Non sei loggato!
Feedmyapp
Professionalontheweb
31/8/2005 21:33:17
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 792-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 31st, 2005 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : pstotext
Vulnerability : missing input sanitising
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-2536
BugTraq ID : 14378
Debian Bug : 319758
Max Vozeler discovered that pstotext, a utility to extract text from
PostScript and PDF files, did not execute ghostscript with the -dSAFER
argument, which prevents potential malicious operations to happen.
For the old stable distribution (woody) this problem has been fixed in
version 1.8g-5woody1.
For the stable distribution (sarge) this problem has been fixed in
version 1.9-1sarge1.
For the unstable distribution (sid) this problem has been fixed in
version 1.9-2.
We recommend that you upgrade your pstotext package.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1.dsc
Size/MD5 checksum: 569 5e4999fac3cb50533b8fa55fa9b8d839
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1.diff.gz
Size/MD5 checksum: 5551 e8656ca1e70907515dea96f646defbeb
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g.orig.tar.gz
Size/MD5 checksum: 36193 dfabf95fffea52cc03d8728617ca1b1e
Alpha architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_alpha.deb
Size/MD5 checksum: 33478 dc7994b7f762a99cda3f6e9eebfd5078
ARM architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_arm.deb
Size/MD5 checksum: 31158 64eb3bb5eaf13a54356bd8b55212ac93
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_i386.deb
Size/MD5 checksum: 31140 ed687aa111ef4d56fd7b2fb220f8118a
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_ia64.deb
Size/MD5 checksum: 37056 7ac97b49306cf896bb3d62b6b076ecb0
HP Precision architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_hppa.deb
Size/MD5 checksum: 32884 6e7b79977d550e6981b0a6849face1b9
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_m68k.deb
Size/MD5 checksum: 30124 5b23f0c04107d284c561d1621c4fd9d1
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_mips.deb
Size/MD5 checksum: 32978 56283a3ef2931d2c4759c4c56218f83a
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_mipsel.deb
Size/MD5 checksum: 32624 29ed7091abca377c4b91fa68d7bc48cb
PowerPC architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_powerpc.deb
Size/MD5 checksum: 32082 c8b4af3f34d681f9dabe4ff31bf0434a
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_s390.deb
Size/MD5 checksum: 31354 ce7f8f5b398350e9d779a847b7c5ef2f
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_sparc.deb
Size/MD5 checksum: 35050 e6e74a1ccfc2cb7246911b2f0427609f
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1.dsc
Size/MD5 checksum: 566 a4a25eaf8322a20742fb0eac628c096c
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1.diff.gz
Size/MD5 checksum: 7817 634b242dbb68cbb6cf1595e6fa390d0e
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9.orig.tar.gz
Size/MD5 checksum: 37461 64576e8a10ff5514e285d98b3898ae78
Alpha architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_alpha.deb
Size/MD5 checksum: 34084 82b71b24a4248ea05d243aa1d7b00e7c
AMD64 architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_amd64.deb
Size/MD5 checksum: 33670 b5911eb9b067b55315dadfba9c8cb590
ARM architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_arm.deb
Size/MD5 checksum: 32260 426147c50900aba089a9eb430e2094bb
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_i386.deb
Size/MD5 checksum: 32632 e2f9a3859fe3061c85d4f1a54253062e
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_ia64.deb
Size/MD5 checksum: 37624 76f3ed1bb870504692fe7fadbeb6e9b7
HP Precision architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_hppa.deb
Size/MD5 checksum: 34282 7570594eef38d55ebb26e981c8de306b
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_m68k.deb
Size/MD5 checksum: 31370 b9bd589dbbaf0d516cefb4f0b40397be
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_mips.deb
Size/MD5 checksum: 34196 ac148736eaeedd368b6114c79c45b569
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_mipsel.deb
Size/MD5 checksum: 33800 f9bad656d356e522daf2de44c0cc5f26
PowerPC architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_powerpc.deb
Size/MD5 checksum: 33408 1b7b3cf7e04b3bf313d798ee822f7e92
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_s390.deb
Size/MD5 checksum: 32948 b10976913ca43591166801bb9844f096
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_sparc.deb
Size/MD5 checksum: 32992 c15517e727b7c38adec0f5f85282c430
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDFZL/W5ql+IAeqTIRArUzAJ95vyOxW+1CZU4UgSatkCljhARCmACfXkYb
gWLcQm6OQ8nZTV05XMkOg94=
=v5XA
-----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
1111 letture | Commenti?
