Debian Security Advisory DSA 795-1 security@debian.org
http://www.debian.org/security/
Michael Stone
September 1st, 2005 http://www.debian.org/security/faq
Package : proftpd
Vulnerability : potential code execution
Problem-Type : format string error
Debian-specific: no
CVE ID : CAN-2005-2390
infamous42md reported that proftpd suffers from two format
string vulnerabilities. In the first, a user with the ability to
create a directory could trigger the format string error if there
is a proftpd shutdown message configured to use the “%C”, “%R”, or
“%U” variables. In the second, the error is triggered if mod_sql is
used to retrieve messages from a database and if format strings
have been inserted into the database by a user with permission to
do so.
The old stable distribution (woody) is not affected by these
vulnerabilities.
For the stable distribution (sarge) this problem has been fixed
in version 1.2.10-15sarge1.
For the unstable distribution (sid) this problem has been fixed
in version 1.2.10-20.
We recommend that you upgrade your proftpd package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10.orig.tar.gz
Size/MD5 checksum: 920495
7d2bc5b4b1eef459a78e55c027a4f3c4
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1.dsc
Size/MD5 checksum: 897
1a728465d7d40d224e457809a06bc99c
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1.diff.gz
Size/MD5 checksum: 127095
88f227abf247ed988fc35203d4108802
Architecture independent packages:
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-doc_1.2.10-15sarge1_all.deb
Size/MD5 checksum: 417460
ffde86a53bcc329f806d1014478730d0
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_alpha.deb
Size/MD5 checksum: 444400
f07ac7db8a9c2745de8f9cab76cdb3c4
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_alpha.deb
Size/MD5 checksum: 457288
92100f9ba762c52d715c1f56f51f70a1
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_alpha.deb
Size/MD5 checksum: 476538
dc6f68d4dec57fb3646e15ca98e78d4a
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_alpha.deb
Size/MD5 checksum: 200800
ac5d323b2501c4396afd80ef0fb15c7f
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_alpha.deb
Size/MD5 checksum: 476842
5caa3a66575ae253d0ce1df399d2c145
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_amd64.deb
Size/MD5 checksum: 194542
dff3b3414b99189ea8a9f8d119109d47
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_amd64.deb
Size/MD5 checksum: 388576
e197f0eb6340706bb998872c0ea32949
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_amd64.deb
Size/MD5 checksum: 415108
906cf04f3eed0c5164f71bc22b6b7e01
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_amd64.deb
Size/MD5 checksum: 414970
a7baba4ba0bdd13548e6e28c4825a83f
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_amd64.deb
Size/MD5 checksum: 399826
a026b6c75ea587df68fbd1466adc1a2d
arm architecture (ARM)
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_arm.deb
Size/MD5 checksum: 188762
0740654ff6aedc7e96a8c3dfbbd2d315
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_arm.deb
Size/MD5 checksum: 384080
1befd34e95a59132a071e3f9954eb6c4
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_arm.deb
Size/MD5 checksum: 398882
f4d78c3f50080f238407945718b45567
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_arm.deb
Size/MD5 checksum: 373788
bf67d85da87abfe27c7bf42cf2833b91
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_arm.deb
Size/MD5 checksum: 398776
b25b17e7f6bf86234865896bafa84678
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_hppa.deb
Size/MD5 checksum: 194488
8267bb5ad6c70238fcebf3fb4035dace
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_hppa.deb
Size/MD5 checksum: 403606
7dfe73131c34dc3e55c729bbc59f1252
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_hppa.deb
Size/MD5 checksum: 431726
42c9d2d7d190e0ccaafcdb44e31536f5
