===========================================================
Ubuntu Security Notice USN-683-1          December 02, 2008
imlib2 vulnerability
CVE-2008-5187
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libimlib2                       1.2.1-2ubuntu0.3

Ubuntu 7.10:
  libimlib2                       1.3.0.0debian1-4ubuntu0.1

Ubuntu 8.04 LTS:
  libimlib2                       1.4.0-1ubuntu1.1

Ubuntu 8.10:
  libimlib2                       1.4.0-1.1ubuntu1.1

After a standard system upgrade you need to restart any applications that
use Imlib2 to effect the necessary changes.

Details follow:

It was discovered that Imlib2 did not correctly handle certain malformed
XPM images. If a user were tricked into opening a specially crafted image
with an application that uses Imlib2, an attacker could cause a denial of
service and possibly execute arbitrary code with the user's privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1-2ubuntu0.3.diff.gz
      Size/MD5:   111655 1db5e38ae075ba7879e2379de336fa60
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1-2ubuntu0.3.dsc
      Size/MD5:      753 d207af283f3356525dd8bf1863b18dde
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1.orig.tar.gz
      Size/MD5:   911360 deb3c9713339fe9ca964e100cce42cd1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.3_amd64.deb
      Size/MD5:   352032 ca8a615db5f3fe5f9d9e7be5bc6e5251
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.3_amd64.deb
      Size/MD5:   214630 575972ea6305a67fb7dba4a9767bd738

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.3_i386.deb
      Size/MD5:   302506 558d3ca8288047f906d0abe64cacff0a
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.3_i386.deb
      Size/MD5:   193346 8814a94983cb3dc69c8751f8ffb0c0a7

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.3_powerpc.deb
      Size/MD5:   341950 42cd29c55636cf54b595d40a1d8da334
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.3_powerpc.deb
      Size/MD5:   212852 aebcc16c8a0f26d97ff9b8853bc96344

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.3_sparc.deb
      Size/MD5:   318490 f96156937b2ac3fddfef13feab5c317b
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.3_sparc.deb
      Size/MD5:   194030 74b17b7473671d6bce17168e3a93892e

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.3.0.0debian1-4ubuntu0.1.diff.gz
      Size/MD5:    13311 8aace634a15651f892a707288bb06d80
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.3.0.0debian1-4ubuntu0.1.dsc
      Size/MD5:      873 b0131ffc8e50111ef870a805d74b5603
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.3.0.0debian1.orig.tar.gz
      Size/MD5:   617750 7f389463afdb09310fa61e5036714bb3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4ubuntu0.1_amd64.deb
      Size/MD5:   365864 03137784605c2957899f2e3ea98c7abb
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0debian1-4ubuntu0.1_amd64.deb
      Size/MD5:   213966 04d1d6d16c95ef15d400b69f946ef465

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4ubuntu0.1_i386.deb
      Size/MD5:   334386 8964c1cf0d89fce685e45c275fe9b398
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0debian1-4ubuntu0.1_i386.deb
      Size/MD5:   205672 7eda0e69c39446878a3604fcfa2bd100

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4ubuntu0.1_lpia.deb
      Size/MD5:   341396 c566cf2c1190d50307518180ecbaf1f8
    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.3.0.0debian1-4ubuntu0.1_lpia.deb
      Size/MD5:   209212 cbdccce66f76e6811562e07c69b00001

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4ubuntu0.1_powerpc.deb
      Size/MD5:   362434 7174f6ee1792aa3e93f90ec6cf6bd05b
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0debian1-4ubuntu0.1_powerpc.deb
      Size/MD5:   229776 a5bfce5092d800574750491de6f24f71

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4ubuntu0.1_sparc.deb
      Size/MD5:   338858 a727f8fe8ee40579070f519ffe850ea6
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0debian1-4ubuntu0.1_sparc.deb
      Size/MD5:   200882 6cb8819fdc9d1782627c516510aec328

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0-1ubuntu1.1.diff.gz
      Size/MD5:    56206 26e4031ba0fcdb20ab253d387503c4f3
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0-1ubuntu1.1.dsc
      Size/MD5:      843 8801c85496cc40b02fd9c8c8e7a5ecf4
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0.orig.tar.gz
      Size/MD5:   845017 1f7f497798e06085767d645b0673562a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1.1_amd64.deb
      Size/MD5:   344406 c04c37389fb2d858d0b564ec88ffaf28
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.1_amd64.deb
      Size/MD5:   199718 5c231fd28f7c89db183623a76136058b

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1.1_i386.deb
      Size/MD5:   309666 4268bead6afda98818eddf883709ce2b
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.1_i386.deb
      Size/MD5:   190212 3e60cdf97e47607e3fc821af96c1fbb1

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1.1_lpia.deb
      Size/MD5:   318240 5846ac281ac72f03a22a391e21476c37
    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.1_lpia.deb
      Size/MD5:   194098 413867c3a222937d5d90ee0ff4e9af61

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1.1_powerpc.deb
      Size/MD5:   336314 e0028411b4af81155c1982ff337d42ee
    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.1_powerpc.deb
      Size/MD5:   211612 2df6e5a5df87ca1d3a95d7918ff01a65

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1.1_sparc.deb
      Size/MD5:   314234 67fccb39c18bcb39a773b0eb5e2fe9e1
    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.1_sparc.deb
      Size/MD5:   181098 3bf535ce2f3d9385e61b271426e45c37

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0-1.1ubuntu1.1.diff.gz
      Size/MD5:    56403 70e219ec859f25bdf7ac45f07faa2afe
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0-1.1ubuntu1.1.dsc
      Size/MD5:     1246 4e61ec19bae78ef99c632a398a4dd081
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0.orig.tar.gz
      Size/MD5:   845017 1f7f497798e06085767d645b0673562a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.4.0-1.1ubuntu1.1_amd64.deb
      Size/MD5:   357022 ea21a9132b0654c39c05866edec72dd8
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.4.0-1.1ubuntu1.1_amd64.deb
      Size/MD5:   206042 a8648520afe8a53116613df55736712b

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.4.0-1.1ubuntu1.1_i386.deb
      Size/MD5:   319786 487eced921c7baa6be606961f6020dd0
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.4.0-1.1ubuntu1.1_i386.deb
      Size/MD5:   196246 4015b74d4e91e1720bdcc6d537de3bc2

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1.1ubuntu1.1_lpia.deb
      Size/MD5:   324676 827319f43ba42952929ee373b4659d91
    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1.1ubuntu1.1_lpia.deb
      Size/MD5:   197582 ac1494911ce7181bf413933b0d10c1b0

