Debian 10206 Published by

The following two security updates are available for Debian GNU/Linux:

- [DSA 2083-1] New moin packages fix cross-site scripting
- [DSA 2084-1] New tiff packages fix arbitrary code execution



[SECURITY] [DSA 2083-1] New moin packages fix cross-site scripting
- --------------------------------------------------------------------------
Debian Security Advisory DSA-2083-1 security@debian.org
http://www.debian.org/security/ Nico Golde
August 2nd, 2010 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : moin
Vulnerability : missing input sanitization
Problem type : remote
Debian-specific: no
Debian bug : 584809
CVE ID : CVE-2010-2487

It was discovered that moin, a python clone of WikiWiki, does not sufficiently
sanitize parameters when passing them to the add_msg function. This allows a
remote attackers to conduct cross-site scripting (XSS) attacks for example
via the template parameter.


For the stable distribution (lenny), this problem has been fixed in
version 1.7.1-3+lenny5.

For the testing distribution (squeeze), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 1.9.3-1.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/m/moin/moin_1.7.1-3+lenny5.dsc
Size/MD5 checksum: 1259 574199fc8e4c954cdd8b75e81eecdcf2
http://security.debian.org/pool/updates/main/m/moin/moin_1.7.1.orig.tar.gz
Size/MD5 checksum: 5468224 871337b8171c91f9a6803e5376857e8d
http://security.debian.org/pool/updates/main/m/moin/moin_1.7.1-3+lenny5.diff.gz
Size/MD5 checksum: 92369 5363c01a34f85326113d767264edd42a

Architecture independent packages:

http://security.debian.org/pool/updates/main/m/moin/python-moinmoin_1.7.1-3+lenny5_all.deb
Size/MD5 checksum: 4499604 c17eeecc46d92ea6db6078884c777669


These files will probably be moved into the stable distribution on
its next update.
[SECURITY] [DSA 2084-1] New tiff packages fix arbitrary code execution
- ------------------------------------------------------------------------
Debian Security Advisory DSA-2084-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
August 03, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : tiff
Vulnerability : integer overflows
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2010-1411

Kevin Finisterre discovered that several integer overflows in the TIFF
library could lead to the execution of arbitrary code.

For the stable distribution (lenny), this problem has been fixed in
version 3.8.2-11.3.

For the unstable distribution (sid), this problem has been fixed in
version 3.9.4-1.

We recommend that you upgrade your tiff packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-11.3.tar.gz
Size/MD5 checksum: 1376361 bfbc775f3ea2d698f6c4e57a66a6bc62
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-11.3.dsc
Size/MD5 checksum: 965 289fde796cd4d75c185fd380e4ef2611

Architecture independent packages:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-doc_3.8.2-11.3_all.deb
Size/MD5 checksum: 368936 4fa6c87469e6d2a4ab8b9b609e1cd2b0

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_alpha.deb
Size/MD5 checksum: 184038 718aa158afb8b08924079e4c8990f303
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_alpha.deb
Size/MD5 checksum: 339202 b4d67d4e554d4e681e54a9951bc6ab88
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_alpha.deb
Size/MD5 checksum: 49078 2c6b9d3ee81d1f1ea306d395b51c1731
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_alpha.deb
Size/MD5 checksum: 55100 ef3532a300357164438524ca256853fb
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_alpha.deb
Size/MD5 checksum: 253438 6e72c7d573238d09bdc43a20472b2b29

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_amd64.deb
Size/MD5 checksum: 230540 93a89276bd4fe5be5a9d50b040002a70
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_amd64.deb
Size/MD5 checksum: 169962 037d13ec48515773798dfc51af404eef
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_amd64.deb
Size/MD5 checksum: 54210 d4e1911e9e5f07980e0d71bde8bfc732
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_amd64.deb
Size/MD5 checksum: 48846 334988c78cfc87a6a3f9f9a18254f450
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_amd64.deb
Size/MD5 checksum: 293176 4aa38a5f29db663094e6af1039b5a32b

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_armel.deb
Size/MD5 checksum: 162044 2b4e8648f64119e0ab8e8ab6246270a9
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_armel.deb
Size/MD5 checksum: 234150 7481d9317f18ce662f3b8997ce924df8
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_armel.deb
Size/MD5 checksum: 55996 26fbcbaccac9a1ee56b681699ff035e3
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_armel.deb
Size/MD5 checksum: 48532 30d10222b5e240af5823a2a1cf1b1e26
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_armel.deb
Size/MD5 checksum: 278612 97026ca2288156a7c08057afedede29e

