3 Security Updates for Debian
Posted on: 08/01/2010 01:05 PM

The following 3 security advisories has been published for Debian GNU/Linux:

- [DSA 2080-1] New ghostscript packages fix several vulnerabilities
- [DSA 2078-1] New mapserver packages fix arbitrary code execution
- [DSA 2078-1] New kvirc packages fix arbitrary IRC command execution

[SECURITY] [DSA 2080-1] New ghostscript packages fix several vulnerabilities
- ------------------------------------------------------------------------
Debian Security Advisory DSA-2080-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
August 01, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : ghostscript
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2007-6725 CVE-2008-3522 CVE-2008-6679 CVE-2009-0196 CVE-2009-0792 CVE-2009-4270 CVE-2010-1869

Several security issues have been discovered in Ghostscript, the GPL
PostScript/PDF interpreter, which might lead to the execution of
arbitrary code if a user processes a malformed PDF or Postscript file.

For the stable distribution (lenny), these problems have been fixed in
version 8.62.dfsg.1-3.2lenny4.

For the unstable distribution (sid), these problems have been fixed in
version 8.71~dfsg-4.

We recommend that you upgrade your ghostscript packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny4.diff.gz
Size/MD5 checksum: 104592 c1f5f4ee971ea44f4b0cef7488fea58a
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny2.diff.gz
Size/MD5 checksum: 104465 712a48aa6a1a28c2800ee3a950f24c93
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1.orig.tar.gz
Size/MD5 checksum: 12212309 42fc1b31aa745c3765c2fcd2da243236

Architecture independent packages:

http://security.debian.org/pool/updates/main/g/ghostscript/gs-gpl_8.62.dfsg.1-3.2lenny4_all.deb
Size/MD5 checksum: 28702 dcf8382cede0279d2ced25016b5d63b0
http://security.debian.org/pool/updates/main/g/ghostscript/gs-aladdin_8.62.dfsg.1-3.2lenny4_all.deb
Size/MD5 checksum: 28704 a62393cb1d1449c44398279e40804a20
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-doc_8.62.dfsg.1-3.2lenny4_all.deb
Size/MD5 checksum: 2784654 379db3cc220700a5320c0f3505ec6185
http://security.debian.org/pool/updates/main/g/ghostscript/gs_8.62.dfsg.1-3.2lenny4_all.deb
Size/MD5 checksum: 28692 f327874c01d90518ae69cc746ae8c245
http://security.debian.org/pool/updates/main/g/ghostscript/gs-common_8.62.dfsg.1-3.2lenny4_all.deb
Size/MD5 checksum: 28902 d790c6a598e425e86655613e3d842feb
http://security.debian.org/pool/updates/main/g/ghostscript/gs-esp_8.62.dfsg.1-3.2lenny4_all.deb
Size/MD5 checksum: 28696 6e1b2ffd61b41b2210c80035fa1c18d2

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny4_alpha.deb
Size/MD5 checksum: 66154 af55aa7bcd5471ef673c0c5f5fddf693
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny4_alpha.deb
Size/MD5 checksum: 36444 e2e1d7dbf80456743f43c063ddd31d2a
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny4_alpha.deb
Size/MD5 checksum: 797568 50220131de97010d530c84e4685b9ba3
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny4_alpha.deb
Size/MD5 checksum: 2629590 bf6713489c1974a68e72244cd0ab313e

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny4_amd64.deb
Size/MD5 checksum: 63102 b381fcd9f08a512ec234aefc4db55e6d
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny4_amd64.deb
Size/MD5 checksum: 794264 1d6aa96ecda1cc3caaee6e02ec8131d0
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny4_amd64.deb
Size/MD5 checksum: 36296 1c234970f6695e233c98f6c8b17a228d
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny4_amd64.deb
Size/MD5 checksum: 2322612 ff18916f3e0b984520dc6a65a1850545

arm architecture (ARM)

http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny4_arm.deb
Size/MD5 checksum: 59898 691db1eafdbb597550e41936a588dc2e
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny4_arm.deb
Size/MD5 checksum: 2179214 fce17c2014ef0633694921ff7a2dbbf6
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny4_arm.deb
Size/MD5 checksum: 34898 94bfb293db43933b96defcc65c2ce1e4
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny4_arm.deb
Size/MD5 checksum: 796618 133283cd0ce5ad2ddfb180149dd1cdde