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1.1ubuntu1.1_powerpc.deb
      Size/MD5:   348320 5c8fac9d47df022aabaed60ec895caee
    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1.1ubuntu1.1_powerpc.deb
      Size/MD5:   219940 5d8a707d8a1278d90c1d39e5da9fa3f1

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1.1ubuntu1.1_sparc.deb
      Size/MD5:   321206 89fb42e14d2e5f4edb2edfd290e544f2
    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1.1ubuntu1.1_sparc.deb
      Size/MD5:   185468 96423e069f49158142bf1b5d8627e5b4



--=-hEcjMUhJXPxbeMfFKsG9
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkk1YR8ACgkQLMAs/0C4zNpdHwCgvjEPDhTaU3CYq1oUdFFQJzlz
Q8IAn2RipAPZ8p2KJZFxYGyC90asRZpf
=WlM8
-----END PGP SIGNATURE-----

--=-hEcjMUhJXPxbeMfFKsG9--

From - Tue Dec  2 16:56:52 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004c0a
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38801-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id B7E07EC112
for <lists@securityspace.com>; Tue,  2 Dec 2008 16:48:15 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id E954D237098; Tue,  2 Dec 2008 14:30:26 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 8190 invoked from network); 2 Dec 2008 21:01:29 -0000
Resent-Cc: recipient list not shown: ;
Old-Return-Path: <joey@infodrom.org>
X-Original-To: lists-debian-security-announce@liszt.debian.org
Delivered-To: lists-debian-security-announce@liszt.debian.org
From: joey@infodrom.org (Martin Schulze)
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
User-Agent: dsa-launch $Revision: 1.18 $
Message-Id: <20081202210910.50C4D2B3E1B@finlandia.home.infodrom.org>
Date: Tue,  2 Dec 2008 22:09:10 +0100 (CET)
X-Virus-Scanned: at lists.debian.org with policy bank moderated
X-Spam-Status: No, score=-10.58 tagged_above=3.6 required=5.3
tests=[BAYES_00=-2, FOURLA=0.1, FVGT_m_MULTI_ODD=0.02,
IMPRONONCABLE_2=1, LDO_WHITELIST=-5, MURPHY_WRONG_WORD1=0.1,
MURPHY_WRONG_WORD2=0.2, PGPSIGNATURE=-5]
X-Spam-Level: 
X-Debian: PGP check passed for security officers
Subject: [SECURITY] [DSA 1677-1] New CUPS packages fix arbitrary code execution
Priority: urgent
Resent-Message-ID: <RXv4qxwULqD.A.8RD.hXaNJB@liszt>
Reply-To: listadmin@securityfocus.com
Mail-Followup-To: bugtraq@securityfocus.com
To: bugtraq@securityfocus.com
Resent-Date: Tue,  2 Dec 2008 21:17:21 +0000 (UTC)
Resent-From: list@liszt.debian.org (Mailing List Manager)
Status:   

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1677-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
December 2nd, 2008                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : cupsys
Vulnerability  : integer overflow
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CVE-2008-5286
Debian Bug     : 507183

An integer overflow has been discovered in the image validation code
of cupsys, the Common UNIX Printing System.  An attacker could trigger
this bug by supplying a malicious graphic that could lead to the
execution of arbitrary code.

For the stable distribution (etch) this problem has been fixed in
version 1.2.7-4etch6.

For testing distribution (lenny) this issue will be fixed soon.

For the unstable distribution (sid) this problem has been fixed in
version 1.3.8-1lenny4.

We recommend that you upgrade your cupsys packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6.dsc
      Size/MD5 checksum:     1092 a7198b7e0d7724a972d4027e805b1387
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6.diff.gz
      Size/MD5 checksum:   108940 1321ea49cfa8c06d619759acb00b0b2e
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
      Size/MD5 checksum:  4214272 c9ba33356e5bb93efbcf77b6e142e498

  Architecture independent components:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch6_all.deb
      Size/MD5 checksum:   917900 4abe699f9d2a8f866b1e323934c6172a
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch6_all.deb
      Size/MD5 checksum:    46256 9e98540d35e8a7aef76a1042cc4befe4

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_alpha.deb
      Size/MD5 checksum:  1614646 18542415a7a35563aacf6baccc2c474c
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_alpha.deb
      Size/MD5 checksum:    39316 641f1871ea3d1e61a56dc009b2e58652
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_alpha.deb
      Size/MD5 checksum:    85894 99a322067e2207a67afc55dccd5d63b4
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_alpha.deb
      Size/MD5 checksum:  1092462 e2c0dd66dc9d52d41b7e179fa83908ab
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_alpha.deb
      Size/MD5 checksum:    95658 51c76b87321a3c01dfe996fabad2de88
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_alpha.deb
      Size/MD5 checksum:    72682 751a0c814ae40bf75b0494dafd19bd8e
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_alpha.deb
      Size/MD5 checksum:   175346 f8701aeb6bc3670c3f1e60cc80c4ded7
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_alpha.deb
      Size/MD5 checksum:   183712 42dc520b09c22f1d25b7ff1e6d7574bb

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_amd64.deb
      Size/MD5 checksum:  1576182 fe94635e099af684c654fb6468522f21
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_amd64.deb
      Size/MD5 checksum:    36342 3e5954fdc1c572e86f2eeef93c1f466f
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_amd64.deb
      Size/MD5 checksum:    80704 9a21d4104655094da5f2ff3a4c019a08
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_amd64.deb
      Size/MD5 checksum:  1087506 cd83b8b030a4c972b1b3fa396114d9e9
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_amd64.deb
      Size/MD5 checksum:    86360 aeed41809da68dc26e7c586e87878c45
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_amd64.deb
      Size/MD5 checksum:    53008 9f8e3453367ef72e6ef6f00dc6baf624
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_amd64.deb
      Size/MD5 checksum:   162608 a768dc52659411be6fd46b38df61d69b
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_amd64.deb
      Size/MD5 checksum:   142546 a6caf31df81c4aea72c0abc9c0a0b1af

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_arm.deb
      Size/MD5 checksum:  1569702 f7cd63fd8d10e8fcaea2649260b8437a
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_arm.deb
      Size/MD5 checksum:    35934 e5a3e25422b8ded68767d8c32d9291f5
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_arm.deb
      Size/MD5 checksum:    78916 f9707c6c35f2c3198892a8d82eecfa8b
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_arm.deb
      Size/MD5 checksum:  1026248 79e9a9669d9d896d303e29ed7d2b7122
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_arm.deb
      Size/MD5 checksum:    85540 45e25e1887e37f029a3a8da50b309fe4
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_arm.deb
      Size/MD5 checksum:    48732 b90d30685f1e68a036a512cf331547e6
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_arm.deb
      Size/MD5 checksum:   155278 1a0b8b93532c23d26866afc163689dd6
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_arm.deb
      Size/MD5 checksum:   132032 5c4843fe297598ee3c618f92feaef93e

