Debian GNU/Linux
Debian Security Advisory DSA 802-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
September 7th, 2005 http://www.debian.org/security/faq
Package : cvs
Vulnerability : insecure temporary files
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-2693
Debian Bug : 325106
Marcus Meissner discovered that the cvsbug program from CVS,
which serves the popular Concurrent Versions System, uses temporary
files in an insecure fashion.
For the old stable distribution (woody) this problem has been
fixed in version 1.11.1p1debian-13.
In the stable distribution (sarge) the cvs package does not
expose the cvsbug program anymore.
In the unstable distribution (sid) the cvs package does not
expose the cvsbug program anymore.
We recommend that you upgrade your cvs package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13.dsc
Size/MD5 checksum: 683
db16b937ddd5274dbcba38cd4fcd5888
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13.diff.gz
Size/MD5 checksum: 57477
0f11d7ca8cb7b35bf4a12a8c4ad2716d
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian.orig.tar.gz
Size/MD5 checksum: 2621658
500965ab9702b31605f8c58aa21a6205
Alpha architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_alpha.deb
Size/MD5 checksum: 1179406
05f69db4383e65beda9af4fa5dc33481
ARM architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_arm.deb
Size/MD5 checksum: 1106388
916e15a512c7010791a726ad60a758a5
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_i386.deb
Size/MD5 checksum: 1085478
94dfd853806b5f4e17343184fa8b3a1e
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_ia64.deb
Size/MD5 checksum: 1272636
1966842db5aa4b4b73d70fb94cd53e82
HP Precision architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_hppa.deb
Size/MD5 checksum: 1148570
7d984ac4ba3ae1c98e1b31d09bc17b5e
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_m68k.deb
Size/MD5 checksum: 1067076
1c32e3d2af7669d06152c1586b2ab9be
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_mips.deb
Size/MD5 checksum: 1130904
622e68d86b8ae619b6d014bb91cf8b33
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_mipsel.deb
Size/MD5 checksum: 1132312
e6af9436fbd30a273abb8eeeef7cff80
PowerPC architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_powerpc.deb
Size/MD5 checksum: 1117418
a45eb850d4e47f4f26162dc50060e8a2
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_s390.deb
Size/MD5 checksum: 1098166
fd9bea393a0d256e01b0c7c22933af6e
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_sparc.deb
Size/MD5 checksum: 1108092
68aa285e827a0ce5b10733c6d0fb37bf
These files will probably be moved into the stable distribution
on its next update.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>
Fedora Core
Fedora Update Notification
FEDORA-2005-848
2005-09-07
Product : Fedora Core 3
Name : httpd
Version : 2.0.53
Release : 3.3
Summary : Apache HTTP Server
Description :
Apache is a powerful, full-featured, efficient, and
freely-available Web server. Apache is also the most popular Web
server on the Internet.
Update Information:
This update includes two security fixes. An issue was discovered
in mod_ssl where “SSLVerifyClient require” would not be honoured in
location context if the virtual host had “SSLVerifyClient optional”
configured (CAN-2005-2700). An issue was discovered in memory
consumption of the byterange filter for dynamic resources such as
PHP or CGI script (CAN-2005-2728).
