.i586.rpm
58d483706e95cd39a5df02a32a7b81d4
corporate/3.0/i586/postgresql-pl-7.4.1-2.7.C30mdk.i586.rpm
766327598604b042b2311489ce876a99
corporate/3.0/i586/postgresql-server-7.4.1-2.7.C30mdk.i586.rpm
81c7ca36c3e6dabc88c03cbe4134a7d2
corporate/3.0/i586/postgresql-tcl-7.4.1-2.7.C30mdk.i586.rpm
9fc697243ac48f3553de9b1ff6500965
corporate/3.0/i586/postgresql-test-7.4.1-2.7.C30mdk.i586.rpm
a43af6d9f276cc26e1c35aca23ef2bbc
corporate/3.0/SRPMS/postgresql-7.4.1-2.7.C30mdk.src.rpm

Corporate 3.0/X86_64:
34954f43ad725af7530b6232bd5bd556
corporate/3.0/x86_64/lib64ecpg3-7.4.1-2.7.C30mdk.x86_64.rpm
761e273759dfab143dc126f48d511b45
corporate/3.0/x86_64/lib64ecpg3-devel-7.4.1-2.7.C30mdk.x86_64.rpm

517c15b8f4a1d54a4c950220c25dd23b
corporate/3.0/x86_64/lib64pgtcl2-7.4.1-2.7.C30mdk.x86_64.rpm
a10677a6af9609fbf8f05526ce9caec6
corporate/3.0/x86_64/lib64pgtcl2-devel-7.4.1-2.7.C30mdk.x86_64.rpm

4a5b755a9dbbe425bef61e6269da112f
corporate/3.0/x86_64/lib64pq3-7.4.1-2.7.C30mdk.x86_64.rpm
3a4c7d4ef3830c057adb3aa47655d21a
corporate/3.0/x86_64/lib64pq3-devel-7.4.1-2.7.C30mdk.x86_64.rpm
e7fe9777ad5637ba96a1260c77a373e0
corporate/3.0/x86_64/postgresql-7.4.1-2.7.C30mdk.x86_64.rpm
4f492571534522371d1b6bc6dc27b02c
corporate/3.0/x86_64/postgresql-contrib-7.4.1-2.7.C30mdk.x86_64.rpm

7ca9240f5038a2d90da56b31fc698824
corporate/3.0/x86_64/postgresql-devel-7.4.1-2.7.C30mdk.x86_64.rpm

7a92752be990700ef7ef1cde076c7bb0
corporate/3.0/x86_64/postgresql-docs-7.4.1-2.7.C30mdk.x86_64.rpm

3c660c199d346b565706be8cd1f94196
corporate/3.0/x86_64/postgresql-jdbc-7.4.1-2.7.C30mdk.x86_64.rpm

a742de9115bf59fcf57e97f6d4bde9a5
corporate/3.0/x86_64/postgresql-pl-7.4.1-2.7.C30mdk.x86_64.rpm
69599b34d2fa9ab8a35dc76acefbaebb
corporate/3.0/x86_64/postgresql-server-7.4.1-2.7.C30mdk.x86_64.rpm

5d049cafa926f353f2d999af21511b5b
corporate/3.0/x86_64/postgresql-tcl-7.4.1-2.7.C30mdk.x86_64.rpm
f495fdcccc678549b1984a20d6d29134
corporate/3.0/x86_64/postgresql-test-7.4.1-2.7.C30mdk.x86_64.rpm

a43af6d9f276cc26e1c35aca23ef2bbc
corporate/3.0/SRPMS/postgresql-7.4.1-2.7.C30mdk.src.rpm

Corporate 4.0:
7377cc8a31eef5d5862075e95574c042
corporate/4.0/i586/libecpg5-8.1.5-0.1.20060mlcs4.i586.rpm
af17c7a5144cf9c234b785fe6cf341ee
corporate/4.0/i586/libecpg5-devel-8.1.5-0.1.20060mlcs4.i586.rpm
6ccbc4dcd5546a264c4e7e8172f50ed9
corporate/4.0/i586/libpq4-8.1.5-0.1.20060mlcs4.i586.rpm
2a3d0e8816cce25df125b943c6862fbb
corporate/4.0/i586/libpq4-devel-8.1.5-0.1.20060mlcs4.i586.rpm
a58c5c6ee6dc30d7be1193c73d5976c8
corporate/4.0/i586/postgresql-8.1.5-0.1.20060mlcs4.i586.rpm
d313f326da2c44bb6dd5db7aa9bba64a
corporate/4.0/i586/postgresql-contrib-8.1.5-0.1.20060mlcs4.i586.rpm