31/8/2005 21:32:58
---------------------------------------------------------------------------
Debian Weekly News
http://www.debian.org/News/weekly/2005/34/
Notizie settimanali Debian - 23 Agosto 2005
---------------------------------------------------------------------------
Benvenuti a questo trentaquattresimo numero dell'anno in corso di DWN,
il notiziario settimanale per la comunità Debian. Il responsabile del
Debian project ha [1]delegato a Don Armstrong l'autorità di decidere
circa l'uso del marchio Debian da parte della (come viene attualmente
chiamata) DCC Alliance. Mick Weiss ha [2]riflettuto su come impostare
[3]torrent per grosse quantità di dati, non soltanto immagini su CD e
DVD ma anche [4]filmati.
1. http://lists.debian.org/debian-project/2005/08/msg00219.html
2. http://lists.debian.org/debian-devel/2005/07/msg01313.html
3. http://www.debian.org/CD/torrent-cd/
4. http://dc5video.debian.net/
Istallazione di Debian su SunBlade150. Nishant Sharma ha scritto un
breve [5]howto su come installare Debian su SunBlade150, una
workstation a 64 bit basata sul processore UltraSPARC. L'istallazione
viene dscritta impiegando l'installer da rete. Poichè configurare
XFree86 è un po' complicato ha fornito un appropriato strumento.
5. http://nishants.net/articles/sunblade150.htm
Dipendenza dalla versione del Kernel. Masanori Goto ha [6]informato
che compilare Glibc non è più possibile sui kernel 2.4 a causa del
supporto per il threading NPTL, che necessita di particolari versioni
del kernel. Ciò costituisce un problema quando più architetture
richiedono di supportare NPTL ma i loro buildd girano ancora su Linux
2.4.
6. http://lists.debian.org/debian-glibc/2005/08/msg00558.html
Incompatibilità di licenza. Elimar Riesebieter ha [7]informato che la
nuova versione di [8]moc richiede la libreria [9]curl che a sua
volta impiega la libreria [10]OpenSSL. Ciò pone un problema poichè moc
è licenziata sotto la [11]GNU GPL che non risulta compatibile con la
licenza di OpenSSL. Torsten Landschoff ha [12]aggiunto che la stessa
cosa è avvenuta a [13]libldap2 precedentemente. Domenico Andreoli
parrebbe avere [14]l'intenzione di sostituire curl con [15]GNUTLS.
7. http://lists.debian.org/debian-devel/2005/07/msg00848.html
8. http://packages.debian.org/moc
9. http://packages.debian.org/libcurl3
10. http://packages.debian.org/libssl0.9.7
11. http://www.gnu.org/copyleft/gpl.html
12. http://lists.debian.org/debian-devel/2005/07/msg00895.html
13. http://packages.debian.org/libldap2
14. http://lists.debian.org/debian-devel/2005/07/msg01001.html
15. http://packages.debian.org/libgnutls11
Impiego degli script di init LSB. Marco d'Itri ha preso in
[16]considerazione di cambiare gli script di init dei propri pacchetti
in [17]lsb-base, cosa che richiederebbe la sua promozione sino alla
priorità important. Petter Reinholdtsen ha [18]fornito un modo
semplice per impiegare lo LSB solamente quando esso sia disponibile.