- Fri Sep 2 2005 Joe Orton <jorton@redhat.com> 2.0.53-3.3
- mod_ssl: add security fix for SSLVerifyClient (#167196, CVE
CAN-2005-2700) - add security fix for byterange filter DoS (#167104, CVE
CAN-2005-2728)
- mod_ssl: add security fix for SSLVerifyClient (#167196, CVE
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
05dc67efda902897af31c7e62dcc66a2
SRPMS/httpd-2.0.53-3.3.src.rpm
67407cda524517254da65caff34d1030
x86_64/httpd-2.0.53-3.3.x86_64.rpm
2924ba7fd423ec96c77b0cd0aefe2a71
x86_64/httpd-devel-2.0.53-3.3.x86_64.rpm
f733310d4c8e6d444f185e055918d7cf
x86_64/httpd-manual-2.0.53-3.3.x86_64.rpm
c7ab61bc84334772e400d641959cd85e
x86_64/mod_ssl-2.0.53-3.3.x86_64.rpm
447aae779dc5640c1923925816c50985
x86_64/httpd-suexec-2.0.53-3.3.x86_64.rpm
43192fc61302fe1b52eb6719d05f0b45
x86_64/debug/httpd-debuginfo-2.0.53-3.3.x86_64.rpm
01f2bcf97e7759e17ac711009d433bfe i386/httpd-2.0.53-3.3.i386.rpm
65e794a48057d6d3d80f887488b4c03a
i386/httpd-devel-2.0.53-3.3.i386.rpm
7f237c80786870bd9f9d300a67aa23fe
i386/httpd-manual-2.0.53-3.3.i386.rpm
57895adf47af7a01ddb5e79d3258a790
i386/mod_ssl-2.0.53-3.3.i386.rpm
fcaa78659c375778eb357e88bd367004
i386/httpd-suexec-2.0.53-3.3.i386.rpm
55a427b5a760daee39eb972c9ca03c4d
i386/debug/httpd-debuginfo-2.0.53-3.3.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.
Fedora Update Notification
FEDORA-2005-849
2005-09-07
Product : Fedora Core 4
Name : httpd
Version : 2.0.54
Release : 10.2
Summary : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, full-featured, efficient, and
freely-available Web server. The Apache HTTP Server is also the
most popular Web server on the Internet.
Update Information:
This update includes two security fixes. An issue was discovered
in mod_ssl where “SSLVerifyClient require” would not be honoured in
location context if the virtual host had “SSLVerifyClient optional”
configured (CAN-2005-2700). An issue was discovered in memory
consumption of the byterange filter for dynamic resources such as
PHP or CGI script (CAN-2005-2728).
- Fri Sep 2 2005 Joe Orton <jorton@redhat.com> 2.0.54-10.2
- mod_ssl: add security fix for SSLVerifyClient (#167196, CVE
CAN-2005-2700) - add security fix for byterange filter DoS (#167104, CVE
CAN-2005-2728) - add fix for dummy connection handling (#167425)
- mod_ldap/mod_auth_ldap: add fixes from 2.0.x branch (upstream
#34209 etc) - mod_ssl: add fix for handling non-blocking reads
- mod_ssl: add security fix for SSLVerifyClient (#167196, CVE
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
de712a893989b4a89a96f3239ffe9359
SRPMS/httpd-2.0.54-10.2.src.rpm
f5c47d9a1fd604a9c9f27cb52b687134 ppc/httpd-2.0.54-10.2.ppc.rpm
3fe32aacb961746f97cb239580645542
ppc/httpd-devel-2.0.54-10.2.ppc.rpm
0231bd287c86eee34823bd5de7309840
ppc/httpd-manual-2.0.54-10.2.ppc.rpm
89fc732f2caae3ec8c4fca897a57f28c
ppc/mod_ssl-2.0.54-10.2.ppc.rpm
9185b402e4ebf58c362557d08f1e1e56
ppc/debug/httpd-debuginfo-2.0.54-10.2.ppc.rpm
5597e26e50c206b6292fb6a481264074
x86_64/httpd-2.0.54-10.2.x86_64.rpm
e0cdb0d7c15b7882e7f446e120e8f20e
x86_64/httpd-devel-2.0.54-10.2.x86_64.rpm
26dcb24b83a0528202dfe6ca343a3909
x86_64/httpd-manual-2.0.54-10.2.x86_64.rpm
5c01b4d973491f2be019bfb526199142
x86_64/mod_ssl-2.0.54-10.2.x86_64.rpm
4284f8fe2b0c85c36a87c8cd0c05f1a4
x86_64/debug/httpd-debuginfo-2.0.54-10.2.x86_64.rpm
8e1b97f27ce4a41eb7eb01c15d8eab81
i386/httpd-2.0.54-10.2.i386.rpm
9e32079613629b690beb02e91120998b
i386/httpd-devel-2.0.54-10.2.i386.rpm
04bad4ac9e45412e658d82d7af66fafc
i386/httpd-manual-2.0.54-10.2.i386.rpm
cbe81b8781314a53962ac1b84ebc7349
i386/mod_ssl-2.0.54-10.2.i386.rpm
7b0f8b83a6f021702135942aa6159a98
i386/debug/httpd-debuginfo-2.0.54-10.2.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.