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_hppa.deb
Size/MD5 checksum: 309128 bf85956e72869e294f893c3f27b6ad37
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_hppa.deb
Size/MD5 checksum: 176834 e0f39c8995ba2d40ae444257bf9b5943
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_hppa.deb
Size/MD5 checksum: 49746 04935c2e72b8696ccfcd1c303fb83327
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_hppa.deb
Size/MD5 checksum: 54552 d4af13d4eb9022e20ce2312d951ba34b
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_hppa.deb
Size/MD5 checksum: 241610 97b8a14e8b2cc24197e2b82d01f51775

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_i386.deb
Size/MD5 checksum: 275666 b8fb9e1f47d1e29ba82e9ab9c2c5695e
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_i386.deb
Size/MD5 checksum: 48830 734c77873fd7f566e2473470b1db31aa
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_i386.deb
Size/MD5 checksum: 161636 665df63c672569d63281727a7ac499b0
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_i386.deb
Size/MD5 checksum: 53632 5d75e0f199918c8c250b0a48d4b2fd4f
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_i386.deb
Size/MD5 checksum: 219164 b3b8468f9a518093440b74fc573a6ee1

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_ia64.deb
Size/MD5 checksum: 368628 57e577e4e2a590f89b96204598e14d04
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_ia64.deb
Size/MD5 checksum: 56790 4072f1d33f13b2bd419cdd984947a4ce
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_ia64.deb
Size/MD5 checksum: 50600 fd59fabeaae51f1b5cf6a675abd2733e
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_ia64.deb
Size/MD5 checksum: 230320 54f9d6a2004efac771cdf2856c238032
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_ia64.deb
Size/MD5 checksum: 294884 e6b5df4ea911fc1cc788b8ec7302180a

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_mips.deb
Size/MD5 checksum: 228404 3980fe301b7f21ef4a651d970791deb4
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_mips.deb
Size/MD5 checksum: 54648 c1e21d56c6c3caca4fa5cd3088e0131e
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_mips.deb
Size/MD5 checksum: 164076 5d3ebd670bb207890c8b01446d9b5286
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_mips.deb
Size/MD5 checksum: 49246 6b55de1c9cc0588311d490393588fef8
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_mips.deb
Size/MD5 checksum: 308736 ff1fd350e5516cd2b01fdf63e7038571

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_mipsel.deb
Size/MD5 checksum: 54422 561140c51e40c2c87d7c38e47ec1ce0f
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_mipsel.deb
Size/MD5 checksum: 49108 0eed63837509815d380a8ede4617a2c0
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_mipsel.deb
Size/MD5 checksum: 307868 f0b97d0b90054a568241766cd5e8ac0e
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_mipsel.deb
Size/MD5 checksum: 164694 69ae3b75909d3fbcf4a748a3f17c4a2e
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_mipsel.deb
Size/MD5 checksum: 228910 75d5940ed31a0a78f7a5a07cca1c90b9

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_powerpc.deb
Size/MD5 checksum: 299072 cf872d693b7d6d04caab6395c807a49d
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_powerpc.deb
Size/MD5 checksum: 51290 4b3b6043a320e3b0efede959db2c993f
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_powerpc.deb
Size/MD5 checksum: 173516 7fb5e356c35b8161dea064a927f8f524
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_powerpc.deb
Size/MD5 checksum: 270346 ff150ce3bea37067983a7ea8bdc8ce4f
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_powerpc.deb
Size/MD5 checksum: 57156 d57b33ff85a8c4775c519bf6868e5dda

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_s390.deb
Size/MD5 checksum: 49846 f0d66694ef6247958c18b753690d6cf6
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_s390.deb
Size/MD5 checksum: 293844 3f30774b20aada6f011ffeaaf0913ce9
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_s390.deb
Size/MD5 checksum: 177474 884dc57fdc438a4a735e123911bcb8dd
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_s390.deb
Size/MD5 checksum: 231424 620b24d7eafbb4851b1fd43c96a4445c
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_s390.deb
Size/MD5 checksum: 55402 35f4548f8da35b1e25de3bc650fe65c4

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_sparc.deb
Size/MD5 checksum: 280198 63347485f32c91c6b449ec33041cf343
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_sparc.deb
Size/MD5 checksum: 55224 e64c5173ddd48b8a80f37a8a92a4b8ef
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_sparc.deb
Size/MD5 checksum: 160138 a01d761068e08a849cf0aba5f8bf8115
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_sparc.deb
Size/MD5 checksum: 49380 07dfbcef878e3d014e55bf7c070f722b
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_sparc.deb
Size/MD5 checksum: 224292 c31548079cc7b5aec519f66411cd0eeb


These files will probably be moved into the stable distribution on
its next update.