Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2009.1606
New Shibboleth packages fix cross-site scripting
8 December 2009
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: shibboleth-sp
shibboleth-sp2
opensaml2
Publisher: Debian
Operating System: Debian GNU/Linux 4
Debian GNU/Linux 5
Impact/Access: Cross-site Scripting -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2009-3300
Reference: ESB-2009.1480
Original Bulletin:
http://www.debian.org/security/2009/dsa-1947
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ------------------------------------------------------------------------
Debian Security Advisory DSA-1947-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
December 07, 2009 http://www.debian.org/security/faq
- - ------------------------------------------------------------------------
Package : shibboleth-sp, shibboleth-sp2, opensaml2
Vulnerability : missing input sanitising
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-3300
Matt Elder discovered that Shibboleth, a federated web single sign-on
system is vulnerable to script injection through redirection URLs. More
details can be found in the Shibboleth advisory at
http://shibboleth.internet2.edu/secadv/secadv_20091104.txt
For the old stable distribution (etch), this problem has been fixed in
version 1.3f.dfsg1-2+etch2 of shibboleth-sp.
For the stable distribution (lenny), this problem has been fixed in
version 1.3.1.dfsg1-3+lenny2 of shibboleth-sp, version 2.0.dfsg1-4+lenny2
of shibboleth-sp2 and version 2.0-2+lenny2 of opensaml2.
For the unstable distribution (sid), this problem has been fixed in
version 2.3+dfsg-1 of shibboleth-sp2, version 2.3-1 of opensaml2 and
version 1.3.1-1 of xmltooling.
We recommend that you upgrade your Shibboleth packages.
Upgrade instructions
- - --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- - -------------------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3f.dfsg1-2+etch2.diff.gz
Size/MD5 checksum: 35169 ce866f75fd4a3e360bcf1f40328a6775
http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3f.dfsg1.orig.tar.gz
Size/MD5 checksum: 731365 7aba8f84ff20013dea55a4a34306791a
http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3f.dfsg1-2+etch2.dsc
Size/MD5 checksum: 957 4b81922200999d83b4e6e300dc4105b2
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_alpha.deb
Size/MD5 checksum: 599542 bc648aff189d0a1ab1cfaa8b552ca3c2
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_alpha.deb
Size/MD5 checksum: 218758 84f33e347e9905f7a8ea10f7ccefef38
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_alpha.deb
Size/MD5 checksum: 81606 ff24f6a6f67605f54970d80effacbbdb
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_alpha.deb
Size/MD5 checksum: 4220522 696dd0f5e47dc671cc975becf0de468f
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_amd64.deb
Size/MD5 checksum: 458596 74e93d23170bb31caebfe2ca129d07d0
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_amd64.deb
Size/MD5 checksum: 78106 54e21b28a39741ed8e7174f1f461b36f
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_amd64.deb
Size/MD5 checksum: 4016352 ed12fa9ff63849bbaebff10b69910042
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_amd64.deb
Size/MD5 checksum: 201502 99f8013c58e15a4e7f631c2b6163df80
arm architecture (ARM)
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_arm.deb
Size/MD5 checksum: 463996 e9b59a2da0e48c3c28d5cc6496fb610a
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_arm.deb
Size/MD5 checksum: 224674 443c6592e797a5f3029ddfc6e4d39b6e
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_arm.deb
Size/MD5 checksum: 77274 eb8e738461d2ce57747d00c0372ccd0c
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_arm.deb
Size/MD5 checksum: 3777924 c8fc18d5e616f85e3bf4be7e72660a6d
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_hppa.deb
Size/MD5 checksum: 91240 6d3bf6784f6c37ac33bd5c187ffff78f
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_hppa.deb
Size/MD5 checksum: 4681852 45a47043bead90d8c5b4d7d055f3481c
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_hppa.deb
Size/MD5 checksum: 236856 9fcd23ec0055d336e830afbff9e0bfc4