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_hppa.deb
Size/MD5 checksum: 431410
1aaf5d6855318e067640969095d8e96c
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_hppa.deb
Size/MD5 checksum: 414794
8ebec69081b2c56b56a532db0ce504fb
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_i386.deb
Size/MD5 checksum: 397122
c629a1bf4982b085d05be740052cfa67
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_i386.deb
Size/MD5 checksum: 396966
f67e8ec673c483fd3aa90f917595a250
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_i386.deb
Size/MD5 checksum: 189470
8f024068171ca297064f29e58bc51b33
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_i386.deb
Size/MD5 checksum: 381756
5355604f7b1625db02a3f68d97eff290
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_i386.deb
Size/MD5 checksum: 371622
1a26e468fef7b863f30bf2b1fe7df817
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_ia64.deb
Size/MD5 checksum: 207014
acacffe75c737005bb6c9d9bd63f091b
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_ia64.deb
Size/MD5 checksum: 535252
ed7479cef8bc9777c5f11223779896d0
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_ia64.deb
Size/MD5 checksum: 519678
0217f6bd617282f1e8d9e598f86f83aa
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_ia64.deb
Size/MD5 checksum: 562122
2fbccb31b331c17609d5e4fdf517416a
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_ia64.deb
Size/MD5 checksum: 562312
5084eb589b099cfd51759557ce8fd21b
m68k architecture (Motorola Mc680x0)
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_m68k.deb
Size/MD5 checksum: 332318
a61dd073f2f9a4697d254b8e7fb48a14
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_m68k.deb
Size/MD5 checksum: 353102
1e24565274060aeeafb77a756f31f212
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_m68k.deb
Size/MD5 checksum: 340938
7afb5724e4caf150b6f5102c34c3c1d6
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_m68k.deb
Size/MD5 checksum: 352770
ed92f153968e58aa200df1ef2888afba
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_m68k.deb
Size/MD5 checksum: 187180
764673a0052a9b2b39e94076d764e2bb
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_mips.deb
Size/MD5 checksum: 382426
aee4a0de1997e66fb89f3a8b964e716a
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_mips.deb
Size/MD5 checksum: 406442
e45275b4fbc4479ffd60849efb79d067
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_mips.deb
Size/MD5 checksum: 201640
879687be2b57e8dcc90a8ea1158393ad
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_mips.deb
Size/MD5 checksum: 406224
5e522fc33f697d5dbd4df431c0cc9790
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_mips.deb
Size/MD5 checksum: 391930
08faf62b0089f29bd019866911c699e1
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_mipsel.deb
Size/MD5 checksum: 201838
239a8377c0a5b2940afe2cf5b86bdaf2
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_mipsel.deb
Size/MD5 checksum: 409472
378d91ea943ff489ed38b49d60e84b76
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_mipsel.deb
Size/MD5 checksum: 384264
dfd8fa9d98bdcda752dc1cf7a88f6582
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_mipsel.deb
Size/MD5 checksum: 393384
ce795b5aa745c5d412c39814a5a8a427
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_mipsel.deb
Size/MD5 checksum: 409220
a84d6673ece2d89d4e28f39279f2914e
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_powerpc.deb
Size/MD5 checksum: 384498
492efa6567a3f8e13b019c7fb05f160e
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_powerpc.deb
Size/MD5 checksum: 411728
2073ec04cf38a1449d4a350c3e55f16f
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_powerpc.deb
Size/MD5 checksum: 412074
f07eb73d8f40955facf41d2d52d67da2
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_powerpc.deb
Size/MD5 checksum: 195382