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_hppa.deb
      Size/MD5 checksum:  1624116 e285d90e7861906f00f8e709cb3039ae
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_hppa.deb
      Size/MD5 checksum:    39544 d3015a7ef0c7c345d3940a6c9f428cf0
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_hppa.deb
      Size/MD5 checksum:    84804 a4fa9da96d848e7596d6e3d623fdef07
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_hppa.deb
      Size/MD5 checksum:  1032854 ec6badd9fcff41974f425d97a0a12165
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_hppa.deb
      Size/MD5 checksum:    92038 3dcbb10b949495e21fc742b9b42a3a84
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_hppa.deb
      Size/MD5 checksum:    57376 e64d3d7a95c80c92602e3e7548998bc2
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_hppa.deb
      Size/MD5 checksum:   171856 ab864167ddd2c8b4247898ed36059435
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_hppa.deb
      Size/MD5 checksum:   153942 4149487b7dfd72b027de9851a4adb32e

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_i386.deb
      Size/MD5 checksum:  1556170 c0cefa71d7f58abd666c2c1459d3ede9
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_i386.deb
      Size/MD5 checksum:    36250 e464d81d46968426796a8182e6418691
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_i386.deb
      Size/MD5 checksum:    79702 77c4aef7c78be537c09bc689ad1f5139
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_i386.deb
      Size/MD5 checksum:   997624 ec73926b9d49c2790c6381a927ad20a2
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_i386.deb
      Size/MD5 checksum:    87310 86517be38ba93afd954091ad5643c65b
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_i386.deb
      Size/MD5 checksum:    53240 4fccf1dfd78b230033407a914760d3f5
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_i386.deb
      Size/MD5 checksum:   161274 41344ee4c268c095b89c8decc0e2df68
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_i386.deb
      Size/MD5 checksum:   137796 51b8758e0338e1ec6ec9d74ea5f960ef

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_ia64.deb
      Size/MD5 checksum:  1771030 d4235a8ee49af176f27c8a097a696864
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_ia64.deb
      Size/MD5 checksum:    46326 729ebfb9347d0463f7a6f5cc10c371e7
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_ia64.deb
      Size/MD5 checksum:   106218 9a9142746bbca2c53644c084b45fea9c
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_ia64.deb
      Size/MD5 checksum:  1108324 ea4f9d4d44e6b964c3793fd3a2862671
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_ia64.deb
      Size/MD5 checksum:   107068 bab641470a0bf7034b9ebc7ae072d6fa
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_ia64.deb
      Size/MD5 checksum:    74214 770441377ccf9ad422da6e9d3ba612eb
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_ia64.deb
      Size/MD5 checksum:   204316 7df30a0f5661ea79cdcc537d4012b217
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_ia64.deb
      Size/MD5 checksum:   192364 41d3bab218b036299f8ffae98a9008de

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_mips.deb
      Size/MD5 checksum:  1567974 ba75b6ff260e84dd64b939cae9262a54
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_mips.deb
      Size/MD5 checksum:    36112 6cae983101bdd812ff1f6f26169ab06a
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_mips.deb
      Size/MD5 checksum:    76146 16b61a899c465fc7f142d97744dffba3
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_mips.deb
      Size/MD5 checksum:  1098272 daa46352b0ad47b5c3061c42a15e6ddb
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_mips.deb
      Size/MD5 checksum:    86920 dd75cd6ce9bd9ceaae7d39b60fda49c9
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_mips.deb
      Size/MD5 checksum:    57690 32cfeb2301ded386cf4ab6d0127f30a3
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_mips.deb
      Size/MD5 checksum:   158092 9abd9b0ce1dc1528b0ca50b5fbb7b78b
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_mips.deb
      Size/MD5 checksum:   150986 149531690113d5333beaf1622f915037

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_mipsel.deb
      Size/MD5 checksum:  1553596 a42820cf5bd8d46c4a5cab2a6bd0929a
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_mipsel.deb
      Size/MD5 checksum:    36076 f7239a53b24df0813b16aac1efc850b7
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_mipsel.deb
      Size/MD5 checksum:    77462 a60a8f2d6ab7958026585952890fc751
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_mipsel.deb
      Size/MD5 checksum:  1085502 a18f21c9c0eff69d326bf42596d3ed32
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_mipsel.deb
      Size/MD5 checksum:    87080 1b5618e9841ec899e63ee14cb36116d1
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_mipsel.deb
      Size/MD5 checksum:    57848 def6826bc2876abfcf1b9ad01eea3546
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_mipsel.deb
      Size/MD5 checksum:   158634 bc4151665423bb6acc3225d1f8017b50
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_mipsel.deb
      Size/MD5 checksum:   150888 f27527d8e7d3b892f5e2dc7aa0776434

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_powerpc.deb
      Size/MD5 checksum:  1576684 9c91771aea9ad144c56967ac8caf1fd5
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_powerpc.deb
      Size/MD5 checksum:    41290 69d7ba1506a7415dc74621aa833edf59
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_powerpc.deb
      Size/MD5 checksum:    89994 12245002a3f5e437921979cd8362d346
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_powerpc.deb
      Size/MD5 checksum:  1143404 c79dd5b219961ded9d9dfebf2361fed0
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_powerpc.deb
      Size/MD5 checksum:    88542 988f4b258fbdf870d51aacd1dd26b116
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_powerpc.deb
      Size/MD5 checksum:    51880 650b5a80af7485308b6fca8a0453c9c0
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_powerpc.deb
      Size/MD5 checksum:   163284 4fc43ad526d97ad3823524988c892851
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_powerpc.deb
      Size/MD5 checksum:   136868 2e1cdfaf184170342520895e26ee84b1

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_s390.deb
      Size/MD5 checksum:  1587456 5522fd1afaaa1105a51c91354783fd6f
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_s390.deb
      Size/MD5 checksum:    37422 38b8fd3823381f4384f8758139f3d418
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_s390.deb
      Size/MD5 checksum:    82336 55c8f39b3d04e0a127426f2daf89941f
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_s390.deb
      Size/MD5 checksum:  1037274 02149d41988647e7f4de8e626801c588
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_s390.deb
      Size/MD5 checksum:    88040 8c844af7aeb9c0e1ec9a093a537d5f91
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_s390.deb
      Size/MD5 checksum:    52508 c3695c0157c8bba7eb2bc614173bcd0f
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_s390.deb
      Size/MD5 checksum:   166802 1893c39f92d371c7b474d57f4d8c105e
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_s390.deb
      Size/MD5 checksum:   144928 0eb6cdbc1deceb32bbf2c145a99f7d98

