The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:
"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1626-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
August 01, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : httrack
Vulnerability : buffer overflow
Problem type : local (remote)
Debian-specific: no
BugTraq ID : 30425
Joan Calvet discovered that httrack, a utility to create local copies of
websites, is vulnerable to a buffer overflow potentially allowing to
execute arbitrary code when passed excessively long URLs.
For the stable distribution (etch), this problem has been fixed in
version 3.40.4-3.1+etch1.
For the testing (lenny) and unstable distribution (sid), this problem has
been fixed in version 3.42.3-1.
We recommend that you upgrade your httrack package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1.dsc
Size/MD5 checksum: 950 277074178046b94ceebefa5f5eaee9de
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4.orig.tar.gz
Size/MD5 checksum: 1626176 9e4de064afc1dfcb6f50b773f8081f1c
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1.diff.gz
Size/MD5 checksum: 7597 005a605bfabc7f0830d8db87d3ee67fe
Architecture independent packages:
http://security.debian.org/pool/updates/main/h/httrack/httrack-doc_3.40.4-3.1+etch1_all.deb
Size/MD5 checksum: 516676 9f2c726cbc7e6f97dfeda4f8a72c8e77
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_amd64.deb
Size/MD5 checksum: 441370 a37aaf592b7ab95fd11eeec082d4919a
http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_amd64.deb
Size/MD5 checksum: 395946 7eea58a1b8a7d6d11501ec2e879f0167
http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_amd64.deb
Size/MD5 checksum: 61108 0894913629340bd559c929d07a05f19f
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_amd64.deb
Size/MD5 checksum: 31766 63db4ac65e705d74d1eab458b33f56e5
http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_amd64.deb
Size/MD5 checksum: 491618 e8a2076bb272020be529c39a53eea534
arm architecture (ARM)
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_arm.deb
Size/MD5 checksum: 33424 eed7c807ccebd9db0722545849938d0f
http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_arm.deb
Size/MD5 checksum: 281686 1b4a63e9fea5cdbcd49eb02354fd0608
http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_arm.deb
Size/MD5 checksum: 350912 9c85eea85e7bf24b734f259ecba0a303
http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_arm.deb
Size/MD5 checksum: 443078 64a26f96bfb086474c47a9f37d9db15d
http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_arm.deb
Size/MD5 checksum: 59448 70d880740666db737ef8cbc8730e5377
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_hppa.deb
Size/MD5 checksum: 34180 5ac05721cb623cf7c25b9bffbc81ad6d
http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_hppa.deb
Size/MD5 checksum: 65948 7a8fa1831ffadffab827c2a8ecc44068
http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_hppa.deb
Size/MD5 checksum: 321760 ee4562bcf5255b6addf8ac0b673d19fe
http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_hppa.deb
Size/MD5 checksum: 440990 594b8679acb8e05c9b0bede368a86ad3
http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_hppa.deb
Size/MD5 checksum: 438154 2bc91f3ebd931a161595b2c95253d15a
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_i386.deb
Size/MD5 checksum: 32152 4f545c6163fc8516c6d0dae9ddf6082e
http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_i386.deb
Size/MD5 checksum: 59458 4c81a59964535c95ccdb08916fc47f63
http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_i386.deb
Size/MD5 checksum: 482448 8db927e07b642477f60cb0e4beeb2b3e
http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_i386.deb
Size/MD5 checksum: 438432 ae91317aa8eb3a32fdf6b5be6a3c153b
http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_i386.deb
Size/MD5 checksum: 365534 c38c17f82ea6b110c52d17d6a8098563
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_ia64.deb
Size/MD5 checksum: 92114 88d98af0e94dbe1137db57341c0d7fe3
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_ia64.deb
Size/MD5 checksum: 35186 fcf89c422fdac82f9e436bd4ff13d161
http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_ia64.deb