c6079a29a73a585f060c1ee6037cb93f
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_powerpc.deb
Size/MD5 checksum: 395084
23ec082a6c703f517b3d9fa68ec42d9b
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_s390.deb
Size/MD5 checksum: 193006
1e52c1da9c58b290978b7935a9d58770
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_s390.deb
Size/MD5 checksum: 379632
b7ecd26925dd5bf9a69f24e33dd55184
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_s390.deb
Size/MD5 checksum: 390112
814e21080d6d95cea596a8dc5747e29f
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_s390.deb
Size/MD5 checksum: 403740
8426f8d4d195c1d51dd568249cb61619
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_s390.deb
Size/MD5 checksum: 403984
89ff426837c5b0dbfed07f88700f619c
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_sparc.deb
Size/MD5 checksum: 394824
4b17a185fb614e83739fd7cdc711b63a
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_sparc.deb
Size/MD5 checksum: 379428
5f182cf8e0303797c78f65f6aa8704a9
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_sparc.deb
Size/MD5 checksum: 369734
a75df8c75998eae366a2200516eaf01f
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_sparc.deb
Size/MD5 checksum: 189018
c30ff0d36b2f68fc795f25efb128dd20
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_sparc.deb
Size/MD5 checksum: 394700
9a8eb46038f3086f04daef31fea9b821
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 795-2 security@debian.org
http://www.debian.org/security/
Michael Stone
September 2, 2005 http://www.debian.org/security/faq
Package : proftpd
Vulnerability : potential code execution
Problem-Type : format string error
Debian-specific: no
CVE ID : CAN-2005-2390
infamous42md reported that proftpd suffers from two format
string vulnerabilities. In the first, a user with the ability to
create a directory could trigger the format string error if there
is a proftpd shutdown message configured to use the “%C”, “%R”, or
“%U” variables. In the second, the error is triggered if mod_sql is
used to retrieve messages from a database and if format strings
have been inserted into the database by a user with permission to
do so.
There was a build error for the sarge i386 proftpd packages
released in DSA 795-1. A new build, 1.2.10-15sarge1.0.1, has been
prepared to correct this error. The packages for other
architectures are unaffected.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1.0.1_i386.deb
Size/MD5 checksum: 371596
bd3d82221561e281e11d4583ce384b4f
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1.0.1_i386.deb
Size/MD5 checksum: 189462
05f1c13c671f2576e119bfc316d01814
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1.0.1_i386.deb
Size/MD5 checksum: 381726
b2d469c77fed2de5d35c325226556b02
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1.0.1_i386.deb
Size/MD5 checksum: 397092
ef73f4b69701c8e88454f56887ed5b35
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1.0.1_i386.deb
Size/MD5 checksum: 396948
42aaaeb976a9395550efc9667aa4ff31
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 796-1 security@debian.org
http://www.debian.org/security/
Michael Stone
September 1st, 2005 http://www.debian.org/security/faq
Package : affix
Vulnerability : remote command execution
Problem-Type : unsafe use of popen
Debian-specific: no
CVE ID : CAN-2005-2716
Kevin Finisterre reports that affix, a package used to manage
bluetooth sessions under Linux, uses the popen call in an unsafe
fashion. A remote attacker can exploit this vulnerability to
execute arbitrary commands on a vulnerable system.
The old stable distribution (woody) does not contain the affix
package.
For the stable distribution (sarge) this problem has been fixed
in version 2.1.1-3.
For the unstable distribution (sid) this problem has been fixed
in version 2.1.2-3.