Fedora Update Notification
FEDORA-2005-858
2005-09-07
Product : Fedora Core 3
Name : openssh
Version : 3.9p1
Release : 8.0.3
Summary : The OpenSSH implementation of SSH protocol versions 1 and
2.
Description :
OpenSSH is OpenBSD’s SSH (Secure SHell) protocol implementation.
SSH replaces rlogin and rsh, to provide secure encrypted
communications between two untrusted hosts over an insecure
network. X11 connections and arbitrary TCP/IP ports can also be
forwarded over the secure channel. Public key authentication may be
used for “passwordless” access to servers.
This package includes the core files necessary for both the
OpenSSH client and server. To make this package useful, you should
also install openssh-clients, openssh-server, or both.
Update Information:
This security update fixes CAN-2005-2798 and resolves a problem
with X forwarding binding only on IPv6 address on certain
circumstances.
- Wed Sep 7 2005 Tomas Mraz <tmraz@redhat.com> 3.9p1-8.0.3
- destroy creds if gssapi authentication fails – CAN-2005-2798
(#167444) - don’t use X11 port which can’t be bound on all IP families
(#163732)
- destroy creds if gssapi authentication fails – CAN-2005-2798
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
c42c4bf11075a5bc6787427f6f1bbdb7
SRPMS/openssh-3.9p1-8.0.3.src.rpm
65e54cc979b888208a1783018fa2141f
x86_64/openssh-3.9p1-8.0.3.x86_64.rpm
aa95f00bd8aee18f1d7709a655dd2900
x86_64/openssh-clients-3.9p1-8.0.3.x86_64.rpm
4c0fdd9c8c8239b47500344fe2a36eae
x86_64/openssh-server-3.9p1-8.0.3.x86_64.rpm
c136972b79ba963b8982e90d941a6d25
x86_64/openssh-askpass-3.9p1-8.0.3.x86_64.rpm
6cbf80015a4189468f81e0e58847fe75
x86_64/openssh-askpass-gnome-3.9p1-8.0.3.x86_64.rpm
0fee7f443f1fe6c9e481ac5fb848d83d
x86_64/debug/openssh-debuginfo-3.9p1-8.0.3.x86_64.rpm
b2be46aac023e5a2acb035abe299ff51
i386/openssh-3.9p1-8.0.3.i386.rpm
225aa0a619a500eef68c50dc6904584e
i386/openssh-clients-3.9p1-8.0.3.i386.rpm
1f961d9889ca730e41094c68df4576fe
i386/openssh-server-3.9p1-8.0.3.i386.rpm
abb099c7505111ea5504066413bad8e8
i386/openssh-askpass-3.9p1-8.0.3.i386.rpm
58e19672af45d282ffd664280c77572d
i386/openssh-askpass-gnome-3.9p1-8.0.3.i386.rpm
d1a3004d2cdf7b6f89ba2aa4e6d2fbd3
i386/debug/openssh-debuginfo-3.9p1-8.0.3.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.
Gentoo Linux
Gentoo Linux Security Advisory GLSA 200509-06
Severity: Normal
Title: Squid: Denial of Service vulnerabilities
Date: September 07, 2005
Bugs: #104603
ID: 200509-06
Synopsis
Squid contains several bugs when handling certain malformed
requests resulting in a Denial of Service.
Background
Squid is a full-featured Web proxy cache designed to run on
Unix-like systems. It supports proxying and caching of HTTP, FTP,
and other protocols, as well as SSL support, cache hierarchies,
transparent caching, access control lists and many more
features.
