Home Security

Advisories: September 7, 2005

By

September 8, 2005

Debian GNU/Linux

Debian Security Advisory DSA 802-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
September 7th, 2005 http://www.debian.org/security/faq

Package : cvs
Vulnerability : insecure temporary files
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-2693
Debian Bug : 325106

Marcus Meissner discovered that the cvsbug program from CVS,
which serves the popular Concurrent Versions System, uses temporary
files in an insecure fashion.

For the old stable distribution (woody) this problem has been
fixed in version 1.11.1p1debian-13.

In the stable distribution (sarge) the cvs package does not
expose the cvsbug program anymore.

In the unstable distribution (sid) the cvs package does not
expose the cvsbug program anymore.

We recommend that you upgrade your cvs package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13.dsc

Size/MD5 checksum: 683
db16b937ddd5274dbcba38cd4fcd5888
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13.diff.gz

Size/MD5 checksum: 57477
0f11d7ca8cb7b35bf4a12a8c4ad2716d
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian.orig.tar.gz

Size/MD5 checksum: 2621658
500965ab9702b31605f8c58aa21a6205

Alpha architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_alpha.deb

Size/MD5 checksum: 1179406
05f69db4383e65beda9af4fa5dc33481

ARM architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_arm.deb

Size/MD5 checksum: 1106388
916e15a512c7010791a726ad60a758a5

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_i386.deb

Size/MD5 checksum: 1085478
94dfd853806b5f4e17343184fa8b3a1e

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_ia64.deb

Size/MD5 checksum: 1272636
1966842db5aa4b4b73d70fb94cd53e82

HP Precision architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_hppa.deb

Size/MD5 checksum: 1148570
7d984ac4ba3ae1c98e1b31d09bc17b5e

Motorola 680×0 architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_m68k.deb

Size/MD5 checksum: 1067076
1c32e3d2af7669d06152c1586b2ab9be

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_mips.deb

Size/MD5 checksum: 1130904
622e68d86b8ae619b6d014bb91cf8b33

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_mipsel.deb

Size/MD5 checksum: 1132312
e6af9436fbd30a273abb8eeeef7cff80

PowerPC architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_powerpc.deb

Size/MD5 checksum: 1117418
a45eb850d4e47f4f26162dc50060e8a2

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_s390.deb

Size/MD5 checksum: 1098166
fd9bea393a0d256e01b0c7c22933af6e

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_sparc.deb

Size/MD5 checksum: 1108092
68aa285e827a0ce5b10733c6d0fb37bf

These files will probably be moved into the stable distribution
on its next update.

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Fedora Core

Fedora Update Notification
FEDORA-2005-848
2005-09-07

Product : Fedora Core 3
Name : httpd
Version : 2.0.53
Release : 3.3
Summary : Apache HTTP Server

Description :
Apache is a powerful, full-featured, efficient, and
freely-available Web server. Apache is also the most popular Web
server on the Internet.

Update Information:

This update includes two security fixes. An issue was discovered
in mod_ssl where “SSLVerifyClient require” would not be honoured in
location context if the virtual host had “SSLVerifyClient optional”
configured (CAN-2005-2700). An issue was discovered in memory
consumption of the byterange filter for dynamic resources such as
PHP or CGI script (CAN-2005-2728).

Fri Sep 2 2005 Joe Orton <jorton@redhat.com> 2.0.53-3.3
- mod_ssl: add security fix for SSLVerifyClient (#167196, CVE
  CAN-2005-2700)
- add security fix for byterange filter DoS (#167104, CVE
  CAN-2005-2728)

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

05dc67efda902897af31c7e62dcc66a2
SRPMS/httpd-2.0.53-3.3.src.rpm
67407cda524517254da65caff34d1030
x86_64/httpd-2.0.53-3.3.x86_64.rpm
2924ba7fd423ec96c77b0cd0aefe2a71
x86_64/httpd-devel-2.0.53-3.3.x86_64.rpm
f733310d4c8e6d444f185e055918d7cf
x86_64/httpd-manual-2.0.53-3.3.x86_64.rpm
c7ab61bc84334772e400d641959cd85e
x86_64/mod_ssl-2.0.53-3.3.x86_64.rpm
447aae779dc5640c1923925816c50985
x86_64/httpd-suexec-2.0.53-3.3.x86_64.rpm
43192fc61302fe1b52eb6719d05f0b45
x86_64/debug/httpd-debuginfo-2.0.53-3.3.x86_64.rpm
01f2bcf97e7759e17ac711009d433bfe i386/httpd-2.0.53-3.3.i386.rpm
65e794a48057d6d3d80f887488b4c03a
i386/httpd-devel-2.0.53-3.3.i386.rpm
7f237c80786870bd9f9d300a67aa23fe
i386/httpd-manual-2.0.53-3.3.i386.rpm
57895adf47af7a01ddb5e79d3258a790
i386/mod_ssl-2.0.53-3.3.i386.rpm
fcaa78659c375778eb357e88bd367004
i386/httpd-suexec-2.0.53-3.3.i386.rpm
55a427b5a760daee39eb972c9ca03c4d
i386/debug/httpd-debuginfo-2.0.53-3.3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.

