---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Debian update for courier-authlib SECUNIA ADVISORY ID: SA33259 VERIFY ADVISORY: http://secunia.com/advisories/33259/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: >From remote OPERATING SYSTEM: Debian GNU/Linux unstable alias sid http://secunia.com/advisories/product/530/ Debian GNU/Linux 4.0 http://secunia.com/advisories/product/13844/ DESCRIPTION: Debian has issued an update for courier-authlib. This fixes some vulnerabilities, which can be exploited by malicious people to conduct SQL injection attacks. For more information: SA30591 SA33235 SOLUTION: Apply updated packages. -- Debian GNU/Linux 4.0 alias etch -- Source archives: http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58.orig.tar.gz Size/MD5 checksum: 3342115 75b5b2b72d550048ed1b29e687a1a60d http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2.diff.gz Size/MD5 checksum: 44232 5345604d34a363e4519077032a9aeb1f http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2.dsc Size/MD5 checksum: 970 9652de3cb3cd60fa91aee7cb1e0b8dca alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch2_alpha.deb Size/MD5 checksum: 23168 fadd251992d42011cc6a7ebd98fab8ec http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch2_alpha.deb Size/MD5 checksum: 6872 6a4b4a3b87e9d42347e7c5ee8e373cc1 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch2_alpha.deb Size/MD5 checksum: 20252 14b6526559b01af55bf98623d6a9dbc2 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch2_alpha.deb Size/MD5 checksum: 20360 7fd32c031bc84d59b48e229855d7e347 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch2_alpha.deb Size/MD5 checksum: 39046 0b4d0fe9ef5ecfa66d1cef14dc65bb89 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch2_alpha.deb Size/MD5 checksum: 8862 90e0a8316f719256734af61ca2bf147d http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch2_alpha.deb Size/MD5 checksum: 149956 19cb601a37c170b9de0d3090c56002ab http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2_alpha.deb Size/MD5 checksum: 92666 f2c54e7b23aa10157cf8b9704a44ed66 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch2_amd64.deb Size/MD5 checksum: 6882 5607bf027063ab70597301e99401b57a http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch2_amd64.deb Size/MD5 checksum: 19774 ae1bee7da212b8996858b6e077fcc852 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch2_amd64.deb Size/MD5 checksum: 34296 d42351150f3a4e621c27608aeee9144a http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch2_amd64.deb Size/MD5 checksum: 8298 8318ba2b8d4cadcd55646686534c42ff http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch2_amd64.deb Size/MD5 checksum: 111816 985dd2b71cee857a8a44b1805dd03768 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch2_amd64.deb Size/MD5 checksum: 22182 b5fab407e60b9e7bec23535ea8030274 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch2_amd64.deb Size/MD5 checksum: 19942 780fbf86d2f64743d00bf82dccc45aef http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2_amd64.deb Size/MD5 checksum: 81440 5ae5081441e0ea2e9e20ec037a25ed69 arm architecture (ARM) http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch2_arm.deb Size/MD5 checksum: 6872 27f8dfabf8939a063a2725053d138b03 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch2_arm.deb Size/MD5 checksum: 97966 eba6aa3b836e90a1ff85ce72c97856e1 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch2_arm.deb Size/MD5 checksum: 18618 1446523e8fc2028b61c82874b9ddbfe9 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch2_arm.deb Size/MD5 checksum: 32644 5d4032a7948d90f9873eb256a35c473f http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch2_arm.deb Size/MD5 checksum: 20928 81b0bf0c3bb6a012178ea76be1412c0b http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch2_arm.deb Size/MD5 checksum: 7694 adfb37f7da5e86a051942defa5baeffb http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2_arm.deb Size/MD5 checksum: 76054 31a727fe1fab3eef91954104ce9a5b40 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch2_arm.deb Size/MD5 checksum: 18700 2f0f1c6e62d65e1faedbc1f7229f8692 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch2_hppa.deb