Thomas Hood ha pure [19]informato circa la mancanza di una funzione di
avanzamento. Il pacchetto lsb-base possiede, quando sarà stato
promosso alla priorità important, le funzioni che possono venire
impiegate in tutti gli script di init.
16. http://lists.debian.org/debian-devel/2005/07/msg00854.html
17. http://packages.debian.org/lsb-base
18. http://lists.debian.org/debian-devel/2005/07/msg00860.html
19. http://lists.debian.org/debian-devel/2005/07/msg00972.html
Eliminazione dei pacchetti di transizione. A Mohammed Adnène Trojette
[20]piacerebbe eliminare i [21]pacchetti di transizione che
risultavano necessari per il passaggio da woody a sarge, poichè non
servono più per passare ad etch. Steve Langasek ha [22]spiegato che
non si può saltare un rilascio quando si aggiorna e che liberarsi di
questi pacchetti di transizione sia soltanto inutile prima che venga
rilasciato etch.
20. http://lists.debian.org/debian-devel/2005/07/msg00869.html
21. http://adn.diwi.org/wiki/index.php/DummyPackagesList
22. http://lists.debian.org/debian-devel/2005/07/msg00898.html
Il problema delle dipendenze cicliche. Lars Wirzenius ha [23]informato
che sinché starà lavorando su [24]piuparts [25]dpkg non riuscirà ad
eliminare alcuni pacchetti, che [26]ha scoperto possedere dipendenze
cicliche. In questo caso lo script di rimozione invoca un programma
dell'altro pacchetto che è già stato rimosso, da ciò nasce un errore.
23. http://lists.debian.org/debian-devel/2005/07/msg00925.html
24. http://packages.debian.org/piuparts
25. http://packages.debian.org/dpkg
26. http://lists.debian.org/debian-devel/2005/07/msg00926.html
Relazione della prima conferenza Debian in India. Sundara Nagarajan ha
scritto una [27]relazione sulla prima [28]Debian Conference India.
Ramakrishnan Muthukrishnan e Ganesan Rajagopal hanno parlato della
filosofia Debian, dei processi e della propria esperienza di essere
diventati contributori Debian. Ganesan ha anche descritto la propria
visione su come integrare e collegare gli altri progetti indiani free
ed open source con Debian.
27. http://www.debian.org/events/2005/0820-debconf-india-report
28. http://www.debian.org/events/2005/0820-debconf-india
Chiudere i vecchi Bug Reports. Hamish Moffatt si [29]chiedeva quando
sia giusto chiudere i bug reports per un poacchetto che si trovi
soltanto entro woody (alias oldstable). Steve Langasek ha [30]spiegato
come i comandi notfound, found e close funzionano sino all'[31]
avvento della nuova versione e Gustavo Franco ha [32]fornito un link
per una [33]quick reference.
29. http://lists.debian.org/debian-qa/2005/08/msg00062.html
30. http://lists.debian.org/debian-qa/2005/08/msg00068.html
31. http://lists.debian.org/debian-devel-announce/2005/07/msg00010.html
32. http://lists.debian.org/debian-qa/2005/08/msg00064.html
33. http://women.alioth.debian.org/wiki/index.php/English/NewBTSHowTo
Installazione automatica e purging. Lars Wirzenius sta [34]portando
[35]piuparts verso etch ed ha scoperto molti bug che vorrebbe
convenientemente riferire. Questo impegno è stato largamente
[36]apprezzato dai lettori. Petter Reinholdtsen si è [37]chiesto se
questo lavoro possa venire esteso per provare aggiornamenti da woody a
sarge e da sarge ad etch.
34. http://lists.debian.org/debian-devel/2005/07/msg01133.html
35. http://packages.debian.org/piuparts
36. http://lists.debian.org/debian-devel/2005/07/msg01134.html
37. http://lists.debian.org/debian-devel/2005/07/msg01182.html
Firme digitali per la gestione dei bug? Javier Fernández-Sanguino Peña
è costretto a [38]riaprire un bug report che era stato chiuso
accidentalmente come fosse un messaggio di spam. Ha proposto di
cominciare a pensare ad implementare prove di autenticazione entro il
[39]bug tracking system. Poiché i contributori non si sono opposti a
quest'idea, ha [40]chiesto di non farla dipendere soltanto dalla
validità della firma dagli sviluppatori Debian.
38. http://lists.debian.org/debian-devel/2005/07/msg01106.html
39. http://www.debian.org/Bugs/
40. http://lists.debian.org/debian-devel/2005/07/msg01124.html
Attribuzione del nome al pacchetto delle librerie condivise. Junichi
Uekawa ha [41]informato che il modo di decidere quale pacchetto -dev
debba essere associato a quale pacchetto di libreria è di osservare
euristicamente il file Packages per scoprire quali pacchetti vengono
generati dallo stesso sorgente. Steve Langasek ha [42]spiegato alcune
possibilità su come ottenere ciò congiuntamente con [43]libtool.
41. http://lists.debian.org/debian-devel/2005/07/msg01433.html
42. http://lists.debian.org/debian-devel/2005/07/msg01440.html
43. http://packages.debian.org/libtool
Gateway LDAP verso il Bug Tracking System. Andreas Barth ha
[44]annunciato che il gateway LDAP verso il [45]bug tracking system
(BTS) è nuovamente in funzione sul master, sulla porta 10101. Lo si è
dovuto [46]eliminare sulla macchina che ospita il BTS a causa di
limitazioni di potenza poichè essa contiene già l'archivio come misura
temporanea.
44. http://lists.debian.org/debian-devel/2005/07/msg01556.html
45. http://www.debian.org/Bugs/
46. http://lists.debian.org/debian-devel/2005/07/msg01469.html
Aggiornamenti per la sicurezza. Sempre la stessa storia. Accertatevi
di aver aggiornato i vostri sistemi se avete qualcuno dei seguenti
pacchetti installato.
* DSA 777: [47]mozilla -- Vulnerabilità di spoofing a mezzo di Frame
injection.
* DSA 778: [48]mantis -- Diverse vulnerabilità.
* DSA 779: [49]mozilla-firefox -- Diverse vulnerabilità.
* DSA 780: [50]kdegraphics -- Denial of service.
* DSA 781: [51]mozilla-thunderbird -- Diverse vulnerabilità.
* DSA 782: [52]bluez-utils -- Esecuzione arbitraria di comando.
47. http://www.debian.org/security/2005/dsa-777
48. http://www.debian.org/security/2005/dsa-778
49. http://www.debian.org/security/2005/dsa-779
50. http://www.debian.org/security/2005/dsa-780
51. http://www.debian.org/security/2005/dsa-781
52. http://www.debian.org/security/2005/dsa-782
Pacchetti nuovi o notevoli. I seguenti pacchetti sono stati inseriti
nell'archivio Debian unstable [53]recentemente o contengono importanti
aggiornamenti.
53. http://packages.debian.org/unstable/newpkg_main
* [54]crystalcursors -- Tema per il mouse X11 con il look&feel
crystal.
* [55]dconf -- Raccoglie informazioni sul sistema.
* [56]feed2imap -- Accorpa gli accessi (RSS/Atom) che immettono
elementi su un server mail IMAP.
* [57]gnome-schedule -- Scheduler per l'esecuzione di task
automatici in GNOME.
* [58]inadyn -- Client che alleggerisce i requisiti per un nome su
Internet.
* [59]input-utils -- Utilità per il livello di ingresso del kernel
Linux.
* [60]kasumi -- Semplice utilità dizionario per Anthy.
* [61]ldapscripts -- Aggiunge ed elimina utenti e gruppi (contenuti
in una directory LDAP).
* [62]nzb -- Preleva i file binari dalla Usenet.
* [63]sbackup -- Suite di backup semplice da usare per impiego da
desktop.
* [64]soundstretch -- Allunga e modifica indipendentemente il suono.
* [65]turkey -- Generatore di testo fittizio.
* [66]twinkle -- Telefono SIP basato sul protocollo Voice over
Internet.
* [67]ufraw -- Programma standalone che importa immagini raw.
* [68]vde -- Ethernet virtuale distribuita.
* [69]vym -- View your mind.
54. http://packages.debian.org/unstable/x11/crystalcursors
55. http://packages.debian.org/unstable/admin/dconf
56. http://packages.debian.org/unstable/net/feed2imap
57. http://packages.debian.org/unstable/gnome/gnome-schedule
58. http://packages.debian.org/unstable/net/inadyn
59. http://packages.debian.org/unstable/utils/input-utils
60. http://packages.debian.org/unstable/x11/kasumi
61. http://packages.debian.org/unstable/admin/ldapscripts
62. http://packages.debian.org/unstable/net/nzb
63. http://packages.debian.org/unstable/admin/sbackup
64. http://packages.debian.org/unstable/sound/soundstretch
65. http://packages.debian.org/unstable/text/turkey
66. http://packages.debian.org/unstable/comm/twinkle
67. http://packages.debian.org/unstable/graphics/ufraw
68. http://packages.debian.org/unstable/net/vde
69. http://packages.debian.org/unstable/kde/vym
Pacchetti rimasti orfani. Undici pacchetti sono rimasti orfani questa
settimana ed hanno bisogno di un nuovo manutentore. Ciò fa un totale
di centonovanta pacchetti rimasti orfani. Tanti ringraziamenti ai
manutentori precedenti che hanno dato il proprio contributo alla
comunità dello Free Software. Osservate le [70]pagine WNPP per
l'elenco compelto ed aggiungete una nota al bug report e
reintitolatelo in ITA: se intendete adottare un pacchetto.
70. http://www.debian.org/devel/wnpp/
* [71]fv -- Strumento per vedere e modificare file formato FITS.
([72]Bug#323469)
* [73]ifhp -- Filtro di stampa per stampanti HP LaserJet.
([74]Bug#323471)
* [75]kernel-patch-2.4-kgdb -- Debugger per il kernel GDB.
([76]Bug#323441)
* [77]memprof -- Rileva profili e perdite di memoria.
([78]Bug#324607)
* [79]mgm -- Documentazione HTML per MGM. ([80]Bug#323677)
* [81]mindterm -- Client Java che impiega SSH, usabile come applet
web. ([82]Bug#323802)
* [83]mozilla-locale-it -- Pacchetto Mozilla per la lingua e la
localizzazione italiana. ([84]Bug#324484)
* [85]psrip -- Estrae le immagini da file postscript.
([86]Bug#323475)
* [87]rioutil -- Prodotti Diamond MM basati sul colloquio con USB.
([88]Bug#323477)
* [89]xcircuit -- Disegno di schemi o di qualunque altra cosa.
([90]Bug#323678)
* [91]xed -- Editor di testo standard per X. ([92]Bug#323679)
71. http://packages.debian.org/unstable/science/fv
72. http://bugs.debian.org/323469
73. http://packages.debian.org/unstable/net/ifhp
74. http://bugs.debian.org/323471
75. http://packages.debian.org/unstable/devel/kernel-patch-2.4-kgdb
76. http://bugs.debian.org/323441
77. http://packages.debian.org/unstable/gnome/memprof
78. http://bugs.debian.org/324607
79. http://packages.debian.org/unstable/admin/mgm
80. http://bugs.debian.org/323677
81. http://packages.debian.org/unstable/web/mindterm
82. http://bugs.debian.org/323802
83. http://packages.debian.org/unstable/web/mozilla-locale-it
84. http://bugs.debian.org/324484
85. http://packages.debian.org/unstable/text/psrip
86. http://bugs.debian.org/323475
87. http://packages.debian.org/unstable/sound/rioutil
88. http://bugs.debian.org/323477
89. http://packages.debian.org/unstable/electronics/xcircuit
90. http://bugs.debian.org/323678
91. http://packages.debian.org/unstable/editors/xed
92. http://bugs.debian.org/323679
Volete continuare a leggere DWN? Aiutateci a creare questo notiziario.
