Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1779-1] New apt packages fix several vulnerabilities (1

From Thijs Kinkhorst@1:229/2 to All on Sun Apr 26 17:40:07 2009

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1779-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst
April 26, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : apt
Vulnerability : several
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2009-1300 CVE-2009-1358
Debian Bug : 523213 433091

Two vulnerabilities have been discovered in APT, the well-known dpkg
frontend. The Common Vulnerabilities and Exposures project identifies
the following problems:

CVE-2009-1300

In time zones where daylight savings time occurs at midnight,
the apt cron.daily script fails, stopping new security updates
from being applied automatically.

CVE-2009-1358

A repository that has been signed with an expired or revoked
OpenPGP key would still be considered valid by APT.

For the old stable distribution (etch), these problems have been fixed in version 0.6.46.4-0.1+etch1.

For the stable distribution (lenny), these problems have been fixed in
version 0.7.20.2+lenny1.

For the unstable distribution (sid), these problems have been fixed in
version 0.7.21.

We recommend that you upgrade your apt package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1.tar.gz
Size/MD5 checksum: 1798703 e6eaebb8a12f5243668ca56e65c8c71e
http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1.dsc
Size/MD5 checksum: 1108 c631100edac082afe2dddb28030ed6ff

Architecture independent packages:

http://security.debian.org/pool/updates/main/a/apt/apt-doc_0.6.46.4-0.1+etch1_all.deb
Size/MD5 checksum: 89752 999f34683b7cb7818258ac1ebfca701c
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-doc_0.6.46.4-0.1+etch1_all.deb
Size/MD5 checksum: 112248 b91e59e2e1093ecbe387ccc7e8111d73

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_alpha.deb
Size/MD5 checksum: 216152 3fde92f88576df84cb57aaf846ba3816
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_alpha.deb
Size/MD5 checksum: 84560 48019ace277299ac3495eb77ddb94320
http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_alpha.deb
Size/MD5 checksum: 1505198 088f74bfebfac8c33f19e5b05f536761

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_amd64.deb
Size/MD5 checksum: 198456 7cad50de61d033a85b079211ab282ec7
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_amd64.deb
Size/MD5 checksum: 84796 66930e40732a85913fff7815591ea784
http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_amd64.deb
Size/MD5 checksum: 1448634 b29859a90e52b5f47048f38e115e44dd

arm architecture (ARM)

http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_arm.deb
Size/MD5 checksum: 214264 5ab7d5e622e9425b3f5163b007e7e71e
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_arm.deb
Size/MD5 checksum: 83810 04ec509e12759ee2af94881e0d5ef724
http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_arm.deb
Size/MD5 checksum: 1497802 2a03e41c76e2720707dbbfb790c17f62

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_i386.deb
Size/MD5 checksum: 84166 6aa9a63c060eb0461b66f67e35ed20c7
http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_i386.deb
Size/MD5 checksum: 198392 7245c5ea84b1c4eefa816af20868a794
http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_i386.deb
Size/MD5 checksum: 1438190 73f115b27de4fdf11af97e2b5afca613

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_ia64.deb
Size/MD5 checksum: 247928 a7c2581155ab49d35af4d365d51dbf8e
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_ia64.deb
Size/MD5 checksum: 84186 c94ee0563a7531b142d8728699f17d96
http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_ia64.deb
Size/MD5 checksum: 1631044 4313242ccadf096fd8088c27050141e9

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_mips.deb
Size/MD5 checksum: 1413928 0d07461fb18e97564be6227cf04031e9
http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_mips.deb
Size/MD5 checksum: 195524 35b9ad4c2121fde59d5a67f52f01ce1c
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_mips.deb
Size/MD5 checksum: 84186 3fd16873a28ee85e1b42c6f6bb801852

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_mipsel.deb
Size/MD5 checksum: 84192 715de146cd96db7fc9421df5dd4fd5e5
http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_mipsel.deb
Size/MD5 checksum: 195046 6bf1cd0ee7cc374a55c0cbfec7f1a2a7
http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_mipsel.deb
Size/MD5 checksum: 1410850 192ab91f19c4fd4f7a49bbe82bd9ccaa

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_powerpc.deb
Size/MD5 checksum: 1450594 f90c89e0e003ac88befb170a14709afc
http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_powerpc.deb
Size/MD5 checksum: 206392 7d78be4ec2c5ac8a1c06b88e27053541
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_powerpc.deb

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	714
Nodes:	16 (2 / 14)
Uptime:	141:11:46
Calls:	12,087
Files:	14,998
Messages:	6,517,442

[SECURITY] [DSA 1779-1] New apt packages fix several vulnerabilities (1

Who's Online

System Info