Size/MD5 checksum: 23602 5a8b12e1d2452b53077ad5b1cb4b08f3 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch2_hppa.deb Size/MD5 checksum: 123784 57c772189e1a7bfc0a6f991cff14ffdd http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2_hppa.deb Size/MD5 checksum: 89110 07ce2983ceb249c9d9f631129d565acb http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch2_hppa.deb Size/MD5 checksum: 20682 102963eb336587215a76b993afb64c9b http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch2_hppa.deb Size/MD5 checksum: 37816 18f3284ede8bf567622b8279e410a37c http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch2_hppa.deb Size/MD5 checksum: 20784 1c1251971aaac18f500fda9566e2787c http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch2_hppa.deb Size/MD5 checksum: 8966 936f96deb13d2c7abde35912eb22110e http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch2_hppa.deb Size/MD5 checksum: 6878 a3e177edd667d1b89b2acd0d16529cb2 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2_i386.deb Size/MD5 checksum: 76266 9abde4499ec4919ce1ee6633e2871aad http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch2_i386.deb Size/MD5 checksum: 100192 9f3bd2ea757c627fae011129bcf14bae http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch2_i386.deb Size/MD5 checksum: 7728 9cf2c4ddfe99f0db67e46e353f39d883 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch2_i386.deb Size/MD5 checksum: 33184 fb771a57caaac542a78141efb27f0b0d http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch2_i386.deb Size/MD5 checksum: 18754 3d19957c59c1ad0698523390fb19c5c7 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch2_i386.deb Size/MD5 checksum: 18692 f60e095965045a5bd389b052917dd98f http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch2_i386.deb Size/MD5 checksum: 6878 53ff4849663f484dd32b1cdcb2015e39 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch2_i386.deb Size/MD5 checksum: 21136 218beca3fda1b69bb92ee651c1216a6f ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch2_ia64.deb Size/MD5 checksum: 44658 63ccc17e4a93a71423a1cefccfd032d0 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch2_ia64.deb Size/MD5 checksum: 147862 b75faf449376d7f8d601e6fb610b28b2 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch2_ia64.deb Size/MD5 checksum: 6878 d892eeb8581570f4c9b3772d618bbb41 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2_ia64.deb Size/MD5 checksum: 109816 5f52dc98ce62c00cfb3dd05ce7ae8ac4 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch2_ia64.deb Size/MD5 checksum: 10114 98ab7d1303bd6bfbd550bafb712d551f http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch2_ia64.deb Size/MD5 checksum: 23788 f0dd7e45dc8cefc82744622f426a9b16 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch2_ia64.deb Size/MD5 checksum: 28012 313a36d030a0f2d7e6c1a0ff057e0474 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch2_ia64.deb Size/MD5 checksum: 23670 6ae95423f408ff5b431536e4d934e09b mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch2_mips.deb Size/MD5 checksum: 6884 20dc9fbb351bf8c8ce0cbaf3625b4175 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2_mips.deb Size/MD5 checksum: 81760 773ab2a44f73d8776f4c773c0f37ff47 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch2_mips.deb Size/MD5 checksum: 124568 955cb5ddad18933638b22d022817524a http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch2_mips.deb Size/MD5 checksum: 35150 ed3d846058245e93aaa8417ff4773761 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch2_mips.deb Size/MD5 checksum: 19394 5481da3efe4b88040ea1cc355ff664ac http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch2_mips.deb Size/MD5 checksum: 21814 c26ef062bfc68a6fb7f0f19640774a8d http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch2_mips.deb Size/MD5 checksum: 8112 ef79a0fc7f0425425488845b44ecbd14 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch2_mips.deb Size/MD5 checksum: 19340 6ab700571fe303005763cc55fa2a9d47 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2_mipsel.deb Size/MD5 checksum: 81626 a98cb782eb9ac71dbc7cdc148190d4e8 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch2_mipsel.deb