Affected packages
Package / Vulnerable / Unaffected
1 www-proxy/squid < 2.5.10-r2 >= 2.5.10-r2
Description
Certain malformed requests result in a segmentation fault in the
sslConnectTimeout function, handling of other certain requests
trigger assertion failures.
Impact
By performing malformed requests an attacker could cause Squid
to crash by triggering an assertion failure or invalid memory
reference.
Workaround
There is no known workaround at this time.
Resolution
All Squid users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-proxy/squid-2.5.10-r2"
References
[ 1 ] Squid Patches
http://www.squid-cache.org/Versions/v2/2.5/bugs/
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200509-06.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
Ubuntu Linux
Ubuntu Security Notice USN-160-2 September 07, 2005
apache vulnerability
CAN-2005-2088
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
apache
apache-perl
apache-ssl
The problem can be corrected by upgrading the affected package
to version 1.3.31-6ubuntu0.8 (for Ubuntu 4.10), or 1.3.33-4ubuntu1
(for Ubuntu 5.04). In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
USN-160-1 fixed two vulnerabilities in the Apache 2 server. The
old Apache 1 server was also vulnerable to one of the
vulnerabilities (CAN-2005-2088). Please note that Apache 1 is not
officially supported in Ubuntu (it is in the “universe” component
of the archive).
For reference, this is the relevant part of the original
advisory:
Watchfire discovered that Apache insufficiently verified the
“Transfer-Encoding” and “Content-Length” headers when acting as an
HTTP proxy. By sending a specially crafted HTTP request, a remote
attacker who is authorized to use the proxy could exploit this to
bypass web application firewalls, poison the HTTP proxy cache, and
conduct cross-site scripting attacks against other proxy users.
(CAN-2005-2088)
Updated packages for Ubuntu 4.10 (Warty Warthog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubuntu0.8.diff.gz
Size/MD5: 372493
c5001a1196912f3edfc785b5e2a5ebbc
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubuntu0.8.dsc
Size/MD5: 1102
c0f99d722fd5092be8c6cc800bc98020
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31.orig.tar.gz
Size/MD5: 3104170
ca475fbb40087eb157ec51334f260d1b
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-dev_1.3.31-6ubuntu0.8_all.deb
Size/MD5: 329846
42899fed4f93fc9aa98743ca8d6bbea1
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-doc_1.3.31-6ubuntu0.8_all.deb
Size/MD5: 1186908
e1bf21edf1a8dd848d6fff0ed9c15319
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.31-6ubuntu0.8_amd64.deb
Size/MD5: 873716
c70369c55517959829b6596efa3ac295
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.31-6ubuntu0.8_amd64.deb
Size/MD5: 9131484
42174cf7f3b4054f1586e6ac0328180e
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.31-6ubuntu0.8_amd64.deb
Size/MD5: 520854
389333cfe500df5fa2ddbb05acd39268
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.31-6ubuntu0.8_amd64.deb
Size/MD5: 510938
856eb92f93f481c054b473699507b9e7
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.31-6ubuntu0.8_amd64.deb
Size/MD5: 271648
1a4f48aa2a3218d148e11a8e83134326
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-6ubuntu0.8_amd64.deb
Size/MD5: 398398
9af432f952f18349223abdc14efbe5af
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.2.0-6ubuntu0.8_amd64.deb
Size/MD5: 491788
f5b1f7a21c419a2db9b8f8ecc8b00ada
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.31-6ubuntu0.8_i386.deb
Size/MD5: 838714
e50241ee55e408f5be6ee0ca528191f4
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.31-6ubuntu0.8_i386.deb
Size/MD5: 9080744
0ddc1d368aceb07f7046d80d77e160b7
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.31-6ubuntu0.8_i386.deb
Size/MD5: 494480
d0f38faf557c5606da32377bf860bc2d
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.31-6ubuntu0.8_i386.deb
Size/MD5: 484248
932390c88b13b14a2d39ae85d4eb2c2c
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.31-6ubuntu0.8_i386.deb
Size/MD5: 265448
5349d926e161a16b3416f273591454ef
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-6ubuntu0.8_i386.deb
Size/MD5: 377652
ccf175352ec693f8dcde9ee0b9005fbe
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.2.0-6ubuntu0.8_i386.deb
Size/MD5: 485142
09118f966d87a9ed22a00f8d641fae48