Size/MD5 checksum: 736406 a4a9b2fdd5d4ba5e0147e56e39a81bb3
http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_ia64.deb
Size/MD5 checksum: 450002 523074d62431c05143a8db9d0d3ca8b3
http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_ia64.deb
Size/MD5 checksum: 501600 b0b7938e039dc12e6289353407a66f24
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_mips.deb
Size/MD5 checksum: 422550 ddefd0cf52d210266bc10c1d6dfec2f1
http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_mips.deb
Size/MD5 checksum: 272376 f4312876c36fe9da386f7d10115cc87a
http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_mips.deb
Size/MD5 checksum: 438438 d37c7460ca2f4a848b4d441d90911d9a
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_mips.deb
Size/MD5 checksum: 33282 5f42aacc153fda5b4feac0932455b956
http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_mips.deb
Size/MD5 checksum: 64622 aa402be8bab600e6f9a7cc901e11be8b
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_mipsel.deb
Size/MD5 checksum: 417812 71a8ae7e5cf51716c6c78debc31ce6a2
http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_mipsel.deb
Size/MD5 checksum: 64644 133bbfcee5935a205eb131dc9f363c08
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_mipsel.deb
Size/MD5 checksum: 33654 2b6df5a12a8f3457ee6e6353a73ed7f0
http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_mipsel.deb
Size/MD5 checksum: 432074 ef11cd7c26b5330fbf1b744559cd8c14
http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_mipsel.deb
Size/MD5 checksum: 271738 ee6ee78ba71e8977f4c6ad954f5356f6
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_powerpc.deb
Size/MD5 checksum: 64012 33554371d96a8d344f673f7310dbba34
http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_powerpc.deb
Size/MD5 checksum: 556868 b313c676177281c3f6a9c38d9304a741
http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_powerpc.deb
Size/MD5 checksum: 433912 d51594790fad947486d48a744abf2823
http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_powerpc.deb
Size/MD5 checksum: 350286 59f98436ea6d2fe90a980fe3ce133db4
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_powerpc.deb
Size/MD5 checksum: 33998 1db2f2c7241c8274316c82e353213e00
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_s390.deb
Size/MD5 checksum: 33560 7c3edeff7fd589d901f5c1dc67468c0c
http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_s390.deb
Size/MD5 checksum: 371182 7ef2888222cf6fd4f2751e140fc6f77b
http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_s390.deb
Size/MD5 checksum: 291818 063df1d6823a3489d3d859100bbe067a
http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_s390.deb
Size/MD5 checksum: 432386 6f88d4af48ee49e29f548ebde7308a43
http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_s390.deb
Size/MD5 checksum: 63462 f6850ab5eb5acd7a870664fef6ec520c
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_sparc.deb
Size/MD5 checksum: 58698 128e8fa3ec781b8a4bc8cdae7438ef40
http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_sparc.deb
Size/MD5 checksum: 379330 865d453bb4f80590a0d267b7aa8c5a84
http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_sparc.deb
Size/MD5 checksum: 432042 9a9fc3e7a5db34850ed2fabf9465a214
http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_sparc.deb
Size/MD5 checksum: 553276 1d2d44e03ec1230a13442b4c72333906
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_sparc.deb
Size/MD5 checksum: 31910 f9d4ef0ffe87192ac5410b456b9c2eaf
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEUAwUBSJLAh2z0hbPcukPfAQLFrgf4+1LO8Vq/NCswQ4QJ1aLKUMgl4gWYd+HD
qNFH+9UqDV0yVVK7sX3mH/PfL0nabuCcDO6ev3MNv+UtjXPji3SYj7eJW3O8I6mL
R9hi9kqgUcrHnrRb0QYr++I6VNHb31UYjAvPBUmM0D1mB4C9EYuZecYmptzcqrcX
u/c9KEZE7tOT2+2jSYb7pkiNNYHZl954KerTR1einaViphKboI7Urp2p6+ib1U9n
mOFAe6JYeea/1o9MAMF1u7I5d82pUS/ZK5W0ShB56DqtKxA02tT0Foa19XpqYoMA
Yo+8tJgD8SXuYmfvLQJhiVrszhG0asZZq9yNDgmAgrje59Cw2d2d
=GQbA
-----END PGP SIGNATURE-----
"
Apple ships massive Mac OS X 10.4 security upgrade
KeynotePro updates Palo Alto Keynote themes
DSA 1577-1: New gforge packages fix insecure temporary files
This entry was posted
on 9:43 AM
.
Archives
-
▼
2008
(457)
-
▼
August
(65)
- CESA-2008:0836 Moderate CentOS 5 x86_64 libxml2 Up...
- CESA-2008:0849 Important CentOS 5 x86_64 ipsec-too...
- RHSA-2008:0847-01 Important: libtiff security and ...
- RHSA-2008:0848-01 Important: libtiff security and ...
- RHSA-2008:0863-01 Important: libtiff security update
- CESA-2008:0836 Moderate CentOS 5 i386 libxml2 Update
- CESA-2008:0836 Moderate CentOS 3 x86_64 libxml2 - ...
- CESA-2008:0836 Moderate CentOS 3 i386 libxml2 - se...
- Intel acquires Linux distro developer
- RHSA-2008:0648-01 Important: tomcat security update
- RHSA-2008:0849-01 Important: ipsec-tools security ...
- CESA-2008:0839 Moderate CentOS 4 ia64 postfix - se...
- DSA 1631-1: New libxml2 packages fix denial of ser...
- MIDs offer Atom, HSDPA
- CESA-2008:0836 Moderate CentOS 4 s390(x) libxml2 -...
- CESA-2008:0836 Moderate CentOS 4 ia64 libxml2 - se...
- Kubuntu 8.10 Alpha 4 Review
- CESA-2008:0855 Critical CentOS 4 s390(x) openssh -...
- Contentteller Release Candidate 2 available
- Creating Advanced MySQL-Based Virtual Hosts On Lig...
- openSUSE 11.1 Alpha 2
- DSA 1629-2: New postfix packages fix installabilit...
- USN-636-1: Postfix vulnerability
- RHSA-2008:0815-01 Moderate: yum-rhn-plugin securit...
- Intel aims x86 at digital TVs
- Intel unveils dual-core Atom
- GLSA 200808-12 Postfix: Local privilege escalatio...
- AMD Radeon HD 4870 X2 On Linux
- DSA 1629-1: New postfix packages fix privilege esc...
- RHSA-2008:0818-02 Moderate: hplip security update
- RHSA-2008:0814-01 Moderate: condor security and bu...
- Ubuntu Linux 8.10 Alpha-4 released
- No title
- No title
- How To Set Up WebDAV With Lighttpd On Debian Etch
- RHSA-2008:0816-01 Moderate: condor security and bu...
- Contentteller Release Candidate 1 available
- GLSA 200808-09 OpenLDAP: Denial of Service vulner...
- DSA 1627-1: New PowerDNS packages reduce DNS spoof...
- GLSA 200808-11 UUDeview: Insecure temporary file ...
- GLSA 200808-10 Adobe Reader: User-assisted execut...
- GLSA 200808-07 ClamAV: Multiple Denials of Service
- ispCP Omega 1.0.0 RC6 released
- GLSA 200808-08 stunnel: Security bypass
- GLSA 200808-03 Mozilla products: Multiple vulnera...
- RHSA-2008:0612-01 Important: kernel security and b...
- Lightweight GNOME alternative emerges
- GLSA 200808-06 libxslt: Execution of arbitrary code
- GLSA 200808-04 Wireshark: Denial of Service
- At last -- native apps for Motorola Linux phones
- USN-626-2: Devhelp, Epiphany, Midbrowser and Yelp ...
- GLSA 200808-01 xine-lib: User-assisted execution ...
- How To Install The Zimbra Desktop Email Client On ...
- Fedora 10 Alpha
- GLSA 200807-15 Pan: User-assisted execution of ar...
- USN-633-1: libxslt vulnerabilities
- Installing And Using OpenVZ On CentOS 5.2
- DSA 1625-1: New cupsys packages fix arbitrary code...
- USN-634-1: OpenLDAP vulnerability
- RHSA-2008:0790-02 Critical: java-1.5.0-ibm securit...
- Netbooks growing -- in two ways
- DSA 1624-1: New libxslt packages fix arbitrary cod...
- DSA 1626-1: New httrack packages fix arbitrary cod...
- USN-626-1: Firefox and xulrunner vulnerabilities
- DSA 1623-1: New dnsmasq packages fix cache poisoning
-
▼
August
(65)