---

Debian GNU/Linux Advisories: abiword, mpg123, iptables, libxml, libxml2, xpdf


Debian Security Advisory DSA 579-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
November 1st, 2004 http://www.debian.org/security/faq


Package : abiword
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0645

A buffer overflow vulnerability has been disovered in the wv
library, used for converting and previewing word documents. On
exploition an attacker could execute arbitrary code with the
privileges of the user running the vulnerable application.

For the stable distribution (woody) this problem has been fixed
in version 1.0.2+cvs.2002.06.05-1woody2.

The package in the unstable distribution (sid) is not
affected.

We recommend that you upgrade your abiword package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:


http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2.dsc

Size/MD5 checksum: 1159 85bb20f96162736e29ade8d6558799d6

http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2.diff.gz

Size/MD5 checksum: 48982 12356a29a3185ef367fd7a18a7374be0

http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05.orig.tar.gz

Size/MD5 checksum: 16407034 0b0e1f3e42a0627a28cea970b099049d

Architecture independent components:


http://security.debian.org/pool/updates/main/a/abiword/abiword-doc_1.0.2+cvs.2002.06.05-1woody2_all.deb

Size/MD5 checksum: 950160 e102efac6a16ded87e5e437f687a0310

http://security.debian.org/pool/updates/main/a/abiword/xfonts-abi_1.0.2+cvs.2002.06.05-1woody2_all.deb

Size/MD5 checksum: 189372 96b1fd88bd7c779e692d1f97f4884992

Alpha architecture:


http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_alpha.deb

Size/MD5 checksum: 12324 db3b4b84b9fe45dcbd3c2e50bdf3ea08

http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_alpha.deb

Size/MD5 checksum: 538558 745ddd234eebaba2d94b4dcb8482eb58

http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_alpha.deb

Size/MD5 checksum: 2069076 b15d6f04af7fe12637fbf3f98bff3570

http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_alpha.deb

Size/MD5 checksum: 1873718 f3c06b0ab36204d17bd7f35b8aaa9d9c

http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_alpha.deb

Size/MD5 checksum: 228192 0f93acbe004457b96665dfd404eb7a0d

ARM architecture:


http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_arm.deb

Size/MD5 checksum: 12324 d79bb97457548ab36052e0e311168ac5

http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_arm.deb

Size/MD5 checksum: 536122 c9a40134dad59a82a902e734c8011f78

http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_arm.deb

Size/MD5 checksum: 1716898 e16c92223a1d79b11e13723dfe440b70

http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_arm.deb

Size/MD5 checksum: 1533466 519589fac25720cb9932949a16e435e9

http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_arm.deb

Size/MD5 checksum: 154748 69f4844084b35e02af75d2350970ae5f

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_i386.deb

Size/MD5 checksum: 12316 56e899f5073f4ecf10b6cb29802da76f

http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_i386.deb

Size/MD5 checksum: 533908 f3d4e7035c0d0e9fcf6c53386f9305f6

http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_i386.deb

Size/MD5 checksum: 1677628 bafc31f34a7f940268acb69e708db7c8

http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_i386.deb

Size/MD5 checksum: 1491442 a87d8c81b54987eee14cfa5ad4cfa599

http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_i386.deb

Size/MD5 checksum: 219836 2de08d80c8581d9814047c11e41d98fc

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_ia64.deb

Size/MD5 checksum: 12326 16aae240a8308465fcc04e7f9697d64a

http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_ia64.deb

Size/MD5 checksum: 542536 e9fcc8cb137cde1015f854c6383e803f

http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_ia64.deb

Size/MD5 checksum: 2121940 fb962d5debe790b0a9ea5da9b82f1500

http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_ia64.deb

Size/MD5 checksum: 1939620 d84fc2069f1af2ce581f6a876179c567

http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_ia64.deb

Size/MD5 checksum: 311806 1664fc9ec9ed17f7c355aa2b27c9cb27

HP Precision architecture:


