[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 310/06 - Two Debian Security Advisories:



-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 310/06 dated 26.04.06  Time: 13:45  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Two Debian Security Advisories:

1. DSA 1042-1 - New Cyrus SASL packages fix denial of service                  

2. DSA 1043-1 - New abcmidi packages fix arbitrary code execution

Detail
====== 

1. The Mu Security research team discovered a denial of service condition
in the Simple Authentication and Security Layer authentication library
(SASL) during DIGEST-MD5 negotiation.  This potentially affects
multiple products that use SASL DIGEST-MD5 authentication including
OpenLDAP, Sendmail, Postfix, etc.

2. Erik Sjölund discovered that abcmidi-yaps, a translator for ABC music
description files into PostScript, does not check the boundaries when
reading in ABC music files resulting in buffer overflows.



1.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1042-1                    security@xxxxxxxxxx
http://www.debian.org/security/                             Martin Schulze
April 25th, 2006                        http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : cyrus-sasl2
Vulnerability  : programming error
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2006-1721
BugTraq ID     : 17446
Debian Bug     : 361937

The Mu Security research team discovered a denial of service condition
in the Simple Authentication and Security Layer authentication library
(SASL) during DIGEST-MD5 negotiation.  This potentially affects
multiple products that use SASL DIGEST-MD5 authentication including
OpenLDAP, Sendmail, Postfix, etc.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 2.1.19-1.5sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 2.1.19.dfsg1-0.2.

We recommend that you upgrade your cyrus-sasl2 packages.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.5sarge1.dsc
      Size/MD5 checksum:     1120 ec157beb1833036fd69e1d4ce8fda6fe
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.5sarge1.diff.gz
      Size/MD5 checksum:    31691 e0b3e61f2e6c67b580280b52f68bc2c5
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19.orig.tar.gz
      Size/MD5 checksum:  1531667 670f9a0c0a99cf09d679cd5c859a3715

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5sarge1_alpha.deb
      Size/MD5 checksum:   277710 84af7feeb9a25d866b9f3d8fe72da959
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5sarge1_alpha.deb
      Size/MD5 checksum:   302280 ba5941366cae17028869a4d61a11ecd7
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5sarge1_alpha.deb
      Size/MD5 checksum:   218568 34fc9ff869fd10e3017516e61a9fb576
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5sarge1_alpha.deb
      Size/MD5 checksum:    62528 d1ab909a0132fa1c809c8f18ea9e2e13
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5sarge1_alpha.deb
      Size/MD5 checksum:    63634 83ff3877993d77444a5c19f1f34eafc8
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5sarge1_alpha.deb
      Size/MD5 checksum:    59818 93906682632e07771cd3e534dd4a9596
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5sarge1_alpha.deb
      Size/MD5 checksum:   128948 8b5d55da1d3ce970b074809c1022c577

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5sarge1_amd64.deb
      Size/MD5 checksum:   264912 a58a7a16b08d0b7c1123b337a9f50e9a
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5sarge1_amd64.deb
      Size/MD5 checksum:   258922 03d3660a31f00a448a95f265c5c376f7
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5sarge1_amd64.deb
      Size/MD5 checksum:   171340 772cf2196a1f1c10e4ab655c3db75e75
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5sarge1_amd64.deb
      Size/MD5 checksum:    54642 6a8d8844d3fdf4ed907037efe423b6cb
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5sarge1_amd64.deb
      Size/MD5 checksum:    54304 71fb9d1f3cad979bb3e752d8e57c616a
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5sarge1_amd64.deb
      Size/MD5 checksum:    52636 9cb4860537835b99c8869f4623e7be49
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5sarge1_amd64.deb
      Size/MD5 checksum:   117754 8477190f7629a53205de940133af7b2c

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5sarge1_arm.deb
      Size/MD5 checksum:   259912 782d897e4b30330b8a74b78d5c6ea3aa
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5sarge1_arm.deb
      Size/MD5 checksum:   258648 16aa2003619e2a98f92b04ad23de6853
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5sarge1_arm.deb
      Size/MD5 checksum:   159558 a2ac42639f3169d322a72946ad9102f3
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5sarge1_arm.deb
      Size/MD5 checksum:    54000 2b343e405b32e22a62aa78393c1b512e
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5sarge1_arm.deb
      Size/MD5 checksum:    52874 b478eeba34a49707c6fad085d969e7b0
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5sarge1_arm.deb
      Size/MD5 checksum:    51706 f6db6f3f11bd8dc8ebc222098b477a6d
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5sarge1_arm.deb
      Size/MD5 checksum:   112084 1444944cf0446dff17da9e5fa0ef56c3

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5sarge1_i386.deb
      Size/MD5 checksum:   259876 e6cc8a7e3239915675309e5008f35ec5
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5sarge1_i386.deb
      Size/MD5 checksum:   246848 f2fbaa545347aed2508037f88a4c8385
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5sarge1_i386.deb
      Size/MD5 checksum:   156428 ec8ee01062efdfa84743e3bb02cbf00b
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5sarge1_i386.deb
      Size/MD5 checksum:    53460 30d9172803255a24c1a4878aed1bbf9d
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5sarge1_i386.deb
      Size/MD5 checksum:    53120 1330bd6ab5dce0296ce7cc7dc4b71aa5
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5sarge1_i386.deb
      Size/MD5 checksum:    52480 2e65f736d78e55fc2339a6d3d7e6043c
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5sarge1_i386.deb
      Size/MD5 checksum:   113298 7400189677cd72b56bf906af823ea6b8

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5sarge1_ia64.deb
      Size/MD5 checksum:   297716 cc67d33162283258095da9f0865fe831
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5sarge1_ia64.deb
      Size/MD5 checksum:   319142 c4205ec75d76125ea7c8457207d030c0
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5sarge1_ia64.deb
      Size/MD5 checksum:   242876 109fdc9c9c894bf79ec8cd378013cf8d
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5sarge1_ia64.deb
      Size/MD5 checksum:    68280 8029fcdb3edc6dd81f3276e9b05c468f
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5sarge1_ia64.deb
      Size/MD5 checksum:    67812 274b3e33684a5640d7a62b59a8b82d0f
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5sarge1_ia64.deb
      Size/MD5 checksum:    64588 6f842207609383ff9dda5b2e38d3d876
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5sarge1_ia64.deb
      Size/MD5 checksum:   148398 2873994829bd42aeb5a09c70a47674a8

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5sarge1_hppa.deb
      Size/MD5 checksum:   273092 a04179c5abd2e520bd89a4c5fa92ab66
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5sarge1_hppa.deb
      Size/MD5 checksum:   276150 d6969caaf5f5779176c18e1506274700
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5sarge1_hppa.deb
      Size/MD5 checksum:   210004 5c638798cada3e9b628d208f2540b324
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5sarge1_hppa.deb
      Size/MD5 checksum:    57982 9f63d82d6a4777a2b059180c59186088
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5sarge1_hppa.deb
      Size/MD5 checksum:    58550 e003bd74957cb63d75699b629ba7c7e8
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5sarge1_hppa.deb
      Size/MD5 checksum:    57712 00b705982c0120c499e2e41907b19686
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5sarge1_hppa.deb
      Size/MD5 checksum:   123150 49876b6d9cf76097550f5cb4c9f98929

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5sarge1_m68k.deb
      Size/MD5 checksum:   253136 8792dba22eff19a881e50fc598591da2
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5sarge1_m68k.deb
      Size/MD5 checksum:   233110 d40c27b5e6e217af4d4f574d4159d269
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5sarge1_m68k.deb
      Size/MD5 checksum:   136948 127d83955edf6bc6d0021793c51509c9
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5sarge1_m68k.deb
      Size/MD5 checksum:    49722 1c1ca1cf2fd22e3b978d0873b525f1c6
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5sarge1_m68k.deb
      Size/MD5 checksum:    49512 a4161f57dcae5367beed0f6ed3c25dae
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5sarge1_m68k.deb
      Size/MD5 checksum:    48492 5f0f98cf3a81760e86a962399ae4d400
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5sarge1_m68k.deb
      Size/MD5 checksum:   105356 88d4210937fc6e1cad69ba61d3226692