Fedora Update Notification
FEDORA-2005-849
2005-09-07

Product : Fedora Core 4
Name : httpd
Version : 2.0.54
Release : 10.2
Summary : Apache HTTP Server

Description :
The Apache HTTP Server is a powerful, full-featured, efficient, and
freely-available Web server. The Apache HTTP Server is also the
most popular Web server on the Internet.

Update Information:

This update includes two security fixes. An issue was discovered
in mod_ssl where “SSLVerifyClient require” would not be honoured in
location context if the virtual host had “SSLVerifyClient optional”
configured (CAN-2005-2700). An issue was discovered in memory
consumption of the byterange filter for dynamic resources such as
PHP or CGI script (CAN-2005-2728).

Fri Sep 2 2005 Joe Orton <jorton@redhat.com> 2.0.54-10.2
- mod_ssl: add security fix for SSLVerifyClient (#167196, CVE
  CAN-2005-2700)
- add security fix for byterange filter DoS (#167104, CVE
  CAN-2005-2728)
- add fix for dummy connection handling (#167425)
- mod_ldap/mod_auth_ldap: add fixes from 2.0.x branch (upstream
  #34209 etc)
- mod_ssl: add fix for handling non-blocking reads

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

de712a893989b4a89a96f3239ffe9359
SRPMS/httpd-2.0.54-10.2.src.rpm
f5c47d9a1fd604a9c9f27cb52b687134 ppc/httpd-2.0.54-10.2.ppc.rpm
3fe32aacb961746f97cb239580645542
ppc/httpd-devel-2.0.54-10.2.ppc.rpm
0231bd287c86eee34823bd5de7309840
ppc/httpd-manual-2.0.54-10.2.ppc.rpm
89fc732f2caae3ec8c4fca897a57f28c
ppc/mod_ssl-2.0.54-10.2.ppc.rpm
9185b402e4ebf58c362557d08f1e1e56
ppc/debug/httpd-debuginfo-2.0.54-10.2.ppc.rpm
5597e26e50c206b6292fb6a481264074
x86_64/httpd-2.0.54-10.2.x86_64.rpm
e0cdb0d7c15b7882e7f446e120e8f20e
x86_64/httpd-devel-2.0.54-10.2.x86_64.rpm
26dcb24b83a0528202dfe6ca343a3909
x86_64/httpd-manual-2.0.54-10.2.x86_64.rpm
5c01b4d973491f2be019bfb526199142
x86_64/mod_ssl-2.0.54-10.2.x86_64.rpm
4284f8fe2b0c85c36a87c8cd0c05f1a4
x86_64/debug/httpd-debuginfo-2.0.54-10.2.x86_64.rpm
8e1b97f27ce4a41eb7eb01c15d8eab81
i386/httpd-2.0.54-10.2.i386.rpm
9e32079613629b690beb02e91120998b
i386/httpd-devel-2.0.54-10.2.i386.rpm
04bad4ac9e45412e658d82d7af66fafc
i386/httpd-manual-2.0.54-10.2.i386.rpm
cbe81b8781314a53962ac1b84ebc7349
i386/mod_ssl-2.0.54-10.2.i386.rpm
7b0f8b83a6f021702135942aa6159a98
i386/debug/httpd-debuginfo-2.0.54-10.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.

Fedora Update Notification
FEDORA-2005-858
2005-09-07

Product : Fedora Core 3
Name : openssh
Version : 3.9p1
Release : 8.0.3
Summary : The OpenSSH implementation of SSH protocol versions 1 and
2.

