Home Security

Advisories: October 5, 2005

By

October 6, 2005

Debian GNU/Linux

Debian Security Advisory DSA 833-2 security@debian.org
http://www.debian.org/security/
Martin Schulze
October 4th, 2005 http://www.debian.org/security/faq

Package : mysql-dfsg-4.1
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CAN-2005-2558
BugTraq ID : 14509

A stack-based buffer overflow in the init_syms function of
MySQL, a popular database, has been discovered that allows remote
authenticated users who can create user-defined functions to
execute arbitrary code via a long function_name field. The ability
to create user-defined functions is not typically granted to
untrusted users.

The following vulnerability matrix explains which version of
MySQL in which distribution has this problem fixed:

	woody	sarge	sid
mysql	3.23.49-8.14	n/a	n/a
mysql-dfsg	n/a	4.0.24-10sarge1	4.0.24-10sarge1
mysql-dfsg-4.1	n/a	4.1.11a-4sarge2	4.1.14-2
mysql-dfsg-5.0	n/a	n/a	5.0.11beta-3

This update only covers binary packages for the big endian MIPS
architecture that was mysteriously forgotton in the earlier
update.

We recommend that you upgrade your mysql-dfsg-4.1 packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge2.dsc

Size/MD5 checksum: 1021
ef5b7f754fd69c6ddf96185a9ea99d8c
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge2.diff.gz

Size/MD5 checksum: 163217
c22faa82cad1a38568146d03a316b4c3
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a.orig.tar.gz

Size/MD5 checksum: 15771855
3c0582606a8903e758c2014c2481c7c3

Architecture independent components:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.11a-4sarge2_all.deb

Size/MD5 checksum: 35758
f4c17c57aaed4aba0d06b22391a443ff

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_mips.deb

Size/MD5 checksum: 1477872
22fec72fd66a24a4f0d908dcaa23e64f
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_mips.deb

Size/MD5 checksum: 6051732
6eb05337947f14fc0db2989a64db67d5
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_mips.deb

Size/MD5 checksum: 903670
38af0c111d89ed2455f418da9aafdb56
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_mips.deb

Size/MD5 checksum: 15407526
d728af32519bf4ca50b96dd37998631d

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 839-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
October 4th, 2005 http://www.debian.org/security/faq

Package : apachetop
Vulnerability : insecure temporary file Problem type : local
Debian-specific: no
CVE ID : CAN-2005-2660

Eric Romang discovered an insecurely created temporary file in
apachetop, a realtime monitoring tool for the Apache webserver that
could be exploited with a symlink attack to overwrite arbitrary
files with the user id that runs apachetop.

The old stable distribution (woody) is not affected by this
problem.

For the stable distribution (sarge) this problem has been fixed
in version 0.12.5-1sarge1.

For the unstable distribution (sid) this problem has been fixed
in version 0.12.5-5.

We recommend that you upgrade your apachetop package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1.dsc

Size/MD5 checksum: 613
cf61395747017a6c8a4319be4cbafe83
http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1.diff.gz

Size/MD5 checksum: 2956
76b0826270dcf4c51b191b9aaa3f58f8
http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5.orig.tar.gz

Size/MD5 checksum: 126967
47c40c26319d57100008a2a56dcefe06

Alpha architecture:

http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_alpha.deb

Size/MD5 checksum: 36262
d532edba02bdf8d4dd2316b68866d906

AMD64 architecture:

http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_amd64.deb

Size/MD5 checksum: 31370
c8fdae994094269fbe3f597858c8ba14

ARM architecture:

http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_arm.deb

Size/MD5 checksum: 30572
dc820d6f5af5a89989705c919f5b8bdb

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_i386.deb

Size/MD5 checksum: 30160
cc20d5d7ab5798ec98966b944259fde4

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_ia64.deb

Size/MD5 checksum: 40446
06f813d834fc7566317c94d4ff07c9ff

HP Precision architecture:

http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_hppa.deb

Size/MD5 checksum: 34332
aea9a750be0952a46d1d03f9b0d8d8cd

Motorola 680×0 architecture:

http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_m68k.deb

Size/MD5 checksum: 27844
df4e67fb0a58d32537dd4cb7c88c3e24

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_mips.deb

Size/MD5 checksum: 34964
ab8c82dec697e8567a0b819f25ff1c60

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_mipsel.deb

Size/MD5 checksum: 34864
48009e8eb7bf1cac0178d33bed3594e9

PowerPC architecture:

http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_powerpc.deb

Size/MD5 checksum: 33138
22c5a90df13d862497d4fd0060d2d53a

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_s390.deb

Size/MD5 checksum: 31172
120ff918508d38deaf737f22d8a1da96

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_sparc.deb

Size/MD5 checksum: 30532
2a5637a3f94148621756e648b0e9cfdb

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 840-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
October 4th, 2005 http://www.debian.org/security/faq

