From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1747-1
[email protected] http://www.debian.org/security/ Steffen Joeris
March 20, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : glib2.0
Vulnerability : integer overflow
Problem type : local (remote)
Debian-specific: no
CVE Id : CVE-2008-4316
Debian Bugs : 520046
Diego Petten discovered that glib2.0, the GLib library of C routines,
handles large strings insecurely via its Base64 encoding functions. This
could possible lead to the execution of arbitrary code.
For the stable distribution (lenny), this problem has been fixed in
version 2.16.6-1+lenny1.
For the oldstable distribution (etch), this problem has been fixed in
version 2.12.4-2+etch1.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 2.20.0-1.
We recommend that you upgrade your glib2.0 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/g/glib2.0/glib2.0_2.12.4.orig.tar.gz
Size/MD5 checksum: 3838981 d121999e4cdfdc68621e3eb23f66cd66
http://security.debian.org/pool/updates/main/g/glib2.0/glib2.0_2.12.4-2+etch1.dsc
Size/MD5 checksum: 1499 18cae69e02a1227e09226857626c0533
http://security.debian.org/pool/updates/main/g/glib2.0/glib2.0_2.12.4-2+etch1.diff.gz
Size/MD5 checksum: 18438 9b22fc1fa8d82aded0a08cc9a7a6f55d
Architecture independent packages:
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-data_2.12.4-2+etch1_all.deb
Size/MD5 checksum: 285378 f30d726d7a8aa293c9b4c5b864b61ce6
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-doc_2.12.4-2+etch1_all.deb
Size/MD5 checksum: 737208 275321184f9ed1e0edb0a6a26f477836
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-udeb_2.12.4-2+etch1_alpha.udeb
Size/MD5 checksum: 660018 7eb178037a58b0aa675b02caab127538
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0_2.12.4-2+etch1_alpha.deb
Size/MD5 checksum: 561114 f564925a0a93600dd07e336ab3414077
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-dev_2.12.4-2+etch1_alpha.deb
Size/MD5 checksum: 772822 6617975204dd5a8b96549bab7edb05d4
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0-dbg_2.12.4-2+etch1_alpha.deb
Size/MD5 checksum: 600216 fd6feec3f3d92b19ab6736c059f9adbf
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-dev_2.12.4-2+etch1_amd64.deb
Size/MD5 checksum: 595848 44d3bded85806ec86c1da38350791e39
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0-dbg_2.12.4-2+etch1_amd64.deb
Size/MD5 checksum: 605210 561ab303f654edd1c3da1e854eb1c162
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0_2.12.4-2+etch1_amd64.deb
Size/MD5 checksum: 547570 4796b12af73cbe7c18ce91cf300f9049
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-udeb_2.12.4-2+etch1_amd64.udeb
Size/MD5 checksum: 656440 735a0b44ed7edf2eac961beae0046b43
arm architecture (ARM)
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-udeb_2.12.4-2+etch1_arm.udeb
Size/MD5 checksum: 622256 dc73ea0f82d4268fc00a7cedb0e38ab0
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0_2.12.4-2+etch1_arm.deb
Size/MD5 checksum: 513506 a8d4f32a3193c7c020782c4b838e3494
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-dev_2.12.4-2+etch1_arm.deb
Size/MD5 checksum: 537132 95ba75ae0b010885405b892f4a091c4f
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0-dbg_2.12.4-2+etch1_arm.deb
Size/MD5 checksum: 554820 f2b3e61b465bb077da5d871b73f1064b
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0-dbg_2.12.4-2+etch1_hppa.deb
Size/MD5 checksum: 584818 06d00ef19400440a20a3590332bbebd2
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-dev_2.12.4-2+etch1_hppa.deb
Size/MD5 checksum: 678246 e752013d28a0cd142b272cd0b07d1e01
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0_2.12.4-2+etch1_hppa.deb
Size/MD5 checksum: 577464 5035801a0d2495f4410b0730ef6294f5
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-udeb_2.12.4-2+etch1_hppa.udeb
Size/MD5 checksum: 692998 f8fc11ac6cf2c19cd6428053065edd7e
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0-dbg_2.12.4-2+etch1_i386.deb
Size/MD5 checksum: 572604 dc952ccba42c2e28506e95ffdb328cc9
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0_2.12.4-2+etch1_i386.deb
Size/MD5 checksum: 504146 d47f9ab4a1b92d810b5caebc5eb1bb57
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-dev_2.12.4-2+etch1_i386.deb
Size/MD5 checksum: 542130 3bd53805a2e18efe9ad0517200f40e0e
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-udeb_2.12.4-2+etch1_i386.udeb
Size/MD5 checksum: 617804 814c6becbdead8fc110f03aa38233692
ia64 architecture (Intel ia64)
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)