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_sparc.deb
      Size/MD5 checksum:  1562538 0757006ce0c52845673d2cbe9fae0b38
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_sparc.deb
      Size/MD5 checksum:    36020 27636d7df41cfef4c9e41ee236a9b308
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_sparc.deb
      Size/MD5 checksum:    78518 174e3b09d2d667e01d0b47ecb06a2925
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_sparc.deb
      Size/MD5 checksum:   992164 79a9729f9280b70aa7e8573636cfeb8c
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_sparc.deb
      Size/MD5 checksum:    85368 4c3b851a551b47fed4229f55b8a0a4fe
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_sparc.deb
      Size/MD5 checksum:    51756 d4406a58edf127974a79b0df75eab757
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_sparc.deb
      Size/MD5 checksum:   159176 29057219279ea090cf47b35b1da416af
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_sparc.deb
      Size/MD5 checksum:   139560 ca580a13d486d24f74c9a230efee6bde


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJNaPhW5ql+IAeqTIRAiX7AJwJd3Szo5tvpYyBrqggsDuPSulvKACfVJsa
EwALyW+6s+Lgp2d1GI2ong4=R0SH
-----END PGP SIGNATURE-----

From - Wed Dec  3 10:57:48 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004cf1
X-Mozilla-Status: 0011
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38809-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 1A51EEDAB9
for <lists@securityspace.com>; Wed,  3 Dec 2008 10:54:50 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 582FD14392C; Wed,  3 Dec 2008 07:46:37 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 20299 invoked from network); 3 Dec 2008 07:44:28 -0000
Date: Wed, 3 Dec 2008 00:48:44 -0700
Message-Id: <200812030748.mB37miTE012635@www5.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: zimpel@t-online.de
To: bugtraq@securityfocus.com
Subject: Re: Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability
Status:   

I could finally reproduce the problem, when I used the Pi3Web 2.0.3 release without any patches. After applying the available patches in the intended incremental) order to this installation, with Pi3Web 2.0.3 PL2 the issue disappeared. 
 
It seems the creator of the original report has not used a properly maintained Pi3Web 2.03 with PL2 applied. The required patch PL2 is publically available since April 2007. 
 
FINAL RESULT 
 
No vulnerability: 
- with a properly maintained Pi3Web version 2.0.3 with incremental patches up to PL2 applied 
- OR - when Pi3Web is installed as a Windows service 
- OR - when configuration template Pi3Web/Conf/Intenet.pi3 is used 
 
Vulnerability (remote DoS in the reported way) confirmed: 
- Pi3Web version 2.0.3 without any available patches installed 
- AND - Pi3Web is installed as a desktop application 
- AND - configuration template Pi3Web/Conf/Intenet.pi3 is not used 
 
Normally all of the three topics have to be considered, when the server is installed as an remotely accessible (internet) server. 
 
Older versions may be vulnerable under the same condition (installation as a desktop application) but a number of indpendent solutions are available: 
 
- use configuration template internet.pi3 as basis to setup own internet servers 
- delete the ISAPI (and other!) examples manually 
- apply one (and only one) of the following configuration changes: 
 
1.) supplement the mapping directive for ISAPI: 
Mapping Condition="&or(&regexp('*.dll*',$U),&regexp('*.dll',$f))" ISAPIMapper From="/isapi/" To="Isapi\" 
 
2.) add to the ISAPI handler object: 
CheckPath Condition="&not(&and(&regexp('*.dll*',$U),&regexp('*.dll',$f)))" StatusCode StatusCode="404" 
 
PROPOSED ACTIONS FOR END USERS
Please check the Pi3Web server 2.0.3 installation to ensure, that all available patches have been applied. All updates and patches for release Pi3Web 2.0.3 can be downloaded here: 
 
https://sourceforge.net/project/showfiles.php?group_id753&package_id751&release_id%7565 
 
For people, who use the web site http://www.pi3.org (and not the project web site at sourceforge) I added a hint/link in the download area to look for recent updates and patches at sourceforge. 
 
Users of older versions should either update to Pi3Web 2.0.3 (including PL2) or apply the proposed configuration change or delete the ISAPI examples completely from the ISAPI folder. 

PROPOSED ACTIONS FOR BID 32287:
The current description in the BID is inconsistent and wrong and therefore needs multiple updates:
- Pi3Web 2.0.3 PL2 is not vulnerable
- The issue is only valid for Windows versions of Pi3Web
- the following 3 conditions must all be fullfilled in order to produce the issue but are not mentioned at all:
  - Pi3Web version 2.0.3 is installed without any available patches
  - AND - Pi3Web is installed as a desktop application 
  - AND - configuration template Pi3Web/Conf/Intenet.pi3 is not used 

- The configuration workarounds I provided a few days ago are not mentionend at all. Instead it is stated in the BID: "Currently we are not aware of any vendor-supplied patches for this issue."

- one reference to my emails to bugtraq in the 'references' tab of the BID is double and therefore my previous mail to bugtraq is missing in the references list.
--  
 
kind regards, 
Holger Zimmermann 

From - Wed Dec  3 11:07:47 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004cf2
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38803-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id D0357ED6C8
for <lists@securityspace.com>; Wed,  3 Dec 2008 11:03:18 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 6126A1437DA; Wed,  3 Dec 2008 07:43:29 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 17697 invoked from network); 3 Dec 2008 05:07:57 -0000
Message-ID: <493617F1.5070403@vmware.com>
Date: Tue, 02 Dec 2008 21:24:01 -0800
From: VMware Security team <security@vmware.com>
User-Agent: Thunderbird 2.0.0.18 (Windows/20081105)
MIME-Version: 1.0
To: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Subject: VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi
 resolve a critical security issue and update bzip2
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Status:   

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2008-0019
Synopsis:          VMware Hosted products and patches for ESX and ESXi
                   resolve a critical security issue and update bzip2
Issue date:        2008-12-02
Updated on:        2008-12-02 (initial release of advisory)
CVE numbers:       CVE-2008-4917 CVE-2008-1372
- -------------------------------------------------------------------------

1. Summary

   Updated VMware Hosted products and patches for ESX and ESXi resolve
   two security issues. The first is a critical memory corruption
   vulnerability in virtual device hardware. The second is an updated
   bzip2 package for the Service Console.