We recommend that you upgrade your affix package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3.diff.gz
Size/MD5 checksum: 81959
0914c96291c7bf8a4bbf5d05e5dc74c5
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3.dsc
Size/MD5 checksum: 669
616d043f1c72b3a8ebcae37e4a59fb98
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_alpha.deb
Size/MD5 checksum: 93462
a3569622764735b1b09829e575c34a04
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_alpha.deb
Size/MD5 checksum: 75608
7d0d72ed495c904ca7820624fc66b8b5
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_alpha.deb
Size/MD5 checksum: 103142
b534a5fbf6f1537456917fe45c5c8c58
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_amd64.deb
Size/MD5 checksum: 93480
dead16d09da75e9628bae0d3a61cb04d
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_amd64.deb
Size/MD5 checksum: 64450
ef7ec29b46f95b5255e9ad23243a117c
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_amd64.deb
Size/MD5 checksum: 71796
0b83fbb8796d06867c26a197393cdbed
arm architecture (ARM)
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_arm.deb
Size/MD5 checksum: 85908
0e58ede6488bd4e9bd3dd4a06201ac7e
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_arm.deb
Size/MD5 checksum: 69546
1fb4f727a1215a89fd4e998fc56d1f26
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_arm.deb
Size/MD5 checksum: 56844
837b30e2112981a65327993f242d2e62
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_hppa.deb
Size/MD5 checksum: 76626
a701325fa8e52d04da9044b90cf2be5e
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_hppa.deb
Size/MD5 checksum: 95006
80e8960c60548492a66c6642d9977e82
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_hppa.deb
Size/MD5 checksum: 68558
a869b9ae8172cb4a2616e500dc3ba34d
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_i386.deb
Size/MD5 checksum: 63360
e98b76db0c1be17fd0a0fad388580e28
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_i386.deb
Size/MD5 checksum: 59644
6c1a4dde54ea88022052473c1385418d
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_i386.deb
Size/MD5 checksum: 84952
87f0ced911c009e8cad63b1f1f517e0d
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_ia64.deb
Size/MD5 checksum: 93934
95cd1df0416297d184cf5f8a2fd8e6ff
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_ia64.deb
Size/MD5 checksum: 83676
8eb81855b4e75cc1690cbea79569cceb
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_ia64.deb
Size/MD5 checksum: 122328
317969cdc70be9a42632329472b425f8
m68k architecture (Motorola Mc680x0)
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_m68k.deb
Size/MD5 checksum: 80118
ec2c0265cb1068d676bb0e5dbadeb199
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_m68k.deb
Size/MD5 checksum: 58458
76faca4c3f9a94e34398927d5024991f
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_m68k.deb
Size/MD5 checksum: 54970
45bd12213859c4212baf4d1a127d0916
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_mips.deb
Size/MD5 checksum: 97566
1d8e834bd41fb7f062f47c975f25bcb8
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_mips.deb
Size/MD5 checksum: 61378
918a6064f35db1800f03529ae32d6ed9
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_mips.deb
Size/MD5 checksum: 76436
ee779d182b774efcf033a159a3e1d337
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_mipsel.deb
Size/MD5 checksum: 97296
8c445a7e88c489d53b0f52c46e9d0a50
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_mipsel.deb
Size/MD5 checksum: 76320
32e64b4ee8452a037efc17ec02e6315f
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_mipsel.deb
Size/MD5 checksum: 61012
717b6b4c932547467802ff042948fe08
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_powerpc.deb
Size/MD5 checksum: 65466
15e4ae116669a5c3431edeed01439790
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_powerpc.deb
Size/MD5 checksum: 94880
8af910d14455e555e6cb5840830c5724
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_powerpc.deb
Size/MD5 checksum: 70092
03882f73d1876f72b3bd8034b20f3f71
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_s390.deb
Size/MD5 checksum: 73034
d1a72f0d825afd50bbbe65d03ac4f492
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_s390.deb
Size/MD5 checksum: 66810
3f8535a792cebdd817ff27c3a2dacd5a
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_s390.deb
Size/MD5 checksum: 92464
bd4141e5726e01b520b8766e3e1fabdd
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_sparc.deb
Size/MD5 checksum: 84816
2b20cbbc4020bad007a38bb8bd69718d
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_sparc.deb
Size/MD5 checksum: 66094
ae3660011a4422011ce0f202af218f09
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_sparc.deb
Size/MD5 checksum: 57762
00bdb8e55e4a68cb8675b0220947d423
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 797-1 security@debian.org
http://www.debian.org/security/
Michael Stone
September 1st, 2005 http://www.debian.org/security/faq
Package : zsync
Vulnerability : DOS
Problem-Type : buffer overflow
Debian-specific: no
CVE ID : CAN-2005-1849, CAN-2005-2096
zsync, a file transfer program, includes a modified local copy
of the zlib library, and is vulnerable to certain bugs fixed
previously in the zlib package.
The old stable distribution (woody) does not contain the zsync
package.
For the stable distribution (sarge) this problem has been fixed
in version 0.3.3-1.sarge.1.