Ci servono sempre più scrittori volontari che osservino la comunità
Debian ed informino circa cosa sta accadendo. Date un'occhiata alla
[93]contributing page per scoprire come aiutarci. Aspettiamo le
vostre lettere indirizzate a [94]dwn@debian.org.
93. http://www.debian.org/News/weekly/contributing
94. mailto:dwn@debian.org
1834 letture | Commenti?
8/7/2005 15:14:22
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA 735-2 security@debian.org
http://www.debian.org/security/ Michael Stone
July 07, 2005 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : sudo
Vulnerability : pathname validation race
Problem type : local
Debian-specific: no
CVE Id(s) : CAN-2005-1993
Debian Bug : 315115
A local user who has been granted permission to run commands via sudo
could run arbitrary commands as a privileged user due to a flaw in
sudo's pathname validation. This bug only affects configurations which
have restricted user configurations prior to an ALL directive in the
configuration file. A workaround is to move any ALL directives to the
beginning of the sudoers file; see the advisory at
http://www.sudo.ws/sudo/alerts/path_race.html for more information.
For the old stable Debian distribution (woody), this problem has been
fixed in version 1.6.6-1.3woody1.
For the current stable distribution (sarge), this problem has been fixed
in version 1.6.8p7-1.1sarge1.
For the unstable distribution, this problem has been fixed in version
1.6.8p9-1.
The only change since DSA 735-1 is the addition of certain architectures
which were not available in the original advisory.
We recommend that you upgrade your sudo package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian 3.0 (woody)
- ------------------
woody was released for alpha, arm, hppa, i386, ia64, m68k, mips,
mipsel, powerpc, s390 and sparc. Packages for all but arm & ia64 were
released in DSA 735-1.
arm architecture (ARM)
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_arm.deb
Size/MD5 checksum: 140196 68a776aa70997915c4cd3b2513cfda9a
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_ia64.deb
Size/MD5 checksum: 170186 a7f5941729ed3e865b3809225de8c950
Debian 3.1 (sarge)
- ------------------
sarge was released for alpha, arm, hppa, i386, ia64, m68k, mips,
mipsel, powerpc, s390 and sparc. Packages for all but arm were
released in DSA 735-1.
arm architecture (ARM)
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_arm.deb
Size/MD5 checksum: 163476 870b7104140d4170b2bbc663d431c333
- -------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iQCVAwUBQs3RFw0hVr09l8FJAQKqjAP/buH+c9IPpe70qXdNlnZXiBIp3MHnBAwh
4WK0UcLCgczXcZGcLPRFfkMTmgVf2xMhnsAExRvRtpcDylt2hl+eiEcYWVWgTeDy
wKH6IcJlHzw7SU7aK0WaNfEj20SiijRkaS499aBr7scKluy6LGtncH3tAgmxRZxg
GHc1szx4E1s=
=zx3N
-----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
959 letture | Commenti?
8/7/2005 15:14:06
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA 736-2 security@debian.org
http://www.debian.org/security/ Michael Stone
July 07, 2005 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : spamassassin
Vulnerability : mail header parsing error
Problem type : remote DOS
Debian-specific: no
CVE Id(s) : CAN-2005-1266
Debian Bug : 314447
A vulnerability was recently found in the way that SpamAssassin parses
certain email headers. This vulnerability could cause SpamAssassin to
consume a large number of CPU cycles when processing messages containing
these headers, leading to a potential denial of service (DOS) attack.
The version of SpamAssassin in the old stable distribution (woody) is
not vulnerable.