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.31-6ubuntu0.8_powerpc.deb
Size/MD5: 917796
42513834c278d8313e8ca1496a13a88b
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.31-6ubuntu0.8_powerpc.deb
Size/MD5: 9226168
03fe292aac21254f752010e827ef82b7
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.31-6ubuntu0.8_powerpc.deb
Size/MD5: 511502
4982e1ffb129cca49974208619502834
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.31-6ubuntu0.8_powerpc.deb
Size/MD5: 507376
30d6000a4eebf427f18f9963d9bc94da
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.31-6ubuntu0.8_powerpc.deb
Size/MD5: 278778
36a97646fdb52d9ef8ea93691aad2ab2
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-6ubuntu0.8_powerpc.deb
Size/MD5: 395824
7c4e799a6d4254614819de0a447bf4db
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.2.0-6ubuntu0.8_powerpc.deb
Size/MD5: 489118
ee494dbef77278e641ab54a4154de599
Updated packages for Ubuntu 5.04 (Hoary Hedgehog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.33-4ubuntu1.diff.gz
Size/MD5: 364482
4fa62ef8a41a30d49f41f3248b0671d0
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.33-4ubuntu1.dsc
Size/MD5: 1121
cd89b81f9fc67b4d25cdc8b482e14bf8
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.33.orig.tar.gz
Size/MD5: 3105683
1a34f13302878a8713a2ac760d9b6da8
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dev_1.3.33-4ubuntu1_all.deb
Size/MD5: 331086
5dbb29add5c15b72a1901b653d22affd
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-doc_1.3.33-4ubuntu1_all.deb
Size/MD5: 1189152
f55d0f105549e660ff785b4f983df80d
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-utils_1.3.33-4ubuntu1_all.deb
Size/MD5: 211854
84bd3cb878b4c8125fc17b42497db935
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-common_1.3.33-4ubuntu1_amd64.deb
Size/MD5: 875046
c6bdfa39ba3a12c70b82824b955cb6ed
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.33-4ubuntu1_amd64.deb
Size/MD5: 9163882
d0e9ec7f9d9a49a431f5fd97f93f6b87
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.33-4ubuntu1_amd64.deb
Size/MD5: 522170
c54f45b7938d50f70a966aad92a673a0
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.33-4ubuntu1_amd64.deb
Size/MD5: 512346
8a0bf2edac677b390b9f8c9b43c38c79
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.33-4ubuntu1_amd64.deb
Size/MD5: 399826
cde2880823c45ae1a57f3bd748d298b3
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.3-4ubuntu1_amd64.deb
Size/MD5: 492232
27674bfd322d2832e750d416d0159289
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-common_1.3.33-4ubuntu1_i386.deb
Size/MD5: 839554
6b29480273d1006da2515b2e0573e9d2
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.33-4ubuntu1_i386.deb
Size/MD5: 9104572
b9d31e4995d51b303e99cf0268ca0f76
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.33-4ubuntu1_i386.deb
Size/MD5: 495148
45ab419a9a5bc9d722f05b61d0e85628
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.33-4ubuntu1_i386.deb
Size/MD5: 485346
20658ea1db74678ebb640fcabaa95359
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.33-4ubuntu1_i386.deb
Size/MD5: 378756
b6eb23b11d150e41ad0520595963dc12
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.3-4ubuntu1_i386.deb
Size/MD5: 485640
e9665bcc49dba12bb88d0dbbc91dc2ca
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-common_1.3.33-4ubuntu1_powerpc.deb
Size/MD5: 919468
1acb3a95dc392908764366eb7a9cf837
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.33-4ubuntu1_powerpc.deb
Size/MD5: 9253540
b79b964d8b328168a5e84141369591b6
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.33-4ubuntu1_powerpc.deb
Size/MD5: 513098
e3731ecc291e9f4a1b33909991973a5a
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.33-4ubuntu1_powerpc.deb
Size/MD5: 508990
f93f9393257bfeb010757eca85067f77
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.33-4ubuntu1_powerpc.deb
Size/MD5: 397092
ec577980cf93a5de6f8ec7e5db0316a9
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.3-4ubuntu1_powerpc.deb
Size/MD5: 490332
6a06c0a6a65c34b48e99e5d666b35500
Ubuntu Security Notice USN-176-1 September 07, 2005
kdebase vulnerability
CAN-2005-2494
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
kdebase-bin
The problem can be corrected by upgrading the affected package
to version 4:3.4.0-0ubuntu18.1. In general, a standard system
upgrade is sufficient to effect the necessary changes.