2. Relevant releases

   VMware Workstation 6.0.5 and earlier,
   VMware Workstation 5.5.8 and earlier,
   VMware Player 2.0.5 and earlier,
   VMware Player 1.0.8 and earlier,
   VMware Server 1.0.9 and earlier,

   VMware ESXi 3.5 without patch ESXe350-200811401-O-SG

   VMware ESX 3.5 without patches ESX350-200811406-SG and
                                  ESX350-200811401-SG

   VMware ESX 3.0.3 without patches ESX303-200811404-SG and
                                    ESX303-200811401-BG

   VMware ESX 3.0.2 without patches ESX-1006980 and ESX-1006982

   NOTE: Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08.
         Users should plan to upgrade to ESX 3.0.3 and preferably to
         the newest release available.

3. Problem Description

 a. Critical Memory corruption vulnerability

    A memory corruption condition may occur in the virtual machine
    hardware. A malicious request sent from the guest operating
    system to the virtual hardware may cause the virtual hardware to
    write to uncontrolled physical memory.

    VMware would like to thank Andrew Honig of the Department of
    Defense for reporting this issue.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2008-4917 to this issue.

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  ================    VirtualCenter  any       Windows  not affected

    Workstation    6.5.x     any      not affected
    Workstation    6.0.x     any      6.5.0 build 118166 or later
    Workstation    5.x       any      5.5.9 build 126128 or later

    Player         2.5.x     any      not affected
    Player         2.0.x     any      2.5.0 build 118166 or later
    Player         1.x       any      1.0.9 build 126128 or later

    ACE            2.5.x     Windows  not affected
    ACE            2.0.x     Windows  2.5.0 build 118166 or later
    ACE            1.x       Windows  1.0.8 build 125922 or later

    Server         2.x       any      not affected
    Server         1.x       any      1.0.8 build 126538 or later

    Fusion         2.x       Mac OS/X not affected
    Fusion         1.x       Mac OS/X upgrade to Fusion 2.0 or later

    ESXi           3.5       ESXi     ESXe350-200811401-O-SG

    ESX            3.5       ESX      ESX350-200811401-SG
    ESX            3.0.3     ESX      ESX303-200811401-BG
    ESX            3.0.2     ESX      ESX-1006980
    ESX            2.5.5     ESX      not affected

 b. Updated Service Console package bzip2

    bzip2 versions before 1.0.5 can crash if certain flaws in compressed
    data lead to reading beyond the end of a buffer.  This might cause
    an application linked to the libbz2 library to crash when
    decompressing malformed archives.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2008-1372 to this issue.

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  ================    VirtualCenter  any       Windows  not affected

    hosted *       any       any      not affected

    ESXi           3.5       ESXi     not affected

    ESX            3.5       ESX      ESX350-200811406-SG
    ESX            3.0.3     ESX      ESX303-200811404-SG
    ESX            3.0.2     ESX      ESX-1006982
    ESX            2.5.5     ESX      affected, patch pending

    * hosted products are VMware Workstation, Player, ACE,
      Server, Fusion.

4. Solution

   Please review the patch/release notes for your product and version
   and verify the md5sum of your downloaded file.

   VMware Workstation 5.5.9
   ------------------------
   http://www.vmware.com/download/ws/ws5.html
   Release notes:
   http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html

   Windows binary:
   md5sum: 509c7b323a8ac42c0a92b0a1446bb0f8

   Compressed Tar archive for 32-bit Linux
   md5sum: 9d189e72f8111e44b27f1ee92edf265e

   Linux RPM version for 32-bit Linux
   md5sum: 0957c5258d033d0107517df64bfea240


   VMware Player 1.0.9
   -----------------------------
   http://www.vmware.com/download/player/
   Release notes Player 1.x:
   http://www.vmware.com/support/player/doc/releasenotes_player.html

   Windows binary
   md5sum: e2c8dd7b27df7d348f14f69de017b93f

   Player 1.0.9 for Linux (.rpm)
   md5sum: 471c3881fa60b058b1dac1d3c9c32c85

   Player 1.0.9 for Linux (.tar)
   md5sum: bef507811698e7333f5e8cb672530dbf


   VMware Server 1.0.8
   -------------------
   http://www.vmware.com/download/server/
   Release notes:
   http://www.vmware.com/support/server/doc/releasenotes_server.html

   VMware Server for Windows 32-bit and 64-bit
   md5sum: 4ba41e5fa192f786121a7395ebaa8d7c

   VMware Server Windows client package
   md5sum: f25746e275ca00f28d44ad372fc92536

   VMware Server for Linux
   md5sum: a476d3953ab1ff8457735e692fa5edf9

   VMware Server for Linux rpm
   md5sum: af6890506618fa82928fbfba8a5f97e1

   Management Interface
   md5sum: 5982b84a39479cabce63e12ab664d369

   VMware Server Linux client package
   md5sum: 605d7db48f63211cc3f5ddb2b3f915a6


   ESXi
   ----
   ESXi 3.5 patch ESXe350-200811401-O-SG
   http://download3.vmware.com/software/vi/ESXe350-200811401-O-SG.zip
   md5sum: e895c8cb0d32b722d7820d0214416092
   http://kb.vmware.com/kb/1007507

   NOTE: The three ESXi patches for Firmware "I", VMware Tools "T," and
         the VI Client "C" are contained in a single offline "O"
         download file.

   ESX
   ---
   ESX 3.5 patch ESX350-200811401-SG (memory corruption)
   http://download3.vmware.com/software/vi/ESX350-200811401-SG.zip
   md5sum: 988042ce20ce2381216fbe1862c3e66d
   http://kb.vmware.com/kb/1007501

   ESX 3.5 patch ESX350-200811406-SG (bzip2)
   http://download3.vmware.com/software/vi/ESX350-200811406-SG.zip
   md5sum: 285ec405ac34a196cbb796922e22cca2
   http://kb.vmware.com/kb/1007504

   ESX 3.0.3 patch ESX303-200811401-BG (memory corruption)
   http://download3.vmware.com/software/vi/ESX303-200811401-BG.zip
   md5sum: 26bf687a3483951d1f14ab66edf1d196
   http://kb.vmware.com/kb/1006986

   ESX 3.0.3 patch ESX303-200811404-SG (bzip2)
   http://download3.vmware.com/software/vi/ESX303-200811404-SG.zip
   md5sum: 2707e4a599867b0444e85a75a471ed4f
   http://kb.vmware.com/kb/1007198

   ESX 3.0.2 patch ESX-1006980 (memory corruption)
   http://download3.vmware.com/software/vi/ESX-1006980.tgz
   md5sum: 5e73f1585fea3ee770b2df2b94e73ca4
   http://kb.vmware.com/kb/1006980

   ESX 3.0.2 patch ESX-1006982 (bzip2)
   http://download3.vmware.com/software/vi/ESX-1006982.tgz
   md5sum: 4921cf542b5979bd0eef7f2c15683b71
   http://kb.vmware.com/kb/1006982

5. References

   CVE numbers
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4917
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372

- -------------------------------------------------------------------------
6. Change log

2008-12-02  VMSA-2008-0019
Initial security advisory after release of patches for ESXi, ESX 3.5,
ESX 3.0.3, ESX 3.0.2. Updated hosted products were previously released
on 2008-11-06.