For the unstable distribution (sid) this problem has been fixed
in version 0.4.0-2.
We recommend that you upgrade your zsync package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1.dsc
Size/MD5 checksum: 742
38abbfacbf93f57692641a0f257abe4e
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1.diff.gz
Size/MD5 checksum: 6213
224eae057a1eebdd3ffe16e6e3d584e6
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3.orig.tar.gz
Size/MD5 checksum: 241726
71efef80525276990cf8af97ee2b8f97
Alpha architecture:
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_alpha.deb
Size/MD5 checksum: 120612
0efd2b252f7a2eebac03d04aee7bff87
AMD64 architecture:
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_amd64.deb
Size/MD5 checksum: 99560
ede8508b5d555b6be89c5adbbea49c20
ARM architecture:
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_arm.deb
Size/MD5 checksum: 100420
713b7d689f4ccdf4317c255dd0de7e6f
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_i386.deb
Size/MD5 checksum: 98414
bb4ff605c6e3b94f23dd0986ca55e450
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_ia64.deb
Size/MD5 checksum: 139370
91cef962076eb5d66ddda86e1ca1e8f8
HP Precision architecture:
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_hppa.deb
Size/MD5 checksum: 105062
ba01f3b644ea1be05e51d3d07b00d363
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_m68k.deb
Size/MD5 checksum: 85176
ec83816290778ca23005cbcf001962ed
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_mips.deb
Size/MD5 checksum: 106840
bdd9b5d16ed84330292a97eb01deb381
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_mipsel.deb
Size/MD5 checksum: 107912
bf7c5dfcac00e250efefe59959f47deb
PowerPC architecture:
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_powerpc.deb
Size/MD5 checksum: 100460
7126e64533e31ccd1be3302772ca4158
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_s390.deb
Size/MD5 checksum: 103472
b9712abdbaa529ab5ed20854b5b70406
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_sparc.deb
Size/MD5 checksum: 98614
534233dd79188ea592f23a0b00f5d524
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 798-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
September 2nd, 2005 http://www.debian.org/security/faq
Package : phpgroupware
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-2498 CAN-2005-2600 CAN-2005-2761
Several vulnerabilities have been discovered in phpgroupware, a
web based groupware system written in PHP. The Common
Vulnerabilities and Exposures project identifies the following
problems:
CAN-2005-2498
Stefan Esser discovered another vulnerability in the XML-RPC
libraries that allows injection of arbitrary PHP code into eval()
statements. The XMLRPC component has been disabled.
CAN-2005-2600
Alexander Heidenreich discovered a cross-site scriptiong problem
in the tree view of FUD Forum Bulletin Board Software, which is
also present in phpgroupware.
CAN-2005-2761
A global cross-site scripting fix has also been included that
protects against potential malicious scripts embedded in CSS and
xmlns in various parts of the application and modules.
This update also contains a postinst bugfix that has been
approved for the next update to the stable release.
For the old stable distribution (woody) these problems don’t
apply.
For the stable distribution (sarge) these problems have been
fixed in version 0.9.16.005-3.sarge2.
For the unstable distribution (sid) these problems have been
fixed in version 0.9.16.008.