http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_hppa.deb

Size/MD5 checksum: 12322 fbe7366ac7c2d84eaa840c29bb0f0870

http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_hppa.deb

Size/MD5 checksum: 537778 0e13ea49a4bf688b99297c6fa60ddbe0

http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_hppa.deb

Size/MD5 checksum: 2039786 f91d12d4d6ba552a42cf4562d358f5f3

http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_hppa.deb

Size/MD5 checksum: 1821044 ed470c31af565d3a836dbaed6b5956c9

http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_hppa.deb

Size/MD5 checksum: 195742 8f70554c0e9fab92c733e084ac435796

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_m68k.deb

Size/MD5 checksum: 12326 fda3aee08b6c7a36552c44c9e18dc2f3

http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_m68k.deb

Size/MD5 checksum: 533074 623de2757f85e5f40404ad7178600900

http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_m68k.deb

Size/MD5 checksum: 1602602 71341f13227b14ebebbdab7307170e5e

http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_m68k.deb

Size/MD5 checksum: 1416262 4123606f88103837cb0b1716e5332edc

http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_m68k.deb

Size/MD5 checksum: 199616 c8cbb04072b54b12e5d790d190ed5e20

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_mips.deb

Size/MD5 checksum: 12324 2a9e9d8590cbff7e6eae6210dcda5963

http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_mips.deb

Size/MD5 checksum: 536334 34b58292b19a97c7caf03fa8649f9588

http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_mips.deb

Size/MD5 checksum: 1701150 4233b20af6d518aef680721c6e9d224f

http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_mips.deb

Size/MD5 checksum: 1513420 4e9ff72a764e615974d97bd1078955b6

http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_mips.deb

Size/MD5 checksum: 205038 d02601a4bf14e98e8b43f0773b25e0c4

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_mipsel.deb

Size/MD5 checksum: 12322 33fbc540d53404e519a6696930e94193

http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_mipsel.deb

Size/MD5 checksum: 536470 367d3892a482f12e69f4a78ab94925b9

http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_mipsel.deb

Size/MD5 checksum: 1663230 72a084359b72dbb54d77ccf5fc2dbc5f

http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_mipsel.deb

Size/MD5 checksum: 1480868 f3e424b1b36eef3bcb52c422e36393ec

http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_mipsel.deb

Size/MD5 checksum: 202908 a145263d08da2e5dad0d611869180def

PowerPC architecture:


http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_powerpc.deb

Size/MD5 checksum: 12316 e4d9763a95a99175919c1da05fbd35d7

http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_powerpc.deb

Size/MD5 checksum: 534710 596bbd310236e97c3d967ff6fac45e2a

http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_powerpc.deb

Size/MD5 checksum: 1716300 a77a54353c0f17ae35f363931dae7d47

http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_powerpc.deb

Size/MD5 checksum: 1527752 1d6a0d11fb0a4c0d59e3a84b9457964d

http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_powerpc.deb

Size/MD5 checksum: 211422 bdf81bbb6ad1e18ba5140a06d4ba6493

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_s390.deb

Size/MD5 checksum: 12322 41066489465b7dc84e7512a8b2467215

http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_s390.deb

Size/MD5 checksum: 535134 7bee77890a9237f6a45d44c9a6fa3fb0

http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_s390.deb

Size/MD5 checksum: 1603758 13a836f504b4698bce96b010e6c6a1ef

http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_s390.deb

Size/MD5 checksum: 1417836 da47311e33507bccba7da3ff9eb9a890

http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_s390.deb

Size/MD5 checksum: 203140 bdaa7fe49b1fb7097e9bf7d8fec42d5c

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_sparc.deb

Size/MD5 checksum: 12326 af26ffe3a8a0c96f62f5a93003e11c77

http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_sparc.deb

Size/MD5 checksum: 537396 0b7459a387b34d02fcdf200948022936

http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_sparc.deb

Size/MD5 checksum: 1656854 67a1f7d6d4cc1d0a2c120a61e9983ac2

http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_sparc.deb

Size/MD5 checksum: 1470270 36c383eec00251183eab2e4cd3add41d

http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_sparc.deb

Size/MD5 checksum: 193240 c86d477d0eda07aa9822817933b4413d

These files will probably be moved into the stable distribution
on its next update.