- ------------------------------------------------------------------------
7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  * security-announce at lists.vmware.com
  * bugtraq at securityfocus.com
  * full-disclosure at lists.grok.org.uk

E-mail:  security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc.  All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)

iD8DBQFJNhfuS2KysvBH1xkRAt0NAJ0ap7HIEzEsxWxxeJbni4I5SaBeLACfdKSt
A0VgCubYwg7psnfOUEHM9+o=mieL
-----END PGP SIGNATURE-----

From - Wed Dec  3 11:27:48 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004cf3
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38806-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 1BB4CED782
for <lists@securityspace.com>; Wed,  3 Dec 2008 11:27:41 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 5570C1438DA; Wed,  3 Dec 2008 07:45:21 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 24938 invoked from network); 3 Dec 2008 12:36:43 -0000
Date: Wed, 3 Dec 2008 05:40:59 -0700
Message-Id: <200812031240.mB3CexL3003994@www5.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: office@hackattack.at
To: bugtraq@securityfocus.com
Subject: [HACKATTACK Advisory 20081203]Pro Clan Manager 0.4.2 - Session
 Fixation
Status:   

[HACKATTACK Advisory 20081203]Pro Clan Manager 0.4.2 - Session Fixation

Details
************************
Product: Pro Clan Manager CMS
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.proclanmanager.com/
Vendor-Status: informed
Advisory-Status: not yet published

Credits
************************
Discovered by: David Vieira-Kurz
http://www.HACKATTACK.at || http://www.HACKATTACK.eu

Affected Products:
----------------------------
Pro Clan Manager 0.4.2 and prior

Original Advisory:
************************
http://www.HACKATTACK.at || http://www.HACKATTACK.eu

Introduction
************************
Pro Clan Manager is a PHP-based Content Management System.

More Details
************************
1. Cookie_Manipulation:
---------------------
The cookie variable "PHPSESSID" parameter can be set to a malicious and arbitrary value.

1.1 Description:
In a session fixation attack, the attacker fixes the user's session ID before the user even logs into the target server.
After a user's session ID has been fixed, the attacker will wait for them to login.
Once the user does so, the attacker uses the predefined session ID value to assume their online identity.

Workaround:
************************
1. Do not accept session identifiers from GET / POST variables.
2.Regenerate SID on each request.
3. Accept only server generated SID:
One way to improve security is to not accept session identifiers not generated by server.

if ( ! isset( $_SESSION['SERVER_GENERATED_SID'] ) ) {
session_destroy(); // destroy all data in session
}
session_regenerate_id(); // generate a new session identifier
$_SESSION['SERVER_GENERATED_SID'] = true;


About HACKATTACK
===============HACKATTACK IT SECURITY GmbH is a Penetrationtest and security Auditinf company located in Austria and Germany.

Hotline Germany +49 (0)800 20 60 900
Hotline Austria +43 (0)06223 20 6210
More Information about HACKATTACK at
http://www.HACKATTACK.at || http://www.HACKATTACK.eu

From - Wed Dec  3 11:37:47 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004cf4
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38804-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 2CE98ED77A
for <lists@securityspace.com>; Wed,  3 Dec 2008 11:34:26 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 7644A14371B; Wed,  3 Dec 2008 07:43:53 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 18553 invoked from network); 3 Dec 2008 05:59:28 -0000
Resent-Cc: recipient list not shown: ;
Old-Return-Path: <fw@deneb.enyo.de>
X-Original-To: lists-debian-security-announce@liszt.debian.org
Delivered-To: lists-debian-security-announce@liszt.debian.org
From: Steffen Joeris <white@debian.org>
Date: Wed, 03 Dec 2008 07:15:24 +0100
Message-ID: <87vdu1lr7n.fsf@mid.deneb.enyo.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Virus-Scanned: at lists.debian.org with policy bank moderated
X-Spam-Status: No, score=-9.58 tagged_above=3.6 required=5.3
tests=[BAYES_00=-2, FOURLA=0.1, FVGT_m_MULTI_ODD=0.02,
IMPRONONCABLE_1=1, IMPRONONCABLE_2=1, LDO_WHITELIST=-5,
MURPHY_WRONG_WORD1=0.1, MURPHY_WRONG_WORD2=0.2, PGPSIGNATURE=-5]
X-Spam-Level: 
X-Debian: PGP check passed for security officers
Subject: [SECURITY] [DSA 1678-1] New perl packages fix privilege escalation
Priority: urgent
Resent-Message-ID: <TECtiiibFTJ.A.PME.FQiNJB@liszt>
Reply-To: listadmin@securityfocus.com
Mail-Followup-To: bugtraq@securityfocus.com
To: bugtraq@securityfocus.com
Resent-Date: Wed,  3 Dec 2008 06:15:33 +0000 (UTC)
Resent-From: list@liszt.debian.org (Mailing List Manager)
Status:   

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1678-1                  security@debian.org
http://www.debian.org/security/                           Steffen Joeris
December 03, 2008                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : perl
Vulnerability  : design flaws
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2008-5302 CVE-2008-5303
Debian Bug     : 286905 286922

Paul Szabo rediscovered a vulnerability in the File::Path::rmtree
function of Perl. It was possible to exploit a race condition to create
setuid binaries in a directory tree or remove arbitrary files when a
process is deleting this tree.  This issue was originally known as
CVE-2005-0448 and CVE-2004-0452, which were addressed by DSA-696-1 and
DSA-620-1. Unfortunately, they were reintroduced later.

For the stable distribution (etch), these problems have been fixed in
version 5.8.8-7etch5.

For the unstable distribution (sid), these problems have been fixed in 
version 5.10.0-18 and will migrate to the testing distribution (lenny) 
shortly.