For the stable distribution (sarge), this problem has been fixed in
version 3.0.3-2. Note that packages are not yet ready for certain
architectures; these will be released as they become available.
For the unstable distribution (sid), this problem has been fixed in
version 3.0.4-1.
The only change since DSA 736-1 is the addition of packages for certain
architectures that were not available at the time of the original
advisory.
We recommend that you upgrade your sarge or sid spamassassin package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian 3.1 (sarge)
- ------------------
sarge was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Packages were released for all but arm and hppa in DSA 736-1.
arm architecture (ARM)
http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_arm.deb
Size/MD5 checksum: 58362 cf463ef4d601f3f6502f891eef928451
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_hppa.deb
Size/MD5 checksum: 60236 4f6c26a0c8ac1249aa38c17040b18d97
- -------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iQCVAwUBQs3SRw0hVr09l8FJAQInzAP/WDnmR034DGlDy+mFP7Cjz33tSIkGsIGs
7zxjwjd3JOw3BIcK1ULg+fb3MpceSFadn3gg+A4lKPTyy4buhWNo62NMXQ0ITpph
0FmBVcxtylbtUpzVQ1SZ7GVL1gMFkwZdTTO9XTUWFDAxCtXxUIWPW64reWMp1U5n
nD9OvROjvuU=
=nzlJ
-----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
987 letture | Commenti?
8/7/2005 15:13:51
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 742-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
July 7th, 2005 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : cvs
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0753
Debian Bug : 305254
Derek Price, the current maintainer of CVS, discovered a buffer
overflow in the CVS server, that serves the popular Concurrent
Versions System, which could lead to the execution of arbitrary code.
For the old stable distribution (woody) this problem has been fixed in
version 1.11.1p1debian-12.
For the stable distribution (sarge) this problem has been fixed in
version 1.12.9-13.
For the unstable distribution (sid) this problem has been fixed in
version 1.12.9-13.
We recommend that you upgrade your cvs package.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12.dsc
Size/MD5 checksum: 683 5e63610a590a16f61203fab6a71ccf22
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12.diff.gz
Size/MD5 checksum: 57006 a143203742f3f812d951effcf4c37d0d
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian.orig.tar.gz
Size/MD5 checksum: 2621658 500965ab9702b31605f8c58aa21a6205
Alpha architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12_alpha.deb
Size/MD5 checksum: 1179278 1d956eaf1ba6f00e3dad6b264f261e17
ARM architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12_arm.deb
Size/MD5 checksum: 1106264 1d8bc9b6632276c20e1a6f20be73b0ea
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12_i386.deb
Size/MD5 checksum: 1085358 44faa4536ff37f3f538345c0d28ee600
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12_ia64.deb
Size/MD5 checksum: 1272628 e4b3f0e7793ff732b5b353d0a50235bc
HP Precision architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12_hppa.deb
Size/MD5 checksum: 1148446 9cf071f9416238f4fd2c0a4b84dc43ca
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12_m68k.deb
Size/MD5 checksum: 1066724 236acfc29d020dd1c367ae8b92454aaa
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12_mips.deb
Size/MD5 checksum: 1130848 3bb9103c835160bd5ee670ae9b45c573
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12_mipsel.deb
Size/MD5 checksum: 1132246 f5e0ed9bdd8d4d8696b3477bbe576312
PowerPC architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12_powerpc.deb
Size/MD5 checksum: 1117304 6cdfca6759d182b5002e24d2e7c38161
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12_s390.deb
Size/MD5 checksum: 1098040 5a2a3ab9ad5ffd10875f82deea885dce
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12_sparc.deb
Size/MD5 checksum: 1107716 3a334f9f68ec12f781b687affc4285eb
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCzZjPW5ql+IAeqTIRAv24AJwM8LkMVeoKbqCXCR8TWJPzN/n6tgCdFD30
rs0xNnyaZ+I1RZFtBkHH/Xs=
=Qoqy
-----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
1036 letture | Commenti?
| 