Size/MD5 checksum: 19402 0a22244477b87b572cb864ecb6de5e04 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch2_mipsel.deb Size/MD5 checksum: 21936 8be79200e34bc0772bc11bf440ef8155 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch2_mipsel.deb Size/MD5 checksum: 35924 660a86bbc151ac2326641f0c12d3ba2b http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch2_mipsel.deb Size/MD5 checksum: 6876 39554139fc894f21349284780882ad4e http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch2_mipsel.deb Size/MD5 checksum: 120836 c863a7ee2e9a024d017dc87f1384def5 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch2_mipsel.deb Size/MD5 checksum: 8124 3ebee4b6e23b4eb939c03f52d822dea7 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch2_mipsel.deb Size/MD5 checksum: 19396 96746e0f3577918cfbbb3118d78f6424 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch2_powerpc.deb Size/MD5 checksum: 8244 54f6e43f51140bf09f871658da742d4f http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch2_powerpc.deb Size/MD5 checksum: 35682 175f7cee84457c57dce1bd3915f9b48b http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2_powerpc.deb Size/MD5 checksum: 88018 de4c18fbeb549d43de7189023a887b09 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch2_powerpc.deb Size/MD5 checksum: 6880 4ae52c04c9446d42b39a2340ed2e9ae7 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch2_powerpc.deb Size/MD5 checksum: 21996 54f45485b1f88781ee145dcd6847afc3 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch2_powerpc.deb Size/MD5 checksum: 19746 ba53ebc588b12d139e175e6a3b0e2315 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch2_powerpc.deb Size/MD5 checksum: 19596 aece91a5ad82c97d0f6f0b0c75a1e628 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch2_powerpc.deb Size/MD5 checksum: 110260 a7f3e9b62fa4dab338af7464562e7f29 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2_s390.deb Size/MD5 checksum: 84426 12adf5edd57f25e8dda31417bffe5277 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch2_s390.deb Size/MD5 checksum: 22658 bff8b619d28a2c02c0e0d228b31a2828 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch2_s390.deb Size/MD5 checksum: 35816 f057afbbba8dafbc5827dfa504b842b6 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch2_s390.deb Size/MD5 checksum: 6872 60905c2b17770da18a483849809dd4b0 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch2_s390.deb Size/MD5 checksum: 8194 8102bda398f54234ebeabcb5c2bbcfff http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch2_s390.deb Size/MD5 checksum: 19886 120cc50919aefebe724141543173ff6a http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch2_s390.deb Size/MD5 checksum: 102794 5abef9d9db542efb812b1f40c331fe10 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch2_s390.deb Size/MD5 checksum: 19678 07d4fdb3dfe964f7770f99a29a8cc405 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch2_sparc.deb Size/MD5 checksum: 6882 19e4ec02b0d0a26482db9d1e0d1f168a http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch2_sparc.deb Size/MD5 checksum: 19080 347c0a4835423e986b618c38c4f3586c http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch2_sparc.deb Size/MD5 checksum: 102236 086d13b5f6c3c17b622135138a0e703d http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch2_sparc.deb Size/MD5 checksum: 21726 0485cac725699e762019d63304762eab http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch2_sparc.deb Size/MD5 checksum: 33400 4790920e8e38c0484caa4d8b4b6fa74f http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2_sparc.deb Size/MD5 checksum: 75614 355dc789b011cd3b95485d08fcf093c5 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch2_sparc.deb Size/MD5 checksum: 19072 73849401eddf1746db3d399f17bdd788 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch2_sparc.deb Size/MD5 checksum: 7774 533a11e8ddb8bb68a0e2defbeecf6b0c -- Debian GNU/Linux unstable alias sid -- Fixed in version 0.61.0-1+lenny1. ORIGINAL ADVISORY: http://www.debian.org/security/2008/dsa-1688 OTHER REFERENCES: SA30591: http://secunia.com/advisories/30591/ SA33235: http://secunia.com/advisories/33235/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------