We recommend that you upgrade your perl packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5.dsc
    Size/MD5 checksum:      750 a57837967b7420057558cab7efca9202
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8.orig.tar.gz
    Size/MD5 checksum: 12829188 b8c118d4360846829beb30b02a6b91a7
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5.diff.gz
    Size/MD5 checksum:   105052 cfd4c3d27c5a7a342c441383867dae89

Architecture independent packages:

  http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.8.8-7etch5_all.deb
    Size/MD5 checksum:    41082 9dfa8758852aadcaadb2edbdfa17f942
  http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.8.8-7etch5_all.deb
    Size/MD5 checksum:  7378812 3baade38d4a703ae7db0e2f7d7b2df62
  http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.8.8-7etch5_all.deb
    Size/MD5 checksum:  2316518 dc45e7d6fbedf992db42f31326457df2

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_alpha.deb
    Size/MD5 checksum:  4150162 345ac6cfebda2d2e6807a1dc0e14957c
  http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_alpha.deb
    Size/MD5 checksum:     1006 f010eb97c3f81b2958c7546ba69296eb
  http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_alpha.deb
    Size/MD5 checksum:  2928894 52f0aa7e688e63cd4d487a6492d9ee2e
  http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_alpha.deb
    Size/MD5 checksum:    36236 eb16c8490e1e164ef6444f4b7680fbc6
  http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_alpha.deb
    Size/MD5 checksum:   821796 d48d9e6f1a07eafdc6acb6d990cf1fbc
  http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_alpha.deb
    Size/MD5 checksum:   880174 f32a7823fd919ada981b3eda1abe6a70

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_amd64.deb
    Size/MD5 checksum:   630776 4f134545671885f476770a9da3695301
  http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_amd64.deb
    Size/MD5 checksum:   806610 02ed83b2872342eb732c0179daa52869
  http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_amd64.deb
    Size/MD5 checksum:    32774 4db9f5a96272f4a561abadbc3a1ed175
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_amd64.deb
    Size/MD5 checksum:  4248964 b09695271b26cb6b6245a791e9e7122d
  http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_amd64.deb
    Size/MD5 checksum:  2735132 c8bb2c571273b1ef47beb05874ae4277
  http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_amd64.deb
    Size/MD5 checksum:     1010 4223d65b463272ca026ee7e7d7d0ff02

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_arm.deb
    Size/MD5 checksum:     1008 fd5146b7fceeb55c7ba16831e95f0b4a
  http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_arm.deb
    Size/MD5 checksum:   562112 24fe7aacf39d42673555f228e6edd5d7
  http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_arm.deb
    Size/MD5 checksum:    30338 57ce7264534de68fe870e72eaae6a186
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_arm.deb
    Size/MD5 checksum:  3410084 382ee29a48541e9270cb20926ff2c58a
  http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_arm.deb
    Size/MD5 checksum:   760136 6939901d705dbdac94e959ebab73d32a
  http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_arm.deb
    Size/MD5 checksum:  2548202 07796362a684d112be9dbea0ff5a2ab5

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_i386.deb
    Size/MD5 checksum:  3589118 bdcb99ed51d06b1639d98a661ce42d58
  http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_i386.deb
    Size/MD5 checksum:   527162 c511226a2cbddb98a170c8f563d6670a
  http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_i386.deb
    Size/MD5 checksum:   585396 f3f34d325de643667d4c12f897a15f48
  http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_i386.deb
    Size/MD5 checksum:    32070 59d70d1ee4f0e7584230095ca079ceb7
  http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_i386.deb
    Size/MD5 checksum:  2491980 7149381d9862cc1ebd20092fae76dda9
  http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_i386.deb
    Size/MD5 checksum:   762200 40254226d8ae5963a908661350816f0c

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_ia64.deb
    Size/MD5 checksum:   978092 e856d5880b7b4c26222a3e0a3e0e0610
  http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_ia64.deb
    Size/MD5 checksum:  3364496 8248ac1db0819b45b0ea5bf2ba748f6f
  http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_ia64.deb
    Size/MD5 checksum:  1154060 3ff9faa1f05b380c486a86f79e7993a0
  http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_ia64.deb
    Size/MD5 checksum:     1008 ce21fdde9f6a971ab9bb950d5a4f8846
  http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_ia64.deb
    Size/MD5 checksum:    51272 85acec2cd9ad024ec30e00a5af6f5ccb
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_ia64.deb
    Size/MD5 checksum:  4336594 d4756a2b2de75f43cdb2f8ff4ccc0566

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_mips.deb
    Size/MD5 checksum:  2782132 4999312ae9a1844b4d475f34d312d334
  http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_mips.deb
    Size/MD5 checksum:   694018 e974c764d6a3350e7425cf5990f02201
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_mips.deb
    Size/MD5 checksum:  3678988 94244c7432977a979063076fc67bbf29
  http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_mips.deb
    Size/MD5 checksum:    32216 cacc1e6e5d2649606ddccc99a9f09ebd
  http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_mips.deb
    Size/MD5 checksum:   786110 1713743185beb6ddc6de091ed4a7a0e5
  http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_mips.deb
    Size/MD5 checksum:     1008 905da3949be11e01942cb096f279cd63

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_powerpc.deb
    Size/MD5 checksum:   653440 4ccf1e83f3159d64262c9d30506e151a
  http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_powerpc.deb
    Size/MD5 checksum:  2710130 036b5620a814a6443d173a1a5f62a051
  http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_powerpc.deb
    Size/MD5 checksum:     1012 3bf894f640eeb63b15a997dbb1e06a63
  http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_powerpc.deb
    Size/MD5 checksum:    32908 bb7ccbed135a9625df993587576fbcf6
  http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_powerpc.deb
    Size/MD5 checksum:   811032 6ea8cf13343916db0f3e46c759f448da
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_powerpc.deb
    Size/MD5 checksum:  3824810 5864271ba481be6308ab9e704c2454c1

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_s390.deb
    Size/MD5 checksum:   823642 682e9f9fb581af9cc0aa9860c2747eba
  http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_s390.deb
    Size/MD5 checksum:    33108 311441a02f7965c21790d988b63879c6
  http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_s390.deb
    Size/MD5 checksum:  2796658 3b4c21061de13bec62299cfda17c21a8
  http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_s390.deb
    Size/MD5 checksum:     1008 201b45bdbf264748d665b789e501e2c9
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_s390.deb
    Size/MD5 checksum:  4100050 c2348e4c49820501d30e3736bb60e442
  http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_s390.deb
    Size/MD5 checksum:   633612 6d818da26553af14a4479a23731ea8b0

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_sparc.deb
    Size/MD5 checksum:     1014 bd9f92414f3d44f15efa2c8b25fd39d9
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_sparc.deb
    Size/MD5 checksum:  3796714 95538b186d68bd25eec0dd3a27fe1447
  http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_sparc.deb
    Size/MD5 checksum:   783702 e07757e74203c7c8eec5f2db41051bc4
  http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_sparc.deb
    Size/MD5 checksum:    31056 d0ead72ea7bb47971f638ef7aee22705
  http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_sparc.deb
    Size/MD5 checksum:  2565984 253cc0540fbaead2b39bbcf9dda3ab96
  http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_sparc.deb
    Size/MD5 checksum:   594486 85b2168a8092deadace3044f51ebd20a


