The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:
"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1589-1 security@debian.org
http://www.debian.org/security/ Steve Kemp
May 28, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : libxslt
Vulnerability : buffer overflow
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-1767
Debian Bug : 482664
It was discovered that libxslt, an XSLT processing runtime library,
could be coerced into executing arbitrary code via a buffer overflow
when an XSL style sheet file with a long XSLT "transformation match"
condition triggered a large number of steps.
For the stable distribution (etch), this problem has been fixed in version
1.1.19-2.
For the unstable distribution (sid), this problem has been fixed in
version 1.1.24-1.
We recommend that you upgrade your libxslt package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19.orig.tar.gz
Size/MD5 checksum: 2799906 622e5843167593c8ea39bf86c66b8fcf
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19-2.dsc
Size/MD5 checksum: 849 27df832e1c58fa0b4ee2fc08ae23eb52
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19-2.diff.gz
Size/MD5 checksum: 149924 3135ddae6ed99518ca98cb6dd32f9cf5
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_alpha.deb
Size/MD5 checksum: 107220 cb23c0170e99f97ba4a6328b6c15d4e8
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_alpha.deb
Size/MD5 checksum: 131268 264ec9a09e6fd46eb6acb82b6e2e458f
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_alpha.deb
Size/MD5 checksum: 690048 6af24b16a70e3eda53cf9b01aeb72abe
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_alpha.deb
Size/MD5 checksum: 362862 b0bfc373c7b2b029bdecc32fe3c6b393
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_alpha.deb
Size/MD5 checksum: 230516 c613baf2799aca2b10f704c72d65f6dd
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_amd64.deb
Size/MD5 checksum: 131736 bd359cba79ae664919f1d28bb7ee7bb9
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_amd64.deb
Size/MD5 checksum: 630600 9f2ce6f099ad058ddb7756c6bec0ad04
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_amd64.deb
Size/MD5 checksum: 225362 6fad243b75ab8773edac788ae83ff0b2
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_amd64.deb
Size/MD5 checksum: 106520 86122035aa23a3ac883a90f2ad206cb3
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_amd64.deb
Size/MD5 checksum: 360490 43bf746a2e2d510dc2b42bce0ebfe846
arm architecture (ARM)
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_arm.deb
Size/MD5 checksum: 126438 8d9a6a49d04b7b718ea4891090590ebe
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_arm.deb
Size/MD5 checksum: 213174 5a22f4ddde902b9e62b320d595c717e4
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_arm.deb
Size/MD5 checksum: 106410 fa92dc9b78ddafc576c917dc634850f7
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_arm.deb
Size/MD5 checksum: 344476 84490df6ef91ef8d59397efd08141adb
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_arm.deb
Size/MD5 checksum: 612866 b755daf391dc131cec3cf5170f7ff3ef
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_hppa.deb
Size/MD5 checksum: 132206 246544f21eb977706164148ac110fef4
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_hppa.deb
Size/MD5 checksum: 656512 278e6530497e001b7af16b8c97259640
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_hppa.deb
Size/MD5 checksum: 107496 3c104b63b086ee54e45796cf8f8f5736
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_hppa.deb
Size/MD5 checksum: 238066 ec3a5a9b5ed19d8cea6e207b94960b06
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_hppa.deb
Size/MD5 checksum: 359052 99da4dbb694efd07fec538b0dfba57da
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_i386.deb
Size/MD5 checksum: 215768 065db1534d256efaa0bdbed1d5bc2efa
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_i386.deb
Size/MD5 checksum: 106010 d736922f8f98e3655e0d17c47c182911
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_i386.deb
Size/MD5 checksum: 610254 7d2f1de6b328363d404e0167b2c3d0b2
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_i386.deb
Size/MD5 checksum: 127542 036211c64911322aad9f5afa3c67a8ce
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_i386.deb
Size/MD5 checksum: 350172 fbd79c2f46affc6a6daea73b95c5fe4c
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_ia64.deb
Size/MD5 checksum: 110354 a086d9e71e7152286ff25d6c28d1c188
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_ia64.deb
Size/MD5 checksum: 688004 a39cdbeb7e2bec2db123baf9fb936141
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_ia64.deb
Size/MD5 checksum: 286602 c417da9ebd63d8338401253df1194e01
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_ia64.deb
Size/MD5 checksum: 361472 3643ac55a03571fa185c4e0700298e82
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_ia64.deb
Size/MD5 checksum: 135176 9cdb256571bf9606ed56840a1e88ddb4
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_mips.deb
Size/MD5 checksum: 106622 5f3f9bff564736decdac2c69983211a0
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_mips.deb
Size/MD5 checksum: 213366 128a0294b6a09059fedb618371ec9d09
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_mips.deb
Size/MD5 checksum: 650424 55eab53a1978e3e2a7c1f7dbd68fc04c
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_mips.deb
Size/MD5 checksum: 128934 3d52f0f986dd862e8119eabeca944e35
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_mips.deb
Size/MD5 checksum: 371998 8f2ea540fd91ca75559d8589c8855de7
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_mipsel.deb
Size/MD5 checksum: 213564 c405f7eef65b01491758e64551b7977f
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_mipsel.deb
Size/MD5 checksum: 624640 9d2b59c3820eb9c99671399f967e0f3e
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_mipsel.deb
Size/MD5 checksum: 363788 09bdf35805a2de68a4d1dfe15c28dcfc
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_mipsel.deb
Size/MD5 checksum: 106668 2633adeeddc2edc4e36e45a7e4e92c2f
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_mipsel.deb
Size/MD5 checksum: 128564 c768001b8441118205f9f513af83e485
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_powerpc.deb
Size/MD5 checksum: 611678 3d3acc7b7be03bd0bb2e31dcadf05720
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_powerpc.deb
Size/MD5 checksum: 365012 94f6735cc42e233a67fd46df084120ee
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_powerpc.deb
Size/MD5 checksum: 108104 bca54d59be466884a5cfde0532a324df
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_powerpc.deb
Size/MD5 checksum: 222790 12aef46d1088d93375ab824b73702bc2
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_powerpc.deb
Size/MD5 checksum: 130124 37bb5353c81ed15374acc7305cc54839
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_s390.deb
Size/MD5 checksum: 106798 0a96df71e63deb7d7124aab48152a5df
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_s390.deb
Size/MD5 checksum: 131712 89e70e2d2fadd7b7ec9268d907a62d29
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_s390.deb
Size/MD5 checksum: 226596 751b28fafff17f6fcb8b2f4c0df370c0
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_s390.deb
Size/MD5 checksum: 601572 85051174031d0ff2c22fb87d1ab759c0
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_s390.deb
Size/MD5 checksum: 357722 661c9551483bf52573e52646aaa13b60
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_sparc.deb
Size/MD5 checksum: 106330 e6c23ad0752b3c7c22857c935befb984
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_sparc.deb
Size/MD5 checksum: 129134 e6c3f1402576da329d515d9411f7fd53
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_sparc.deb
Size/MD5 checksum: 217862 2ce2c27d8de0dc78ee4162b9664f7144
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_sparc.deb
Size/MD5 checksum: 598868 0acf342e57619d34685f76b879da8891
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_sparc.deb
Size/MD5 checksum: 335962 947c59cd2f23b55b897ded3b31ccc1a6
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIPWiawM/Gs81MDZ0RAlFDAJ4r0ZndrATgh4xQO7tk0AidGIrk9ACeKtaR
0DnKvg1zG+OZlNoWRX3XyQw=
=HfoM
-----END PGP SIGNATURE-----
"
DSA 1577-1: New gforge packages fix insecure temporary files
This entry was posted
on 7:40 PM
.
Archives
-
▼
2008
(457)
-
▼
May
(43)
- Eye of GNOME 2.22.2
- DSA 1588-2: New Linux 2.6.18 packages fix several ...
- samba (SSA:2008-149-01)
- DSA 1588-1: New Linux 2.6.18 packages fix several ...
- RHSA-2008:0289-01 Critical: samba security update
- CESA-2008:0288 Critical CentOS 3 x86_64 samba - se...
- Via unveils "Nano" processors
- DSA 1589-1: New libxslt packages fix execution of ...
- Gnome Games 2.22.2
- Linux gains "embedded" maintainers
- Banshee 1.0 Beta 2 (0.99.2) Released
- Orca v2.22.2
- DSA 1587-1: New mtr packages fix execution of arbi...
- CEEA-2008:0274 CentOS 5 i386 xenpv Update
- Ubuntu 8.04 LTS vs. Windows XP SP3: Application Pe...
- CESA-2008:0287 Important CentOS 3 s390(x) libxslt ...
- CESA-2008:0489 Critical CentOS 5 i386 gnutls Update
- CESA-2008:0287 Important CentOS 4 s390(x) libxslt ...
- CESA-2008:0287-01: Important CentOS 2 i386 libxslt...
- GLSA 200805-20 GnuTLS: Execution of arbitrary code
- DSA 1586-1: New xine-lib packages fix several vuln...
- Virtual Users And Domains With Postfix, Courier, M...
- Wind River, Intel tag-team "infotainment" Linux
- GLSA 200805-19 ClamAV: Multiple vulnerabilities
- RHSA-2008:0364-01 Low: mysql security and bug fix ...
- Open source DNS server takes on BIND
- GLSA 200805-17 Perl: Execution of arbitrary code
- DSA 1580-1: New phpgedview packages fix privilege ...
- World's cheapest Linux-based laptop?
- CESA-2008:0270 Important CentOS 5 x86_64 libvorbis...
- DSA 1576-2: New openssh packages fix predictable r...
- openSUSE 11.0 Beta 3
- DSA 1578-1: New php4 packages fix several vulnerab...
- Verizon Wireless, seven others join Linux phone org
- GLSA 200805-15 libid3tag: Denial of Service
- GARNOME 2.23.2
- Debian adding low-power NAS devices
- DSA 1576-1: New openssh packages fix predictable r...
- USN-612-5: OpenSSH update
- GLSA 200805-14 Common Data Format library: User-a...
- DSA 1577-1: New gforge packages fix insecure tempo...
- Orca v2.23.2
- RHSA-2008:0270-01 Important: libvorbis security up...
-
▼
May
(43)