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny4_armel.deb
Size/MD5 checksum: 797658 bfee3d7ee43ecf42c762f707e15be417
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny4_armel.deb
Size/MD5 checksum: 63604 ba4c4769c7a604e1cbd65e42d4a20308
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny4_armel.deb
Size/MD5 checksum: 2214322 659428a1eb467fd459a8a10ac6e57f53
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny4_armel.deb
Size/MD5 checksum: 36442 59d91a5b9a24bec78946a5e01345589b

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny4_hppa.deb
Size/MD5 checksum: 66854 e46caba3e0fc3e99c9d672210b414c85
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny4_hppa.deb
Size/MD5 checksum: 2573688 98b1cb485944aeec0c762f4d3d6b5627
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny4_hppa.deb
Size/MD5 checksum: 36330 5a36e8704d153f1c1269ddbe3d37368e
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny4_hppa.deb
Size/MD5 checksum: 800058 3770d71e6644cf0bf82b5618c07879fe

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny4_i386.deb
Size/MD5 checksum: 35476 2c35e644cc7bc6d5a29125de9bda777c
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny4_i386.deb
Size/MD5 checksum: 2221692 263aab297fcd59829a0c5e0e2b0f1e6d
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny4_i386.deb
Size/MD5 checksum: 761660 44c35e23d34cb081bb785c5a89683701
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny4_i386.deb
Size/MD5 checksum: 60818 b150caecdd7fdd47538ac364b3a23baa

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny4_ia64.deb
Size/MD5 checksum: 80902 c44a55178f56e171274891ff828be57c
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny4_ia64.deb
Size/MD5 checksum: 36332 59188d6b794be8a8632f68c99e53fabe
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny4_ia64.deb
Size/MD5 checksum: 3613878 b2037a5a573797ed7e8db63b25c54980
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny4_ia64.deb
Size/MD5 checksum: 801702 f478ffb34fedecea724a6eff2c0c6aeb

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny4_mips.deb
Size/MD5 checksum: 62840 1bf8443154d4ed4a3d7329078b16839f
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny4_mips.deb
Size/MD5 checksum: 34916 965449e1371593ca5fdc0614c49f05ad
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny4_mips.deb
Size/MD5 checksum: 798628 3673f32bc99ec26b919ad9a5a53742bc
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny4_mips.deb
Size/MD5 checksum: 2304896 3713df01d5717a4d4af157cf0bb6fc88

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny4_mipsel.deb
Size/MD5 checksum: 35472 322427312d6cc997684dd4070f47e870
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny4_mipsel.deb
Size/MD5 checksum: 61774 22a19e60d87c94a8bcaa931b13f20179
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny4_mipsel.deb
Size/MD5 checksum: 762160 90c8fb7ba07e88329bb247ab49cf290f
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny4_mipsel.deb
Size/MD5 checksum: 2300466 2d7ba5f0f3cc18775f25bbd3881bd5f4

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny4_powerpc.deb
Size/MD5 checksum: 801086 eee24a6fc08a2e68405adc584d090819
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny4_powerpc.deb
Size/MD5 checksum: 36432 4b62009ca227ff2aa28808ba5a696c02
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny4_powerpc.deb
Size/MD5 checksum: 66012 ba51af4c986f7db06b66f7c3f3bef07e
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny4_powerpc.deb
Size/MD5 checksum: 2408918 14806baf03b217ba15b6808493f4d46b

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny4_s390.deb
Size/MD5 checksum: 36452 6a0cffde06a5f3fc635ac214fa874a94
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny4_s390.deb
Size/MD5 checksum: 2437882 dd3fd6a06b07f8d45c9f07b339fe26dc
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny4_s390.deb
Size/MD5 checksum: 64412 e60524ff7457eb9bf7a3430afcfba513
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny4_s390.deb
Size/MD5 checksum: 800832 c91e9753ad83a76eebdf9abc7694f681

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny4_sparc.deb
Size/MD5 checksum: 2187340 476ff570ae6d30c7f881caba112b6e34
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny4_sparc.deb
Size/MD5 checksum: 36350 4970f1e66a790e2a7b0aa4b285363c07
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny4_sparc.deb
Size/MD5 checksum: 797876 f79742ddd68bee7476a39d4fde6ab68c
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny4_sparc.deb
Size/MD5 checksum: 59956 d7458a00b7f62c43b114aeff6deeec0c


These files will probably be moved into the stable distribution on
its next update.


