TITLE: Debian update for pound SECUNIA ADVISORY ID: SA18381 VERIFY ADVISORY: http://secunia.com/advisories/18381/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data, DoS, System access WHERE: >From remote OPERATING SYSTEM: Debian GNU/Linux 3.1 http://secunia.com/product/5307/ Debian GNU/Linux unstable alias sid http://secunia.com/product/530/ DESCRIPTION: Debian has issued an update for pound. This fixes two vulnerabilities, which potentially can be exploited by malicious people to conduct HTTP request smuggling attacks and to compromise a vulnerable system. For more information: SA15142 SA18367 SOLUTION: Apply updated packages. -- Debian GNU/Linux 3.1 alias sarge -- Source archives: http://security.debian.org/pool/updates/main/p/pound/pound_1.8.2-1sarge1.dsc Size/MD5 checksum: 643 334d91f8800581281ab9c8bad5bbdbf4 http://security.debian.org/pool/updates/main/p/pound/pound_1.8.2-1sarge1.diff.gz Size/MD5 checksum: 13242 9e404c899bfd5409610ed5f14345d341 http://security.debian.org/pool/updates/main/p/pound/pound_1.8.2.orig.tar.gz Size/MD5 checksum: 140455 c9b0793bb4d57be2270093d79b13c019 Alpha architecture: http://security.debian.org/pool/updates/main/p/pound/pound_1.8.2-1sarge1_alpha.deb Size/MD5 checksum: 73284 0458e20d63c3f5f5788afe7564a385da AMD64 architecture: http://security.debian.org/pool/updates/main/p/pound/pound_1.8.2-1sarge1_amd64.deb Size/MD5 checksum: 68652 01ae48ac313a8e533f32eec2f6f7a62f ARM architecture: http://security.debian.org/pool/updates/main/p/pound/pound_1.8.2-1sarge1_arm.deb Size/MD5 checksum: 69072 73b7eb49a74c8a5ff6a8015cf9a0e45d Intel IA-32 architecture: http://security.debian.org/pool/updates/main/p/pound/pound_1.8.2-1sarge1_i386.deb Size/MD5 checksum: 68684 da43b8adaf115680c72d8f5dce9bc99f Intel IA-64 architecture: http://security.debian.org/pool/updates/main/p/pound/pound_1.8.2-1sarge1_ia64.deb Size/MD5 checksum: 80756 ec6d043c70e50e8ba492ef6a73a4cc18 HP Precision architecture: http://security.debian.org/pool/updates/main/p/pound/pound_1.8.2-1sarge1_hppa.deb Size/MD5 checksum: 70288 22fa75150b2253640667714cf6197567 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/p/pound/pound_1.8.2-1sarge1_m68k.deb Size/MD5 checksum: 65138 1de5e7b4492a51900e13f9a0f5decd18 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/p/pound/pound_1.8.2-1sarge1_mips.deb Size/MD5 checksum: 68586 3eb28320dc9229ee8cc08d2967e8ee9b Little endian MIPS architecture: http://security.debian.org/pool/updates/main/p/pound/pound_1.8.2-1sarge1_mipsel.deb Size/MD5 checksum: 68654 510807d792c96e8cc43edf72fcdcc243 PowerPC architecture: http://security.debian.org/pool/updates/main/p/pound/pound_1.8.2-1sarge1_powerpc.deb Size/MD5 checksum: 69218 d03e4cc71f99c2017a417cf8f073438c IBM S/390 architecture: http://security.debian.org/pool/updates/main/p/pound/pound_1.8.2-1sarge1_s390.deb Size/MD5 checksum: 69268 dac44abdc98358ccc66c2c3f41bd0965 -- Debian GNU/Linux unstable alias sid -- Fixed in version 1.9.4-1. ORIGINAL ADVISORY: http://www.debian.org/security/2006/dsa-934 OTHER REFERENCES: SA15142: http://secunia.com/advisories/15142/ SA18367: http://secunia.com/advisories/18367/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------