Package : drupal
Vulnerability : missing input sanitising
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-2498

Stefan Esser of the Hardened-PHP Project reported a serious
vulnerablility in the third-party XML-RPC library included with
some Drupal versions. An attacker could execute arbitrary PHP code
on a target site. This update pulls in the latest XML-RPC version
from upstream.

The old stable distribution (woody) is not affected by this
problem since no drupal is included.

For the stable distribution (sarge) this problem has been fixed
in version 4.5.3-4.

For the unstable distribution (sid) this problem has been fixed
in version 4.5.5-1.

We recommend that you upgrade your drupal package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-4.dsc

Size/MD5 checksum: 609
eedec6415db7933b2583cd49953a29aa
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-4.diff.gz

Size/MD5 checksum: 70443
877a0f759e9f3443cbf7075d84a4dc91
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3.orig.tar.gz

Size/MD5 checksum: 471540
bf093c4c8aca7bba62833ea1df35702f

Architecture independent components:

http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-4_all.deb

Size/MD5 checksum: 497672
0fa1c9826ea5d4528369d418c8bae13b

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 841-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
October 4th, 2005 http://www.debian.org/security/faq

Package : mailutils
Vulnerability : format string vulnerability
Problem type : remote
Debian-specific: no
CVE ID : CAN-2005-2878

A format string vulnerability has been discovered in GNU
mailutils which contains utilities for handling mail that allows a
remote attacker to execute arbitrary code on the IMAP server.

The old stable distribution (woody) is not affected by this
problem.

For the stable distribution (sarge) this problem has been fixed
in version 0.6.1-4sarge1.

For the unstable distribution (sid) this problem has been fixed
in version 0.6.90-3.

We recommend that you upgrade your mailutils package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1.dsc

Size/MD5 checksum: 1105
571f9dc4dd73866f6888f7ad40d445a9
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1.diff.gz

Size/MD5 checksum: 37030
cdeaf9acb33abf47aadeb899163db03c
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1.orig.tar.gz

Size/MD5 checksum: 3053948
47ff446d55909e2777efb9e912b23de5

Architecture independent components:

http://security.debian.org/pool/updates/main/m/mailutils/mailutils-doc_0.6.1-4sarge1_all.deb

Size/MD5 checksum: 287326
f8cc3cd1b4d753c77a49a488768fed4a

Alpha architecture:

http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_alpha.deb

Size/MD5 checksum: 606384
f54df2eb18e6b761feb6e39c5c025898
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_alpha.deb

Size/MD5 checksum: 538700
4088fade15aa91790a4eeaf968e3deb1
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_alpha.deb

Size/MD5 checksum: 171206
ad50d9f2a50366a91134e355764e8db3
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_alpha.deb

Size/MD5 checksum: 48714
cde882256182f1efc3f65ee5fb8a5a91
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_alpha.deb

Size/MD5 checksum: 87216
b73d7281c7b568e00a09e6102c2f8bcb
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_alpha.deb

Size/MD5 checksum: 840400
a3896dfc973058db179400e793584849
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_alpha.deb

Size/MD5 checksum: 66522
14ae8401d93659894b73759b1b478f8b

AMD64 architecture:

http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_amd64.deb

Size/MD5 checksum: 572810
6f359d09d1146ca5ba91342cf47e8aed
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_amd64.deb

Size/MD5 checksum: 419252
63ffc694a1ae01ce93cff42a542a23f5
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_amd64.deb

Size/MD5 checksum: 156792
cbf58f684ae6016c66732100bc59549f
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_amd64.deb

Size/MD5 checksum: 47420
7819e7f8bedf0cb6a9e736cbbad0261b
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_amd64.deb

Size/MD5 checksum: 80310
c1c891e8de7f71ea1747e7345449bccf
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_amd64.deb

Size/MD5 checksum: 747904
b8a99a4c9ba9bd23a2d81c3e8b1873a1
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_amd64.deb

