|
|
|
|
|
|
|
|
|
 Posted: Sun Aug 02, 2009 8:28 pm
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1848-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
August 02, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : znc
Vulnerability : directory traversal
Problem type : remote
Debian-specific: no
Debian Bug : 537977
It was discovered that znc, an IRC proxy, did not properly process
certain DCC requests, allowing attackers to upload arbitrary files.
For the old stable distribution (etch), this problem has been fixed in
version 0.045-3+etch3.
For the stable distribution (lenny), this problem has been fixed in
version 0.058-2+lenny3.
For the unstable distribution (sid), this problem has been fixed in
version 0.074-1.
We recommend that you upgrade your znc package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3.dsc
Size/MD5 checksum: 667 933a585b14d230df9dd1a8b6ee5ad4b6
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3.diff.gz
Size/MD5 checksum: 14501 330d9e4ac7894dbfec53bf9cf1e52660
http://security.debian.org/pool/updates/main/z/znc/znc_0.045.orig.tar.gz
Size/MD5 checksum: 204863 9a514b125b7514811fd03befa73cce77
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_alpha.deb
Size/MD5 checksum: 863536 a49fb4cba67de68d20b9da2cd8867362
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_amd64.deb
Size/MD5 checksum: 794176 ed5f4fe35ce0a2550aa16a423e100065
arm architecture (ARM)
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_arm.deb
Size/MD5 checksum: 906432 f49d4961b57febdbc184146bbc0aca2f
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_hppa.deb
Size/MD5 checksum: 860972 659a6b3b95f80220b8c55fc54c7c1657
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_i386.deb
Size/MD5 checksum: 811820 e2ed63396c2813e5e8a064ab5b4ac646
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_ia64.deb
Size/MD5 checksum: 963774 37187a7fb2cc43d51e8112330311334a
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_mips.deb
Size/MD5 checksum: 716040 9f206ba9ef54ff3658bbf62c5ec448b5
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_mipsel.deb
Size/MD5 checksum: 714202 272cbc77e814fb6ef155e0cd33a1fcbe
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_powerpc.deb
Size/MD5 checksum: 793154 84bb601bf6ebf409fbca63545b37c123
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_s390.deb
Size/MD5 checksum: 735198 67f86f69500e96461d1cea10fead09a9
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_sparc.deb
Size/MD5 checksum: 751090 1a0088824517b4f542e9589febc25536
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3.dsc
Size/MD5 checksum: 1037 93fe1b9b7bd7aeebd7b3e0c3854a477f
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3.diff.gz
Size/MD5 checksum: 9628 6fd05e2dbb8e6796dcc647bd79e9d1a0
http://security.debian.org/pool/updates/main/z/znc/znc_0.058.orig.tar.gz
Size/MD5 checksum: 340741 c02fd740c55d5b3a7912f7584344103e
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_alpha.deb
Size/MD5 checksum: 1096456 18a4159f41d3b931b31f98b84d2fb269
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_amd64.deb
Size/MD5 checksum: 1031744 bc265fa88c9bb707b67e757b63ed5853
arm architecture (ARM)
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_arm.deb
Size/MD5 checksum: 1152106 dbf436ac4085fa58d3d51c6f9b642c16
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_armel.deb
Size/MD5 checksum: 964084 fe6c30329c2deb11d40875b8642d3127
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_hppa.deb
Size/MD5 checksum: 1164842 cf1a064e2ece7df88b9d4b9370811d8b
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_i386.deb
Size/MD5 checksum: 1010412 654653749e84562db775a6dfd1ca3ebd
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_ia64.deb
Size/MD5 checksum: 1183120 31579bc427d4cf4f941b3aea648740d2
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_mips.deb
Size/MD5 checksum: 915526 a94198400fd7832802260953d8f10acb
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_mipsel.deb
Size/MD5 checksum: 907738 b794ceddef5b50eb6ecad8b16aaff23b
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_powerpc.deb
Size/MD5 checksum: 1035914 3176e289856565c20528b779b5dd5b65
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_s390.deb
Size/MD5 checksum: 971812 b51b7e7bb2d2b26ac7619a2db5274def
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_sparc.deb
Size/MD5 checksum: 1003518 681f3ddd6b61aaae7329b3835d926978
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
|
 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Sun Aug 02, 2009 8:29 pm
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1849-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
August 02, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : xml-security-c
Vulnerability : design flaw
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2009-0217
CERT advisory : VU#466161
It was discovered that the W3C XML Signature recommendation contains a
protocol-level vulnerability related to HMAC output truncation. This
update implements the proposed workaround in the C++ version of the
Apache implementation of this standard, xml-security-c, by preventing
truncation to output strings shorter than 80 bits or half of the
original HMAC output, whichever is greater.
For the old stable distribution (etch), this problem has been fixed in
version 1.2.1-3+etch1.
For the stable distribution (lenny), this problem has been fixed in
version 1.4.0-3+lenny2.
For the unstable distribution (sid), this problem has been fixed in
version 1.4.0-4.
We recommend that you upgrade your xml-security-c packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/x/xml-security-c/xml-security-c_1.2.1.orig.tar.gz
Size/MD5 checksum: 2560698 c8cfd893e0d13c08e6cdffc1b02d431c
http://security.debian.org/pool/updates/main/x/xml-security-c/xml-security-c_1.2.1-3+etch1.diff.gz
Size/MD5 checksum: 9397 eee96ead16c0fe740d1e323bde905830
http://security.debian.org/pool/updates/main/x/xml-security-c/xml-security-c_1.2.1-3+etch1.dsc
Size/MD5 checksum: 798 7c376bd95337c43d4de11ea3a75a24f5
Architecture independent packages:
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-doc_1.2.1-3+etch1_all.deb
Size/MD5 checksum: 1845748 ee0ffa05b1b60925e38f3fca562a08eb
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_alpha.deb
Size/MD5 checksum: 119938 d31ec89d90362667221233b6296e4cb0
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_alpha.deb
Size/MD5 checksum: 312956 b2ad9dd61644639f572f4e1bcb00965d
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_amd64.deb
Size/MD5 checksum: 291372 9c218c654a24213f98ba3222d8337f7a
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_amd64.deb
Size/MD5 checksum: 119084 020bfb03a4736b0478d645510d86953f
arm architecture (ARM)
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_arm.deb
Size/MD5 checksum: 304896 b6c3dcda88a74d359218f220deaea2b5
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_arm.deb
Size/MD5 checksum: 120304 cd7487c6c571d6e0a002e3a2cd59e05e
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_hppa.deb
Size/MD5 checksum: 121356 f138d0eecdb09e5d06760fcb897332a8
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_hppa.deb
Size/MD5 checksum: 361032 f70bcaf5d4b9868fee5477c5e4681dab
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_i386.deb
Size/MD5 checksum: 293276 18d5996d062d21bd6af815c80bda5b1a
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_i386.deb
Size/MD5 checksum: 120864 b2a8f94634550d36369326943ed53baf
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_ia64.deb
Size/MD5 checksum: 119930 c3ceb9e692852962d25e708016a7a434
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_ia64.deb
Size/MD5 checksum: 350184 f15bfec431e30ada442c43be1f5a91ff
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_mips.deb
Size/MD5 checksum: 119942 bae859241d611a240ae5b9249f120f38
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_mips.deb
Size/MD5 checksum: 276032 7d5d2977f75703715df6f2adca648793
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_mipsel.deb
Size/MD5 checksum: 119946 e1f515b9ba927eba7545f1f70d8c8d64
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_mipsel.deb
Size/MD5 checksum: 266602 f498800151d86f9094b5cbefd1b7ad96
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_powerpc.deb
Size/MD5 checksum: 119950 2601f8c882c496450ef12932d946e4cd
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_powerpc.deb
Size/MD5 checksum: 295310 cfe7e0e8a0cc973f1d31b7c5e626b3fd
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_s390.deb
Size/MD5 checksum: 119926 e22f0b7723656aa4d290e0115d68de10
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_s390.deb
Size/MD5 checksum: 292112 326eff9008b42bc0a31e728a0a8bc610
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_sparc.deb
Size/MD5 checksum: 119836 c9f19d8e98ab76ea89b41e46b11d7036
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_sparc.deb
Size/MD5 checksum: 298112 bbbf2e5caba79d70ac1e90022bb6a9fb
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/x/xml-security-c/xml-security-c_1.4.0.orig.tar.gz
Size/MD5 checksum: 934876 dd9accf6727eb008dbf1dd674d5d4dcc
http://security.debian.org/pool/updates/main/x/xml-security-c/xml-security-c_1.4.0-3+lenny2.dsc
Size/MD5 checksum: 1378 f29c4e9daf89733b4f5351b6832d30d1
http://security.debian.org/pool/updates/main/x/xml-security-c/xml-security-c_1.4.0-3+lenny2.diff.gz
Size/MD5 checksum: 6299 f9c531ccd6d81f8cdf1c3e1a14452ce9
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_alpha.deb
Size/MD5 checksum: 403536 2be5f3c78a7d136343f41db631f35dbf
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_alpha.deb
Size/MD5 checksum: 137174 3083a6152fe3503df12bded2d585bbac
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_amd64.deb
Size/MD5 checksum: 137140 cfda58e00bc0e4d0c0659bae97e8b618
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_amd64.deb
Size/MD5 checksum: 373934 df07b72b5b4c62e047771bacdb5362db
arm architecture (ARM)
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_arm.deb
Size/MD5 checksum: 378166 d4b08d9ad7c4376d8365e77058007110
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_arm.deb
Size/MD5 checksum: 138626 92c35b8c5f7e224d55f4b0d0430f616d
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_armel.deb
Size/MD5 checksum: 305848 aacf870726bf8ab6ec17aaf7b0cdcfdf
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_armel.deb
Size/MD5 checksum: 140072 625c396cf269bf753511744d84e63182
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_hppa.deb
Size/MD5 checksum: 140120 c42442f8a13b412e76c26be15018452e
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_hppa.deb
Size/MD5 checksum: 417920 7d37c2e4a92bbf6d00a6a66e0bf79ec0
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_i386.deb
Size/MD5 checksum: 367904 5119c1cff8e8ca5a1e0378d6a7a993c6
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_i386.deb
Size/MD5 checksum: 139746 7ac6a75066e66941c015836bf249d2d5
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_ia64.deb
Size/MD5 checksum: 137162 ae3815bb28e9f541c6d465fa02ccb3ca
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_ia64.deb
Size/MD5 checksum: 443176 ab99f41436d699969a99e10c9b302fb5
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_mips.deb
Size/MD5 checksum: 137212 5f80e137ea0990adafcb95780c8ac40e
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_mips.deb
Size/MD5 checksum: 317060 e1cfbea0ebd764a7aa0cd3e036451ba3
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_mipsel.deb
Size/MD5 checksum: 137210 800e1daa075a066a3eddaf0d70109396
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_mipsel.deb
Size/MD5 checksum: 307406 b1a81ab15d51331594a012128626381d
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_powerpc.deb
Size/MD5 checksum: 139754 290d64a32f56eb8c937c0f980545dc92
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_powerpc.deb
Size/MD5 checksum: 394974 0a743cf7c858f323e2218782164ebd88
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_s390.deb
Size/MD5 checksum: 354552 a533a33dcde0fcfa971044b7937e6fde
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_s390.deb
Size/MD5 checksum: 137140 19a74b4629a160c17a16e1bd68d0d12e
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_sparc.deb
Size/MD5 checksum: 361628 d35cd24bf41aedd439497e3bf6427466
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_sparc.deb
Size/MD5 checksum: 139732 b88f0bb712cc35216fa05ae433f916d0
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Reply
