-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1508-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst February 25, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : diatheke Vulnerability : insufficient input sanitising Problem type : remote Debian-specific: no CVE Id : CVE-2008-0932 Debian Bug : 466449 Dan Dennison discovered that Diatheke, a CGI program to make a bible website, performs insufficient sanitising of a parameter, allowing a remote attacker to execute arbitrary shell commands as the web server user. For the stable distribution (etch), this problem has been fixed in version 1.5.9-2etch1. For the old stable distribution (sarge), this problem has been fixed in version 1.5.7-7sarge1. For the unstable distribution (sid), this problem has been fixed in version 1.5.9-8. We recommend that you upgrade your diatheke package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/s/sword/sword_1.5.7-7sarge1.dsc Size/MD5 checksum: 938 4f7872250c457ac36f0b20b4be235647 http://security.debian.org/pool/updates/main/s/sword/sword_1.5.7-7sarge1.diff.gz Size/MD5 checksum: 277640 f8993cddacdac25ca55b7e99ced8ff49 http://security.debian.org/pool/updates/main/s/sword/sword_1.5.7.orig.tar.gz Size/MD5 checksum: 1482711 369f09068839c646aeab691c63a40d67 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_alpha.deb Size/MD5 checksum: 861694 ca88e3e550ae01cd8e3ad1a6d6471814 http://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_alpha.deb Size/MD5 checksum: 419320 35838e66e76e99777524aa81741025c8 http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_alpha.deb Size/MD5 checksum: 61684 b97611c37f53b39941573e6c76609c40 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_amd64.deb Size/MD5 checksum: 602656 c4b37895a49dce481ea3c6a8817123c2 http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_amd64.deb Size/MD5 checksum: 56944 ad12da845e900e3a28c70b9b2baa6d70 http://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_amd64.deb Size/MD5 checksum: 383486 614d4988fd26ccc58dbe1029aacb7930 arm architecture (ARM) http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_arm.deb Size/MD5 checksum: 60386 3400611bc0cba8ea77e4bfbeaa659ac6 http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_arm.deb Size/MD5 checksum: 664170 d0d17f06931f3e6076aed502e8128d5c http://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_arm.deb Size/MD5 checksum: 423264 9951b8913a4c6b18b357aead48e53f6c hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_hppa.deb Size/MD5 checksum: 62772 676ff7f61ab0ee7629e7fcb59d67cfd5 http://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_hppa.deb Size/MD5 checksum: 494764 15e5da49e21a167088aacebf94a12367 http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_hppa.deb Size/MD5 checksum: 750722 44a066596efa0bb63b184635d3d9c985 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_i386.deb Size/MD5 checksum: 556994 f04d2f9bc41e5703967630adf4e12754 http://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_i386.deb Size/MD5 checksum: 388072 4dabb05ea1d6b72ba61e8877cbad1544 http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_i386.deb Size/MD5 checksum: 58108 665ce388ee9a74a0d850007beae3051a ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_ia64.deb Size/MD5 checksum: 466340 0a9f1874a5ee1d6617da38d4f7417802 http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_ia64.deb Size/MD5 checksum: 64644 e50afdc379e2ee1cfc63362ca56b6a43 http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_ia64.deb Size/MD5 checksum: 837798 81cf1be5ab2d124e9dd92a1da9c1c15d m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_m68k.deb Size/MD5 checksum: 417132 f5e116fb462b5bdf9ef08211d1c6cd52 http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_m68k.deb Size/MD5 checksum: 57980 86d8007e4816fffee69ea16c4827ce06 http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_m68k.deb Size/MD5 checksum: 567256 2d9c3d17625959ab6cc07e4f793ffe1e mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_mips.deb Size/MD5 checksum: 56452 5d7c6933e70b725863bd0a66c67a55fe http://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_mips.deb Size/MD5 checksum: 386732 9cf45f9a4f2a724ddf59f44722fe65a0 http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_mips.deb Size/MD5 checksum: 646212 b9384991c2c1b2b8e0018b6416d31951 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_mipsel.deb Size/MD5 checksum: 56966 35d2052410564a85968bf742f3f68dbf http://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_mipsel.deb Size/MD5 checksum: 379530 26b3825148616fd2d6dd3cd903a4e977 http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_mipsel.deb Size/MD5 checksum: 638566 46b77e2b772f5541e1796e7da843a247 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_powerpc.deb Size/MD5 checksum: 391192 0b34febe0ebb14c92682c2dbc76771fa http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_powerpc.deb Size/MD5 checksum: 58252 19548157c20b44b18caef5d403e14fb7 http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_powerpc.deb Size/MD5 checksum: 604674 be541b1d6bcc5e80316060186be21d10 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_s390.deb Size/MD5 checksum: 56026 b8120c2d0e5be07ddb300af6a60c1faa http://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_s390.deb Size/MD5 checksum: 370772 ddf6d071ad5aa712420c75a8d2bfb738 http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_s390.deb Size/MD5 checksum: 556410 ee6ddc10bfbe16de2169fdc0520141b0 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_sparc.deb Size/MD5 checksum: 371800 65781c2553eb412d5fde41764acda7a4 http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_sparc.deb Size/MD5 checksum: 562484 01aab00a96c2a41a993dda30244bcd39 http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_sparc.deb Size/MD5 checksum: 55892 269c7013235b22bb8f729d1be6afdf14 Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/s/sword/sword_1.5.9.orig.tar.gz Size/MD5 checksum: 1806178 346539f31b41015161d8dd0d2f035243 http://security.debian.org/pool/updates/main/s/sword/sword_1.5.9-2etch1.diff.gz Size/MD5 checksum: 82071 c39c316e9c81e54136eb02f68292c09d http://security.debian.org/pool/updates/main/s/sword/sword_1.5.9-2etch1.dsc Size/MD5 checksum: 1026 d93f49c3798272c9de84ec6ae5d1cbed alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_alpha.deb Size/MD5 checksum: 63862 f5bd3d4b2b9f4d25e4e46bd340be6574 http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_alpha.deb Size/MD5 checksum: 1083146 9e5c12ac37f74c73de71640dc9123451 http://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_alpha.deb Size/MD5 checksum: 570134 8f0e4a8a277c52f8792fbaaf3832cad4 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_amd64.deb Size/MD5 checksum: 60336 bda3b15108b9219d05c912a163aebe3f http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_amd64.deb Size/MD5 checksum: 753952 b3317e5f636d51d0d3cb67bea6d8ff66 http://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_amd64.deb Size/MD5 checksum: 522700 c3811d54aaf90d8a1e21f15c5002fd17 arm architecture (ARM) http://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_arm.deb Size/MD5 checksum: 573672 8ffba4012e609e2798d350b38ddbd8c7 http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_arm.deb Size/MD5 checksum: 766388 55b6d5123ca9b9092032bf9caee98112 http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_arm.deb Size/MD5 checksum: 63234 958ca4da6586909d9409b40329f39f45 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_hppa.deb Size/MD5 checksum: 584080 6f1cc9c15b664ebb74e1cf7e939c4f75 http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_hppa.deb Size/MD5 checksum: 845330 71c64fedf3e13c7b539f312eb086c49a http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_hppa.deb Size/MD5 checksum: 61824 2d469a58a247a92c465580385506f9a7 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_i386.deb Size/MD5 checksum: 526314 95b5aaff3ccec4dcd1f77e95f6bf2da0 http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_i386.deb Size/MD5 checksum: 701078 e3c8ec3d6dcfcfae0cddbb618353db36 http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_i386.deb Size/MD5 checksum: 62206 0a384fecde3e4492fda105eb9d82ce35 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_ia64.deb Size/MD5 checksum: 67770 c7296f050f8b6aa8b3716407c1e8bd9e http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_ia64.deb Size/MD5 checksum: 1056066 63924aeee34272cb2aa1488ffcb62c49 http://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_ia64.deb Size/MD5 checksum: 652744 4e403c544c3894965f828fa63336d227 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_mips.deb Size/MD5 checksum: 513104 4235aac60a97d5095faa74fcb6f63673 http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_mips.deb Size/MD5 checksum: 808744 5fcc41e803e360838401204ea3d15473 http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_mips.deb Size/MD5 checksum: 59746 c1cbe01f3531e635f30bb2b41b362222 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_mipsel.deb Size/MD5 checksum: 798964 db9f7c30066e22baadbcb732b6eadbf8 http://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_mipsel.deb Size/MD5 checksum: 491160 53790c7e146badd8a45bb46bf5908d7e http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_mipsel.deb Size/MD5 checksum: 59656 cbcedf0aa7bed75a0c633367c08b24ea powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_powerpc.deb Size/MD5 checksum: 61128 e66a08fccc0c312e7ae74296dda033ad http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_powerpc.deb Size/MD5 checksum: 777846 579e38653daaddc21914087ad5584b57 http://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_powerpc.deb Size/MD5 checksum: 535186 2f9311708b7d8ec3121831676086f333 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_s390.deb Size/MD5 checksum: 495200 fc79f7ccbeabbd6e7522918f1b749c75 http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_s390.deb Size/MD5 checksum: 684810 776d22f572895a62b0a569321a9cbb8d http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_s390.deb Size/MD5 checksum: 58638 0c496a1f4ab88f02fd737a30a61939a3 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_sparc.deb Size/MD5 checksum: 689496 0d06108dda2563af38065bc454d1e9ac http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_sparc.deb Size/MD5 checksum: 59264 71c327d607c82faaacbc5a8fe498e8da http://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_sparc.deb Size/MD5 checksum: 548874 6c18df8573010673e5a3855ec326604b These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR8MNhWz0hbPcukPfAQKXIwf9GA4xUv4IEC/FlHH6xWnRLHwD8OsVTEFf r+eSjxhQy3At2SEIRN4BPxGp9KyMpHhwox69S4SG5dcpAIJJk5Jks+WumYkYPOsc R/J9iiadAQ+nUBZvM8pfZCEOKE6VULTzTxJDoPYsio71FVMrezXlJWeq2/sFyiyE lEpqt84xTi86XGCy77Mi4pUCszQ+XtOZQB8T/tCNxQpqvX3tZpjzTM0LSF/ZCREO lQ8s/JnXeAP8i97ksYRAn659shLnhviQeN3G8Kf5tYT+xDxl0bPqIoKEUL38cdSY jtxN+AMF9bTkkyNJO3xk1MPasH91JrP8GeoB5NYTP/zNi8g3PIfzsQ== =EEB8 -----END PGP SIGNATURE-----