[SECURITY] [DSA 2078-1] New mapserver packages fix arbitrary code execution
- --------------------------------------------------------------------------
Debian Security Advisory DSA-2078-1 security@debian.org
http://www.debian.org/security/ Nico Golde
July 31nd, 2010 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : mapserver
Vulnerability : several
Problem type : remote
Debian-specific: no
Debian bug : none
CVE ID : CVE-2010-2539 CVE-2010-2540

Several vulnerabilities have been discovered in mapserver, a CGI-based
web framework to publish spatial data and interactive mapping applications.
The Common Vulnerabilities and Exposures project identifies the following
problems:

CVE-2010-2539

A stack-based buffer overflow in the msTmpFile function might lead to
arbitrary code execution under some conditions.

CVE-2010-2540

It was discovered that the CGI debug command-line arguments which are
enabled by default are insecure and may allow a remote attacker to
execute arbitrary code. Therefore they have been disabled by default.


For the stable distribution (lenny), this problem has been fixed in
version 5.0.3-3+lenny5.

For the testing distribution (squeeze), this problem has been fixed in
version 5.6.4-1.

For the unstable distribution (sid), this problem has been fixed in
version 5.6.4-1.


We recommend that you upgrade your mapserver packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/m/mapserver/mapserver_5.0.3-3+lenny5.diff.gz
Size/MD5 checksum: 1476034 a9a7f020278337a51221a05fa511fd7b
http://security.debian.org/pool/updates/main/m/mapserver/mapserver_5.0.3-3+lenny5.dsc
Size/MD5 checksum: 2033 68c11dc4ccdad6a879c3bf740a5be723
http://security.debian.org/pool/updates/main/m/mapserver/mapserver_5.0.3.orig.tar.gz
Size/MD5 checksum: 1806528 953a131497132baef84ca33f8432d299

Architecture independent packages:

http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby_5.0.3-3+lenny5_all.deb
Size/MD5 checksum: 44864 82a253777cce2d5f0824efa68a8bb23e
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-doc_5.0.3-3+lenny5_all.deb
Size/MD5 checksum: 168594 617c9ea230e9b977125f3b61740da142

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_alpha.deb
Size/MD5 checksum: 651986 d8c0530185dd31a632fcd63f0b9215b6
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_alpha.deb
Size/MD5 checksum: 4836912 672ab7959ddbbbc2802f2022920f995d
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_alpha.deb
Size/MD5 checksum: 987682 4936bbc546910ff46053da7ece063c55
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_alpha.deb
Size/MD5 checksum: 783410 ce5a425c4275ab3d6882d2958ccd3db1
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_alpha.deb
Size/MD5 checksum: 1600886 8d198b42884d1ab52475431708b7a1ff
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_alpha.deb
Size/MD5 checksum: 844650 9f847e58b9b8b24f01e855e204d18bfc
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_alpha.deb
Size/MD5 checksum: 844346 c37869d321987c809d1e0c1616b73495

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_amd64.deb
Size/MD5 checksum: 795898 78cbe0e6a3a3168c183c7416a82a0aa3
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_amd64.deb
Size/MD5 checksum: 795722 268b04d141a8241ef5c07f0df54a6ec3
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_amd64.deb
Size/MD5 checksum: 587892 a67bbbb52e209477b58b9e660df1c64a
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_amd64.deb
Size/MD5 checksum: 1459544 c8ec6f3b401f13617e7cf40448540f6c
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_amd64.deb
Size/MD5 checksum: 888798 18e87961972af3e0297e942c85265903
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_amd64.deb
Size/MD5 checksum: 4314946 be1c04d3a8f6452f40044127bf2e7102
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_amd64.deb
Size/MD5 checksum: 710242 646f6b9634e24c4fb4aaf33770aec24d

arm architecture (ARM)

http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_arm.deb
Size/MD5 checksum: 566044 5a2f2b8765bda3007b1beed9550a034c
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_arm.deb
Size/MD5 checksum: 1357464 6576953eb07a966c57cc39603d9787f3
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_arm.deb
Size/MD5 checksum: 738608 6a726cefd00960065100fc6f07c605ca
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_arm.deb
Size/MD5 checksum: 665920 6d7768f23e9c2dd4ff5a3c9d1a97a160
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_arm.deb
Size/MD5 checksum: 4147860 c3ed72b7de42dde8d17d2df141136f0b
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_arm.deb
Size/MD5 checksum: 738450 b4f15b7376f85946a1816990006f23b3
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_arm.deb
Size/MD5 checksum: 829762 908620cb8c44a5826f1a7827b2fa4240

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_armel.deb
Size/MD5 checksum: 1450730 964c038833ff9c68a2ddea571d7b1e36
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_armel.deb
Size/MD5 checksum: 878128 694dd69a4b1d573b7558488917ab4d08
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_armel.deb
Size/MD5 checksum: 785180 058a406b43825426dd8af219f834b265
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_armel.deb
Size/MD5 checksum: 4483936 339df34bec8ad5544a3ef9e4d6a239ac
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_armel.deb
Size/MD5 checksum: 710424 4bce82a913c61fe90425f44b33058469
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_armel.deb
Size/MD5 checksum: 784796 59257832f49e6fa9413e73d180c48c47
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_armel.deb
Size/MD5 checksum: 609312 aced11565d3753ef3eadbde490093939

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_hppa.deb
Size/MD5 checksum: 1596754 c6fc61abfdc93895ffc55e065d7041e6
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_hppa.deb
Size/MD5 checksum: 814502 06afe60e1cc1161acf83f070a2d444ad
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_hppa.deb
Size/MD5 checksum: 814796 8248fb7ce698f8f424edd70b49e7e9e2
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_hppa.deb
Size/MD5 checksum: 760676 fd4f5ec5bceb20066a521e866208298a
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_hppa.deb
Size/MD5 checksum: 4735786 6e22b92511050ff1c73f06565093605e
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_hppa.deb
Size/MD5 checksum: 886554 fd8dd54391da71bc7a909caa1ce8b53b
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_hppa.deb
Size/MD5 checksum: 640260 21c2bfabb7be2f780a44e3da4ab792f7

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_i386.deb
Size/MD5 checksum: 742710 21d812ca064a5e2c984075dd7f434db9
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_i386.deb
Size/MD5 checksum: 1390216 1cbd32a02eb0a075b539f354c888f7a1
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_i386.deb
Size/MD5 checksum: 572754 b12132b649c3a5cddf2e545b7f1ef075
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_i386.deb
Size/MD5 checksum: 867252 ba842833fcd9497242f800bdf4ca96b7
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_i386.deb
Size/MD5 checksum: 4200654 be1e126789cf0db8c328a0a5aa27ab5d
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_i386.deb
Size/MD5 checksum: 689996 4e40ae4bfe72b970317d10c018017ee3
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_i386.deb
Size/MD5 checksum: 742870 d39dd9026f72f0d651eb32c6978a7c3b

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_ia64.deb
Size/MD5 checksum: 6674628 9c69d2b7a63622a1121bec34af55c284
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_ia64.deb
Size/MD5 checksum: 1130102 2e52b5b9d467a85bf35aca422ab549d0
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_ia64.deb
Size/MD5 checksum: 889040 9183949992c2a1179f234259bcd90c90
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_ia64.deb
Size/MD5 checksum: 1247058 e8a77cc702eaf3e9bf1c1ce41a153a84
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_ia64.deb
Size/MD5 checksum: 2110176 c6002cc99c1b8db0a739f878706f311c
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_ia64.deb
Size/MD5 checksum: 1017432 47098cea122028af156f288afacc57f5
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_ia64.deb
Size/MD5 checksum: 1129828 d9666eea4c81585d885d2318c71db5e8

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_mips.deb
Size/MD5 checksum: 1412258 1ef515f6e48bce2279a797672c265e93
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_mips.deb
Size/MD5 checksum: 721540 6f2a0698b9e2703494b98aad32800164
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_mips.deb
Size/MD5 checksum: 631028 5eee1a9b96421778c44b9f1908943fdd
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_mips.deb
Size/MD5 checksum: 4666438 528fbee3eaa39de39ab5f428efa0e8f3
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_mips.deb
Size/MD5 checksum: 721256 335569219400881da2deac62653b949f
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_mips.deb
Size/MD5 checksum: 762248 da299e9ba0f8d7537912be490bd17ce9
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_mips.deb
Size/MD5 checksum: 703150 8b64fe2e8ab8ff5a5dadac68039773b9

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_mipsel.deb
Size/MD5 checksum: 703230 ac09f1f05a985714fed253a4659f279a
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_mipsel.deb
Size/MD5 checksum: 631660 d6e7a84d7e0cf619657e13e7ceb905b2
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_mipsel.deb
Size/MD5 checksum: 721020 0df7e8e7ee8ad125b68627d868a76801
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_mipsel.deb
Size/MD5 checksum: 1406832 ca391953501bad874bf99354e7a67c35
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_mipsel.deb
Size/MD5 checksum: 761194 ae18e6cd12d0e45421af7c325a6ae2a1
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_mipsel.deb
Size/MD5 checksum: 720752 5bbe0194ffe85165ac0785f12d2125d2
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_mipsel.deb
Size/MD5 checksum: 4672798 e2404be53067dcaf67d1f75b8668f2e1

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_powerpc.deb
Size/MD5 checksum: 1521214 50bc7253fe9b74279820ccecc941dfd2
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_powerpc.deb
Size/MD5 checksum: 598164 176d267153de1d20d88d581aa4d120cf
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_powerpc.deb
Size/MD5 checksum: 802138 4bd27bc9b294c73279a86415ac7c8e69
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_powerpc.deb
Size/MD5 checksum: 743026 c4dbafb237c59753def9508de5c5c550
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_powerpc.deb
Size/MD5 checksum: 802396 8f5a323336968031c98a67c33466dfca
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_powerpc.deb
Size/MD5 checksum: 940956 f2ae7bd7603343504ebbfb092b11a75f
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_powerpc.deb
Size/MD5 checksum: 4409756 08594db874ef7d412f3a13b8f4e2947e

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_s390.deb
Size/MD5 checksum: 4301392 43acc1f72ee199627436cdd773eff546
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_s390.deb
Size/MD5 checksum: 585428 9c7a88cd7ae7baea953d714eb52eea6b
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_s390.deb
Size/MD5 checksum: 707966 83b28f5b1fd81d9a4ded63bf757c53e6
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_s390.deb
Size/MD5 checksum: 1426136 fa7812c23e3424e836b8387f6f210a09
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_s390.deb
Size/MD5 checksum: 786392 0cc227efa11c9618061262c95589e313
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_s390.deb
Size/MD5 checksum: 750080 430ed549ae6bced72646d73cc418c7e5
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_s390.deb
Size/MD5 checksum: 749650 5c483e9e8922272aefedcac8f4854bb9

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_sparc.deb
Size/MD5 checksum: 695380 db003dfda896f801ee8004c24ccb149f
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_sparc.deb
Size/MD5 checksum: 898284 bfc8d351c8d9b2a99f016564b6bdcd1d
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_sparc.deb
Size/MD5 checksum: 766888 ccf3e355d775d8358592b30be3c0ee02
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_sparc.deb
Size/MD5 checksum: 4203030 8303733ba0b79f16ecd3027e4acbadb1
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_sparc.deb
Size/MD5 checksum: 766334 d3e258ae38fb80b2cbc51447e799319a
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_sparc.deb
Size/MD5 checksum: 573652 bde2f214a08781a51500b5dca9019c0a
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_sparc.deb
Size/MD5 checksum: 1434330 ff4b7a0af3a99005ade15e4d341f1958


These files will probably be moved into the stable distribution on
its next update.