We recommend that you upgrade your phpgroupware packages.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge2.dsc
Size/MD5 checksum: 1665
e10b74698fb0ccd70d9960c4e9745224
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge2.diff.gz
Size/MD5 checksum: 36212
ce2653530ea7790676d68687ac9ab89a
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005.orig.tar.gz
Size/MD5 checksum: 19442629
5edd5518e8f77174c12844f9cfad6ac4
Architecture independent components:
Size/MD5 checksum: 176408
e62845031a7af8182d876d93ce3a653d
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-admin_0.9.16.005-3.sarge2_all.deb
Size/MD5 checksum: 186202
70608b587089d644a3c2ff787f6ef3a0
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-bookmarks_0.9.16.005-3.sarge2_all.deb
Size/MD5 checksum: 100830
97695db70fdda862347531f7b22b40cd
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-calendar_0.9.16.005-3.sarge2_all.deb
Size/MD5 checksum: 323858
db8259d262257e59a620113a97dc5a75
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-chat_0.9.16.005-3.sarge2_all.deb
Size/MD5 checksum: 23068
57ecbc9bed7823851eef44102e59e36d
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-comic_0.9.16.005-3.sarge2_all.deb
Size/MD5 checksum: 434086
f8c1e175ab1b1dc0b337ca47f3670f30
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-core_0.9.16.005-3.sarge2_all.deb
Size/MD5 checksum: 6388
690fb88e32c50d3d00f440362c27dc78
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-developer-tools_0.9.16.005-3.sarge2_all.deb
Size/MD5 checksum: 33196
dab4c5133ea41f23a8752d93e8bd9786
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-dj_0.9.16.005-3.sarge2_all.deb
Size/MD5 checksum: 42654
9db6fec8e4687d8fe6099a467a8246db
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-eldaptir_0.9.16.005-3.sarge2_all.deb
Size/MD5 checksum: 50302
f4aeb63d1aeaa72c2bbfa6a5c0f8f247
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-email_0.9.16.005-3.sarge2_all.deb
Size/MD5 checksum: 1117628
e467218f15060c0edbabaa85cc6d561e
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-etemplate_0.9.16.005-3.sarge2_all.deb
Size/MD5 checksum: 1329298
95e88686c6212b6b1fcbfe404aef76ea
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-felamimail_0.9.16.005-3.sarge2_all.deb
Size/MD5 checksum: 180022
5930fda4d00b9814600dd3164243e678
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-filemanager_0.9.16.005-3.sarge2_all.deb
Size/MD5 checksum: 91478
d2bd73cc22569c599fcadbedcfe1abb6
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-folders_0.9.16.005-3.sarge2_all.deb
Size/MD5 checksum: 166208
3b310fc7dedb0c055e1bbb451b61edd8
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-forum_0.9.16.005-3.sarge2_all.deb
Size/MD5 checksum: 45422
37e0f53559aa145decf9ee82906f6225
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-ftp_0.9.16.005-3.sarge2_all.deb
Size/MD5 checksum: 36296
e196baee2c1c89fc3872ea91b4046845
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-fudforum_0.9.16.005-3.sarge2_all.deb
Size/MD5 checksum: 1355378
5453aa07a4c4372f247a994d7122170d
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-headlines_0.9.16.005-3.sarge2_all.deb
Size/MD5 checksum: 63786
533a084f5b12d9471fd0bf8e7eb471a1
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-hr_0.9.16.005-3.sarge2_all.deb
Size/MD5 checksum: 18712
feaa03f55c431cb7265c98dd5ea3ccbb
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-img_0.9.16.005-3.sarge2_all.deb
Size/MD5 checksum: 8472
4595ab292c8139cbe4596754403a471a
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-infolog_0.9.16.005-3.sarge2_all.deb
Size/MD5 checksum: 136256
9f5270506681b88bc7b55c459e7c6ab6
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-manual_0.9.16.005-3.sarge2_all.deb
Size/MD5 checksum: 90472
8a82ed20e8bb22e098610bf988338966
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-messenger_0.9.16.005-3.sarge2_all.deb
Size/MD5 checksum: 25864
fe33aebc1fe6887b3a36624139216092
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-news-admin_0.9.16.005-3.sarge2_all.deb
Size/MD5 checksum: 41170
971b81d589f9ec41661260c666d7b0ac
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-nntp_0.9.16.005-3.sarge2_all.deb
Size/MD5 checksum: 46804
749dcf3257343b66b0d866fdfee0a933
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-notes_0.9.16.005-3.sarge2_all.deb
Size/MD5 checksum: 34828
4135f525d65dafde78ab72da65e84ab7
http://security.debian.org/pool/updates/main/p/phpgro