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJJNiNUAAoJEL97/wQC1SS+xTwH/0zeSjj1pMV/opCTwn43mJol
fiGZ7O7Ng8o6Ps1fRuPZi+SdvaQxF3NbYWnyKikxY223AvLRlDQCPtbe0wZYf0bQ
6Cr9S+GaRTHd9UOg/4s2CE1clttlXRIzRQT9jTi/uycTr/JsAVUeWZ4LgrAq6P1l
qxMxiZddeH6BRHJbFgMKT8nhnLkAOztAqSlmZjA4XBlq/LH4RyGhprJh39zuG2Aq
U85a7vWzwwrH6EnfeYi4xS4i9kR5+YJUTvvgmdnYOfi6lOQl8Y3KG6Qeunmw/0gc
GjB7KcH1bUyj8hiS0zoMCbFwwCsodt5zfoieD82VtvRGAv+PoaH4ZL4O8MfYS0o�HH
-----END PGP SIGNATURE-----

From - Wed Dec  3 11:57:47 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004cf5
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38802-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 41722ED846
for <lists@securityspace.com>; Wed,  3 Dec 2008 11:53:34 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id E8EA8143783; Wed,  3 Dec 2008 07:42:09 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 10261 invoked from network); 2 Dec 2008 22:04:30 -0000
Date: Tue, 2 Dec 2008 14:20:25 -0800
From: Kees Cook <kees@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Subject: [USN-684-1] ClamAV vulnerability
Message-ID: <20081202222025.GH25309@outflux.net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="zx4FCpZtqtKETZ7O"
Content-Disposition: inline
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.316 $
X-HELO: www.outflux.net
X-Scanned-By: MIMEDefang 2.63 on 10.2.0.1
Status:   


--zx4FCpZtqtKETZ7O
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================Ubuntu Security Notice USN-684-1          December 02, 2008
clamav vulnerability
https://bugs.launchpad.net/bugs/304017
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
  libclamav5                      0.94.dfsg.2-1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Ilja van Sprundel discovered that ClamAV did not handle recursive JPEG
information.  If a remote attacker sent a specially crafted JPEG file,
ClamAV would crash, leading to a denial of service.


Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1.diff.gz
      Size/MD5:   159258 35b619fff489b7fdbfacd86170572cfa
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1.dsc
      Size/MD5:     1545 d35181ceb4a8b93aa8ef3d80f424a52e
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2.orig.tar.gz
      Size/MD5: 22073819 7b45b0c54b887b23cb49e4bff807cf58

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-base_0.94.dfsg.2-1ubuntu0.1_all.deb
      Size/MD5: 19497162 d2d7052e4859a66f9556a33839be072b
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-docs_0.94.dfsg.2-1ubuntu0.1_all.deb
      Size/MD5:  1077346 0c0e57cf0a6d5004611621c81d158b3e
    http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-testfiles_0.94.dfsg.2-1ubuntu0.1_all.deb
      Size/MD5:   208058 8dd86c35b97cfa0c111ec6a99f90d7b4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_amd64.deb
      Size/MD5:   239628 465bacd5ebfec386196f83b90c59b1d5
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_amd64.deb
      Size/MD5:   914866 309f142bd797da5b06bae9f3273c729a
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_amd64.deb
      Size/MD5:   255448 b28942a9a6ecd5b09eea78f22f56658c
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_amd64.deb
      Size/MD5:   235612 d7fc1fbc5112f2b8b4bb81f26f8495bd
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_amd64.deb
      Size/MD5:   573860 1a499485cdee3a5ed728fdb115d4708e
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_amd64.deb
      Size/MD5:   538626 f1ec69b8d9bc15cf1b6ab9b483b37568
    http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_amd64.deb
      Size/MD5:   232722 4abb421ae13f2c04ccf7e975d68344f1

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_i386.deb
      Size/MD5:   233172 1e14e971a76712c4a38d3250e3f84a4f
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_i386.deb
      Size/MD5:   849368 dc7e8747a2f1b40db10fd3dfa80d6d8f
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_i386.deb
      Size/MD5:   253682 2dfbb18dbe45b97fe537e440c86079f0
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_i386.deb
      Size/MD5:   232686 f5fc69f35bb5206e6f3f1802eab27b87
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_i386.deb
      Size/MD5:   541856 cc9e3b0f262968372c5cdf8b62606280
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_i386.deb
      Size/MD5:   524410 2d1f9e712a3ef57c99434469a584f38d
    http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_i386.deb
      Size/MD5:   229260 280079fa42c8ff6a18a8fd1406956f3c

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_lpia.deb
      Size/MD5:   232694 509ca94dd8ba239e70df349015eab8b6
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_lpia.deb
      Size/MD5:   866262 636afb92077246666719c22544dda5bd
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_lpia.deb
      Size/MD5:   253738 0581fb06ce78fd9a2d1e2d81cfa95e87
    http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_lpia.deb
      Size/MD5:   232232 7e301b68901a3435da4768b2845bf61d
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_lpia.deb
      Size/MD5:   543754 bd8453f227ae9bebcec4fb41b9e9d427
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_lpia.deb
      Size/MD5:   527060 b903aa2ec89a2b3c327e170f3b23e021
    http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_lpia.deb
      Size/MD5:   229286 d2af0a51fa4beb6eb3045f2dfa3abe9e

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
      Size/MD5:   242896 a8a6f8ef5d43b0856cb250879b6d741d
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
      Size/MD5:   903632 275eb13f4b9caa6ab4089aa0d8e97b24
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
      Size/MD5:   258198 2109d15b9bcb4cedeb380ac295c26364
    http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
      Size/MD5:   240246 c373dfb0ec6bd9539575aad28310a5ae
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
      Size/MD5:   613886 8a59e0abf3597d1c13ffa47ee0700b48
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
      Size/MD5:   554872 992aa23fb6ed82684c8325743e366947
    http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
      Size/MD5:   232832 36d93e39e3f1f74dde643bc78e38c4a7

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_sparc.deb
      Size/MD5:   232694 22f99a7b96cf3ab8749316cb3256b168
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_sparc.deb
      Size/MD5:   836388 a2eb3d95d9a6254db4d7375844f18f57
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_sparc.deb
      Size/MD5:   252954 b21baca5066e5e27a8b8154cc17b9d2c
    http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_sparc.deb
      Size/MD5:   233100 3c0b967b8a11e701698a1099a171ee82
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_sparc.deb
      Size/MD5:   577734 05eb85bfb1a2ac3b223eba160167c7e2
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_sparc.deb
      Size/MD5:   543454 09533df800dafec77af220c81897cb0e
    http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_sparc.deb
      Size/MD5:   230206 5abbd9810492e866183bb1033a284b18