DSA 1760-1: New openswan packages fix denial of service  

Posted by Daniela Mehler

"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1760-1 security@debian.org
http://www.debian.org/security/ Steffen Joeris
March 30, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : openswan
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE Id : CVE-2008-4190 CVE-2009-0790
Debian Bug : 496374


Two vulnerabilities have been discovered in openswan, an IPSec
implementation for linux. The Common Vulnerabilities and Exposures
project identifies the following problems:


CVE-2008-4190

Dmitry E. Oboukhov discovered that the livetest tool is using temporary
files insecurely, which could lead to a denial of service attack.


CVE-2009-0790

Gerd v. Egidy discovered that the Pluto IKE daemon in openswan is prone
to a denial of service attack via a malicious packet.


For the stable distribution (lenny), this problem has been fixed in
version 2.4.12+dfsg-1.3+lenny1.

For the oldstable distribution (etch), this problem has been fixed in
version 2.4.6+dfsg.2-1.1+etch1.

For the testing distribution (squeeze) and the unstable distribution
(sid), this problem will be fixed soon.

We recommend that you upgrade your openswan packages.


Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1.diff.gz
Size/MD5 checksum: 92351 d43193ea57c9ba646aa9a2ae479c65dd
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2.orig.tar.gz
Size/MD5 checksum: 3555236 e5ef22979f8a67038f445746fdc7ff38
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1.dsc
Size/MD5 checksum: 887 0bb9a0b8fda2229aed2ea1e7755259db

Architecture independent packages:

http://security.debian.org/pool/updates/main/o/openswan/linux-patch-openswan_2.4.6+dfsg.2-1.1+etch1_all.deb
Size/MD5 checksum: 598920 7f24c626025d0725409fc5f282834859
http://security.debian.org/pool/updates/main/o/openswan/openswan-modules-source_2.4.6+dfsg.2-1.1+etch1_all.deb
Size/MD5 checksum: 525862 69a5d63858abbde46369f1178715bb23

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_alpha.deb
Size/MD5 checksum: 1742492 a6a7ab937c9a172c74e19bf85ed5af15

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_amd64.deb
Size/MD5 checksum: 1744812 6c1cd62d31174fce3dae9b8393594c73

arm architecture (ARM)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_arm.deb
Size/MD5 checksum: 1719132 30678772efa350b67ba19b7eb5ebc4c2

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_hppa.deb
Size/MD5 checksum: 1758480 cc2108239ed20143d7dc8ead6c6cb6c0

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_i386.deb
Size/MD5 checksum: 1712448 07a390d204baaf83a5fb4cb6745a786a

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_ia64.deb
Size/MD5 checksum: 1930720 1c95baf380d131f78767af55841566ab

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_mips.deb
Size/MD5 checksum: 1692214 90f1710f68414a17fb4d29168746bbed

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_mipsel.deb
Size/MD5 checksum: 1697294 ce452a37b284bd1c49925482c4be6554

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_powerpc.deb
Size/MD5 checksum: 1667818 786f2533b336ced17cb15b988586c224

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_s390.deb
Size/MD5 checksum: 1671506 d8981c0fd7db865ae7a2172b7d6a4ffa

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_sparc.deb
Size/MD5 checksum: 1622248 f6cd4abafd3ddfdcc50ad4a346bde5cf


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1.dsc
Size/MD5 checksum: 1315 df7cd3ea125815e36b74b98857b3d5be
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg.orig.tar.gz
Size/MD5 checksum: 3765276 f753413e9c705dee9a23ab8db6c26ee4
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1.diff.gz
Size/MD5 checksum: 127288 eaed626706af274b44a51210f8eb9d13

Architecture independent packages:

http://security.debian.org/pool/updates/main/o/openswan/openswan-modules-source_2.4.12+dfsg-1.3+lenny1_all.deb
Size/MD5 checksum: 544388 a26397193d910b2b469fba692760e4a2
http://security.debian.org/pool/updates/main/o/openswan/linux-patch-openswan_2.4.12+dfsg-1.3+lenny1_all.deb
Size/MD5 checksum: 609908 dbbd73cc5402dc1b3e1ae205546f4d9f

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_alpha.deb
Size/MD5 checksum: 1754216 1b179d83df0d9efa17f6987e9c9501d8

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_amd64.deb
Size/MD5 checksum: 1772492 f330caae76805540227bf51974dbd6c6

arm architecture (ARM)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_arm.deb
Size/MD5 checksum: 1756426 ca71fca809dd7268ae73365bfe13fd12

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_armel.deb
Size/MD5 checksum: 1736800 0d22e152defbd8f1c71831ac407ae34a

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_hppa.deb
Size/MD5 checksum: 1775916 a9fc238495fe9c5c7f770d08e677639b

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_i386.deb
Size/MD5 checksum: 1730858 3187b4ea1c4b4827e2016abb8ff44eae

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_ia64.deb
Size/MD5 checksum: 1964194 6fbf238ebc2e1294349985fb42ccab28

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_mips.deb
Size/MD5 checksum: 1703004 61a50f377061161973b841833752aafb

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_mipsel.deb
Size/MD5 checksum: 1709240 a0f724d83f9435684af2aec5a2386545

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_powerpc.deb
Size/MD5 checksum: 1710422 41aab00fccc6b17ae3d6a9a4aaccd729

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_s390.deb
Size/MD5 checksum: 1694918 31692764017d63e6a86f595ed9366e15

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_sparc.deb
Size/MD5 checksum: 1649130 681f2aa23b6d79c5ecf0e2dec3ffbd7f


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAknRWVgACgkQ62zWxYk/rQdM1ACgid0sGfS1kqadJoHaEW7L0pxI
Wh0An1+M7370NzQhtKcdCemYnVYfBjLK
=CeJG
-----END PGP SIGNATURE-----
"


R&B singer Wayna arrested at Houston airport
(AP)

DSA 1741-1: New psi packages fix denial of service
DSA 1739-1: New mldonkey packages fix information disclosure

USN-750-1: OpenSSL vulnerability  

Posted by Daniela Mehler

"Ubuntu Security Notice USN-750-1 March 30, 2009
openssl vulnerability
CVE-2009-0590
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libssl0.9.8 0.9.8a-7ubuntu0.7

Ubuntu 7.10:
libssl0.9.8 0.9.8e-5ubuntu3.4

Ubuntu 8.04 LTS:
libssl0.9.8 0.9.8g-4ubuntu3.5

Ubuntu 8.10:
libssl0.9.8 0.9.8g-10.1ubuntu2.2

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

It was discovered that OpenSSL did not properly validate the length of an
encoded BMPString or UniversalString when printing ASN.1 strings. If a user
or automated system were tricked into processing a crafted certificate, an
attacker could cause a denial of service via application crash in
applications linked against OpenSSL.


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.7.diff.gz
Size/MD5: 51428 50fb8d12cf2b4415839c97dace22b007
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.7.dsc
Size/MD5: 822 6590596c731c73dc67da735e66191479
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz
Size/MD5: 3271435 1d16c727c10185e4d694f87f5e424ee1

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.7_amd64.udeb
Size/MD5: 571944 2f15424474edee77dec078978ba77d2f
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.7_amd64.deb
Size/MD5: 2167810 4df1b6270424f2f037a1c150725f761d
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.7_amd64.deb
Size/MD5: 1682810 f9c0929a3eaead9987b09acc5bb810ca
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.7_amd64.deb
Size/MD5: 875806 c17a675aaba84c554eee40884164c9e4
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.7_amd64.deb
Size/MD5: 984892 2b09a86c80dd7b80e9df8481adb54ffe

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.7_i386.udeb
Size/MD5: 509650 e2164e9a197c857d89c195a58c3e4f29
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.7_i386.deb
Size/MD5: 2024362 1a42827169178912c5e45c280a3ffe5c
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.7_i386.deb
Size/MD5: 5053564 bc2cd6dc321e5ad546db8187838f1aad
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.7_i386.deb
Size/MD5: 2596644 7e693a95c0cc4e60f616f80ffbf75efc
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.7_i386.deb
Size/MD5: 976538 2bebed1c1fa530db5ff5c45b8363cfef

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.7_powerpc.udeb
Size/MD5: 558058 017ddbf5e528688c6de9b4304b50e64d
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.7_powerpc.deb
Size/MD5: 2182032 3ab80d170a913d938cd81ad5f6ee0f75
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.7_powerpc.deb
Size/MD5: 1727652 75f3ef27ef40ca940106ac38365ae198
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.7_powerpc.deb
Size/MD5: 862224 b21f7aa2950a031b44d253c06eeacdc0
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.7_powerpc.deb
Size/MD5: 980742 b7fcb8ea2d1befb0ce1e75b089b8dc5e

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.7_sparc.udeb
Size/MD5: 531018 f5de513501ad0abe3701a7d1f0278fda
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.7_sparc.deb
Size/MD5: 2093410 007f205cb4d3bdb0bbd58ba3611fd3b0
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.7_sparc.deb
Size/MD5: 3943284 673d9f66f5bcc7b36b27bae5c802f4b5
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.7_sparc.deb
Size/MD5: 2092080 88a6ea5db6b54dd210df86dd049ccd8f
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.7_sparc.deb
Size/MD5: 988852 057c0802488ebfa9751dc8f5b0e07452

Updated packages for Ubuntu 7.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.4.diff.gz
Size/MD5: 60153 0832a9f7f498eb779a6169b4c16e4a04
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.4.dsc
Size/MD5: 958 24d310eceafcfab5c2ba64a594c0bb53
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e.orig.tar.gz
Size/MD5: 3341665 3a7ff24f6ea5cd711984722ad654b927

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.4_amd64.udeb
Size/MD5: 608766 d273f8a007354facad98fa27afffe1f2
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.4_amd64.deb
Size/MD5: 2065402 620e215050266013b93b9efac8b5c81f
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.4_amd64.deb
Size/MD5: 1644362 805f1866ee2218c23894061f881e5090
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.4_amd64.deb
Size/MD5: 929358 e4189d037040762f5e3fdcb341696550
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.4_amd64.deb
Size/MD5: 877790 d1b19d634c53b288c2b43795c348b551

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.4_i386.udeb
Size/MD5: 571760 998db14a2c9f5cd52e735517591e24d3
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.4_i386.deb
Size/MD5: 1943428 e3f6b1f36a8c1b2e50975fec06e98b1d
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.4_i386.deb
Size/MD5: 5520920 536de07bb5fb28451eb7aee287aaf095
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.4_i386.deb
Size/MD5: 2826130 78d61126e395d95d4b109781f10a5916
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.4_i386.deb
Size/MD5: 872056 02f914db2ba9bdf6612b42aa78ee1397

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.4_lpia.udeb
Size/MD5: 537252 386f364e6530eac0389afd9d15797f02
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.4_lpia.deb
Size/MD5: 1922148 fc1eb2e8a3cb492f3e87b11df21b38ce
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.4_lpia.deb
Size/MD5: 1557510 8dcad6e009a1391af0f3f08ed0d1b216
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.4_lpia.deb
Size/MD5: 836900 9c8d1643d32ce7ae2af38eb87f1a7d03
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.4_lpia.deb
Size/MD5: 876576 8bef123f5c00887858ccab410a1d0733

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.4_powerpc.udeb
Size/MD5: 618064 0aabeac8f4547a6d3703aaf420336193
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.4_powerpc.deb
Size/MD5: 2093230 e3d1712c23fb2c15452e154085def1f2
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.4_powerpc.deb
Size/MD5: 1705518 35bd049df8918f47b7ae1313585c6647
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.4_powerpc.deb
Size/MD5: 946174 b6b4d92ed09ef125998d673f621ce85f
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.4_powerpc.deb
Size/MD5: 886172 c70442f70d8369a35b228cde970e2c6b

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.4_sparc.udeb
Size/MD5: 565296 8689c8e4416b213d90a71b33a5a402b0
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.4_sparc.deb
Size/MD5: 1987420 e028291eaa37389f0cb2413907faa104
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.4_sparc.deb
Size/MD5: 4050590 de4395775e90bbadd95394be0f52422f
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.4_sparc.deb
Size/MD5: 2221488 1d0594c2818c5d98b526a1abf1affc3b
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.4_sparc.deb
Size/MD5: 887286 63c0f5682869328f6a5073da5a231c97

Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.5.diff.gz
Size/MD5: 55462 65c8b896c58083816ceee8c8e94e5918
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.5.dsc
Size/MD5: 920 ff04ed952816bb43e7e883cf05ff8130
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz
Size/MD5: 3354792 acf70a16359bf3658bdfb74bda1c4419

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-4ubuntu3.5_all.deb
Size/MD5: 629072 61961a28b3d0c10f62ca97a57c6adaa5

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.5_amd64.udeb
Size/MD5: 603800 c1e5b92094731c45f01cc33f0fee6630
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.5_amd64.deb
Size/MD5: 2064854 482820f878f5d333d65d557319a9ab5f
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.5_amd64.deb
Size/MD5: 1604962 c19b77a8f0c953924538732aa5171ee6
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.5_amd64.deb
Size/MD5: 931634 6a7b46a1a64be9d12e4dfcaa5b1acce7
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.5_amd64.deb
Size/MD5: 390578 c01c25e6264366349d60fb6ace21bce5

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.5_i386.udeb
Size/MD5: 564938 51cac50604334163982c6e1397895c1b
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.5_i386.deb
Size/MD5: 1942008 b3526c8ac54dc67d6daf630d67c40a47
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.5_i386.deb
Size/MD5: 5341906 2461b9fed14a6199aa7d4bd6b7b9a652
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.5_i386.deb
Size/MD5: 2829630 eaa05f870fa2f9c57d7176f4e91a1b4a
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.5_i386.deb
Size/MD5: 385420 5af0e4c39cd52ceaafcd0a5125103902

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.5_lpia.udeb
Size/MD5: 535556 8c83eedc2a4cb3d59cb1b1f9877d7943
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.5_lpia.deb
Size/MD5: 1922562 db52bfdf000ab2671161284b9c6e63a2
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.5_lpia.deb
Size/MD5: 1512814 4b39a74067fba83240eb82b8e108cff7
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.5_lpia.deb
Size/MD5: 843380 424d2b1867409166bde88fc1d44a6d36
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.5_lpia.deb
Size/MD5: 390004 5ed6989f97db5c4be56bef992d835347

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.5_powerpc.udeb
Size/MD5: 610444 7a580326007e5b4d91b0706e67c48a37
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.5_powerpc.deb
Size/MD5: 2078092 8ab29575374fa3fa2ccf629e6073b693
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.5_powerpc.deb
Size/MD5: 1639930 f2a1b83f7bea750bfbf580a736a47c93
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.5_powerpc.deb
Size/MD5: 945252 d20f005d5eb785f566c8324eddb48e7a
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.5_powerpc.deb
Size/MD5: 399186 fc18b331e3bd595f133d520883c51504

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.5_sparc.udeb
Size/MD5: 559756 09bd953d0198b715033e08010ace983f
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.5_sparc.deb
Size/MD5: 1984804 9fd8d32c6b19687e372e8796b3aa6d6b
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.5_sparc.deb
Size/MD5: 3874478 d1c50d445b3e64398f18f47ae1dc1d62
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.5_sparc.deb
Size/MD5: 2242128 20efe5a5cc265c63cac32cc3b8f0f0ad
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.5_sparc.deb
Size/MD5: 397844 9bfb9864b3359116cba62d8b7446d570

Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.2.diff.gz
Size/MD5: 56003 54b38c83a8c3887b28f2d9ad4b6ce450
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.2.dsc
Size/MD5: 1334 55087f573e1e5ae7a8b90e9d185c0ff1
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz
Size/MD5: 3354792 acf70a16359bf3658bdfb74bda1c4419

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-10.1ubuntu2.2_all.deb
Size/MD5: 628782 ae12bdd831506905603b8e039882b1d9

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.2_amd64.udeb
Size/MD5: 622134 5109e4ced8be0ca198056413f78c4bae
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.2_amd64.deb
Size/MD5: 2109822 779446d4d0db4385ab308d6a2256b649
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.2_amd64.deb
Size/MD5: 1685276 f366c23239d25ebc3e642376ef2b4ceb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.2_amd64.deb
Size/MD5: 958010 5942c4d4c93420c44a90491d90f7efc3
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.2_amd64.deb
Size/MD5: 404000 3c4f3c2df2ae1f4e45b9abcd2e11db09

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.2_i386.udeb
Size/MD5: 578768 3f5ff22020c48524b16950b3a9d1abd9
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.2_i386.deb
Size/MD5: 1980772 dae54b8759e4c020a33b6833b6ce00ce
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.2_i386.deb
Size/MD5: 5605444 b0e7c675994623328937478100c5542f
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.2_i386.deb
Size/MD5: 2920398 40e825a72aa66c9926df39f5c50fb935
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.2_i386.deb
Size/MD5: 398634 92d9a4454f168534f2a8d97af276f100

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.2_lpia.udeb
Size/MD5: 547432 2f5e8f60d9ef314881098161c87ad4bb
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.2_lpia.deb
Size/MD5: 1958206 1ef7f269d10ced84323eb788af421da7
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.2_lpia.deb
Size/MD5: 1579156 5a899c61f8dfda67d788207586cc0ff1
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.2_lpia.deb
Size/MD5: 862872 cdd6b8f8d2349c64ce76d905108ad535
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.2_lpia.deb
Size/MD5: 400634 5e91b33947e6a761a5aac52f00625bf3

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.2_powerpc.udeb
Size/MD5: 623248 f8b1b1ef6b8048d7d5553c1ff23f74a6
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.2_powerpc.deb
Size/MD5: 2120300 df1f0689d35eafd92189589d8164d7b9
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.2_powerpc.deb
Size/MD5: 1704640 44af459f92233942ff324f2eabde8149
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.2_powerpc.deb
Size/MD5: 964806 8a0fdf26d12e5d7cd7b35cf3e5643d15
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.2_powerpc.deb
Size/MD5: 402658 270040801e34138072585c8e3dfbdc02

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.2_sparc.udeb
Size/MD5: 567636 277a7ff784ba38b7079135881c5371ed
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.2_sparc.deb
Size/MD5: 2013556 239e8f8d942ece17ed1ddb34a648a861
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.2_sparc.deb
Size/MD5: 4038398 1abc5165b8c6a518a85c032ec74d748a
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.2_sparc.deb
Size/MD5: 2284986 0e6a5b2a8e27458ba35d7be276eb561a
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.2_sparc.deb
Size/MD5: 406772 28877b3fa3413e18f8e0433efcd98cc8



--VS++wcV0S1rZb1Fb
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAknRVGcACgkQW0JvuRdL8Bo5qACfQK0LGkso5nb6OGlyleIyYYww
QpQAn0ZuSkT+KdIjRkGWwU+K3sWxYCkT
=jg3m
-----END PGP SIGNATURE-----
"


USN-732-1: dash vulnerability
R&B singer Wayna arrested at Houston airport
(AP)

USN-748-1: OpenJDK vulnerabilities  

Posted by Daniela Mehler

"Ubuntu Security Notice USN-748-1 March 26, 2009
openjdk-6 vulnerabilities
CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,
CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1100,
CVE-2009-1101, CVE-2009-1102
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
icedtea6-plugin 6b12-0ubuntu6.4
openjdk-6-jdk 6b12-0ubuntu6.4
openjdk-6-jre 6b12-0ubuntu6.4
openjdk-6-jre-headless 6b12-0ubuntu6.4
openjdk-6-jre-lib 6b12-0ubuntu6.4

After a standard system upgrade you need to restart any Java applications
to effect the necessary changes.

Details follow:

It was discovered that font creation could leak temporary files.
If a user were tricked into loading a malicious program or applet,
a remote attacker could consume disk space, leading to a denial of
service. (CVE-2006-2426, CVE-2009-1100)

It was discovered that the lightweight HttpServer did not correctly close
files on dataless connections. A remote attacker could send specially
crafted requests, leading to a denial of service. (CVE-2009-1101)

Certain 64bit Java actions would crash an application. A local attacker
might be able to cause a denial of service. (CVE-2009-1102)

It was discovered that LDAP connections did not close correctly.
A remote attacker could send specially crafted requests, leading to a
denial of service. (CVE-2009-1093)

Java LDAP routines did not unserialize certain data correctly. A remote
attacker could send specially crafted requests that could lead to
arbitrary code execution. (CVE-2009-1094)

Java did not correctly check certain JAR headers. If a user or
automated system were tricked into processing a malicious JAR file,
a remote attacker could crash the application, leading to a denial of
service. (CVE-2009-1095, CVE-2009-1096)

It was discovered that PNG and GIF decoding in Java could lead to memory
corruption. If a user or automated system were tricked into processing
a specially crafted image, a remote attacker could crash the application,
leading to a denial of service. (CVE-2009-1097, CVE-2009-1098)


Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12-0ubuntu6.4.diff.gz
Size/MD5: 257215 876f885acf37c0817a35956e6520de3a
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12-0ubuntu6.4.dsc
Size/MD5: 2355 d8a4b0fe60497fd1f61c978c3c78e571
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12.orig.tar.gz
Size/MD5: 54363262 f3aa01206f2192464b998fb7cc550686

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b12-0ubuntu6.4_all.deb
Size/MD5: 8469732 b032a764ce88bd155f9aaba02ecc6566
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b12-0ubuntu6.4_all.deb
Size/MD5: 4709872 299164cb69aa3ec883867afb7d8d9054
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b12-0ubuntu6.4_all.deb
Size/MD5: 25627544 e62afaf0e692fa587de0056cf014175d
http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source-files_6b12-0ubuntu6.4_all.deb
Size/MD5: 49156004 2de3d037ef595b34ccb98324b11f1159

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.4_amd64.deb
Size/MD5: 81028 8952bc76c555dc8d950b2d3bfa940b7c
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.4_amd64.deb
Size/MD5: 47372520 d70f9ed68d2837e2f3f107a607b5cc96
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.4_amd64.deb
Size/MD5: 2366132 75294026f904346ec76397cd388252c3
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.4_amd64.deb
Size/MD5: 9944822 cfd88c5f3fe97c67d8eca19908344823
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.4_amd64.deb
Size/MD5: 24099904 24468c4793c974819f83b06fb41adc90
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.4_amd64.deb
Size/MD5: 241642 240d8346bb895f9623091c94c81ae466

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.4_i386.deb
Size/MD5: 71516 5c67a03b0011a3bd117fae210ca27cd9
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.4_i386.deb
Size/MD5: 101847192 302ab3721553014290ce4bfdee6cb6fb
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.4_i386.deb
Size/MD5: 2348630 1a4c103e4d235f7d641f2e0f2ddfe4c3
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.4_i386.deb
Size/MD5: 9952338 c6bc056c5fa988f8841542a6801aa84d
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.4_i386.deb
Size/MD5: 25177778 41fa22a436950239955756efe7bc9112
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.4_i386.deb
Size/MD5: 230774 5c5188e21a7a5a76763d7f651162dc3a

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.4_lpia.deb
Size/MD5: 72110 1b419781fc73fe42b85ff180f520edc2
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.4_lpia.deb
Size/MD5: 101930130 abc646dc9df27f3415ff07dcb0c38e51
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.4_lpia.deb
Size/MD5: 2345400 ef0b99c18c2ce4cd1ae68f1f20d08566
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.4_lpia.deb
Size/MD5: 9947530 6bb618600d7c1f7ec68a68519094e0d9
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.4_lpia.deb
Size/MD5: 25207906 1b334898157a834ab05ee74593ce57e4
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.4_lpia.deb
Size/MD5: 227556 ad49784b480e88550c61dfc069cb4d2a

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.4_powerpc.deb
Size/MD5: 77056 11313904c64bee4204f6369b4ffd5e66
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.4_powerpc.deb
Size/MD5: 35898024 50945e6c1cbed766ea52b78fb7ed2ac5
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.4_powerpc.deb
Size/MD5: 2393022 c04df84eeb2373a7f0cd84ad85610188
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.4_powerpc.deb
Size/MD5: 8600518 197d84aae1eaafdab671a5749b42b86c
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.4_powerpc.deb
Size/MD5: 22988430 27721c39140811fd6ef9b00124c10b70
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.4_powerpc.deb
Size/MD5: 255542 a7d6deeb5ef7143bb8631c593f4c36c6

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.4_sparc.deb
Size/MD5: 70098 44eca12cf6d8ed10e02a755772052b5b
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.4_sparc.deb
Size/MD5: 103688730 0034a5b63b78e38f3c5bb0d0b920b9cf
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.4_sparc.deb
Size/MD5: 2355160 e8adc4df2d4bc39f66da967b5272d455
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.4_sparc.deb
Size/MD5: 9940784 c35a4115f4587df050af4c16de829674
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.4_sparc.deb
Size/MD5: 25193444 0e4de129d523ef09bed9e3a22c6cecf3
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.4_sparc.deb
Size/MD5: 233052 1773a666f39a632f458e850fb300ef12


--FkmkrVfFsRoUs1wW
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Kees Cook

iEYEARECAAYFAknL+z8ACgkQH/9LqRcGPm2aXQCbBFc3n9Cpi1CYXu972F0DNZg/
lgsAnRh5HE38qhaFy2nlmOLLqD/YpNb6
=K7me
-----END PGP SIGNATURE-----
"


USN-737-1: libsoup vulnerability
Another ‘American Idol’ contestant booted
(AP)

R&B singer Wayna arrested at Houston airport
(AP)

DSA 1756-1: New xulrunner packages fix multiple vulnerabilities  

Posted by Daniela Mehler

"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1756-1 security@debian.org
http://www.debian.org/security/ Noah Meyerhans
March 29, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : xulrunner
Vulnerability : multiple
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-1169 CVE-2009-1044

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications, such as the Iceweasel web
browser. The Common Vulnerabilities and Exposures project identifies
the following problems:

CVE-2009-1169

Security researcher Guido Landi discovered that a XSL stylesheet could
be used to crash the browser during a XSL transformation. An attacker
could potentially use this crash to run arbitrary code on a victim's
computer.

CVE-2009-1044

Security researcher Nils reported via TippingPoint's Zero Day Initiative
that the XUL tree method _moveToEdgeShift was in some cases triggering
garbage collection routines on objects which were still in use. In such
cases, the browser would crash when attempting to access a previously
destroyed object and this crash could be used by an attacker to run
arbitrary code on a victim's computer.

Note that after installing these updates, you will need to restart any
packages using xulrunner, typically iceweasel or epiphany.

For the stable distribution (lenny), these problems have been fixed in version
1.9.0.7-0lenny2.

As indicated in the Etch release notes, security support for the
Mozilla products in the oldstable distribution needed to be stopped
before the end of the regular Etch security maintenance life cycle.
You are strongly encouraged to upgrade to stable or switch to a still
supported browser.

For the unstable distribution (sid), these problems have been fixed in
version 1.9.0.8-1

We recommend that you upgrade your xulrunner package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny2.dsc
Size/MD5 checksum: 1777 be107e8cce28d09395d6c2b0e2880e0b
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7.orig.tar.gz
Size/MD5 checksum: 43683292 f49b66c10e021debdfd9cd3705847d9b
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny2.diff.gz
Size/MD5 checksum: 115665 4886b961a24c13d9017e8f261b7a4ad4

Architecture independent packages:

http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.7-0lenny2_all.deb
Size/MD5 checksum: 1480030 c12b4d6d534c0f12ec8e19760ca52a9b

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_amd64.deb
Size/MD5 checksum: 69048 cbcfc3f9addacdd2a6641980876910f1
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_amd64.deb
Size/MD5 checksum: 7725982 c5075bc0634cb5b2cfc8b64649f9511e
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_amd64.deb
Size/MD5 checksum: 3587626 1ce3de601c764c9bfb0c3998566f2baa
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_amd64.deb
Size/MD5 checksum: 887434 d373f8ed294bc6184a188bc820e04d6b
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_amd64.deb
Size/MD5 checksum: 220394 8ac87390e12115281d335b8773fb5733
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_amd64.deb
Size/MD5 checksum: 152152 76761d21f53d017af1ff349e528664ea
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_amd64.deb
Size/MD5 checksum: 372048 ba88e43241ab33621169f2e352bdf634
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_amd64.deb
Size/MD5 checksum: 50084206 d44a3028e5049f2b8051a5f6ed632fe6
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_amd64.deb
Size/MD5 checksum: 100434 d20e7c595e15ca0831d62d13d19c9d25

arm architecture (ARM)

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_arm.deb
Size/MD5 checksum: 814182 2fe30b4c614a8dad20d6daa5e8156193
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_arm.deb
Size/MD5 checksum: 83324 b2b5e1e0850ceb17bf60471435a751f8
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_arm.deb
Size/MD5 checksum: 6786494 017302b5a56bdd55d3d1ffe18bd61832
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_arm.deb
Size/MD5 checksum: 49032638 2343b97ac1a895a00c65d7c7d4854bf3
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_arm.deb
Size/MD5 checksum: 67078 5891e17e7a7abe4b9b3ff3b06d1c5bf8
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_arm.deb
Size/MD5 checksum: 348306 7cacc5c36e3139afa7e93cce23e55bdc
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_arm.deb
Size/MD5 checksum: 141074 ddfcdb101f24b626caede43f36667ebb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_arm.deb
Size/MD5 checksum: 222552 099c35e0a9fc845e12d97e05dc5cefbe
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_arm.deb
Size/MD5 checksum: 3577622 a45883aa5a860e9ceaccd1507b1e2b4d

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_hppa.deb
Size/MD5 checksum: 106132 b21e7b60ef507b75d4e75cecf01507b4
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_hppa.deb
Size/MD5 checksum: 409632 8ad83b2450a8224287708d08fb0e3349
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_hppa.deb
Size/MD5 checksum: 222406 cc644de6ffb2987c4d3290760d851c3f
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_hppa.deb
Size/MD5 checksum: 50959494 30e6201361ab450cce9c1ae5767b7d00
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_hppa.deb
Size/MD5 checksum: 900224 98b504ea16f93598810cff8dd753c7cc
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_hppa.deb
Size/MD5 checksum: 3625060 bb06476c2dfef959c573a67f910f500a
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_hppa.deb
Size/MD5 checksum: 71008 d61063712c37cfde51b3944f1dbd311f
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_hppa.deb
Size/MD5 checksum: 157864 c9b9587d5b0582b35a1ccff76445f13f
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_hppa.deb
Size/MD5 checksum: 9487824 ebcb840996d1d69d6836e6d1aec2f81d

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_i386.deb
Size/MD5 checksum: 6581370 480961b3e126e36c1d4087df2c2fb6d9
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_i386.deb
Size/MD5 checksum: 141498 729642753ad2a51d17983b3583f740b6
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_i386.deb
Size/MD5 checksum: 3572938 f0bf3224b2c681417ba6dd8dcac5f96d
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_i386.deb
Size/MD5 checksum: 846308 06e3b0690f2f3a868375f4d58a7b8614
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_i386.deb
Size/MD5 checksum: 348812 acc2f219abb68286432720315861ed53
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_i386.deb
Size/MD5 checksum: 82002 77b4ffe73322bf5ead4bc24ee3fc76d2
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_i386.deb
Size/MD5 checksum: 222556 85fee1ce9133cb7ab9ce99f62b70e447
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_i386.deb
Size/MD5 checksum: 67810 0eb6b02984351fa3bf02640d7ff1d4e6
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_i386.deb
Size/MD5 checksum: 49248242 64fb21f6c3a2411743222fc26e304b76

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_ia64.deb
Size/MD5 checksum: 49419026 7cb040fbbef113cd5c8a1c5c443df6fd
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_ia64.deb
Size/MD5 checksum: 179458 82249a7cb150fce22af5f5681d3164fe
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_ia64.deb
Size/MD5 checksum: 11270206 be3c0b80f22210fa2a53236cbde9ceb9
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_ia64.deb
Size/MD5 checksum: 538492 e75c766e0666c1604805f8c4c97cc256
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_ia64.deb
Size/MD5 checksum: 75446 94f2c55150101f7a5811c9429364bd1b
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_ia64.deb
Size/MD5 checksum: 222198 62ba8960b8326d21523dc7c76cc1f9d8
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_ia64.deb
Size/MD5 checksum: 808982 3038817adea449b7715164cad73a5f16
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_ia64.deb
Size/MD5 checksum: 3391518 26decf00e4fb05e3dbfc61c9dd933f5b
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_ia64.deb
Size/MD5 checksum: 120932 e3af6d0b86f8d21a9fbb43986a5c79b3

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_mips.deb
Size/MD5 checksum: 914808 749779b5620ceffb2845ac170699a866
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_mips.deb
Size/MD5 checksum: 221900 63c93f91cf4ee34e307bd06c5675c460
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_mips.deb
Size/MD5 checksum: 377372 1c527a4b63e3eb729124f54764261310
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_mips.deb
Size/MD5 checksum: 51596012 c6b8d6fed635039a75e553a59164b0de
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_mips.deb
Size/MD5 checksum: 7652050 4464324acfeaf2019722f4bddc980a64
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_mips.deb
Size/MD5 checksum: 144160 3217dab8582a83c2e8db5ed0a2894c9a
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_mips.deb
Size/MD5 checksum: 69328 7d17be8a925e42469ce3d46009eb0437
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_mips.deb
Size/MD5 checksum: 3607854 683f1204c14aa14f72927e2babf2afc2
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_mips.deb
Size/MD5 checksum: 96506 95148e457d3a554935ae2771553378d8

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_mipsel.deb
Size/MD5 checksum: 896502 7293da4f42af7c5faadaff3d00e024ad
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_mipsel.deb
Size/MD5 checksum: 222202 8ab7c65e1b6e67481b885951bf7b06ee
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_mipsel.deb
Size/MD5 checksum: 96170 02b28ff5c4af5b3c5ab241e6ada57895
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_mipsel.deb
Size/MD5 checksum: 144424 34f4f9236099f217f309dd3404cd32fc
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_mipsel.deb
Size/MD5 checksum: 375064 c324513cb22e6bf942308fec5d6ffc44
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_mipsel.deb
Size/MD5 checksum: 3303026 c9f09e3ac15cea9522e16d7606832417
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_mipsel.deb
Size/MD5 checksum: 7359744 20955f26918492c6060f5196608cecca
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_mipsel.deb
Size/MD5 checksum: 68948 e564d5ad298fa7f2eb43c3d142421b23
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_mipsel.deb
Size/MD5 checksum: 49718170 f305c87d9f9f0a4bb25c782fbca0e553

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_powerpc.deb
Size/MD5 checksum: 51145940 d4450ede3188d085537b34912a130fc8
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_powerpc.deb
Size/MD5 checksum: 222214 a193661cfee9a9baf937e51fa8927852
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_powerpc.deb
Size/MD5 checksum: 7259520 7a5a2eb42cf43a3859c886f6604e7bb0
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_powerpc.deb
Size/MD5 checksum: 94176 0f27b080d4ef6e907e97926d9bde09d8
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_powerpc.deb
Size/MD5 checksum: 151634 eb3b55bb033dd21e3a395b5455fed3a3
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_powerpc.deb
Size/MD5 checksum: 72114 856bcc9a079008a00f502c037f7e075b
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_powerpc.deb
Size/MD5 checksum: 3278706 141fbb356a9b0ee7ddee52b32b250021
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_powerpc.deb
Size/MD5 checksum: 359602 e678dd18f6fac0aad286a5d455e6d84f
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_powerpc.deb
Size/MD5 checksum: 885062 6682354b8d0e8f25e6897bcfee801579

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_s390.deb
Size/MD5 checksum: 50926930 5066e277c6bb2f1435cd92ba4c09dc8f
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_s390.deb
Size/MD5 checksum: 222190 c62253da00b92ab339f524ef6d525767
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_s390.deb
Size/MD5 checksum: 404064 4f0c71caf3242ca9f1878ac6df71b414
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_s390.deb
Size/MD5 checksum: 104972 ecefd67cf04623d0bd9deb66645ece52
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_s390.deb
Size/MD5 checksum: 155536 33869ff68336fde0594bb45661f85c03
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_s390.deb
Size/MD5 checksum: 3300930 9cf7bde0ab1e0c507566a88fd2a6562f
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_s390.deb
Size/MD5 checksum: 906248 a03086436351f5085905acd1d4084f40
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_s390.deb
Size/MD5 checksum: 8371150 b731e930186033123c928eeb52c186ba
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_s390.deb
Size/MD5 checksum: 71936 426ddd3166525fdf235448bddcba413b

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_sparc.deb
Size/MD5 checksum: 68258 8c14ad467b7a590f0262ad0636b7a90b
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_sparc.deb
Size/MD5 checksum: 87020 d7241f5f6ae1a92e9bfe819955c42b88
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_sparc.deb
Size/MD5 checksum: 3571244 a50b84de8fe3f268e33882b5b325945d
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_sparc.deb
Size/MD5 checksum: 817342 554bd07b8f90071d36ac57c01c24b6a9
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_sparc.deb
Size/MD5 checksum: 220812 1edcd284a1520e8fdfdf68f015dd2211
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_sparc.deb
Size/MD5 checksum: 7152698 d33c5b929d5d98a02f0ce021b5bb1531
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_sparc.deb
Size/MD5 checksum: 346378 e617288c62da4165ed5230adbc9d7890
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_sparc.deb
Size/MD5 checksum: 141340 606be0ab05095515bbb3070d7543e1ca
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_sparc.deb
Size/MD5 checksum: 49112986 1c799dc5e9059379adadf2380bf5d0e2


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJz7e0YrVLjBFATsMRAqErAJ9G+BuPEzepVX1SyrbSfGFG+k9yOACfZzE6
CR8tiMWR7RD51xVEfCsbY/I=
=Ax89
-----END PGP SIGNATURE-----
"


DSA 1741-1: New psi packages fix denial of service
R&B singer Wayna arrested at Houston airport
(AP)

DSA 1755-1: New systemtap packages fix local privilege escalation

RHSA-2009:0373-01 Moderate: systemtap security update  

Posted by Daniela Mehler

"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: systemtap security update
Advisory ID: RHSA-2009:0373-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0373.html
Issue date: 2009-03-26
CVE Names: CVE-2009-0784
=====================================================================

1. Summary:

Updated systemtap packages that fix a security issue are now available for
Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

SystemTap is an instrumentation infrastructure for systems running version
2.6 of the Linux kernel. SystemTap scripts can collect system operations
data, greatly simplifying information gathering. Collected data can then
assist in performance measuring, functional testing, and performance and
function problem diagnosis.

A race condition was discovered in SystemTap that could allow users in the
stapusr group to elevate privileges to that of members of the stapdev group
(and hence root), bypassing directory confinement restrictions and allowing
them to insert arbitrary SystemTap kernel modules. (CVE-2009-0784)

Note: This issue was only exploitable if another SystemTap kernel module
was placed in the "systemtap/" module directory for the currently running
kernel.

Red Hat would like to thank Erik Sjölund for reporting this issue.

SystemTap users should upgrade to these updated packages, which contain a
backported patch to correct this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

489808 - CVE-2009-0784 systemtap: race condition leads to privilege escalation

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/systemtap-0.6.2-2.el4_7.src.rpm

i386:
systemtap-0.6.2-2.el4_7.i386.rpm
systemtap-debuginfo-0.6.2-2.el4_7.i386.rpm
systemtap-runtime-0.6.2-2.el4_7.i386.rpm
systemtap-testsuite-0.6.2-2.el4_7.i386.rpm

ia64:
systemtap-0.6.2-2.el4_7.ia64.rpm
systemtap-debuginfo-0.6.2-2.el4_7.ia64.rpm
systemtap-runtime-0.6.2-2.el4_7.ia64.rpm
systemtap-testsuite-0.6.2-2.el4_7.ia64.rpm

ppc:
systemtap-0.6.2-2.el4_7.ppc64.rpm
systemtap-debuginfo-0.6.2-2.el4_7.ppc64.rpm
systemtap-runtime-0.6.2-2.el4_7.ppc64.rpm
systemtap-testsuite-0.6.2-2.el4_7.ppc64.rpm

x86_64:
systemtap-0.6.2-2.el4_7.x86_64.rpm
systemtap-debuginfo-0.6.2-2.el4_7.x86_64.rpm
systemtap-runtime-0.6.2-2.el4_7.x86_64.rpm
systemtap-testsuite-0.6.2-2.el4_7.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/systemtap-0.6.2-2.el4_7.src.rpm

i386:
systemtap-0.6.2-2.el4_7.i386.rpm
systemtap-debuginfo-0.6.2-2.el4_7.i386.rpm
systemtap-runtime-0.6.2-2.el4_7.i386.rpm
systemtap-testsuite-0.6.2-2.el4_7.i386.rpm

x86_64:
systemtap-0.6.2-2.el4_7.x86_64.rpm
systemtap-debuginfo-0.6.2-2.el4_7.x86_64.rpm
systemtap-runtime-0.6.2-2.el4_7.x86_64.rpm
systemtap-testsuite-0.6.2-2.el4_7.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/systemtap-0.6.2-2.el4_7.src.rpm

i386:
systemtap-0.6.2-2.el4_7.i386.rpm
systemtap-debuginfo-0.6.2-2.el4_7.i386.rpm
systemtap-runtime-0.6.2-2.el4_7.i386.rpm
systemtap-testsuite-0.6.2-2.el4_7.i386.rpm

ia64:
systemtap-0.6.2-2.el4_7.ia64.rpm
systemtap-debuginfo-0.6.2-2.el4_7.ia64.rpm
systemtap-runtime-0.6.2-2.el4_7.ia64.rpm
systemtap-testsuite-0.6.2-2.el4_7.ia64.rpm

x86_64:
systemtap-0.6.2-2.el4_7.x86_64.rpm
systemtap-debuginfo-0.6.2-2.el4_7.x86_64.rpm
systemtap-runtime-0.6.2-2.el4_7.x86_64.rpm
systemtap-testsuite-0.6.2-2.el4_7.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/systemtap-0.6.2-2.el4_7.src.rpm

i386:
systemtap-0.6.2-2.el4_7.i386.rpm
systemtap-debuginfo-0.6.2-2.el4_7.i386.rpm
systemtap-runtime-0.6.2-2.el4_7.i386.rpm
systemtap-testsuite-0.6.2-2.el4_7.i386.rpm

ia64:
systemtap-0.6.2-2.el4_7.ia64.rpm
systemtap-debuginfo-0.6.2-2.el4_7.ia64.rpm
systemtap-runtime-0.6.2-2.el4_7.ia64.rpm
systemtap-testsuite-0.6.2-2.el4_7.ia64.rpm

x86_64:
systemtap-0.6.2-2.el4_7.x86_64.rpm
systemtap-debuginfo-0.6.2-2.el4_7.x86_64.rpm
systemtap-runtime-0.6.2-2.el4_7.x86_64.rpm
systemtap-testsuite-0.6.2-2.el4_7.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/systemtap-0.7.2-3.el5_3.src.rpm

i386:
systemtap-0.7.2-3.el5_3.i386.rpm
systemtap-client-0.7.2-3.el5_3.i386.rpm
systemtap-debuginfo-0.7.2-3.el5_3.i386.rpm
systemtap-runtime-0.7.2-3.el5_3.i386.rpm
systemtap-server-0.7.2-3.el5_3.i386.rpm
systemtap-testsuite-0.7.2-3.el5_3.i386.rpm

x86_64:
systemtap-0.7.2-3.el5_3.x86_64.rpm
systemtap-client-0.7.2-3.el5_3.x86_64.rpm
systemtap-debuginfo-0.7.2-3.el5_3.x86_64.rpm
systemtap-runtime-0.7.2-3.el5_3.x86_64.rpm
systemtap-server-0.7.2-3.el5_3.x86_64.rpm
systemtap-testsuite-0.7.2-3.el5_3.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/systemtap-0.7.2-3.el5_3.src.rpm

i386:
systemtap-0.7.2-3.el5_3.i386.rpm
systemtap-client-0.7.2-3.el5_3.i386.rpm
systemtap-debuginfo-0.7.2-3.el5_3.i386.rpm
systemtap-runtime-0.7.2-3.el5_3.i386.rpm
systemtap-server-0.7.2-3.el5_3.i386.rpm
systemtap-testsuite-0.7.2-3.el5_3.i386.rpm

ia64:
systemtap-0.7.2-3.el5_3.ia64.rpm
systemtap-client-0.7.2-3.el5_3.ia64.rpm
systemtap-debuginfo-0.7.2-3.el5_3.ia64.rpm
systemtap-runtime-0.7.2-3.el5_3.ia64.rpm
systemtap-server-0.7.2-3.el5_3.ia64.rpm
systemtap-testsuite-0.7.2-3.el5_3.ia64.rpm

ppc:
systemtap-0.7.2-3.el5_3.ppc64.rpm
systemtap-client-0.7.2-3.el5_3.ppc64.rpm
systemtap-debuginfo-0.7.2-3.el5_3.ppc64.rpm
systemtap-runtime-0.7.2-3.el5_3.ppc64.rpm
systemtap-server-0.7.2-3.el5_3.ppc64.rpm
systemtap-testsuite-0.7.2-3.el5_3.ppc64.rpm

s390x:
systemtap-0.7.2-3.el5_3.s390x.rpm
systemtap-client-0.7.2-3.el5_3.s390x.rpm
systemtap-debuginfo-0.7.2-3.el5_3.s390x.rpm
systemtap-runtime-0.7.2-3.el5_3.s390x.rpm
systemtap-server-0.7.2-3.el5_3.s390x.rpm
systemtap-testsuite-0.7.2-3.el5_3.s390x.rpm

x86_64:
systemtap-0.7.2-3.el5_3.x86_64.rpm
systemtap-client-0.7.2-3.el5_3.x86_64.rpm
systemtap-debuginfo-0.7.2-3.el5_3.x86_64.rpm
systemtap-runtime-0.7.2-3.el5_3.x86_64.rpm
systemtap-server-0.7.2-3.el5_3.x86_64.rpm
systemtap-testsuite-0.7.2-3.el5_3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0784
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2009 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFJy6b0XlSAg2UNWIIRAkajAJ9hrrFqVYZiKoV2OqTrjzvF6YSTtACgvOjU
XN4JdfFqwk7FgE3tWXCqRCU=
=DIwO
-----END PGP SIGNATURE-----
"


RHSA-2009:0345-01 Moderate: ghostscript security update
R&B singer Wayna arrested at Houston airport
(AP)

RHSA-2009:0397-01 Critical: firefox security update  

Posted by Daniela Mehler

"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Critical: firefox security update
Advisory ID: RHSA-2009:0397-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0397.html
Issue date: 2009-03-27
CVE Names: CVE-2009-1044 CVE-2009-1169
=====================================================================

1. Summary:

Updated firefox packages that fix two security issues are now available for
Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

A memory corruption flaw was discovered in the way Firefox handles XML
files containing an XSLT transform. A remote attacker could use this flaw
to crash Firefox or, potentially, execute arbitrary code as the user
running Firefox. (CVE-2009-1169)

A flaw was discovered in the way Firefox handles certain XUL garbage
collection events. A remote attacker could use this flaw to crash Firefox
or, potentially, execute arbitrary code as the user running Firefox.
(CVE-2009-1044)

For technical details regarding these flaws, refer to the Mozilla security
advisories. You can find a link to the Mozilla advisories in the References
section of this errata.

Firefox users should upgrade to these updated packages, which resolve these
issues. For Red Hat Enterprise Linux 4, they contain backported patches to
the firefox package. For Red Hat Enterprise Linux 5, they contain
backported patches to the xulrunner packages. After installing the update,
Firefox must be restarted for the changes to take effect.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

492211 - CVE-2009-1169 Firefox XSLT memory corruption issue
492212 - CVE-2009-1044 Firefox XUL garbage collection issue (cansecwest pwn2own)

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.0.7-3.el4.src.rpm

i386:
firefox-3.0.7-3.el4.i386.rpm
firefox-debuginfo-3.0.7-3.el4.i386.rpm

ia64:
firefox-3.0.7-3.el4.ia64.rpm
firefox-debuginfo-3.0.7-3.el4.ia64.rpm

ppc:
firefox-3.0.7-3.el4.ppc.rpm
firefox-debuginfo-3.0.7-3.el4.ppc.rpm

s390:
firefox-3.0.7-3.el4.s390.rpm
firefox-debuginfo-3.0.7-3.el4.s390.rpm

s390x:
firefox-3.0.7-3.el4.s390x.rpm
firefox-debuginfo-3.0.7-3.el4.s390x.rpm

x86_64:
firefox-3.0.7-3.el4.x86_64.rpm
firefox-debuginfo-3.0.7-3.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.0.7-3.el4.src.rpm

i386:
firefox-3.0.7-3.el4.i386.rpm
firefox-debuginfo-3.0.7-3.el4.i386.rpm

x86_64:
firefox-3.0.7-3.el4.x86_64.rpm
firefox-debuginfo-3.0.7-3.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.0.7-3.el4.src.rpm

i386:
firefox-3.0.7-3.el4.i386.rpm
firefox-debuginfo-3.0.7-3.el4.i386.rpm

ia64:
firefox-3.0.7-3.el4.ia64.rpm
firefox-debuginfo-3.0.7-3.el4.ia64.rpm

x86_64:
firefox-3.0.7-3.el4.x86_64.rpm
firefox-debuginfo-3.0.7-3.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.0.7-3.el4.src.rpm

i386:
firefox-3.0.7-3.el4.i386.rpm
firefox-debuginfo-3.0.7-3.el4.i386.rpm

ia64:
firefox-3.0.7-3.el4.ia64.rpm
firefox-debuginfo-3.0.7-3.el4.ia64.rpm

x86_64:
firefox-3.0.7-3.el4.x86_64.rpm
firefox-debuginfo-3.0.7-3.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.0.7-3.el5.src.rpm

i386:
xulrunner-1.9.0.7-3.el5.i386.rpm
xulrunner-debuginfo-1.9.0.7-3.el5.i386.rpm

x86_64:
xulrunner-1.9.0.7-3.el5.i386.rpm
xulrunner-1.9.0.7-3.el5.x86_64.rpm
xulrunner-debuginfo-1.9.0.7-3.el5.i386.rpm
xulrunner-debuginfo-1.9.0.7-3.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.0.7-3.el5.src.rpm

i386:
xulrunner-debuginfo-1.9.0.7-3.el5.i386.rpm
xulrunner-devel-1.9.0.7-3.el5.i386.rpm
xulrunner-devel-unstable-1.9.0.7-3.el5.i386.rpm

x86_64:
xulrunner-debuginfo-1.9.0.7-3.el5.i386.rpm
xulrunner-debuginfo-1.9.0.7-3.el5.x86_64.rpm
xulrunner-devel-1.9.0.7-3.el5.i386.rpm
xulrunner-devel-1.9.0.7-3.el5.x86_64.rpm
xulrunner-devel-unstable-1.9.0.7-3.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.0.7-3.el5.src.rpm

i386:
xulrunner-1.9.0.7-3.el5.i386.rpm
xulrunner-debuginfo-1.9.0.7-3.el5.i386.rpm
xulrunner-devel-1.9.0.7-3.el5.i386.rpm
xulrunner-devel-unstable-1.9.0.7-3.el5.i386.rpm

ia64:
xulrunner-1.9.0.7-3.el5.ia64.rpm
xulrunner-debuginfo-1.9.0.7-3.el5.ia64.rpm
xulrunner-devel-1.9.0.7-3.el5.ia64.rpm
xulrunner-devel-unstable-1.9.0.7-3.el5.ia64.rpm

ppc:
xulrunner-1.9.0.7-3.el5.ppc.rpm
xulrunner-1.9.0.7-3.el5.ppc64.rpm
xulrunner-debuginfo-1.9.0.7-3.el5.ppc.rpm
xulrunner-debuginfo-1.9.0.7-3.el5.ppc64.rpm
xulrunner-devel-1.9.0.7-3.el5.ppc.rpm
xulrunner-devel-1.9.0.7-3.el5.ppc64.rpm
xulrunner-devel-unstable-1.9.0.7-3.el5.ppc.rpm

s390x:
xulrunner-1.9.0.7-3.el5.s390.rpm
xulrunner-1.9.0.7-3.el5.s390x.rpm
xulrunner-debuginfo-1.9.0.7-3.el5.s390.rpm
xulrunner-debuginfo-1.9.0.7-3.el5.s390x.rpm
xulrunner-devel-1.9.0.7-3.el5.s390.rpm
xulrunner-devel-1.9.0.7-3.el5.s390x.rpm
xulrunner-devel-unstable-1.9.0.7-3.el5.s390x.rpm

x86_64:
xulrunner-1.9.0.7-3.el5.i386.rpm
xulrunner-1.9.0.7-3.el5.x86_64.rpm
xulrunner-debuginfo-1.9.0.7-3.el5.i386.rpm
xulrunner-debuginfo-1.9.0.7-3.el5.x86_64.rpm
xulrunner-devel-1.9.0.7-3.el5.i386.rpm
xulrunner-devel-1.9.0.7-3.el5.x86_64.rpm
xulrunner-devel-unstable-1.9.0.7-3.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1169
http://www.redhat.com/security/updates/classification/#critical
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.8

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2009 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFJzWMFXlSAg2UNWIIRAkRnAKCgDGbeypbrcwRS8mMYNE6vyHI1wgCgqy+W
0Ggdqk6FG/CXMksWHLRTlqU=
=1vxs
-----END PGP SIGNATURE-----
"


R&B singer Wayna arrested at Houston airport
(AP)

RHSA-2009:0341-01 Moderate: curl security update
RHSA-2009:0345-01 Moderate: ghostscript security update

RHSA-2009:0295-01 Moderate: net-snmp security update  

Posted by Daniela Mehler

"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: net-snmp security update
Advisory ID: RHSA-2009:0295-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0295.html
Issue date: 2009-03-26
CVE Names: CVE-2008-6123
=====================================================================

1. Summary:

Updated net-snmp packages that fix a security issue are now available for
Red Hat Enterprise Linux 3.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Description:

The Simple Network Management Protocol (SNMP) is a protocol used for
network management.

It was discovered that the snmpd daemon did not use TCP wrappers correctly,
causing network hosts access restrictions defined in "/etc/hosts.allow" and
"/etc/hosts.deny" to not be honored. A remote attacker could use this flaw
to bypass intended access restrictions. (CVE-2008-6123)

This issue only affected configurations where hosts.allow and hosts.deny
were used to limit access to the SNMP server. To obtain information from
the server, the attacker would have to successfully authenticate, usually
by providing a correct community string.

All net-snmp users should upgrade to these updated packages, which contain
a backported patch to correct this issue. After installing the update, the
snmpd and snmptrapd daemons will be restarted automatically.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

485211 - CVE-2008-6123 net-snmp: incorrect application of hosts access restrictions in hosts.{allow,deny}

6. Package List:

Red Hat Enterprise Linux AS version 3:

Source:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/net-snmp-5.0.9-2.30E.27.src.rpm

i386:
net-snmp-5.0.9-2.30E.27.i386.rpm
net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm
net-snmp-devel-5.0.9-2.30E.27.i386.rpm
net-snmp-libs-5.0.9-2.30E.27.i386.rpm
net-snmp-perl-5.0.9-2.30E.27.i386.rpm
net-snmp-utils-5.0.9-2.30E.27.i386.rpm

ia64:
net-snmp-5.0.9-2.30E.27.ia64.rpm
net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm
net-snmp-debuginfo-5.0.9-2.30E.27.ia64.rpm
net-snmp-devel-5.0.9-2.30E.27.ia64.rpm
net-snmp-libs-5.0.9-2.30E.27.i386.rpm
net-snmp-libs-5.0.9-2.30E.27.ia64.rpm
net-snmp-perl-5.0.9-2.30E.27.ia64.rpm
net-snmp-utils-5.0.9-2.30E.27.ia64.rpm

ppc:
net-snmp-5.0.9-2.30E.27.ppc.rpm
net-snmp-debuginfo-5.0.9-2.30E.27.ppc.rpm
net-snmp-debuginfo-5.0.9-2.30E.27.ppc64.rpm
net-snmp-devel-5.0.9-2.30E.27.ppc.rpm
net-snmp-libs-5.0.9-2.30E.27.ppc.rpm
net-snmp-libs-5.0.9-2.30E.27.ppc64.rpm
net-snmp-perl-5.0.9-2.30E.27.ppc.rpm
net-snmp-utils-5.0.9-2.30E.27.ppc.rpm

s390:
net-snmp-5.0.9-2.30E.27.s390.rpm
net-snmp-debuginfo-5.0.9-2.30E.27.s390.rpm
net-snmp-devel-5.0.9-2.30E.27.s390.rpm
net-snmp-libs-5.0.9-2.30E.27.s390.rpm
net-snmp-perl-5.0.9-2.30E.27.s390.rpm
net-snmp-utils-5.0.9-2.30E.27.s390.rpm

s390x:
net-snmp-5.0.9-2.30E.27.s390x.rpm
net-snmp-debuginfo-5.0.9-2.30E.27.s390.rpm
net-snmp-debuginfo-5.0.9-2.30E.27.s390x.rpm
net-snmp-devel-5.0.9-2.30E.27.s390x.rpm
net-snmp-libs-5.0.9-2.30E.27.s390.rpm
net-snmp-libs-5.0.9-2.30E.27.s390x.rpm
net-snmp-perl-5.0.9-2.30E.27.s390x.rpm
net-snmp-utils-5.0.9-2.30E.27.s390x.rpm

x86_64:
net-snmp-5.0.9-2.30E.27.x86_64.rpm
net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm
net-snmp-debuginfo-5.0.9-2.30E.27.x86_64.rpm
net-snmp-devel-5.0.9-2.30E.27.x86_64.rpm
net-snmp-libs-5.0.9-2.30E.27.i386.rpm
net-snmp-libs-5.0.9-2.30E.27.x86_64.rpm
net-snmp-perl-5.0.9-2.30E.27.x86_64.rpm
net-snmp-utils-5.0.9-2.30E.27.x86_64.rpm

Red Hat Desktop version 3:

Source:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/net-snmp-5.0.9-2.30E.27.src.rpm

i386:
net-snmp-5.0.9-2.30E.27.i386.rpm
net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm
net-snmp-devel-5.0.9-2.30E.27.i386.rpm
net-snmp-libs-5.0.9-2.30E.27.i386.rpm
net-snmp-perl-5.0.9-2.30E.27.i386.rpm
net-snmp-utils-5.0.9-2.30E.27.i386.rpm

x86_64:
net-snmp-5.0.9-2.30E.27.x86_64.rpm
net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm
net-snmp-debuginfo-5.0.9-2.30E.27.x86_64.rpm
net-snmp-devel-5.0.9-2.30E.27.x86_64.rpm
net-snmp-libs-5.0.9-2.30E.27.i386.rpm
net-snmp-libs-5.0.9-2.30E.27.x86_64.rpm
net-snmp-perl-5.0.9-2.30E.27.x86_64.rpm
net-snmp-utils-5.0.9-2.30E.27.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

Source:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/net-snmp-5.0.9-2.30E.27.src.rpm

i386:
net-snmp-5.0.9-2.30E.27.i386.rpm
net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm
net-snmp-devel-5.0.9-2.30E.27.i386.rpm
net-snmp-libs-5.0.9-2.30E.27.i386.rpm
net-snmp-perl-5.0.9-2.30E.27.i386.rpm
net-snmp-utils-5.0.9-2.30E.27.i386.rpm

ia64:
net-snmp-5.0.9-2.30E.27.ia64.rpm
net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm
net-snmp-debuginfo-5.0.9-2.30E.27.ia64.rpm
net-snmp-devel-5.0.9-2.30E.27.ia64.rpm
net-snmp-libs-5.0.9-2.30E.27.i386.rpm
net-snmp-libs-5.0.9-2.30E.27.ia64.rpm
net-snmp-perl-5.0.9-2.30E.27.ia64.rpm
net-snmp-utils-5.0.9-2.30E.27.ia64.rpm

x86_64:
net-snmp-5.0.9-2.30E.27.x86_64.rpm
net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm
net-snmp-debuginfo-5.0.9-2.30E.27.x86_64.rpm
net-snmp-devel-5.0.9-2.30E.27.x86_64.rpm
net-snmp-libs-5.0.9-2.30E.27.i386.rpm
net-snmp-libs-5.0.9-2.30E.27.x86_64.rpm
net-snmp-perl-5.0.9-2.30E.27.x86_64.rpm
net-snmp-utils-5.0.9-2.30E.27.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

Source:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/net-snmp-5.0.9-2.30E.27.src.rpm

i386:
net-snmp-5.0.9-2.30E.27.i386.rpm
net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm
net-snmp-devel-5.0.9-2.30E.27.i386.rpm
net-snmp-libs-5.0.9-2.30E.27.i386.rpm
net-snmp-perl-5.0.9-2.30E.27.i386.rpm
net-snmp-utils-5.0.9-2.30E.27.i386.rpm

ia64:
net-snmp-5.0.9-2.30E.27.ia64.rpm
net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm
net-snmp-debuginfo-5.0.9-2.30E.27.ia64.rpm
net-snmp-devel-5.0.9-2.30E.27.ia64.rpm
net-snmp-libs-5.0.9-2.30E.27.i386.rpm
net-snmp-libs-5.0.9-2.30E.27.ia64.rpm
net-snmp-perl-5.0.9-2.30E.27.ia64.rpm
net-snmp-utils-5.0.9-2.30E.27.ia64.rpm

x86_64:
net-snmp-5.0.9-2.30E.27.x86_64.rpm
net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm
net-snmp-debuginfo-5.0.9-2.30E.27.x86_64.rpm
net-snmp-devel-5.0.9-2.30E.27.x86_64.rpm
net-snmp-libs-5.0.9-2.30E.27.i386.rpm
net-snmp-libs-5.0.9-2.30E.27.x86_64.rpm
net-snmp-perl-5.0.9-2.30E.27.x86_64.rpm
net-snmp-utils-5.0.9-2.30E.27.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6123
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2009 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFJy6PZXlSAg2UNWIIRAkgFAJ4uz3aVNODn0YXeiidw45fuXTIM0ACgwRxG
OR2Eog4rwvYiNkPXeaJ5Pxo=
•oa
-----END PGP SIGNATURE-----
"


RHSA-2009:0341-01 Moderate: curl security update
R&B singer Wayna arrested at Houston airport
(AP)

RHSA-2009:0345-01 Moderate: ghostscript security update

DSA 1755-1: New systemtap packages fix local privilege escalation  

Posted by Daniela Mehler

"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1755-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
March 25, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : systemtap
Vulnerability : race condition
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2009-0784

Erik Sjoelund discovered that a race condition in the stap tool shipped
by Systemtap, an instrumentation system for Linux 2.6, allows local
privilege escalation for members of the stapusr group.

The old stable distribution (etch) isn't affected.

For the stable distribution (lenny), this problem has been fixed in
version 0.0.20080705-1+lenny1.

For the unstable distribution (sid), this problem has been fixed in
version 0.0.20090314-2.

We recommend that you upgrade your systemtap package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705.orig.tar.gz
Size/MD5 checksum: 880805 8f14c7b79561392e7ec91187ed09f3be
http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1.diff.gz
Size/MD5 checksum: 12603 b08a9943746e474ed2aa6ed4bc9fc438
http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1.dsc
Size/MD5 checksum: 1420 bfbaeb5d86bfd6876a04e562dc8c69ec

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1_amd64.deb
Size/MD5 checksum: 1250966 d8368769f30ecaa915839a1fc937899d

arm architecture (ARM)

http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1_arm.deb
Size/MD5 checksum: 1309852 7e006ca8bfa2bd36484bd25dda6dcb4c

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1_i386.deb
Size/MD5 checksum: 1249882 ed02a4eb92c671f18702b69df5ade6d5

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1_ia64.deb
Size/MD5 checksum: 1441448 7da28afa66b41d81322cf5614cb9af93

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1_powerpc.deb
Size/MD5 checksum: 1269934 3016e60eb5dbab1b617bf088d807489c

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1_s390.deb
Size/MD5 checksum: 1227546 9edb1baaa6a126a405674be0a9dcf12c


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAknKnv4ACgkQXm3vHE4uylrGJwCg0zjilkzsim8hlQlZbA66IYPM
o5wAoJh9K6qOLsHRa4CqwJ2eRiK40lkb
=UMKo
-----END PGP SIGNATURE-----
"


Another ‘American Idol’ contestant booted
(AP)

DSA 1741-1: New psi packages fix denial of service
R&B singer Wayna arrested at Houston airport
(AP)