Debian Security Advisory DSA 578-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
November 1st, 2004 http://www.debian.org/security/faq


Package : mpg123
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0982

Carlos Barros has discovered a buffer overflow in the HTTP
authentication routine of mpg123, a popular (but non-free) MPEG
layer 1/2/3 audio player. If a user opened a malicious playlist or
URL, an attacker might execute arbitrary code with the rights of
the calling user.

For the stable distribution (woody) this problem has been fixed
in version 0.59r-13woody4.

For the unstable distribution (sid) this problem has been fixed
in version 0.59r-17.

We recommend that you upgrade your mpg123 package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:


http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody4.dsc

Size/MD5 checksum: 748 386de2941605795a833ccdddf200f26b

http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody4.diff.gz

Size/MD5 checksum: 24568 bf98712baa4bb429768762ea9c20404a

http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r.orig.tar.gz

Size/MD5 checksum: 159028 95df59ad1651dd2346d49fafc83747e7

Alpha architecture:


http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody4_alpha.deb

Size/MD5 checksum: 94630 18738b85cf26807ea4d29b1c82767d63

http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0.59r-13woody4_alpha.deb

Size/MD5 checksum: 94590 f550ba5af79ae1bf5f8024178c391e0c

ARM architecture:


http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody4_arm.deb

Size/MD5 checksum: 89708 6b5bc7522cf6e91c7ec21662f8809bc3

Intel IA-32 architecture:


http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody4_i386.deb

Size/MD5 checksum: 81688 9c5fb2322632dc72d64e18ec404abad8

http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0.59r-13woody4_i386.deb

Size/MD5 checksum: 81642 a06e8185f9b0da320ab46c348e55be5a

http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-nas_0.59r-13woody4_i386.deb

Size/MD5 checksum: 83626 a00b78f948d8967ec23cb2874847f638

http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-oss-3dnow_0.59r-13woody4_i386.deb

Size/MD5 checksum: 81334 204b7db5b537d81741f04dee9bf80a40

http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-oss-i486_0.59r-13woody4_i386.deb

Size/MD5 checksum: 87940 0c9d0b30b8a832f30de5cc3d29c321b0

HP Precision architecture:


http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody4_hppa.deb

Size/MD5 checksum: 97516 428e9dd2c7805424976c82f7aa37e54b

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody4_m68k.deb

Size/MD5 checksum: 75998 b08ad56ec624c0f8a3624596cef423ea

PowerPC architecture:


http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody4_powerpc.deb

Size/MD5 checksum: 88528 442b5e1d2462121fcfb1c4eda82429f3

http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0.59r-13woody4_powerpc.deb

Size/MD5 checksum: 88448 d885597a3cb24ae2d92309def283ab5b

Sun Sparc architecture:


http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody4_sparc.deb

Size/MD5 checksum: 88776 b905ba3b69cc2196cc9d84ddefb9b16b

These files will probably be moved into the stable distribution
on its next update.



Debian Security Advisory DSA 580-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
November 1st, 2004 http://www.debian.org/security/faq


Package : iptables
Vulnerability : missing initialisation
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0986
Debian Bug : 219686

Faheem Mitha noticed that the iptables command, an
administration tool for IPv4 packet filtering and NAT, did not
always load the required modules on it own as it was supposed to.
This could lead to firewall rules not being loaded on system
startup. This caused a failure in connection with rules provided by
lokkit at least.

For the stable distribution (woody) this problem has been fixed
in version 1.2.6a-5.0woody2.

For the unstable distribution (sid) this problem has been fixed
in version 1.2.11-4.

We recommend that you upgrade your iptables package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:


http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2.dsc

Size/MD5 checksum: 639 03ce7ecd0cc462b0b0bef08d400f5a39

http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2.diff.gz

Size/MD5 checksum: 82136 6c6305ebf8da551d7cbdfc4fe1149d87

http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a.orig.tar.gz

Size/MD5 checksum: 422313 84aed37b27830c1a74ece6765db0c31c

Alpha architecture:


http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_alpha.deb

Size/MD5 checksum: 377404 4adc7c8e3b71d6732fe36a223d044fc7

http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_alpha.deb

Size/MD5 checksum: 110230 c0e0ecb43614186556adcd714e4d1272

ARM architecture:


http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_arm.deb

Size/MD5 checksum: 314110 8d0b4d2e6d7af1377cccf91898a7bda6

http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_arm.deb

Size/MD5 checksum: 99130 aff30c9fc49fed3c4b21f418b43c4e65

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_i386.deb

Size/MD5 checksum: 287114 b0ff0f6ab787a136d7ef6f8819b04f96

http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_i386.deb

Size/MD5 checksum: 96442 1c2d7ec853da4fdca2ca4e5bddd6740f

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_ia64.deb

Size/MD5 checksum: 446814 e9ea93b92e97a66164411be155b93598

http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_ia64.deb

Size/MD5 checksum: 116386 42deb79a474dd9d78bddfe723b4ee6c4

HP Precision architecture:


http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_hppa.deb

Size/MD5 checksum: 345212 4866e88ca61f8ac2778cc3ce44d142ac

http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_hppa.deb

Size/MD5 checksum: 95430 c60ef8c05e0c238d8ac7682626f3972d

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_m68k.deb

Size/MD5 checksum: 289032 f7748d7e5cc9726b7142d918712abd6d

http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_m68k.deb

Size/MD5 checksum: 91232 37e6e304f0b4ebf666c4ffc860253a73

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_mips.deb

Size/MD5 checksum: 326050 713a2efd308c98a3a48135664c7a385c

http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_mips.deb

Size/MD5 checksum: 106754 f44458bc89644ddb91a63caa498456ad

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_mipsel.deb

Size/MD5 checksum: 327082 731e9de4f81d6ecc114c89b2c54e99c7

http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_mipsel.deb

Size/MD5 checksum: 106898 25d89525b8d158f12eaaf2db6635fd14

PowerPC architecture:


http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_powerpc.deb

Size/MD5 checksum: 321422 a73bf7a5f4696a44abe4dc19d9508cc8

http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_powerpc.deb

Size/MD5 checksum: 101350 e81ceac78d6a38cfdd6b8f09e0cb176e

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_s390.deb

Size/MD5 checksum: 307826 1092ceb008461ac0323b2ddfc2327c22

http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_s390.deb

Size/MD5 checksum: 97020 c5079802be1fed9934527371cf6a99d8

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_sparc.deb

Size/MD5 checksum: 323322 b33b11c7b474c50a84087f99580c122c

http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_sparc.deb

Size/MD5 checksum: 98876 dc0ed1d555df1abb1868514fa307a88c

These files will probably be moved into the stable distribution
on its next update.



Debian Security Advisory DSA 582-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
November 2nd, 2004 http://www.debian.org/security/faq


Package : libxml, libxml2
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0989

“infamous41md” discovered several buffer overflows in libxml and
libxml2, the XML C parser and toolkits for GNOME. Missing boundary
checks could cause several buffers to be overflown, which may cause
the client to execute arbitrary code.

The following vulnerability matrix lists corrected versions of
these libraries:

For the stable distribution (woody) these problems have been
fixed in version 1.8.17-2woody2 of libxml and in version
2.4.19-4woody2 of libxml2.

For the unstable distribution (sid) these problems have been
fixed in version 1.8.17-9 of libxml and in version 2.6.11-5 of
libxml2.

These problems have also been fixed in version 2.6.15-1 of
libxml2 in the experimental distribution.

We recommend that you upgrade your libxml packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:


http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17-2woody2.dsc

Size/MD5 checksum: 651 2bfffaf40b3784b89a819e878e9626f0

http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17-2woody2.diff.gz

Size/MD5 checksum: 34182 6923b92252b9aed67167f04ab236c8e8

http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17.orig.tar.gz

Size/MD5 checksum: 1016403 b8f01e43e1e03dec37dfd6b4507a9568


http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody2.dsc

Size/MD5 checksum: 654 40c1984cb88763ebd8cc8bfe99de6c80

http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody2.diff.gz

Size/MD5 checksum: 344211 7189893e73c9d929205896437c1b1da4

http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19.orig.tar.gz

Size/MD5 checksum: 1925487 22e3c043f57e18baaed86c5fff3eafbc

Alpha architecture:


http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody2_alpha.deb

Size/MD5 checksum: 382124 e44313692381e5858f18da6c49d05513

http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody2_alpha.deb

Size/MD5 checksum: 208956 83b71540e2c73f03513975b0fb8b105f


http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody2_alpha.deb

Size/MD5 checksum: 388892 0c563e7f9514b655a12aa2d064223032

http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody2_alpha.deb

Size/MD5 checksum: 938660 dadea3ca7e50350c2c7ffebe36d05d0f

ARM architecture:


http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody2_arm.deb

Size/MD5 checksum: 392650 9e63519f4811e4ecfe15c9d918b38a3b

http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody2_arm.deb

Size/MD5 checksum: 184316 679269786787b9e5acbaedebff18adb7


http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody2_arm.deb

Size/MD5 checksum: 346200 803c66b523b9808d15528d54c060a9bd

http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody2_arm.deb

Size/MD5 checksum: 903098 ee22dbc5b403a6e652efe7f15a01fb75

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody2_i386.deb

Size/MD5 checksum: 330182 1170064a71b1a4e9b74816af4a32475e

http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody2_i386.deb

Size/MD5 checksum: 183476 fd63fcad152cfce33e4b1704522ad550


http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody2_i386.deb

Size/MD5 checksum: 333104 16c4091c3a23b0e781f56dc319618f8e

http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody2_i386.deb

Size/MD5 checksum: 843196 239c8e4e112dbda6b3c2cd31f8177720

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody2_ia64.deb

Size/MD5 checksum: 447364 893b7b074f5fa81d5b5c9e26000b29f3

http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody2_ia64.deb

Size/MD5 checksum: 285628 879fc3aef1b51620f7e6915292d6a97e


http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody2_ia64.deb

Size/MD5 checksum: 507612 a9adbdfd156d3fe84040f408ad125be2

http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody2_ia64.deb

Size/MD5 checksum: 1032762 8d6f6d5d16b2d75bfd76672fa4985a14

HP Precision architecture:


http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody2_hppa.deb

Size/MD5 checksum: 439590 425399c89c7eb16137d969a6cef752e4

http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody2_hppa.deb

Size/MD5 checksum: 248372 9caf0fcecb21d78d9af74f632b1c8446


http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody2_hppa.deb

Size/MD5 checksum: 425520 3ccebdce5fe9b80743253a37316157af

http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody2_hppa.deb

Size/MD5 checksum: 979256 6c22748c33c75b0ee5aeb860efee5a53

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody2_m68k.deb

Size/MD5 checksum: 318372 0fab68e9e9ba8a2e997573117e9aa0e9

http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody2_m68k.deb

Size/MD5 checksum: 178346 4b8cc510bb6437ce8db345eca1839af2


http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody2_m68k.deb

Size/MD5 checksum: 337140 82169ea40ae52a9e8d3156a31e360955

http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody2_m68k.deb

Size/MD5 checksum: 828952 4ca7a3f1c179596e437f9dfdcc3f580a

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody2_mips.deb

Size/MD5 checksum: 376408 365aeb51b9294d81730bc98e0af0d219

http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody2_mips.deb

Size/MD5 checksum: 183804 5570e2a54ba089d1f1d8b02c56742089


http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody2_mips.deb

Size/MD5 checksum: 349116 6ca2c1d1d79d7333a22406b179c092db

http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody2_mips.deb

Size/MD5 checksum: 921192 ebb90411abef3e858b9de4a3be497c46

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody2_mipsel.deb

Size/MD5 checksum: 373854 692fbe719929a2874dae659d41bdc77a

http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody2_mipsel.deb

Size/MD5 checksum: 183140 e723329953c4a18985f3e7ccd594527d


http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody2_mipsel.deb

Size/MD5 checksum: 343810 96a05292b67bfb88b0b297462511633d

http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody2_mipsel.deb

Size/MD5 checksum: 915238 65471cbe63f97759b77cc6909f3e4068

PowerPC architecture:


http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody2_powerpc.deb

Size/MD5 checksum: 356772 b9d81bed922444e04b4bb40cd8b6c1da

http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody2_powerpc.deb

Size/MD5 checksum: 194196 5bfd2a792665ff67ee95580978cbb190


http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody2_powerpc.deb

Size/MD5 checksum: 376604 83bdc195dd946e4f91912e7147ebe903

http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody2_powerpc.deb

Size/MD5 checksum: 917092 61479b1fa13b124a920cceae7e23992a

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody2_s390.deb

Size/MD5 checksum: 329590 72c14a9b31961174f71af876ddcd53eb

http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody2_s390.deb

Size/MD5 checksum: 184392 93eaedce11e29de34f4e4cf7d07a40df


http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody2_s390.deb

Size/MD5 checksum: 360384 31084d770e8129aa710513ef56aeb41d

http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody2_s390.deb

Size/MD5 checksum: 857550 6e3186b4f4e81af40390dac27dd0fe2f

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody2_sparc.deb

Size/MD5 checksum: 347208 5984047996c0c1bfe1bda0813e62f905

http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody2_sparc.deb

Size/MD5 checksum: 196282 3214ecae98a445d78aae0aa850403df4


http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody2_sparc.deb

Size/MD5 checksum: 363778 0e6054a515784befb193b4d331f399d5

http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody2_sparc.deb

Size/MD5 checksum: 887178 8ca21974d081b2dd39b1e78dca414547

These files will probably be moved into the stable distribution
on its next update.



Debian Security Advisory DSA 581-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
November 2nd, 2004 http://www.debian.org/security/faq


Package : xpdf
Vulnerability : integer overflows
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0888
Debian Bug : 278298

Chris Evans discovered several integer overflows in xpdf, a
viewer for PDF files, which can be exploited remotely by a
specially crafted PDF document and lead to the execution of
arbitrary code.

For the stable distribution (woody) these problems have been
fixed in version 1.00-3.2.

For the unstable distribution (sid) these problems have been
fixed in version 3.00-9.

We recommend that you upgrade your xpdf package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:


http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.2.dsc

Size/MD5 checksum: 706 9f5d7d51a4bc6d71a06dd4a5f02f3729

http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.2.diff.gz

Size/MD5 checksum: 10058 15d41abe3fa8a2d78c6b041c748f208e

http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00.orig.tar.gz

Size/MD5 checksum: 397750 81f3c381cef729e4b6f4ce21cf5bbf3c

Architecture independent components:


http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_1.00-3.2_all.deb

Size/MD5 checksum: 38514 c09d234c1a76172cb43a97856de16b2d

http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.2_all.deb

Size/MD5 checksum: 1292 3fec4c8ebb50145440c5036c1a7e293d

Alpha architecture:


http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_alpha.deb

Size/MD5 checksum: 570922 67ff32dd5a579977a931445ed893d085

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.2_alpha.deb

Size/MD5 checksum: 1045100 884ede86ce33bda2ac61bb70e45020d6

ARM architecture:


http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_arm.deb

Size/MD5 checksum: 487036 8b1e20731ab6733ba9407fbdcfdda7eb

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.2_arm.deb

Size/MD5 checksum: 886032 b1bf52b32ab24c5a6f27a10284af8a19

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_i386.deb

Size/MD5 checksum: 449348 d4df5561128f35da0d12b0308c0fb0fd

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.2_i386.deb

Size/MD5 checksum: 827652 54710c21c73a005b5733cc0b2ebd8fc1

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_ia64.deb

Size/MD5 checksum: 682162 52cf660fd4aa6e34a567cc2c4b35f602

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.2_ia64.deb

Size/MD5 checksum: 1227894 ec5525ea02b45edbc77d9aa92a9f15d9

HP Precision architecture:


http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_hppa.deb

Size/MD5 checksum: 563642 787e6969b5523b594ba48757e648e63f

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.2_hppa.deb

Size/MD5 checksum: 1032382 3d5b816589415127a6b339bb564d4617

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_m68k.deb

Size/MD5 checksum: 427490 c389ebf13a5cac9aa9198d8e065e4f18

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.2_m68k.deb

Size/MD5 checksum: 794176 4b996f2daa35ee1a5769077a9a156ad2

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_mips.deb

Size/MD5 checksum: 555000 ac278836ba797ee23d08cd4f0f00fcb5

htt

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis