[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 309/04 - Five Debian Security Advisories:



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 309/04 dated 21.06.04  Time: 15:35  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Five Debian Security Advisories: 

1. DSA 524-1 - New rlpr packages fix multiple vulnerabilities

2. DSA 523-1 - New www-sql packages fix buffer overflow

3. DSA 522-1 - New super packages fix format string vulnerability

4. DSA 521-1 - New sup packages fix format string vulnerabilities

5. DSA 516-1 - postgresql

Detail
====== 

1. jaguar@xxxxxxxxxxxxxxxx discovered a format string vulnerability in rlpr, a 
utility for lpd printing without using /etc/printcap.  While investigating this 
vulnerability, a buffer overflow was also discovered in related code.  By 
exploiting one of these vulnerabilities, a local or remote user could potentially 
cause arbitrary code to be executed with the privileges of 1) the rlprd process 
(remote), or 2) root (local).


2. Ulf Härnhammar discovered a buffer overflow vulnerability in www-sql, a CGI 
program which enables the creation of dynamic web pages by embedding SQL 
statements in HTML.  By exploiting this vulnerability, a local user could 
cause the execution of arbitrary code by creating a web page and processing 
it with www-sql.


3. Max Vozeler discovered a format string vulnerability in super, a program to 
allow specified users to execute commands with root privileges.  This 
vulnerability could potentially be exploited by a local user to execute 
arbitrary code with root privileges.


4. jaguar@xxxxxxxxxxxxxxxx discovered a format string vulnerability in sup, a set 
of programs to synchronize collections of files across a number of machines, 
whereby a remote attacker could potentially cause arbitrary code to be executed 
with the privileges of the supfilesrv process (this process does not run 
automatically by default).


5. A buffer overflow has been discovered in the ODBC driver of PostgreSQL, 
an object-relational SQL database, descended from POSTGRES.  It possible 
to exploit this problem and crash the surrounding application.  Hence, a 
PHP script using php4-odbc can be utilised to crash the surrounding Apache 
webserver.  Other parts of postgresql are not affected.





1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             

            ESB-2004.0425 -- Debian Security Advisory DSA 524-1
              New rlpr packages fix multiple vulnerabilities
                               21 June 2004

===========================================================================

        

Product:                rlpr
Publisher:              Debian
Operating System:       Debian GNU/Linux 3.0
                        Linux variants
Impact:                 Root Compromise
                        Execute Arbitrary Code/Commands
Access Required:        Remote
CVE Names:              CAN-2004-0393 CAN-2004-0454

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - --------------------------------------------------------------------------
Debian Security Advisory DSA 524-1                     security@xxxxxxxxxx
http://www.debian.org/security/                             Matt Zimmerman
June 19th, 2004                         http://www.debian.org/security/faq
- - - --------------------------------------------------------------------------

Package        : rlpr
Vulnerability  : several
Problem-Type   : local, remote
Debian-specific: no
CVE Ids        : CAN-2004-0393 CAN-2004-0454

jaguar@xxxxxxxxxxxxxxxx discovered a format string vulnerability in rlpr, a 
utility for lpd printing without using /etc/printcap.  While investigating this 
vulnerability, a buffer overflow was also discovered in related code.  By 
exploiting one of these vulnerabilities, a local or remote user could potentially 
cause arbitrary code to be executed with the privileges of 1) the rlprd process 
(remote), or 2) root (local).

CAN-2004-0393: format string vulnerability via syslog(3) in msg() function in rlpr

CAN-2004-0454: buffer overflow in msg() function in rlpr

For the current stable distribution (woody), this problem has been fixed in 
version 2.02-7woody1.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you update your rlpr package.

Upgrade Instructions
- - - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the footer to the proper 
configuration.

Debian GNU/Linux 3.0 alias woody
- - - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/r/rlpr/rlpr_2.02-7woody1.dsc
      Size/MD5 checksum:      520 4fc2b5e321d5dceba3dfc480c569bad5
    http://security.debian.org/pool/updates/main/r/rlpr/rlpr_2.02-7woody1.diff.gz
      Size/MD5 checksum:     4275 bf830077979ba42aaa9fd1befa86f148
    http://security.debian.org/pool/updates/main/r/rlpr/rlpr_2.02.orig.tar.gz
      Size/MD5 checksum:   152750 09b27ef3f67bc95fc5566d6c35025f58

  Alpha architecture:

    http://security.debian.org/pool/updates/main/r/rlpr/rlpr_2.02-7woody1_alpha.deb
      Size/MD5 checksum:    73504 3754865750b1a62370cb401dd44d7eab

  ARM architecture:

    http://security.debian.org/pool/updates/main/r/rlpr/rlpr_2.02-7woody1_arm.deb
      Size/MD5 checksum:    46202 8f7de308545d274e96e4fcf9a9e6fbea

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/r/rlpr/rlpr_2.02-7woody1_i386.deb
      Size/MD5 checksum:    55222 d373769fa727b8fb5881818a9a1b52f1

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/r/rlpr/rlpr_2.02-7woody1_ia64.deb
      Size/MD5 checksum:    90206 7991cf6c9c6364c89f4a4b53dc497099

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/r/rlpr/rlpr_2.02-7woody1_hppa.deb
      Size/MD5 checksum:    51230 1714b62af8cb81eda68a7c28ab5f9d39

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/r/rlpr/rlpr_2.02-7woody1_m68k.deb
      Size/MD5 checksum:    45764 519427c01fc7bd3ba274322ca631fb9b

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/r/rlpr/rlpr_2.02-7woody1_mips.deb
      Size/MD5 checksum:    65596 dba2dd1d4644fc646bc09033211e931d

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/r/rlpr/rlpr_2.02-7woody1_mipsel.deb
      Size/MD5 checksum:    65674 6e4d7d75b3fa624faa0310126a887eee

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/r/rlpr/rlpr_2.02-7woody1_powerpc.deb
      Size/MD5 checksum:    47308 fd192bbd137378a91e691b5c94de5cdd

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/r/rlpr/rlpr_2.02-7woody1_s390.deb
      Size/MD5 checksum:    46680 912f9256b9231463cc5dfcfe95a29284

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/r/rlpr/rlpr_2.02-7woody1_sparc.deb
      Size/MD5 checksum:    59614 e192f3a0517f9819ae7601775a40b490

  These files will probably be moved into the stable distribution on
  its next revision.

- - - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: 
ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: 
debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA1O8BArxCt0PiXR4RAsX0AJ0dQfNKM8Vq7Spv7XnRFAVQI16p0wCg2IdO
xfG9TDLWEUj+UrE/GKMtM2M=
=2JxA
- - -----END PGP SIGNATURE-----

- - --------------------------END INCLUDED TEXT--------------------


iQCVAwUBQNZg1Sh9+71yA2DNAQLtwwP+JZ2naD0rgEtrmrqOljB1xvmRYGdwsZex
l3d79nU9SaaRAaqNPNYtekiA5puzlEXZrkAz/c3flTpdNiMlT+9GCzmcT4f8q9mn
Uxd9ZpAeOz9XXCNVCBECAmyR87zzi2haBVCvV0qPv+/mJ03RzQ1oCjfyzYcgHegs
8jl/qA+JIhQ=
=im5r
- -----END PGP SIGNATURE-----



2.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             

            ESB-2004.0424 -- Debian Security Advisory DSA 523-1
                 New www-sql packages fix buffer overflow
                               21 June 2004

===========================================================================

        

Product:                www-sql
Publisher:              Debian
Operating System:       Debian GNU/Linux 3.0
                        Linux variants
Impact:                 Execute Arbitrary Code/Commands
Access Required:        Existing Account
CVE Names:              CAN-2004-0455

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - --------------------------------------------------------------------------
Debian Security Advisory DSA 523-1                     security@xxxxxxxxxx
http://www.debian.org/security/                             Matt Zimmerman
June 19th, 2004                         http://www.debian.org/security/faq
- - - --------------------------------------------------------------------------

Package        : www-sql
Vulnerability  : buffer overflow
Problem-Type   : local
Debian-specific: no
CVE Ids        : CAN-2004-0455

Ulf Härnhammar discovered a buffer overflow vulnerability in www-sql, a CGI 
program which enables the creation of dynamic web pages by embedding SQL 
statements in HTML.  By exploiting this vulnerability, a local user could 
cause the execution of arbitrary code by creating a web page and processing 
it with www-sql.

For the current stable distribution (woody), this problem has been fixed in 
version 0.5.7-17woody1.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you update your www-sql package.

Upgrade Instructions
- - - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the footer to the proper 
configuration.

Debian GNU/Linux 3.0 alias woody
- - - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/w/www-sql/www-sql_0.5.7-17woody1.dsc
      Size/MD5 checksum:      623 830be25aad38186b4178ce5ff424d796
    http://security.debian.org/pool/updates/main/w/www-sql/www-sql_0.5.7-17woody1.diff.gz
      Size/MD5 checksum:     5651 17f259d168cb7d620c125d5d7cc3a311
    http://security.debian.org/pool/updates/main/w/www-sql/www-sql_0.5.7.orig.tar.gz
      Size/MD5 checksum:   144332 96aaae705c711c4af723c6646a48c301

  Alpha architecture:

    http://security.debian.org/pool/updates/main/w/www-sql/www-mysql_0.5.7-17woody1_alpha.deb
      Size/MD5 checksum:    47508 453ee924cde1a11376a4502995670e8e
    http://security.debian.org/pool/updates/main/w/www-sql/www-pgsql_0.5.7-17woody1_alpha.deb
      Size/MD5 checksum:    48472 e1652f6b7d2454a7e1288874821a09e1

  ARM architecture:

    http://security.debian.org/pool/updates/main/w/www-sql/www-mysql_0.5.7-17woody1_arm.deb
      Size/MD5 checksum:    42002 4254ca5e05d673c1d73c4f9ed73ed126
    http://security.debian.org/pool/updates/main/w/www-sql/www-pgsql_0.5.7-17woody1_arm.deb
      Size/MD5 checksum:    42338 404e674c59182c200b9693d80289b752

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/w/www-sql/www-mysql_0.5.7-17woody1_i386.deb
      Size/MD5 checksum:    41446 28de214d36809a8ed88484d65a290619
    http://security.debian.org/pool/updates/main/w/www-sql/www-pgsql_0.5.7-17woody1_i386.deb
      Size/MD5 checksum:    41798 3cdd4a39f99a88b4ee868c7be8e051fc

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/w/www-sql/www-mysql_0.5.7-17woody1_ia64.deb
      Size/MD5 checksum:    53050 8d8caceeb1843afef110dba1f94f91bb
    http://security.debian.org/pool/updates/main/w/www-sql/www-pgsql_0.5.7-17woody1_ia64.deb
      Size/MD5 checksum:    53524 b5e42ce7363e4617fe88a05fc1dd048e

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/w/www-sql/www-mysql_0.5.7-17woody1_hppa.deb
      Size/MD5 checksum:    45330 a0da3671f82ebd5c4dac0ff894463021
    http://security.debian.org/pool/updates/main/w/www-sql/www-pgsql_0.5.7-17woody1_hppa.deb
      Size/MD5 checksum:    45796 6729114cc8e92fa1b278ccf619370f50

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/w/www-sql/www-mysql_0.5.7-17woody1_m68k.deb
      Size/MD5 checksum:    40222 0af8912f6629243e49f71b520c9522c1
    http://security.debian.org/pool/updates/main/w/www-sql/www-pgsql_0.5.7-17woody1_m68k.deb
      Size/MD5 checksum:    40542 edb269316ec27e7f73bb801e0bb74c00

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/w/www-sql/www-mysql_0.5.7-17woody1_mips.deb
      Size/MD5 checksum:    45190 eba2210f7bbfb019d7a4dacb40e69460
    http://security.debian.org/pool/updates/main/w/www-sql/www-pgsql_0.5.7-17woody1_mips.deb
      Size/MD5 checksum:    45438 ee92959d93a961dcd431a7b917677aef

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/w/www-sql/www-mysql_0.5.7-17woody1_mipsel.deb
      Size/MD5 checksum:    45154 409d7105da9c8ad1f6058d5ac9afa3e1
    http://security.debian.org/pool/updates/main/w/www-sql/www-pgsql_0.5.7-17woody1_mipsel.deb
      Size/MD5 checksum:    45396 3c546d9fb0bd4a8e9d7cf49170548025

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/w/www-sql/www-mysql_0.5.7-17woody1_powerpc.deb
      Size/MD5 checksum:    43308 c28b6434bd49223dad7d0b66dfcadc2b
    http://security.debian.org/pool/updates/main/w/www-sql/www-pgsql_0.5.7-17woody1_powerpc.deb
      Size/MD5 checksum:    43590 99ac9c623aeca76c3ff11c5396dc0cd6

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/w/www-sql/www-mysql_0.5.7-17woody1_s390.deb
      Size/MD5 checksum:    41964 39051246d47b4f0aee9f329127d0d399
    http://security.debian.org/pool/updates/main/w/www-sql/www-pgsql_0.5.7-17woody1_s390.deb
      Size/MD5 checksum:    42342 00527844efabda772352978219f3f0bc

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/w/www-sql/www-mysql_0.5.7-17woody1_sparc.deb
      Size/MD5 checksum:    45352 5efc0ca0ae8903745c0a432be05d177e
    http://security.debian.org/pool/updates/main/w/www-sql/www-pgsql_0.5.7-17woody1_sparc.deb
      Size/MD5 checksum:    43040 daa363e35825f94fa0d6717da3f163ad

  These files will probably be moved into the stable distribution on
  its next revision.

- - - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: 
ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: 
debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA1OzFArxCt0PiXR4RAhwiAKCRhBE8VfScoBJk+J1OhRveYPxYbACgg71z
izBhTCmVsU9W8wjVxWtIVCI=
=iTBr
- - -----END PGP SIGNATURE-----

- - --------------------------END INCLUDED TEXT--------------------


iQCVAwUBQNZgSih9+71yA2DNAQKVKQP+OZoZrfOnqWnaZb4F6HrpHHWT7EBm4soZ
NBTUTTA6j2GdKGrYbRSsqTI99+ohJwB4mS2bdfoPUIvWG2fhh/KBuP0jhDIIgQp2
+f5LnxXubaPqojMBYtdY/2HPkUu39wC6m8mvfwN1RpS9TnW6pv0ofRfe//sz1HXA
OjUby4PsZ9E=
=1neV
- -----END PGP SIGNATURE-----



3.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             
            ESB-2004.0423 -- Debian Security Advisory DSA 522-1
            New super packages fix format string vulnerability
                               21 June 2004

===========================================================================

        

Product:                super
Publisher:              Debian
Operating System:       Debian GNU/Linux 3.0
                        Linux variants
Impact:                 Root Compromise
Access Required:        Existing Account
CVE Names:              CAN-2004-0579

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - --------------------------------------------------------------------------
Debian Security Advisory DSA 522-1                     security@xxxxxxxxxx
http://www.debian.org/security/                             Matt Zimmerman
June 19th, 2004                         http://www.debian.org/security/faq
- - - --------------------------------------------------------------------------

Package        : super
Vulnerability  : format string
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2004-0579

Max Vozeler discovered a format string vulnerability in super, a program to 
allow specified users to execute commands with root privileges.  This 
vulnerability could potentially be exploited by a local user to execute 
arbitrary code with root privileges.

For the current stable distribution (woody), this problem has been fixed 
in version 3.16.1-1.2.

For the unstable distribution (sid), this problem will has been fixed 
in version 3.23.0-1.

We recommend that you update your super package.

Upgrade Instructions
- - - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- - - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2.dsc
      Size/MD5 checksum:      575 cac1a056bb9e19b1338819fc4b88562c
    http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2.diff.gz
      Size/MD5 checksum:    10032 99656fad8f5c309f26a02e2ef55d7358
    http://security.debian.org/pool/updates/main/s/super/super_3.16.1.orig.tar.gz
      Size/MD5 checksum:   192062 cc868b2fc2b44c47d86da314a11acf0b

  Alpha architecture:

    http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_alpha.deb
      Size/MD5 checksum:   126800 06b6c023404345b2cf744dda440ffa05

  ARM architecture:

    http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_arm.deb
      Size/MD5 checksum:   115492 89f02438278dfb1c01d93d47be991d7a

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_i386.deb
      Size/MD5 checksum:   110300 357228adad26cd42db7f25c1634d8808

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_ia64.deb
      Size/MD5 checksum:   144430 2d72df2a9ec7322272e0c5966b0e5b7c

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_hppa.deb
      Size/MD5 checksum:   124062 50ed0d3bc17633b2dcf01007ee7e035c

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_m68k.deb
      Size/MD5 checksum:   108254 9cedd2b84c59a6666f7b8942ebde0597

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_mips.deb
      Size/MD5 checksum:   120728 a7ccfd46184977221d8fd0b1ec0ef7e5

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_mipsel.deb
      Size/MD5 checksum:   121174 77a234a605b57758fdbded86a533ce7f

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_powerpc.deb
      Size/MD5 checksum:   116772 c190e00530ae034c0036a28b70cec5bd

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_s390.deb
      Size/MD5 checksum:   114678 04d5d44dc5298d141851bb3ca939c5ea

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_sparc.deb
      Size/MD5 checksum:   117518 5f5437d7e2879a1ead1916ee7d9453db

  These files will probably be moved into the stable distribution on
  its next revision.

- - - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: 
ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: 
debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA0/vbArxCt0PiXR4RAsS3AJ0V1lW0QYN9YBE8xuG/y2hgwQgnWACgwP8r
uDdnL36hNIK+eZKBK0M8xRU=
=y9ry
- - -----END PGP SIGNATURE-----

- - --------------------------END INCLUDED TEXT--------------------


iQCVAwUBQNZEiCh9+71yA2DNAQJ9ewQAiD58+1YEXTzvLk6Qz3Ym/WzfSTD3aw9f
8DIOUMSlRmoh+0zKqou8vaUdBFQ1i7z2Ahl3nTt1T2amzCmYmIdiJvmuQg0mn786
kGJYofiwTDzuLX/cX4o2xblqMRMJWy0l8a0ia+tZ8EHvi2RlumT9BLZZyFVfLZ+Q
+gKq735qVNU=
=9vbG
- -----END PGP SIGNATURE-----



4.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             
            ESB-2004.0422 -- Debian Security Advisory DSA 521-1
            New sup packages fix format string vulnerabilities
                               21 June 2004

===========================================================================

        

Product:                sup
Publisher:              Debian
Operating System:       Debian GNU/Linux 3.0
                        Linux variants
Impact:                 Execute Arbitrary Code/Commands
Access Required:        Remote
CVE Names:              CAN-2004-0451

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - --------------------------------------------------------------------------
Debian Security Advisory DSA 521-1                     security@xxxxxxxxxx
http://www.debian.org/security/                             Matt Zimmerman
June 18th, 2004                         http://www.debian.org/security/faq
- - - --------------------------------------------------------------------------

Package        : sup
Vulnerability  : format string
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2004-0451

jaguar@xxxxxxxxxxxxxxxx discovered a format string vulnerability in sup, a set 
of programs to synchronize collections of files across a number of machines, 
whereby a remote attacker could potentially cause arbitrary code to be executed 
with the privileges of the supfilesrv process (this process does not run 
automatically by default).

CAN-2004-0451: format string vulnerabilities in sup via syslog(3) in logquit, logerr, 
loginfo functions

For the current stable distribution (woody), this problem has been fixed in version 1.8-8woody2.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you update your sup package.

Upgrade Instructions
- - - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as 
given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the footer to the 
proper configuration.

Debian GNU/Linux 3.0 alias woody
- - - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody2.dsc
      Size/MD5 checksum:      538 f5817f83647a677ec6781c9d55843307
    http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody2.diff.gz
      Size/MD5 checksum:     6859 7b9cf999b1fb2c7662024ceb0c498039
    http://security.debian.org/pool/updates/main/s/sup/sup_1.8.orig.tar.gz
      Size/MD5 checksum:   111165 76371f01340ce62cd71687349c5aa27e

  Alpha architecture:

    http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody2_alpha.deb
      Size/MD5 checksum:   103714 62123f3b8178825af23107d24c843bd1

  ARM architecture:

    http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody2_arm.deb
      Size/MD5 checksum:    82756 a866d4f3b3fdbdb86e2db7ba745ea480

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody2_i386.deb
      Size/MD5 checksum:    82624 580ca0b977cc27212c4e7778b435d4f3

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody2_ia64.deb
      Size/MD5 checksum:   127664 cf7db9e24bbf333da16343bcdc5e9e82

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody2_hppa.deb
      Size/MD5 checksum:    94516 371292e2eaec3f04d49c8b29cb6e82ed

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody2_m68k.deb
      Size/MD5 checksum:    76454 4144ec09078326ba8e3facc6bef0e3b8

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody2_mips.deb
      Size/MD5 checksum:    96814 c7e843b2ac5573c792c8c45910717f07

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody2_mipsel.deb
      Size/MD5 checksum:    96452 c0558b55bce77470e1d9d52b515d39e1

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody2_powerpc.deb
      Size/MD5 checksum:    85246 06e0683ba5c24a406a02b131304a6e6f

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody2_s390.deb
      Size/MD5 checksum:    84656 b1e6f251fc3a22eb43d9bbd3044828bc

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody2_sparc.deb
      Size/MD5 checksum:    89948 b8965ae16901df1eb9eb64faa8169d39

  These files will probably be moved into the stable distribution on
  its next revision.

- - - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: 
ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: 
debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA07eRArxCt0PiXR4RArlSAJ4iW4GblVHLWXwzearT+H4mGQcg/gCgiViY
A2Pf/3Y9xupsEwnFSH+Cr5w=
=yjyQ
- - -----END PGP SIGNATURE-----



5.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 516-1                     security@xxxxxxxxxx
http://www.debian.org/security/                             Martin Schulze
June 7th, 2004                          http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : postgresql
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
Debian Bug     : 247306

A buffer overflow has been discovered in the ODBC driver of PostgreSQL, an 
object-relational SQL database, descended from POSTGRES.  It possible to 
exploit this problem and crash the surrounding application.  Hence, a PHP 
script using php4-odbc can be utilised to crash the surrounding Apache 
webserver.  Other parts of postgresql are not affected.

For the stable distribution (woody) this problem has been fixed in 
version 7.2.1-2woody5.

For the unstable distribution (sid) this problem has been fixed in 
version 07.03.0200-3.

We recommend that you upgrade your postgresql and related package.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list
as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the footer 
to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5.dsc
      Size/MD5 checksum:      966 5368a43179ff119d6f3672f682b04509
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5.diff.gz
      Size/MD5 checksum:   119120 7d29337cef51b081628d3cd04faa7cb7
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1.orig.tar.gz
      Size/MD5 checksum:  9237680 d075e9c49135899645dff57bc58d6233

  Architecture independent components:

    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-doc_7.2.1-2woody5_all.deb
      Size/MD5 checksum:  2069080 d9ddbbc2c098d0c78a738954a52e523b

  Alpha architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_alpha.deb
      Size/MD5 checksum:    34192 b2369d209179d36e571e766de1c4debf
    http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_alpha.deb
      Size/MD5 checksum:    68246 1f3ed9f2ae78a6e2f78c9172468cbb00
    http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_alpha.deb
      Size/MD5 checksum:    77486 45b4c9858e434f7498e06861c31244ee
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_alpha.deb
      Size/MD5 checksum:    67192 86069f65ea21ac186b095e5b39ee617c
    http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_alpha.deb
      Size/MD5 checksum:   290676 0302910a2a30ccf1b025d599afc67d73
    http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_alpha.deb
      Size/MD5 checksum:   424930 450f68f0e2431ab84407d13d4135a654
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_alpha.deb
      Size/MD5 checksum:  1816756 0f3a5117737c7b524fc1225625e9edf8
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_alpha.deb
      Size/MD5 checksum:   319386 93d92c5baddf51443a442742e81fe80e
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_alpha.deb
      Size/MD5 checksum:   387022 afe210d301c0dc068cd139471dad0065
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_alpha.deb
      Size/MD5 checksum:   539998 227f24b4270a896b22eabda5e6d7cc36
    http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_alpha.deb
      Size/MD5 checksum:    64816 7d98b12889dc8321c66fa0ee5124ee69

  ARM architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_arm.deb
      Size/MD5 checksum:    31348 4330dc495f966421871537aa10d4e07c
    http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_arm.deb
      Size/MD5 checksum:    64346 8a64191cd13adb62611bb9857b4f53da
    http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_arm.deb
      Size/MD5 checksum:    65206 b2024d757f86f18a0e185e3867d1fff9
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_arm.deb
      Size/MD5 checksum:    57410 b50b60d6afb66faa215f2fa2ef62392f
    http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_arm.deb
      Size/MD5 checksum:   233770 0e5b396f4c2a69c505b2e590aaf428fc
    http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_arm.deb
      Size/MD5 checksum:   425100 04af51b56fa997228f31051a2603db1d
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_arm.deb
      Size/MD5 checksum:  1599718 4db2ed86401a501cb580540318bbf118
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_arm.deb
      Size/MD5 checksum:   285080 7d048275487b2a24449d68c5b42aaff8
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_arm.deb
      Size/MD5 checksum:   340576 60aa01340e65d6bb4ff6011a830ec523
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_arm.deb
      Size/MD5 checksum:   510608 9fefe99929d22bebd27d3e92136a3e53
    http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_arm.deb
      Size/MD5 checksum:    62132 1808a3bab6f020f07058c3fc8b6bfcb1

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_i386.deb
      Size/MD5 checksum:    30404 248ae4c61f0324a48e5920474ed3aab1
    http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_i386.deb
      Size/MD5 checksum:    61100 dbcd9960dc7f123ef7490cb699fa3cab
    http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_i386.deb
      Size/MD5 checksum:    65720 2abea5f9d2e57e56ec91005a95fc5ec4
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_i386.deb
      Size/MD5 checksum:    54286 433390125e665a2df05b1982aaff3c7f
    http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_i386.deb
      Size/MD5 checksum:   201594 969d21dec60b328d287e870b173f2987
    http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_i386.deb
      Size/MD5 checksum:   426000 b07264cca3f22fd5da6bb65a9d65004c
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_i386.deb
      Size/MD5 checksum:  1553782 8aa11e24f7500fecaf3d78c10cdd8c32
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_i386.deb
      Size/MD5 checksum:   280964 b044073939a17327d1439bf8a67751b7
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_i386.deb
      Size/MD5 checksum:   327910 839d3a4c73f59ba0253dd6c26a576923
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_i386.deb
      Size/MD5 checksum:   497702 32bf7129d31765938340cc734fc4ac8d
    http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_i386.deb
      Size/MD5 checksum:    61228 0a473f8d08f517aaf24cd7a7707cd9a1

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_ia64.deb
      Size/MD5 checksum:    39104 2e2b49ceab6f75c4eafe1803ea1f2d41
    http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_ia64.deb
      Size/MD5 checksum:    76822 3077ee626e5557c99a25664ad9138be5
    http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_ia64.deb
      Size/MD5 checksum:    90292 c990bcfba32cba098cc789543d17861a
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_ia64.deb
      Size/MD5 checksum:    76758 b6c0b4e857fd76d167b5d17f6b83166e
    http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_ia64.deb
      Size/MD5 checksum:   332852 add9f1038e2d5bb8981651a0058f453d
    http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_ia64.deb
      Size/MD5 checksum:   424908 ae897f7d9d7ba643e33ce626dc791a01
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_ia64.deb
      Size/MD5 checksum:  2092092 8dc3c51bf3106bd2bc97b6c094161740
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_ia64.deb
      Size/MD5 checksum:   363118 c724d865d91d8eea9de654b031a0c8de
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_ia64.deb
      Size/MD5 checksum:   434310 a4bea3a76278ae871a454fa25689d81f
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_ia64.deb
      Size/MD5 checksum:   554748 a0fbdf37d7b1012838a48de6afb22b48
    http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_ia64.deb
      Size/MD5 checksum:    70668 21f8914238251c13af225121cecd97d2

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_hppa.deb
      Size/MD5 checksum:    33580 2f0bd2c4b52e5af66422ce5efdeeb530
    http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_hppa.deb
      Size/MD5 checksum:    70262 a9bd3a46360200a6554f95dbaa7ff94c
    http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_hppa.deb
      Size/MD5 checksum:    76664 f84f7f4e08d1ed05a1af78d47682d802
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_hppa.deb
      Size/MD5 checksum:    65402 ac8daf782c12df66f42e68a0d753ddf7
    http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_hppa.deb
      Size/MD5 checksum:   254342 1410ba2d32628cfbaf3d87c3be389e1d
    http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_hppa.deb
      Size/MD5 checksum:   425062 b81a0c52857b657f75613163d56a0502
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_hppa.deb
      Size/MD5 checksum:  1826206 a65d21521c62acbd68aac0d4c6f7fbba
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_hppa.deb
      Size/MD5 checksum:   304346 22627ab09d6bc312971e1642da7552e5
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_hppa.deb
      Size/MD5 checksum:   371684 a21fac74c5f94b8d287677c7f29ebfb0
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_hppa.deb
      Size/MD5 checksum:   523818 937cbc718d73fbeb411d65ac61dfb124
    http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_hppa.deb
      Size/MD5 checksum:    65812 e4eaa35bf81244d341ab822f954e9d39

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_m68k.deb
      Size/MD5 checksum:    30256 da48d662aa603a9fffeb1c36ab3b7c99
    http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_m68k.deb
      Size/MD5 checksum:    62712 e9cbbc8c5cf456f323c5a9260c8e4f55
    http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_m68k.deb
      Size/MD5 checksum:    65332 c35d2ead6b95f78eb0e673d024ab7e4f
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_m68k.deb
      Size/MD5 checksum:    54466 24c3dd0e488ff1d6fe70543be4199935
    http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_m68k.deb
      Size/MD5 checksum:   187146 b390b1e9d80cfb06bc90a3bcd9c8e236
    http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_m68k.deb
      Size/MD5 checksum:   425308 26fac921fb9eb5f7c5a52efa55bce6a6
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_m68k.deb
      Size/MD5 checksum:  1583270 df4df8f522732d6c43f1df0accba8112
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_m68k.deb
      Size/MD5 checksum:   269616 201a4493f8af1585a989e8ed82a51cc0
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_m68k.deb
      Size/MD5 checksum:   324886 6e51a169b7d0ec74fdeff2c5886dba3b
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_m68k.deb
      Size/MD5 checksum:   489934 cec341af75ef2d1174fcacb8431162fe
    http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_m68k.deb
      Size/MD5 checksum:    61980 21450725c887e01dba071bf77ff5aa4e

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_mips.deb
      Size/MD5 checksum:    30704 759c796a562de2a1e8fc07e2cf3ab7a3
    http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_mips.deb
      Size/MD5 checksum:    58678 f1837f55b5f0e3c4690d361b3cc6feaf
    http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_mips.deb
      Size/MD5 checksum:    64962 7d9369a781be6da40c64443dad4ddf5d
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_mips.deb
      Size/MD5 checksum:    58808 7ddf87b5711ae7d5f5df2bd9d22a72f4
    http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_mips.deb
      Size/MD5 checksum:   237014 7628c60ea1540d4cc49ba1352fefe032
    http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_mips.deb
      Size/MD5 checksum:   425154 7aedb457149df2687557604f687ef3bb
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_mips.deb
      Size/MD5 checksum:  1750210 87a24511e8b6a800e94098c267646baf
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_mips.deb
      Size/MD5 checksum:   293826 68f239dd9e644050a538be7747003af0
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_mips.deb
      Size/MD5 checksum:   343488 259bbf09e18c121ac36d7b7f6ef01b11
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_mips.deb
      Size/MD5 checksum:   515110 309ffc15e3a8d4453b7a663b52b22a34
    http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_mips.deb
      Size/MD5 checksum:    61258 72e323d3c8486b05cc920c837dfce965

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_mipsel.deb
      Size/MD5 checksum:    30712 07fdf57e04f07c4be76c35c7eaa4318d
    http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_mipsel.deb
      Size/MD5 checksum:    58414 b9ccbf0ae3a14e18aaf58d52238c1428
    http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_mipsel.deb
      Size/MD5 checksum:    64562 9252ed661fa295ae4ace327c89c8860f
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_mipsel.deb
      Size/MD5 checksum:    58746 7d22971774224ccc80d2a90090730c71
    http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_mipsel.deb
      Size/MD5 checksum:   237420 dbf5b222cc119f5b1395f295705e24d4
    http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_mipsel.deb
      Size/MD5 checksum:   425054 825a11f0a8bcc5dd829d3ac9fb777f17
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_mipsel.deb
      Size/MD5 checksum:  1661924 887104f5498e665a77bce68ecd7b81b2
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_mipsel.deb
      Size/MD5 checksum:   294144 e9de313201d193fbc84a2a145c17b310
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_mipsel.deb
      Size/MD5 checksum:   343198 50bfbe9f2d9fa899376584fd9dbc58c9
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_mipsel.deb
      Size/MD5 checksum:   512400 42967a1b4e9838a2e98b145c44d4f9da
    http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_mipsel.deb
      Size/MD5 checksum:    61198 8bda41a7df1117e3d871eaaadb9aaee4

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_powerpc.deb
      Size/MD5 checksum:    32076 f53e4cf4d47c3d7a8c3f8bb383222ae9
    http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_powerpc.deb
      Size/MD5 checksum:    69222 8b3b4f71252d43554d444a5a39618a7f
    http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_powerpc.deb
      Size/MD5 checksum:    67172 7246ce0c589597f5d4fc57b1e9297bb4
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_powerpc.deb
      Size/MD5 checksum:    56684 2c39270493a80d024109a594ebe849fa
    http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_powerpc.deb
      Size/MD5 checksum:   242572 9490b8269b40c555d76b9445752cc959
    http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_powerpc.deb
      Size/MD5 checksum:   424950 2a43fe0f1d932f084f761028fde72ba2
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_powerpc.deb
      Size/MD5 checksum:  1700774 af8f179e744defbcb2de0fe820e7b8c3
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_powerpc.deb
      Size/MD5 checksum:   288166 0c5e7ed8e40b0b4d1bbd8b6f18f1027a
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_powerpc.deb
      Size/MD5 checksum:   341534 91883697118d6cc4035dc3cf5aa1db5d
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_powerpc.deb
      Size/MD5 checksum:   510736 3cfb7c7072aaa6795ad806493d08d95d
    http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_powerpc.deb
      Size/MD5 checksum:    62072 82466754f9e268f557d3032de3966639

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_s390.deb
      Size/MD5 checksum:    30996 6f0af43311b27669c6619a22aa7bc315
    http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_s390.deb
      Size/MD5 checksum:    63556 646076aec41162cf302628bdebdd5438
    http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_s390.deb
      Size/MD5 checksum:    67832 d5e1fa058beef9ce7d1ae263ea8352b7
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_s390.deb
      Size/MD5 checksum:    55966 8f3ef06a43e799f64b956c7f213f85c3
    http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_s390.deb
      Size/MD5 checksum:   214586 5be949e0a602da5b9bacdcb38e8bb11d
    http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_s390.deb
      Size/MD5 checksum:   424912 73c6ab2d0370393155bdbcced10ac410
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_s390.deb
      Size/MD5 checksum:  1668794 1df52e99999735073594818a9de79d7e
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_s390.deb
      Size/MD5 checksum:   283922 dc742847f189ea2e7c98df80166bdc74
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_s390.deb
      Size/MD5 checksum:   346534 4cda6a813c032484d2e2475958c25557
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_s390.deb
      Size/MD5 checksum:   501780 09cfb180ef32d9d9d74ed6d9d2d6e2bc
    http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_s390.deb
      Size/MD5 checksum:    62584 3f100448c8878c19bb25c7535eadb927

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_sparc.deb
      Size/MD5 checksum:    30666 5dbd7896cbab66c6baa924b7a8d19db4
    http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_sparc.deb
      Size/MD5 checksum:    64384 4138202014e9adb5a3437d43af8c4489
    http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_sparc.deb
      Size/MD5 checksum:    67914 bdae3180c820e7d086d67352a58525aa
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_sparc.deb
      Size/MD5 checksum:    54776 d3fe7fb157e567c06d92077969d247c4
    http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_sparc.deb
      Size/MD5 checksum:   232342 01bbde0036b1a633f3e0e7eb6efbf507
    http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_sparc.deb
      Size/MD5 checksum:   424956 24a3c01b545b17d10ebc36eb08729784
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_sparc.deb
      Size/MD5 checksum:  1671358 a2aa1d755dca60aa056bbe18bd9049d8
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_sparc.deb
      Size/MD5 checksum:   288574 e1152b9f142201d901bd847ff6f316c1
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_sparc.deb
      Size/MD5 checksum:   370862 a529b352731287162f738fbca8f46fbb
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_sparc.deb
      Size/MD5 checksum:   501866 5e1788307a029b0f1629d971810c83e4
    http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_sparc.deb
      Size/MD5 checksum:    62130 cb92d1b4bdf8f9eef11a01ab85182253


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: 
ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: 
debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAw/COW5ql+IAeqTIRAodyAJ9AXByZxO2B7X17bJH7ybdUPjrU3ACeONId
zPdhrwu8gF9mE/zUIas7Puw=
=o8VU
- -----END PGP SIGNATURE-----


- - --------------------------END INCLUDED TEXT--------------------


iQCVAwUBQNZDoSh9+71yA2DNAQLcnwP9FFF0M10wd002HkfhxLvcMFf0gQI/Wlct
2JEuuo3KnFenDvooZrC1ekGRqjb4Gquclgri6VOEouPIgQ/9N6IxEMKYXunh2Ka4
1k6kiyErJ6o5SgU0dE38cM1gCzrMNiZaXclSZJtV23gdaT9KfniqhSSXZboH5mKf
2qzHl0ZmThU=
=+xC/
- -----END PGP SIGNATURE-----
- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 20 7821 1330 Ext 4511
Fax: +44 (0) 20 7821 1686

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 20 7821 1330 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Debian for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQNbwS4pao72zK539AQFPugP/W2v5wNwsLtVs6IxcJXT/Jw98prBuaUaK
a+3Y8DXvKxDIolC2KCG9TGMMbYUu1CYR8ZuE1g35wUMeeUreqZ88yA1Lm4rVflwQ
FHJ1F2Za1K7T0aUV3Ggj0TNIO6P04utZwSuL0xOxG6zSfXTcOvMsT+bS4VQ/7Hra
6TkqN2aaIc8=
=5fno
-----END PGP SIGNATURE-----