Description :
OpenSSH is OpenBSD’s SSH (Secure SHell) protocol implementation.
SSH replaces rlogin and rsh, to provide secure encrypted
communications between two untrusted hosts over an insecure
network. X11 connections and arbitrary TCP/IP ports can also be
forwarded over the secure channel. Public key authentication may be
used for “passwordless” access to servers.

This package includes the core files necessary for both the
OpenSSH client and server. To make this package useful, you should
also install openssh-clients, openssh-server, or both.

Update Information:

This security update fixes CAN-2005-2798 and resolves a problem
with X forwarding binding only on IPv6 address on certain
circumstances.

Wed Sep 7 2005 Tomas Mraz <tmraz@redhat.com> 3.9p1-8.0.3
- destroy creds if gssapi authentication fails – CAN-2005-2798
  (#167444)
- don’t use X11 port which can’t be bound on all IP families
  (#163732)

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

c42c4bf11075a5bc6787427f6f1bbdb7
SRPMS/openssh-3.9p1-8.0.3.src.rpm
65e54cc979b888208a1783018fa2141f
x86_64/openssh-3.9p1-8.0.3.x86_64.rpm
aa95f00bd8aee18f1d7709a655dd2900
x86_64/openssh-clients-3.9p1-8.0.3.x86_64.rpm
4c0fdd9c8c8239b47500344fe2a36eae
x86_64/openssh-server-3.9p1-8.0.3.x86_64.rpm
c136972b79ba963b8982e90d941a6d25
x86_64/openssh-askpass-3.9p1-8.0.3.x86_64.rpm
6cbf80015a4189468f81e0e58847fe75
x86_64/openssh-askpass-gnome-3.9p1-8.0.3.x86_64.rpm
0fee7f443f1fe6c9e481ac5fb848d83d
x86_64/debug/openssh-debuginfo-3.9p1-8.0.3.x86_64.rpm
b2be46aac023e5a2acb035abe299ff51
i386/openssh-3.9p1-8.0.3.i386.rpm
225aa0a619a500eef68c50dc6904584e
i386/openssh-clients-3.9p1-8.0.3.i386.rpm
1f961d9889ca730e41094c68df4576fe
i386/openssh-server-3.9p1-8.0.3.i386.rpm
abb099c7505111ea5504066413bad8e8
i386/openssh-askpass-3.9p1-8.0.3.i386.rpm
58e19672af45d282ffd664280c77572d
i386/openssh-askpass-gnome-3.9p1-8.0.3.i386.rpm
d1a3004d2cdf7b6f89ba2aa4e6d2fbd3
i386/debug/openssh-debuginfo-3.9p1-8.0.3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200509-06

http://security.gentoo.org/

Severity: Normal
Title: Squid: Denial of Service vulnerabilities
Date: September 07, 2005
Bugs: #104603
ID: 200509-06

Synopsis

Squid contains several bugs when handling certain malformed
requests resulting in a Denial of Service.

Background

Squid is a full-featured Web proxy cache designed to run on
Unix-like systems. It supports proxying and caching of HTTP, FTP,
and other protocols, as well as SSL support, cache hierarchies,
transparent caching, access control lists and many more
features.

Affected packages

     Package          /   Vulnerable   /                    Unaffected

  1  www-proxy/squid      < 2.5.10-r2                     >= 2.5.10-r2

Description

Certain malformed requests result in a segmentation fault in the
sslConnectTimeout function, handling of other certain requests
trigger assertion failures.

Impact

By performing malformed requests an attacker could cause Squid
to crash by triggering an assertion failure or invalid memory
reference.

Workaround

There is no known workaround at this time.

Resolution

All Squid users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-proxy/squid-2.5.10-r2"

References

[ 1 ] Squid Patches

http://www.squid-cache.org/Versions/v2/2.5/bugs/

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200509-06.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Ubuntu Linux

Ubuntu Security Notice USN-160-2 September 07, 2005
apache vulnerability
CAN-2005-2088

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

apache
apache-perl
apache-ssl

The problem can be corrected by upgrading the affected package
to version 1.3.31-6ubuntu0.8 (for Ubuntu 4.10), or 1.3.33-4ubuntu1
(for Ubuntu 5.04). In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

USN-160-1 fixed two vulnerabilities in the Apache 2 server. The
old Apache 1 server was also vulnerable to one of the
vulnerabilities (CAN-2005-2088). Please note that Apache 1 is not
officially supported in Ubuntu (it is in the “universe” component
of the archive).