[SECURITY] [DSA 2078-1] New kvirc packages fix arbitrary IRC command execution
- ------------------------------------------------------------------------
Debian Security Advisory DSA-2078-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
July 31, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : kvirc
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-2785

It was discovered that incorrect parsing of CTCP commands in kvirc, a
KDE-based IRC client, could lead to the execution of arbitrary IRC
commands against other users.

For the stable distribution (lenny), this problem has been fixed in
version 2:3.4.0-6.

For the unstable distribution (sid), this problem has been fixed in
version 4:4.0.0-3.

We recommend that you upgrade your kvirc package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0.orig.tar.gz
Size/MD5 checksum: 7174211 0f1b85f3b6de354dfd44891923e48ef2
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6.diff.gz
Size/MD5 checksum: 103370 35c6b5b288e21f1b2736a7aee463c8f6
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6.dsc
Size/MD5 checksum: 1312 0db5bab03ef6dd87d89a541b7db4300c

Architecture independent packages:

http://security.debian.org/pool/updates/main/k/kvirc/kvirc-data_3.4.0-6_all.deb
Size/MD5 checksum: 3485832 d0f825b40255900e945396a6d33467d2

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_alpha.deb
Size/MD5 checksum: 3989286 eb13425c5d3b6d16bf3dbbe6799cdab0
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_alpha.deb
Size/MD5 checksum: 363058 85ad7e56fb7071fab9ca4b49c06ecf36

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_amd64.deb
Size/MD5 checksum: 360666 d64d34741c1363195456b2cdf2ce7229
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_amd64.deb
Size/MD5 checksum: 3712634 0e792af0082b16e32dd1cf5618dba238

arm architecture (ARM)

http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_arm.deb
Size/MD5 checksum: 3762830 bf42ca885cc6a6eb0b2734f2f13abcbe
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_arm.deb
Size/MD5 checksum: 382752 6bfdcd491c6fb27bbbf8e3eb055d9245

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_armel.deb
Size/MD5 checksum: 381176 9b876dec7a7d19261488a4c92fe0e17a
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_armel.deb
Size/MD5 checksum: 3227100 9aaaa2429d77f2266b4f4ebed139dc29

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_hppa.deb
Size/MD5 checksum: 4039054 1ab24d4eff5d6b5745bbaab02dbf3376
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_hppa.deb
Size/MD5 checksum: 386628 b41f84f4b3d213bf69be92498bb7c720

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_i386.deb
Size/MD5 checksum: 362768 065afca44287281e2b862bb4ea7a04b2
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_i386.deb
Size/MD5 checksum: 3582112 697fa1f8d355470b3dd03359bcc529a0

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_ia64.deb
Size/MD5 checksum: 4665172 a9e86a0948ad4d0d2ec109333e219ea4
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_ia64.deb
Size/MD5 checksum: 385070 867eb6fbd8fa350b38ec2a64c0afea32

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_mips.deb
Size/MD5 checksum: 3364772 ffa424acbb31e619eabc368e07acdd1f
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_mips.deb
Size/MD5 checksum: 385918 03fec2e94f02017936f906c0efa7037f

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_mipsel.deb
Size/MD5 checksum: 3316258 12712dab0045b527204d270280561c49
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_mipsel.deb
Size/MD5 checksum: 363396 e386d21f7024e1242f8e75f788eeb9ca

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_powerpc.deb
Size/MD5 checksum: 379950 66e321f4dd44c84dd6f7fff1a427c5bd
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_powerpc.deb
Size/MD5 checksum: 3915694 e43cda1285368979b6e4209e2ab2de0b

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_s390.deb
Size/MD5 checksum: 3638826 12a1793bbfd297891589d678f0222655
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_s390.deb
Size/MD5 checksum: 362946 80717eeaad3784f156605ce38b8e2a22

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_sparc.deb
Size/MD5 checksum: 3529894 e5848f3feaa2252eb22d3813547b97fd
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_sparc.deb
Size/MD5 checksum: 381298 e56d344f6c4e1d1f93390f6f5b513617


These files will probably be moved into the stable distribution on
its next update.



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/3_security_updates_for_debian.html)