Details follow:
Ilja van Sprundel discovered a flaw in the lock file handling of
kcheckpass. A local attacker could exploit this to execute
arbitrary code with root privileges.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase_3.4.0-0ubuntu18.1.diff.gz
Size/MD5: 189597
ef9b4ad4f1e4340a2ecdaad471670b63
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase_3.4.0-0ubuntu18.1.dsc
Size/MD5: 1622
2a0d3a6c1e146f5b54b5e7a20bf58cea
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase_3.4.0.orig.tar.gz
Size/MD5: 26947670
31334d21606078a1f1eab1c3a25317e9
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-data_3.4.0-0ubuntu18.1_all.deb
Size/MD5: 4608912
0113ee173e4da0e4d3c233c4288ec667
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-doc_3.4.0-0ubuntu18.1_all.deb
Size/MD5: 1084404
5715fca77f5f4224c63f78cb1e1b418d
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase_3.4.0-0ubuntu18.1_all.deb
Size/MD5: 22020
a5cbdaa9f938a786b3cd74a6396d5e20
http://security.ubuntu.com/ubuntu/pool/universe/k/kdebase/xfonts-konsole_3.4.0-0ubuntu18.1_all.deb
Size/MD5: 37918
0440a29214683017d1548827d23216ef
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kappfinder_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 245308
3ada910e36591419d1f0ba38a232817f
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kate_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 654580
3cecf0faa5052101ae9b78cdd419c506
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kcontrol_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 7957406
298659794585e115ea77e95145b93d13
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-bin_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 1152760
04be6e4170365ee880e3c4e8ec72de78
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-dev_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 60926
4e17272ffd172817699f091f1ba0ef1f
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-kio-plugins_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 807684
973dfa2562de81a394d58b5c500998ab
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdepasswd_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 227036
e8df4158d5c12c4f6002a8025244fc62
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdeprint_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 1100276
bb6d55387499b8a346a851670dfd93c4
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdesktop_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 739976
312fb8213a0d25275fdac66bd048b2e1
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdm_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 670860
ac2219d79ad555f1099657708f2eb1c4
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kfind_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 185742
b072ff11f1270bcac9d9f207ae4c5cf5
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/khelpcenter_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 1784494
ddc8fafc29b6b807eebdd382b5160318
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kicker_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 1805694
10da13879440693317057681f8bb684e
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/klipper_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 245018
eadf78db296c0129e13fadec01881a0b
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kmenuedit_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 206766
f7bf70a03730ddebc1563ba840b5fe3b
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konqueror-nsplugins_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 135228
1660abe0a875b18ec26adcb3caec13c1
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konqueror_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 2081982
911b6550bef1e7bc5bff918061d3a9c2
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konsole_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 596520
8b2805d0f76e45f08103f43674ed1f55
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kpager_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 100464
008c6c9414412a5641a2bae5a64c2890
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kpersonalizer_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 473208
148899c8aef9076a3287675d93dadb61
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksmserver_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 141976
eaa0af4be4cb4727ed5854df7232db57
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksplash_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 810978
117ba62ec5d6d5c3cdd6323ef1e7fea8
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksysguard_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 490268
e818c40bca8b27f7a3224ba3b7eaedd5
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksysguardd_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 56574
cb547d5e454dce4a4ca331d46767113e
http://security.ubuntu.com/ubuntu/pool/universe/k/kdebase/ktip_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 80366
7dd62d3608942e013539a232f791fa4e
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kwin_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 1013698
b164b1536692f0da325cd5f8e1f465b5
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/libkonq4-dev_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 48506
27836a23f9ace627a9fa8b15b4b2222a
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/libkonq4_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 261854
3fca1d953eafbbbf6b34d8640182c78f
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kappfinder_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 243636
918ec94ab285f5d657984473124a62d4
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kate_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 630558
95cadd77d3c3205f365a7e94a22aaa39
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kcontrol_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 7786958
40bad975b2e41a97e1acbf69aa730fb5