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5sarge1_mips.deb
      Size/MD5 checksum:   260692 6fa8695720aaf000c5a74a1adbf9778a
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5sarge1_mips.deb
      Size/MD5 checksum:   269286 38cd6e18e4d7032d437c6e8c925ece5d
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5sarge1_mips.deb
      Size/MD5 checksum:   177830 087c0f90f9a70d9dda0e9a7c2471b99b
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5sarge1_mips.deb
      Size/MD5 checksum:    54234 cd2fb0855c15fcde65e9e294a8976a02
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5sarge1_mips.deb
      Size/MD5 checksum:    54886 8cfdd62413109cabb844f82236dd7331
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5sarge1_mips.deb
      Size/MD5 checksum:    52196 1fb746ebe9b2bec536b9846b0ddbc33a
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5sarge1_mips.deb
      Size/MD5 checksum:   126510 e4c7cf5e55459ff8e932e111b058fa28

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5sarge1_mipsel.deb
      Size/MD5 checksum:   260896 6918916804f2d1929b41f036358c290a
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5sarge1_mipsel.deb
      Size/MD5 checksum:   269964 23ee3aad5c0c2ae2f805a79289645283
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5sarge1_mipsel.deb
      Size/MD5 checksum:   178528 154e370f6faa5240d8c5e2d65c0fa5af
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5sarge1_mipsel.deb
      Size/MD5 checksum:    54442 d15b320f606ab631bc6ab6f556ddcbf1
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5sarge1_mipsel.deb
      Size/MD5 checksum:    55226 d7f0ced272892edbb34a13805780a035
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5sarge1_mipsel.deb
      Size/MD5 checksum:    52292 0b8ba7760913edfc221ae7f5935be561
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5sarge1_mipsel.deb
      Size/MD5 checksum:   126764 c39c40a4d4f69424764643da39453ac9

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5sarge1_powerpc.deb
      Size/MD5 checksum:   268216 9609635685078bfa80040a0842db0765
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5sarge1_powerpc.deb
      Size/MD5 checksum:   265048 a2c9327865d0ecfc4d579f2bc2f1c89e
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5sarge1_powerpc.deb
      Size/MD5 checksum:   194576 9942e421d09779f23ae98d005d5ce144
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5sarge1_powerpc.deb
      Size/MD5 checksum:    56322 c118f3ef8f781722ab7e5d4a3a30a26c
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5sarge1_powerpc.deb
      Size/MD5 checksum:    56518 97f7e147667728dedafdc93ee3860570
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5sarge1_powerpc.deb
      Size/MD5 checksum:    55410 a52fdbfd7f744bfafc985fea4fcbca4e
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5sarge1_powerpc.deb
      Size/MD5 checksum:   122102 b5dfacb789f559c96e768cecfb7d2fb5

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5sarge1_s390.deb
      Size/MD5 checksum:   265182 b6019e581e55e876242dd54b55c6627d
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5sarge1_s390.deb
      Size/MD5 checksum:   256402 171101ffa88b88a09b6806012d3521f1
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5sarge1_s390.deb
      Size/MD5 checksum:   182320 a14b25c0d38b89def63ebad809c64ee9
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5sarge1_s390.deb
      Size/MD5 checksum:    54808 46d44a75512b8f9e4bee9f62a8dfa2f6
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5sarge1_s390.deb
      Size/MD5 checksum:    54758 58ea99c844fe806bc097c789799f042d
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5sarge1_s390.deb
      Size/MD5 checksum:    53562 a2cde4aa65d96f74a2cc2b50b829d56f
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5sarge1_s390.deb
      Size/MD5 checksum:   116234 39669d2ff5f193e575d84c8a2687cf2c

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5sarge1_sparc.deb
      Size/MD5 checksum:   257486 016e71cb127a653139288de65cd60f0f
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5sarge1_sparc.deb
      Size/MD5 checksum:   248480 c1f8b0721ec4d4a46a4ce7626881297c
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5sarge1_sparc.deb
      Size/MD5 checksum:   148928 1f03dfcfd816ee0ec5fff26437d93120
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5sarge1_sparc.deb
      Size/MD5 checksum:    50086 0cb3c64557d94ad9a1baf27986fe123e
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5sarge1_sparc.deb
      Size/MD5 checksum:    50700 16b516a04caa6574fa5d48859af3d71d
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5sarge1_sparc.deb
      Size/MD5 checksum:    50186 7f2d18aa1627d1ef06c956a4236f1f90
    http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5sarge1_sparc.deb
      Size/MD5 checksum:   111594 373066473523fa54aab6cb36235450da


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFETl32W5ql+IAeqTIRAmg/AJ9TiVkfPMCm0oi06LgfCRHfLC/RXwCcDeE8
M/J+RZ2vh6RQ8eFsFxgoTaY=
=1iBO
- -----END PGP SIGNATURE-----




2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1043-1                    security@xxxxxxxxxx
http://www.debian.org/security/                             Martin Schulze
April 26th, 2006                        http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : abcmidi
Vulnerability  : buffer overflows
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CVE-2006-1514

Erik Sjölund discovered that abcmidi-yaps, a translator for ABC music
description files into PostScript, does not check the boundaries when
reading in ABC music files resulting in buffer overflows.

For the old stable distribution (woody) these problems have been fixed in
version 17-1woody1.

For the stable distribution (sarge) these problems have been fixed in
version 20050101-1sarge1.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your abcmidi-yaps package.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1.dsc
      Size/MD5 checksum:      583 107476dd4ad487defacfbfd8c3a96afa
    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1.diff.gz
      Size/MD5 checksum:    16851 4ae528112f985ec0ba35550020beda18
    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17.orig.tar.gz
      Size/MD5 checksum:   163596 4f068a14669ad8933666224418390464

  Alpha architecture:

    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_alpha.deb
      Size/MD5 checksum:   128232 c24867068caacbf84a41b2a9e7fa3c90
    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_alpha.deb
      Size/MD5 checksum:    75578 7409e8157cbde2b3c5ee992c63484ba2

  ARM architecture:

    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_arm.deb
      Size/MD5 checksum:   101420 89bba26fa994a03b82673a37b2934691
    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_arm.deb
      Size/MD5 checksum:    66524 3d4f68d5cb0c8fe8e0abd5598d2fab8b

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_i386.deb
      Size/MD5 checksum:    96428 17ccb81420aa822130bfefe3a269b011
    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_i386.deb
      Size/MD5 checksum:    62860 d556997bb5b1ade9384a5067c27901af

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_ia64.deb
      Size/MD5 checksum:   156714 e494b5d790b98be710e5e0881421d0fb
    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_ia64.deb
      Size/MD5 checksum:    92746 d55a047620de10bdf6612831724078e7

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_hppa.deb
      Size/MD5 checksum:   122528 513dcb5d2b61fc6a86bab96f3aa86e93
    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_hppa.deb
      Size/MD5 checksum:    78878 bf7ed13fb36210aefd1ed9a928980bd2

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_m68k.deb
      Size/MD5 checksum:    92238 9c92fdcf7c16be04108a331d13483a00
    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_m68k.deb
      Size/MD5 checksum:    57360 d8bc9d12f57494c52af4cf15b2b07c85

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_mips.deb
      Size/MD5 checksum:   125182 8cca3436e0aad25567e991e6a93d760f
    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_mips.deb
      Size/MD5 checksum:    71884 432c145bdb62f4cf743aa4124b4d89d4

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_mipsel.deb
      Size/MD5 checksum:   124430 08213671a9ddaebe7fa858713fb3eb7f
    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_mipsel.deb
      Size/MD5 checksum:    71998 fe477ac117017a3d1bfd743f09d8095a

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_powerpc.deb
      Size/MD5 checksum:   109436 30b7d3963c8fa8533886f121c3ed9692
    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_powerpc.deb
      Size/MD5 checksum:    68702 20a761960d5961cd8ca3a55767a0d34b

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_s390.deb
      Size/MD5 checksum:   106662 f4d266bbc0d4a2dc29b49e3e8a185985
    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_s390.deb
      Size/MD5 checksum:    63428 27aa8cea376b93d31c6a54fe223ff1de

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_sparc.deb
      Size/MD5 checksum:   116176 1109bc650b0f7acb938d7d6987e85249
    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_sparc.deb
      Size/MD5 checksum:    69802 4df26235ffc4ee56ea8c5e86f5161f5b