For reference, this is the relevant part of the original
advisory:

Watchfire discovered that Apache insufficiently verified the
“Transfer-Encoding” and “Content-Length” headers when acting as an
HTTP proxy. By sending a specially crafted HTTP request, a remote
attacker who is authorized to use the proxy could exploit this to
bypass web application firewalls, poison the HTTP proxy cache, and
conduct cross-site scripting attacks against other proxy users.
(CAN-2005-2088)

Updated packages for Ubuntu 4.10 (Warty Warthog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubuntu0.8.diff.gz

Size/MD5: 372493
c5001a1196912f3edfc785b5e2a5ebbc
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubuntu0.8.dsc

Size/MD5: 1102
c0f99d722fd5092be8c6cc800bc98020
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31.orig.tar.gz

Size/MD5: 3104170
ca475fbb40087eb157ec51334f260d1b

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-dev_1.3.31-6ubuntu0.8_all.deb

Size/MD5: 329846
42899fed4f93fc9aa98743ca8d6bbea1
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-doc_1.3.31-6ubuntu0.8_all.deb

Size/MD5: 1186908
e1bf21edf1a8dd848d6fff0ed9c15319

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.31-6ubuntu0.8_amd64.deb

Size/MD5: 873716
c70369c55517959829b6596efa3ac295
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.31-6ubuntu0.8_amd64.deb

Size/MD5: 9131484
42174cf7f3b4054f1586e6ac0328180e
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.31-6ubuntu0.8_amd64.deb

Size/MD5: 520854
389333cfe500df5fa2ddbb05acd39268
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.31-6ubuntu0.8_amd64.deb

Size/MD5: 510938
856eb92f93f481c054b473699507b9e7
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.31-6ubuntu0.8_amd64.deb

Size/MD5: 271648
1a4f48aa2a3218d148e11a8e83134326
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-6ubuntu0.8_amd64.deb

Size/MD5: 398398
9af432f952f18349223abdc14efbe5af
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.2.0-6ubuntu0.8_amd64.deb

Size/MD5: 491788
f5b1f7a21c419a2db9b8f8ecc8b00ada

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.31-6ubuntu0.8_i386.deb

Size/MD5: 838714
e50241ee55e408f5be6ee0ca528191f4
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.31-6ubuntu0.8_i386.deb

Size/MD5: 9080744
0ddc1d368aceb07f7046d80d77e160b7
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.31-6ubuntu0.8_i386.deb

Size/MD5: 494480
d0f38faf557c5606da32377bf860bc2d
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.31-6ubuntu0.8_i386.deb

Size/MD5: 484248
932390c88b13b14a2d39ae85d4eb2c2c
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.31-6ubuntu0.8_i386.deb

Size/MD5: 265448
5349d926e161a16b3416f273591454ef
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-6ubuntu0.8_i386.deb

Size/MD5: 377652
ccf175352ec693f8dcde9ee0b9005fbe
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.2.0-6ubuntu0.8_i386.deb

Size/MD5: 485142
09118f966d87a9ed22a00f8d641fae48

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.31-6ubuntu0.8_powerpc.deb

Size/MD5: 917796
42513834c278d8313e8ca1496a13a88b
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.31-6ubuntu0.8_powerpc.deb

Size/MD5: 9226168
03fe292aac21254f752010e827ef82b7
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.31-6ubuntu0.8_powerpc.deb

Size/MD5: 511502
4982e1ffb129cca49974208619502834
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.31-6ubuntu0.8_powerpc.deb

Size/MD5: 507376
30d6000a4eebf427f18f9963d9bc94da
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.31-6ubuntu0.8_powerpc.deb

Size/MD5: 278778
36a97646fdb52d9ef8ea93691aad2ab2
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-6ubuntu0.8_powerpc.deb

Size/MD5: 395824
7c4e799a6d4254614819de0a447bf4db
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.2.0-6ubuntu0.8_powerpc.deb

Size/MD5: 489118
ee494dbef77278e641ab54a4154de599

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.33-4ubuntu1.diff.gz

Size/MD5: 364482
4fa62ef8a41a30d49f41f3248b0671d0
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.33-4ubuntu1.dsc

Size/MD5: 1121
cd89b81f9fc67b4d25cdc8b482e14bf8
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.33.orig.tar.gz

Size/MD5: 3105683
1a34f13302878a8713a2ac760d9b6da8

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dev_1.3.33-4ubuntu1_all.deb

Size/MD5: 331086
5dbb29add5c15b72a1901b653d22affd
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-doc_1.3.33-4ubuntu1_all.deb