7d902b81a6bbfaca675b09143553406c
corporate/4.0/i586/postgresql-devel-8.1.5-0.1.20060mlcs4.i586.rpm

0c901f454fa377a319aafc3c5dec9675
corporate/4.0/i586/postgresql-docs-8.1.5-0.1.20060mlcs4.i586.rpm

2e593d9d3fa83c175eac3f12ad9e45a1
corporate/4.0/i586/postgresql-pl-8.1.5-0.1.20060mlcs4.i586.rpm
47d521dbd90198753aab1a70a11081ea
corporate/4.0/i586/postgresql-plperl-8.1.5-0.1.20060mlcs4.i586.rpm

cfdf1d454446d5638e2bb0ab1c66522b
corporate/4.0/i586/postgresql-plpgsql-8.1.5-0.1.20060mlcs4.i586.rpm

9c9d461b05bb5843668f950592805d59
corporate/4.0/i586/postgresql-plpython-8.1.5-0.1.20060mlcs4.i586.rpm

a3e7bffc4a5538ff1177a9cbf1a5ca6b
corporate/4.0/i586/postgresql-pltcl-8.1.5-0.1.20060mlcs4.i586.rpm

f7e14aa31b44838a3fdec11ea353f2de
corporate/4.0/i586/postgresql-server-8.1.5-0.1.20060mlcs4.i586.rpm

8a38fe370cc5003e3556d83b39ff8dc1
corporate/4.0/i586/postgresql-test-8.1.5-0.1.20060mlcs4.i586.rpm

ff0ac92c00839335e1514eb0c3ed52e4
corporate/4.0/SRPMS/postgresql-8.1.5-0.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
7f2c7a45cfda3307178149237df2f6bd
corporate/4.0/x86_64/lib64ecpg5-8.1.5-0.1.20060mlcs4.x86_64.rpm
eda7da21931ef9d9b234e1b570bbe61c
corporate/4.0/x86_64/lib64ecpg5-devel-8.1.5-0.1.20060mlcs4.x86_64.rpm

ab765fe8f17e0fe3f13039755305d852
corporate/4.0/x86_64/lib64pq4-8.1.5-0.1.20060mlcs4.x86_64.rpm
0e78d974ee02cd74123508c7f85a6e08
corporate/4.0/x86_64/lib64pq4-devel-8.1.5-0.1.20060mlcs4.x86_64.rpm

d779d763187c574e4eaaeb2e1e4137e2
corporate/4.0/x86_64/postgresql-8.1.5-0.1.20060mlcs4.x86_64.rpm
8ffb912e00dbde3a9554e18367b9aad4
corporate/4.0/x86_64/postgresql-contrib-8.1.5-0.1.20060mlcs4.x86_64.rpm

1510c836a5d1975322d2f57f6827f8ae
corporate/4.0/x86_64/postgresql-devel-8.1.5-0.1.20060mlcs4.x86_64.rpm

21fed3a03cff7118fd02a207e5a639a2
corporate/4.0/x86_64/postgresql-docs-8.1.5-0.1.20060mlcs4.x86_64.rpm

cf226c1042bc4dab1a53e81b2452ff0e
corporate/4.0/x86_64/postgresql-pl-8.1.5-0.1.20060mlcs4.x86_64.rpm

a027caad15e8b0e4a41743774e686737
corporate/4.0/x86_64/postgresql-plperl-8.1.5-0.1.20060mlcs4.x86_64.rpm

b34462b8c3a671e602758f5ccdff1e02
corporate/4.0/x86_64/postgresql-plpgsql-8.1.5-0.1.20060mlcs4.x86_64.rpm

010df242aead3b2a30d1892508f3060f
corporate/4.0/x86_64/postgresql-plpython-8.1.5-0.1.20060mlcs4.x86_64.rpm

f3f7ccfec77ba15d04a11b9bfa7662ae
corporate/4.0/x86_64/postgresql-pltcl-8.1.5-0.1.20060mlcs4.x86_64.rpm

15602549144e5445384aec5ae8378083
corporate/4.0/x86_64/postgresql-server-8.1.5-0.1.20060mlcs4.x86_64.rpm

0937f8b274f06f7485671ab6fe29e914
corporate/4.0/x86_64/postgresql-test-8.1.5-0.1.20060mlcs4.x86_64.rpm

ff0ac92c00839335e1514eb0c3ed52e4
corporate/4.0/SRPMS/postgresql-8.1.5-0.1.20060mlcs4.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu/ 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.