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1.dsc
      Size/MD5 checksum:      600 74cac04e7657e9ccf68bd67bcf035480
    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1.diff.gz
      Size/MD5 checksum:     4862 1af2c71fb21d7e0c3f2e60ab8b1d2fc7
    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101.orig.tar.gz
      Size/MD5 checksum:   258937 fc1c31f21787e9af297bc6f4c6f6c4c9

  Alpha architecture:

    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_alpha.deb
      Size/MD5 checksum:   210498 8ccc1bb8c6fcc40d63d0192ddf0d859b
    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_alpha.deb
      Size/MD5 checksum:   120276 a6bb198acbdf3ca3f6d87ba265aa04e2

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_amd64.deb
      Size/MD5 checksum:   191240 c62ad4d06f2bb20c6dbbbd6304ec50d6
    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_amd64.deb
      Size/MD5 checksum:   112368 3758f99ae7b5f42c466c051639ad2da4

  ARM architecture:

    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_arm.deb
      Size/MD5 checksum:   175272 b6bbac5297bce450d9d425859a3225dc
    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_arm.deb
      Size/MD5 checksum:   108694 3784bb09cf9abbb5284b92fbae6a6a6b

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_i386.deb
      Size/MD5 checksum:   173644 663f6cd1fec90675a43b3d4b1552116b
    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_i386.deb
      Size/MD5 checksum:   107938 41fb3cdba637d5a2a710ecb6672ed62b

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_ia64.deb
      Size/MD5 checksum:   240806 72dd903dc8388fb40a561f6ecf6feb69
    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_ia64.deb
      Size/MD5 checksum:   140168 6553d95fdde031a11b7433296f24c39e

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_hppa.deb
      Size/MD5 checksum:   198396 5c68cf5d3810a82242a142d10b1fe890
    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_hppa.deb
      Size/MD5 checksum:   118444 305f9b82434fc6ce1e2ab0def0eb126a

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_m68k.deb
      Size/MD5 checksum:   159550 146f2de69b6490e777170dcffdd2dc6f
    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_m68k.deb
      Size/MD5 checksum:    98368 1063016a10f14a5be30a72345c5a0253

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_mips.deb
      Size/MD5 checksum:   211522 97878ba78e7b22aaeff4bd8132a0be98
    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_mips.deb
      Size/MD5 checksum:   115374 06f9bc17f963527f2468b0031c319b68

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_mipsel.deb
      Size/MD5 checksum:   210546 4422fdc2847dbac9475860dfdd870d8c
    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_mipsel.deb
      Size/MD5 checksum:   115802 b52bdba0575a6477dfcf8342d4a8cd72

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_powerpc.deb
      Size/MD5 checksum:   185160 311b5b372be6992a45c7b2b27284cdae
    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_powerpc.deb
      Size/MD5 checksum:   112072 e2a824f7b4524229f5f9911b4eb4bbdc

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_s390.deb
      Size/MD5 checksum:   189798 0d11c701e1059f595033b7fc3c34aa8e
    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_s390.deb
      Size/MD5 checksum:   111020 292f21fcdc55aaa0fa4aa1dc7c6da8c0

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_sparc.deb
      Size/MD5 checksum:   178060 7f9837e5c63eb088d2845cad487aef2b
    http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_sparc.deb
      Size/MD5 checksum:   108698 a291dcbc19963289ca15d2a061161f6e


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFETx1AW5ql+IAeqTIRArG6AJ9tWiVnkd/UDkqzU0WQ1b2pUbIHMgCfQLob
qQoPWsFbLc7UTqDU3Z03BFs=
=c9F0
- -----END PGP SIGNATURE-----





- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Debian for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the site of the
original source to ensure that you receive the most current information concerning 
that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQCVAwUBRE9rUYpao72zK539AQFU/QP/e63NP3fiaaGFiynJypw+rfs5M2oNeLKY
IqQlwQIxGCERtz9gKrtEua0d2+NoyA5EpF0w1s8Nz44clxVYjDFziMbqFVGYw78i
Mpqq1xOoVs6gsZWr5A18fjveSDpn+g29b90/hARFeEqbpdREH6XF9GtMWN3roxiw
z8fjrKKbd3k=
=Hjv3
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________