From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1688 [email protected] http://www.debian.org/security/ Steffen Joeris December 20, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : courier-authlib
Vulnerability : SQL injection
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-2380 CVE-2008-2667

Two SQL injection vulnerabilities have beein found in courier-authlib,
the courier authentification library. The MySQL database interface used insufficient escaping mechanisms when constructing SQL statements,
leading to SQL injection vulnerabilities if certain charsets are used (CVE-2008-2380). A similar issue affects the PostgreSQL database
interface (CVE-2008-2667).

For the stable distribution (etch), these problems have been fixed in
version 0.58-4+etch2.

For the testing distribution (lenny) and the unstable distribution
(sid), these problems have been fixed in version 0.61.0-1+lenny1.

We recommend that you upgrade your courier-authlib packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58.orig.tar.gz
Size/MD5 checksum: 3342115 75b5b2b72d550048ed1b29e687a1a60d
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2.diff.gz
Size/MD5 checksum: 44232 5345604d34a363e4519077032a9aeb1f
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2.dsc
Size/MD5 checksum: 970 9652de3cb3cd60fa91aee7cb1e0b8dca

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch2_alpha.deb
Size/MD5 checksum: 23168 fadd251992d42011cc6a7ebd98fab8ec
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch2_alpha.deb
Size/MD5 checksum: 6872 6a4b4a3b87e9d42347e7c5ee8e373cc1
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch2_alpha.deb
Size/MD5 checksum: 20252 14b6526559b01af55bf98623d6a9dbc2
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch2_alpha.deb
Size/MD5 checksum: 20360 7fd32c031bc84d59b48e229855d7e347
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch2_alpha.deb
Size/MD5 checksum: 39046 0b4d0fe9ef5ecfa66d1cef14dc65bb89
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch2_alpha.deb
Size/MD5 checksum: 8862 90e0a8316f719256734af61ca2bf147d
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch2_alpha.deb
Size/MD5 checksum: 149956 19cb601a37c170b9de0d3090c56002ab
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2_alpha.deb
Size/MD5 checksum: 92666 f2c54e7b23aa10157cf8b9704a44ed66

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch2_amd64.deb
Size/MD5 checksum: 6882 5607bf027063ab70597301e99401b57a
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch2_amd64.deb
Size/MD5 checksum: 19774 ae1bee7da212b8996858b6e077fcc852
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch2_amd64.deb
Size/MD5 checksum: 34296 d42351150f3a4e621c27608aeee9144a
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch2_amd64.deb
Size/MD5 checksum: 8298 8318ba2b8d4cadcd55646686534c42ff
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch2_amd64.deb
Size/MD5 checksum: 111816 985dd2b71cee857a8a44b1805dd03768
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch2_amd64.deb
Size/MD5 checksum: 22182 b5fab407e60b9e7bec23535ea8030274
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch2_amd64.deb
Size/MD5 checksum: 19942 780fbf86d2f64743d00bf82dccc45aef
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2_amd64.deb
Size/MD5 checksum: 81440 5ae5081441e0ea2e9e20ec037a25ed69

arm architecture (ARM)

http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch2_arm.deb
Size/MD5 checksum: 6872 27f8dfabf8939a063a2725053d138b03
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch2_arm.deb
Size/MD5 checksum: 97966 eba6aa3b836e90a1ff85ce72c97856e1
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch2_arm.deb
Size/MD5 checksum: 18618 1446523e8fc2028b61c82874b9ddbfe9
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch2_arm.deb
Size/MD5 checksum: 32644 5d4032a7948d90f9873eb256a35c473f
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch2_arm.deb
Size/MD5 checksum: 20928 81b0bf0c3bb6a012178ea76be1412c0b
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch2_arm.deb
Size/MD5 checksum: 7694 adfb37f7da5e86a051942defa5baeffb
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2_arm.deb

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)