Size/MD5 checksum: 63066
7fd0d97ddbdd61306a690c5f135c5eac

ARM architecture:

http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_arm.deb

Size/MD5 checksum: 527430
4ddcccc6f44fc7df839b2c028fffe55a
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_arm.deb

Size/MD5 checksum: 398996
041963fa2132bf8473f119b9a0c46b98
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_arm.deb

Size/MD5 checksum: 139946
138bd36d955a0590663691da9a924e87
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_arm.deb

Size/MD5 checksum: 45920
395f7450d6d6808d9e650dd0191bdc98
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_arm.deb

Size/MD5 checksum: 73224
3d99823d12f33edbc4ba48a78785c065
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_arm.deb

Size/MD5 checksum: 611910
85de420573e56df18b696f99986d2e4e
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_arm.deb

Size/MD5 checksum: 58728
1713cfbb377dcf306f502766555e2c56

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_i386.deb

Size/MD5 checksum: 546638
33c7ba82e32cb44e60ccc11c898350aa
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_i386.deb

Size/MD5 checksum: 368170
eb33117e3ea1af53f9acb25b91d19802
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_i386.deb

Size/MD5 checksum: 143594
e031d8e9c5e66ace4391f915d8505199
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_i386.deb

Size/MD5 checksum: 46600
4e5ac10b6ccf7ce323d01631da6406db
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_i386.deb

Size/MD5 checksum: 75060
080e134a5b18a50691573fcb2587ceea
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_i386.deb

Size/MD5 checksum: 648372
0b390cfe6f739dc61b964c60b47b5f22
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_i386.deb

Size/MD5 checksum: 60458
88304f09d9508705d6689ba581380eb6

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_ia64.deb

Size/MD5 checksum: 686370
4cb54d890bc50a94b4c86abdbf33eee7
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_ia64.deb

Size/MD5 checksum: 560412
9ac160e35b8af32107d58726b5b64107
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_ia64.deb

Size/MD5 checksum: 198664
ee929d5849173c9ab70928bc61e69bee
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_ia64.deb

Size/MD5 checksum: 51238
9d39ff55ab465b23b5c661b47ae9630d
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_ia64.deb

Size/MD5 checksum: 96998
54e94843d30f4eff696ebcdd45c7a539
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_ia64.deb

Size/MD5 checksum: 990306
69e8b44efc1925b8ae388b37274b7b82
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_ia64.deb

Size/MD5 checksum: 72422
245ec7e13466de3d1d43eec6abdb741e

HP Precision architecture:

http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_hppa.deb

Size/MD5 checksum: 595258
d4ca564d255bdc33d1769c1b1063fe8e
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_hppa.deb

Size/MD5 checksum: 442204
5c238fde3c655bcf043180e90f47172a
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_hppa.deb

Size/MD5 checksum: 158120
b8f5748edf06712cb7dce347f93ef407
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_hppa.deb

Size/MD5 checksum: 47578
6e041420aea5d1edd31c5a34d69bbefa
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_hppa.deb

Size/MD5 checksum: 79582
9e03d9c6cbfb8ac2381a82c9098d3117
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_hppa.deb

Size/MD5 checksum: 743390
8039702fb15714fbf208e593387772ef
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_hppa.deb

Size/MD5 checksum: 62636
1974df850795b3c8e90f711feed74353

Motorola 680×0 architecture:

http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_m68k.deb

Size/MD5 checksum: 530392
feb5047c2cb1b1aa622ce00f4fa88a8e
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_m68k.deb

Size/MD5 checksum: 342010
8be136e24deac85778b6aed825eedf4b
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_m68k.deb

Size/MD5 checksum: 137976
21192aff6dabf3ce2dd720ac621bdd79
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_m68k.deb

Size/MD5 checksum: 46002
11524c5af73a9230b396acfbc8ac70ef
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_m68k.deb

Size/MD5 checksum: 71980
b19b14b7d6fab2d65691841b237535c4
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_m68k.deb

Size/MD5 checksum: 585942
96fb6e0b0bd5c77135471137bf4e03f3
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_m68k.deb

Size/MD5 checksum: 58532
5e08996c218aed9d69df307dc5cfc25c

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_mips.deb

Size/MD5 checksum: 546328
fd4c71af25939af23fef5f3264282fb2
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_mips.deb

Size/MD5 checksum: 435486
3e0e0384e04a09384d770b1ab4baea32
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_mips.deb

Size/MD5 checksum: 170178
91bdf8e9f748cc7d59720bde9a2902ea
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_mips.deb

