Debian Security Advisory
DSA-773-1 amd64 -- several vulnerabilities
- Date Reported:
- 11 Aug 2005
- Affected Packages:
- several
- Vulnerable:
- Yes
- Security database references:
- No other external database security references currently available.
- More information:
-
This advisory adds security support for the stable amd64 distribution. It covers all security updates since the release of sarge, which were missing updated packages for the not yet official amd64 port. Future security advisories will include updates for this port as well.
- Fixed in:
-
Debian GNU/Linux 3.1 (sarge)
- DSA 762: several vulnerabilities
- http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_amd64.deb
- http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_amd64.deb
- http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_amd64.deb
- http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_amd64.deb
- DSA 754: insecure temporary file
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge1_amd64.deb
- DSA 737: remote denial of service
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_amd64.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_amd64.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_amd64.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_amd64.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_amd64.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_amd64.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_amd64.deb
- DSA 733: insecure temporary files
- http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_amd64.deb
- DSA 742: buffer overflow
- http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-11_amd64.deb
- DSA 750: out-of-bound memory access
- http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_amd64.deb
- DSA 760, DSA 767: several vulnerabilities
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_amd64.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_amd64.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_amd64.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_amd64.deb
- DSA 749: format string error
- http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_amd64.deb
- DSA 744: programming error
- http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_amd64.deb
- DSA 734, DSA 7699: denial of service, memory alignment bug
- http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_amd64.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_amd64.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_amd64.deb
- DSA 753: format string
- http://security.debian.org/pool/updates/main/g/gedit/gedit_2.8.3-4sarge1_amd64.deb
- DSA 770: insecure tmpfile creation
- http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_amd64.deb
- DSA 761: insecure temporary files
- http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_amd64.deb
- DSA 758, DSA 765: buffer overflows
- http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge1_amd64.deb
- DSA 743: buffer overflows, integer overflows
- http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_amd64.deb
- DSA 757: buffer overflow, double-free memory
- http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge2_amd64.deb
- DSA 771: several vulnerabilities
- http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_amd64.deb
- DSA 725: missing privilege release
- http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_amd64.deb
- DSA 728: missing privilege release
- http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.5-4sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.5-4sarge1_amd64.deb
- DSA 738: remote denial of service
- http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_amd64.deb
- DSA 748: bad default value
- http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge1_amd64.deb
- DSA 736: remote denial of service
- http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_amd64.deb
- DSA 735: pathname validation race
- http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_amd64.deb
- DSA-740, DSA 763: remote denial of service
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_amd64.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_amd64.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_amd64.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_amd64.deb
MD5 checksums of the listed files are available in the original advisory.