Size/MD5: 1189152
f55d0f105549e660ff785b4f983df80d
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-utils_1.3.33-4ubuntu1_all.deb

Size/MD5: 211854
84bd3cb878b4c8125fc17b42497db935

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-common_1.3.33-4ubuntu1_amd64.deb

Size/MD5: 875046
c6bdfa39ba3a12c70b82824b955cb6ed
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.33-4ubuntu1_amd64.deb

Size/MD5: 9163882
d0e9ec7f9d9a49a431f5fd97f93f6b87
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.33-4ubuntu1_amd64.deb

Size/MD5: 522170
c54f45b7938d50f70a966aad92a673a0
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.33-4ubuntu1_amd64.deb

Size/MD5: 512346
8a0bf2edac677b390b9f8c9b43c38c79
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.33-4ubuntu1_amd64.deb

Size/MD5: 399826
cde2880823c45ae1a57f3bd748d298b3
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.3-4ubuntu1_amd64.deb

Size/MD5: 492232
27674bfd322d2832e750d416d0159289

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-common_1.3.33-4ubuntu1_i386.deb

Size/MD5: 839554
6b29480273d1006da2515b2e0573e9d2
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.33-4ubuntu1_i386.deb

Size/MD5: 9104572
b9d31e4995d51b303e99cf0268ca0f76
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.33-4ubuntu1_i386.deb

Size/MD5: 495148
45ab419a9a5bc9d722f05b61d0e85628
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.33-4ubuntu1_i386.deb

Size/MD5: 485346
20658ea1db74678ebb640fcabaa95359
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.33-4ubuntu1_i386.deb

Size/MD5: 378756
b6eb23b11d150e41ad0520595963dc12
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.3-4ubuntu1_i386.deb

Size/MD5: 485640
e9665bcc49dba12bb88d0dbbc91dc2ca

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-common_1.3.33-4ubuntu1_powerpc.deb

Size/MD5: 919468
1acb3a95dc392908764366eb7a9cf837
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.33-4ubuntu1_powerpc.deb

Size/MD5: 9253540
b79b964d8b328168a5e84141369591b6
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.33-4ubuntu1_powerpc.deb

Size/MD5: 513098
e3731ecc291e9f4a1b33909991973a5a
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.33-4ubuntu1_powerpc.deb

Size/MD5: 508990
f93f9393257bfeb010757eca85067f77
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.33-4ubuntu1_powerpc.deb

Size/MD5: 397092
ec577980cf93a5de6f8ec7e5db0316a9
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.3-4ubuntu1_powerpc.deb

Size/MD5: 490332
6a06c0a6a65c34b48e99e5d666b35500

Ubuntu Security Notice USN-176-1 September 07, 2005
kdebase vulnerability
CAN-2005-2494

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

kdebase-bin

The problem can be corrected by upgrading the affected package
to version 4:3.4.0-0ubuntu18.1. In general, a standard system
upgrade is sufficient to effect the necessary changes.

Details follow:

Ilja van Sprundel discovered a flaw in the lock file handling of
kcheckpass. A local attacker could exploit this to execute
arbitrary code with root privileges.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase_3.4.0-0ubuntu18.1.diff.gz

Size/MD5: 189597
ef9b4ad4f1e4340a2ecdaad471670b63
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase_3.4.0-0ubuntu18.1.dsc

Size/MD5: 1622
2a0d3a6c1e146f5b54b5e7a20bf58cea
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase_3.4.0.orig.tar.gz

Size/MD5: 26947670
31334d21606078a1f1eab1c3a25317e9

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-data_3.4.0-0ubuntu18.1_all.deb

Size/MD5: 4608912
0113ee173e4da0e4d3c233c4288ec667
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-doc_3.4.0-0ubuntu18.1_all.deb

Size/MD5: 1084404
5715fca77f5f4224c63f78cb1e1b418d
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase_3.4.0-0ubuntu18.1_all.deb

Size/MD5: 22020
a5cbdaa9f938a786b3cd74a6396d5e20
http://security.ubuntu.com/ubuntu/pool/universe/k/kdebase/xfonts-konsole_3.4.0-0ubuntu18.1_all.deb

Size/MD5: 37918
0440a29214683017d1548827d23216ef

amd64 architecture (Athlon64, Opteron, EM64T Xeon)