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-bin_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 1071180
6378932ae74ee615b79c031e8f304cc1
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-dev_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 60946
575260572e38319d0834d927a23e6b45
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-kio-plugins_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 738706
3fb9a5273ae5c9eecf604a57e7339413
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdepasswd_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 222460
4a3d47678b68de18ea89364f4ca92af5
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdeprint_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 1085444
0a1e0f0c45634f96bbc715a0edc229ff
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdesktop_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 717412
b02564f2d21bc57cd717b7d283802c7d
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdm_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 634514
eab29e7535d683ee2b220e1311cf124f
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kfind_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 175986
1fa716a00f654cc00647b03cb1ce3ffd
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/khelpcenter_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 1769482
a8aaaed37eb92c8dd02e6481bb69a65b
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kicker_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 1692040
71055e6b7d3a5076bbcf6331bd3db5c0
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/klipper_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 230744
8b20452027172dffc46db7a1806e1e46
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kmenuedit_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 198292
a5d990fe9d103db4b57f9a037542e243
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konqueror-nsplugins_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 123954
7f107b6af937beba00545d430c985da0
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konqueror_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 2008614
66e6f0df925157f643f8dd1eddec39cc
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konsole_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 570722
0ffb5270fb29e8f988710b5a8f98a19e
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kpager_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 95632
06b90b69388a175e3171ef209bfd527c
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kpersonalizer_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 465656
b8f70ffc77bcab68810eab048f868b41
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksmserver_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 137194
056c28e0e755df262f2ce8ffcf0c1087
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksplash_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 799634
442a641c3300bab664ed57f1d2bc236f
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksysguard_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 464888
499d51f7f6d354f2e0f48f0e39456ce9
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksysguardd_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 49706
d20e7d609588e5eeed182199ecfa7be8
http://security.ubuntu.com/ubuntu/pool/universe/k/kdebase/ktip_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 79964
e6ac80c11b310b2c5a2e6669246b87c5
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kwin_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 959566
eef18f77ec369d6e485c6bfb78b14743
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/libkonq4-dev_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 48512
db47172170a5c677303871d536b383ce
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/libkonq4_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 248620
98417644f71673543c811d88ad0788a1
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kappfinder_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 244436
af64c35adf77542c865dd6abf31fb90f
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kate_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 631810
b0301b8f7e21534c137bba669cd9a7f2
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kcontrol_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 7804952
06f0fb4e4808c64983d642c046fa4061
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-bin_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 1079800
3e543998c714a4d051de93f9faf4eb36
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-dev_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 60946
696585e41ac93cf47764f3b238c61f42
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-kio-plugins_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 799872
f22ae65da25b42068c83e14e85060491
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdepasswd_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 223102
c18044dc5efb93b4c3373f3eea2b60d4
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdeprint_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 1098416
01e580d3040f9b8ec7b62ab680d351a2
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdesktop_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 718630
5c555007dc2f98ee828b59cef2b60577
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdm_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 653004
96b6f37ea5a827658eeb951621f1f579
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kfind_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 170902
a6ed6227ccc3cf259658b5da266744eb
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/khelpcenter_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 1771324
1c53b10d7006d24951a80453fb94f293
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kicker_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 1717592
2f35ec7c11c15081c1fc9ce1762da732
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/klipper_3.4.0-