Size/MD5 checksum: 47324
92c7228dab7e3eef27830516725d92c2
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_mips.deb

Size/MD5 checksum: 79408
9a53d5edbbde3e22891c17e46d963df4
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_mips.deb

Size/MD5 checksum: 736470
05e81cdbde2a46b0390395673a08cc1f
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_mips.deb

Size/MD5 checksum: 63246
23f641022bea23e89754fcfdbe6a0ee7

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_mipsel.deb

Size/MD5 checksum: 543782
d3b0685929f7a7509593070bd6c3cb24
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_mipsel.deb

Size/MD5 checksum: 435074
0b429dc39083c2f1d297fe74109d9ff1
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_mipsel.deb

Size/MD5 checksum: 169236
8f8baa1b0c29f740c6df24eef4be72f4
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_mipsel.deb

Size/MD5 checksum: 47348
928829f7677458a3a98a172de42845bf
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_mipsel.deb

Size/MD5 checksum: 79370
af3aac9553ed1b32b5e202be0c5f25ee
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_mipsel.deb

Size/MD5 checksum: 733964
4896c6d726bf6bb55ca3799bf16316b1
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_mipsel.deb

Size/MD5 checksum: 63062
0b6a4acd7abdce23cc5453eb74fe0ace

PowerPC architecture:

http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_powerpc.deb

Size/MD5 checksum: 562656
f67259ab832b0f8c0603cdc67dbe7da5
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_powerpc.deb

Size/MD5 checksum: 413256
52af6f53afe953e2b61c6963a7767fa4
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_powerpc.deb

Size/MD5 checksum: 157132
dbea4cf9d3c13eb64dbfb6c45afc4656
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_powerpc.deb

Size/MD5 checksum: 48140
a17f9d5f6819a01c43203bba60bd1318
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_powerpc.deb

Size/MD5 checksum: 77740
a49bb18465fd525432408f04a1a5e2eb
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_powerpc.deb

Size/MD5 checksum: 703556
0313c6d7732ea9dc02fdfe761d19d285
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_powerpc.deb

Size/MD5 checksum: 62720
b872dc38bd68f37eade1d93122b06d5d

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_s390.deb

Size/MD5 checksum: 588272
9b08cf5bf32808febe51d504f7a1de28
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_s390.deb

Size/MD5 checksum: 414258
e4dfb8ba1d2c9ae961f4266535b1db13
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_s390.deb

Size/MD5 checksum: 156044
e3a2c3bc8577fe048961dfafd65af520
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_s390.deb

Size/MD5 checksum: 47764
12c866ffaf0c4bdf3e1740b3204159af
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_s390.deb

Size/MD5 checksum: 80440
972141900eb33f9f5af71f2dbd7735af
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_s390.deb

Size/MD5 checksum: 751338
41c5a8f2321793932ed0b656d6d2ab5d
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_s390.deb

Size/MD5 checksum: 63234
c7c4a9cddd4883057bf48259fc48da4d

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_sparc.deb

Size/MD5 checksum: 538590
c087d0acbb5aaa85a2a604d502405ef2
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_sparc.deb

Size/MD5 checksum: 377926
afe33096c3f86adb272ead55253ee886
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_sparc.deb

Size/MD5 checksum: 139886
9138582e6bdd999321b9073ed8164b64
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_sparc.deb

Size/MD5 checksum: 46012
d13c45d9852f0400e61ec550da0f427e
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_sparc.deb

Size/MD5 checksum: 73622
0ecb0584c1652b26373dd22c457f1a5a
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_sparc.deb

Size/MD5 checksum: 624018
ad86570361a60694083e945abd2a5ff6
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_sparc.deb

Size/MD5 checksum: 58758
b4c553eaee679c961775fcac89cbd168

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 842-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
October 4th, 2005 http://www.debian.org/security/faq

Package : egroupware
Vulnerability : missing input sanitising
Problem type : remote
Debian-specific: no
CVE ID : CAN-2005-2498
Debian Bug : 323350

Stefan Esser discovered a vulnerability in the XML-RPC libraries
which are also present in egroupware, a web-based groupware suite,
that allows injection of arbitrary PHP code into eval()
statements.

The old stable distribution (woody) does not contain egroupware
packages.

For the stable distribution (sarge) this problem has been fixed
in version 1.0.0.007-2.dfsg-2sarge2.

For the unstable distribution (sid) this problem has been fixed
in version 1.0.0.009.dfsg-1.

We recommend that you upgrade your egroupware packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages