[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 305/06 - Four Debian Security Advisory:



-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 305/06 dated 24.04.06  Time: 13:45  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Four Debian Security Advisory: 

1. DSA 1037-1 - New zgv packages fix arbitrary code execution                  

2. DSA 1038-1 - New xzgv packages fix arbitrary code execution

3. DSA 1039-1 - New blender packages fix several vulnerabilities

4. DSA 1040-1 - New gdm packages fix local root exploit

Detail
====== 

1. Andrea Barisani discovered that zgv, an svgalib graphics viewer,
attempts to decode JPEG images within the CMYK/YCCK colour space
incorrectly, which could lead to the execution of arbitrary code.

2. Andrea Barisani discovered that xzgv, a picture viewer for X with a
thumbnail-based selector, attempts to decode JPEG images within the
CMYK/YCCK colour space incorrectly, which could lead to the execution
of arbitrary code.

3. Several vulnerabilities have been discoverd in in blender, a very fast
and versatile 3D modeller/renderer.  

4. A vulnerability has been identified in gdm, a display manager for X,
that could allow a local attacker to gain elevated privileges by
exploiting a race condition in the handling of the .ICEauthority file.



1.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1037-1                    security@xxxxxxxxxx
http://www.debian.org/security/                             Martin Schulze
April 21st, 2006                        http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : zgv
Vulnerability  : programming error
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2006-1060

Andrea Barisani discovered that zgv, an svgalib graphics viewer,
attempts to decode JPEG images within the CMYK/YCCK colour space
incorrectly, which could lead to the execution of arbitrary code.

For the old stable distribution (woody) this problem has been fixed in
version 5.5-3woody3.

For the stable distribution (sarge) this problem has been fixed in
version 5.7-1.4.

For the unstable distribution (sid) this problem has been fixed soon.


We recommend that you upgrade your zgv package.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/z/zgv/zgv_5.5-3woody3.dsc
      Size/MD5 checksum:      603 17ee0337d957181e091a5ab098cab68f
    http://security.debian.org/pool/updates/main/z/zgv/zgv_5.5-3woody3.diff.gz
      Size/MD5 checksum:     9037 fdf06ee05dda8d8804e41c77e9061e75
    http://security.debian.org/pool/updates/main/z/zgv/zgv_5.5.orig.tar.gz
      Size/MD5 checksum:   329235 629386a4df72f6ec007319bf12db1374

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/z/zgv/zgv_5.5-3woody3_i386.deb
      Size/MD5 checksum:   211964 bfb2b46ca2d2009f2577c7ee88fe3693


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/z/zgv/zgv_5.7-1.4.dsc
      Size/MD5 checksum:      604 2ca8cd8b405de9c7e63f047878292b77
    http://security.debian.org/pool/updates/main/z/zgv/zgv_5.7-1.4.diff.gz
      Size/MD5 checksum:    10353 f904838cdc843ca9928f416a5195bc4a
    http://security.debian.org/pool/updates/main/z/zgv/zgv_5.7.orig.tar.gz
      Size/MD5 checksum:   384977 50f0127c250b6efe9c5f8850b96f3841

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/z/zgv/zgv_5.7-1.4_i386.deb
      Size/MD5 checksum:   227920 9666a9563aee30e0a5123c6e8c9fa682


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFESP83W5ql+IAeqTIRAplRAJ9AmglUWMrD9l2qyBYEEegQhqnRsgCfUu6F
r3eHS3gfYiJLpq8pGLwCFeA=
=PECh
- -----END PGP SIGNATURE-----



2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1038-1                    security@xxxxxxxxxx
http://www.debian.org/security/                             Martin Schulze
April 22nd, 2006                        http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : xzgv
Vulnerability  : programming error
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2006-1060

Andrea Barisani discovered that xzgv, a picture viewer for X with a
thumbnail-based selector, attempts to decode JPEG images within the
CMYK/YCCK colour space incorrectly, which could lead to the execution
of arbitrary code.

For the old stable distribution (woody) this problem has been fixed in
version 0.7-6woody3.

For the stable distribution (sarge) this problem has been fixed in
version 0.8-3sarge1.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your xzgv package.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3.dsc
      Size/MD5 checksum:      581 1a95ff78280e98e448b19807e6dacd14
    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3.diff.gz
      Size/MD5 checksum:     7188 3af533cd6791a61c35cac448cdf7bd86
    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7.orig.tar.gz
      Size/MD5 checksum:   296814 9a376cc01cf486a2a8901fbc8b040d29

  Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_alpha.deb
      Size/MD5 checksum:   199802 8d2c31ecea7c0821a463930a795e4363

  ARM architecture:

    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_arm.deb
      Size/MD5 checksum:   187280 3e9a89fcb5bca1c3b0cd5afa88b0a628

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_i386.deb
      Size/MD5 checksum:   185464 60cc2843ea8611650074c3b6247c9a68

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_ia64.deb
      Size/MD5 checksum:   220106 81b23a2fef7ea3c0d1e45d531494acce

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_hppa.deb
      Size/MD5 checksum:   195672 de3c3a653cee6c8a810554179e07dc22

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_m68k.deb
      Size/MD5 checksum:   181774 8a51dbe9d11e85c1a50831c2035c1a0d

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_mips.deb
      Size/MD5 checksum:   188680 10ff84344193db70d24e438f48554fc6

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_mipsel.deb
      Size/MD5 checksum:   187718 5ba8e5fa9b7e2b54cb1f11f867431ee5

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_powerpc.deb
      Size/MD5 checksum:   189770 909d2af6f68d5d7c49ecbacd2b187293

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_s390.deb
      Size/MD5 checksum:   189282 22d9c8dad8cf2a577fca2a208e9ed745

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_sparc.deb
      Size/MD5 checksum:   189208 5daa878f409a61f2ea519ac8d1ca5730


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1.dsc
      Size/MD5 checksum:      642 ae7ee0519ba25087b0dbd809a5a1db43
    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1.diff.gz
      Size/MD5 checksum:     8762 2f40bca80610715c3a48c7cd68733cc4
    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8.orig.tar.gz
      Size/MD5 checksum:   302801 e392277f1447076402df2e3d9e782cb2

  Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_alpha.deb
      Size/MD5 checksum:   210012 6938839b55f3a36a3732a9743ae1a7df

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_amd64.deb
      Size/MD5 checksum:   201782 6b4d5abca89ec0dd92e2f34dd21a51e8

  ARM architecture:

    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_arm.deb
      Size/MD5 checksum:   194364 a80549d3f3f2e05ad37b45ff087d19c6

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_i386.deb
      Size/MD5 checksum:   195816 69b8d384068d9fc7061997c63bd3075e

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_ia64.deb
      Size/MD5 checksum:   223934 eb187eba5a5aa8bada015cab8d50bde1

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_hppa.deb
      Size/MD5 checksum:   202856 931a992b298cc192afcd164f2c379148

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_m68k.deb
      Size/MD5 checksum:   189288 61005b854fabb24ee582d66644e39e73

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_mips.deb
      Size/MD5 checksum:   196818 a3ccaeb5207c03483ab2073134afff84

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_mipsel.deb
      Size/MD5 checksum:   195800 7d63b90f48fda8dc6004ebd65f2b280c

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_powerpc.deb
      Size/MD5 checksum:   198764 ad327072b62b9901450585abd7d687a0

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_s390.deb
      Size/MD5 checksum:   200516 4a1a716179571f70adb1fa1685b374a6

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_sparc.deb
      Size/MD5 checksum:   195544 cc23e85b70d38954c3d0e92cc209e2dc


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFESengW5ql+IAeqTIRAvQoAJ4zsax+2KVU1gLhcgWanTI3P7/qBgCaA5x0
JI7zwCVH/xWBKS4iJZICtT8=
=utK/
- -----END PGP SIGNATURE-----


3.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1039-1                    security@xxxxxxxxxx
http://www.debian.org/security/                             Martin Schulze
April 24th, 2006                        http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : blender
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2005-3302 CVE-2005-4470
BugTraq ID     : 15981
Debian Bugs    : 330895 344398

Several vulnerabilities have been discoverd in in blender, a very fast
and versatile 3D modeller/renderer.  The Common Vulnerability and
Exposures Project identifies the following problems:

CVE-2005-3302

    Joxean Koret discovered that due to missing input validation a
    provides script is vulnerable to arbitrary command execution.

CVE-2005-4470

    Damian Put discovered a buffer overflow that allows remote
    attackers to cause a denial of service and possibly execute
    arbitrary code.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 2.36-1sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 2.40-1.

We recommend that you upgrade your blender package.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1.dsc
      Size/MD5 checksum:      748 8d4a7880a3b1c0d1c2c2b7d67b1111c7
    http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1.diff.gz
      Size/MD5 checksum:    13747 1731a5fd58dfbf6eacb4f2760be9dd27
    http://security.debian.org/pool/updates/main/b/blender/blender_2.36.orig.tar.gz
      Size/MD5 checksum:  6912828 8e2237c86b12e6061935632495aec875

  Alpha architecture:

    http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_alpha.deb
      Size/MD5 checksum:  4827460 180eeefd1123722e7c4aa0a43cf47eeb

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_amd64.deb
      Size/MD5 checksum:  4118980 be9328fd278159f218a25763553e92be

  ARM architecture:

    http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_arm.deb
      Size/MD5 checksum:  4089822 07513b5818e448697bfbc6b1bed51873

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_i386.deb
      Size/MD5 checksum:  4142046 a263f52ac839648cee6e870b3d7e451e

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_ia64.deb
      Size/MD5 checksum:  5684932 db0b5c13cd696115958e2efb528f1eed

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_hppa.deb
      Size/MD5 checksum:  4600312 c2241dbd8f88fbbf7ccdc164193dab60

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_m68k.deb
      Size/MD5 checksum:  3655228 8728fcd27b3fb0c9bc7c1a9eaf417bd0

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_mips.deb
      Size/MD5 checksum:  4310726 37dd5199543e5a9a20fae6abff093dc2

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_mipsel.deb
      Size/MD5 checksum:  4303728 21f55618f8ee45ed18c848ebb3707dab

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_powerpc.deb
      Size/MD5 checksum:  4173870 1c2dc631d155be939696e67b1f8b2416

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_s390.deb
      Size/MD5 checksum:  3977484 0b7f82038c3f61280c42c337188cfd47

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_sparc.deb
      Size/MD5 checksum:  3940052 b64ac521aaa356b54f6a162f6c10bc4f


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFETHBjW5ql+IAeqTIRAjD0AJ0aw0dhczTrG83pHZZ8UIKkFIs5SACdEyPg
/e6K5MGNuBieUdOEyluD1s4=
=LJME
- -----END PGP SIGNATURE-----


4.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1040-1                    security@xxxxxxxxxx
http://www.debian.org/security/                             Martin Schulze
April 24th, 2006                        http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : gdm
Vulnerability  : programming error
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2006-1057
BugTraq ID     : 17635

A vulnerability has been identified in gdm, a display manager for X,
that could allow a local attacker to gain elevated privileges by
exploiting a race condition in the handling of the .ICEauthority file.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 2.6.0.8-1sarge2.

For the unstable distribution (sid) this problem will be fixed in
version 2.14.1-1.

We recommend that you upgrade your gdm package.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2.dsc
      Size/MD5 checksum:      732 5e615263c621f3166eab26233249934b
    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2.diff.gz
      Size/MD5 checksum:   258548 323d831f75f4a784b754ee4d6902120f
    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8.orig.tar.gz
      Size/MD5 checksum:  5619049 1417d176925a4a24c465c043df7b6a39

  Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_alpha.deb
      Size/MD5 checksum:  3243636 3641c4ee397d6f70fa15b439da1ca29d

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_amd64.deb
      Size/MD5 checksum:  3178276 03057b54637e652dd37f98bf94e3b575

  ARM architecture:

    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_arm.deb
      Size/MD5 checksum:  3124804 beb9189cf49420259a51210c1864cc08

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_i386.deb
      Size/MD5 checksum:  3144008 36c7dfed8ab7ece8d5b75fa720c6120d

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_ia64.deb
      Size/MD5 checksum:  3328900 c6b11ef8670cb3f63d946e0779d65c3f

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_hppa.deb
      Size/MD5 checksum:  3185510 486b1377061ad3655a34d17abc9ece23

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_m68k.deb
      Size/MD5 checksum:  3115464 a002336849c45be8d7a70630a9dbe714

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_mips.deb
      Size/MD5 checksum:  3155474 dea4b0e6dbb2b1a4ac0b5a90e9a93035

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_mipsel.deb
      Size/MD5 checksum:  3147934 19dc1118fec157e9ae4f7e40418a7cbb

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_powerpc.deb
      Size/MD5 checksum:  3172026 611508441a9bcd7df2bb3ac486a20da4

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_s390.deb
      Size/MD5 checksum:  3185506 f03786d134fda10cfb7ce9c6b4e13044

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_sparc.deb
      Size/MD5 checksum:  3137658 ea03ac108174033db47559465da66184


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFETHh4W5ql+IAeqTIRAmlPAJsGzMzVdLIzP+TIAApv2KwGk5DvewCfXvkY
/IIixfg//EnflyUYGFnj/4E=
=T3U7
- -----END PGP SIGNATURE-----




- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Debian for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the site of the
original source to ensure that you receive the most current information concerning 
that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQCVAwUBREzI0opao72zK539AQGNRQP/aakLbCmAZD8+UdlfHw02xzxroYlr4deY
vNg/2LUEzOFRSlMVn5ynfV62AIOGdQsIzQ4ZyRNf8PWg5JFkPegq5B5zIlg3mnzS
s4HsHtLW4LI0YhIEjSSAXLnCy4QXvdSd+MJlAGOGUiy7TUEdv9Z/ODTvBrwH0K8y
/Q40FbeChxc=
=+6Vx
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________