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_hppa.deb
Size/MD5 checksum: 523584 39dae9be500d372f40d79cd173208c83
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_i386.deb
Size/MD5 checksum: 433480 4d36fe53ea41d60d8a9271a8283f982e
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_i386.deb
Size/MD5 checksum: 76582 2e8ccdf193b826c7edea81d64928e306
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_i386.deb
Size/MD5 checksum: 201376 43e1ccf246c06173bb0b726435f0d815
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_i386.deb
Size/MD5 checksum: 3717328 706787e36afd27879765043b36e21b67
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_ia64.deb
Size/MD5 checksum: 4282674 6cf33d6e7e648f927d7471c1e14faeda
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_ia64.deb
Size/MD5 checksum: 261082 42ecc6cb79ccaeb51ed216460854a6ef
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_ia64.deb
Size/MD5 checksum: 606936 ad107c7889b6d3656b09494956872099
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_ia64.deb
Size/MD5 checksum: 93558 e42b24b08c6724e038885bbb740b7ca8
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_mipsel.deb
Size/MD5 checksum: 188188 08e68a767cef9f6a17300355346ebb29
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_mipsel.deb
Size/MD5 checksum: 3739418 16b2bbe8b61dcce84d0b59cd1deab413
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_mipsel.deb
Size/MD5 checksum: 474312 0f630ad847bd524394fd8a2fb09a3bf6
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_mipsel.deb
Size/MD5 checksum: 74468 fea5404f1e3c957dea0725a8dc592026
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_s390.deb
Size/MD5 checksum: 4882170 69ef571c49fc850cc72c2ece4034cc26
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_s390.deb
Size/MD5 checksum: 431890 0dca24c94492a6315d1fdbec36084135
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_s390.deb
Size/MD5 checksum: 202306 8ca8e9ef70f686c74bb847872e4aec48
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_s390.deb
Size/MD5 checksum: 78436 a282913025fea52ca355b0ccd3eaae59
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_sparc.deb
Size/MD5 checksum: 4013874 821e9b9bc96fef947d18f6784d3b1854
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_sparc.deb
Size/MD5 checksum: 78344 50dc4f9244ac311dca6bfbc81214c978
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_sparc.deb
Size/MD5 checksum: 416304 13ca14493e80f0ff8e7f94ccdb660abf
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_sparc.deb
Size/MD5 checksum: 209108 ecb31ca29a9d247d212a63df040d9a64
Debian GNU/Linux 5.0 alias lenny
- - --------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2_2.0-2+lenny2.diff.gz
Size/MD5 checksum: 7717 be1470ec19b079abbea465c586a6db9c
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2_2.0-2+lenny2.dsc
Size/MD5 checksum: 1450 ae583eaffa9dc2ab9fc37f15bfbf9817
http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3.1.dfsg1-3+lenny2.diff.gz
Size/MD5 checksum: 34141 89b96ed5094e36c9da588f2fe0c815d9
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/shibboleth-sp2_2.0.dfsg1-4+lenny2.diff.gz
Size/MD5 checksum: 17174 b9b0333f56c573d4a7f9bf608cbc4a89
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2_2.0.orig.tar.gz
Size/MD5 checksum: 705058 85968f3c72cb789b11c9d01209e4d46b
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/shibboleth-sp2_2.0.dfsg1-4+lenny2.dsc
Size/MD5 checksum: 1672 7cef2a57583d84e46a214475c4a25393
http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3.1.dfsg1.orig.tar.gz
Size/MD5 checksum: 761686 996ac4370cd8cb91528169c1e2c337b6
http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3.1.dfsg1-3+lenny2.dsc
Size/MD5 checksum: 1601 b7d6efd2896e7e3cee6463c14c23b122
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/shibboleth-sp2_2.0.dfsg1.orig.tar.gz
Size/MD5 checksum: 726871 836fccbf614fc8edfc1fdbefcf0ba489
Architecture independent packages:
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-doc_2.0-2+lenny2_all.deb
Size/MD5 checksum: 365940 551bf56b7ca0618a515b4cde3c9046c7
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-schemas_2.0-2+lenny2_all.deb
Size/MD5 checksum: 25680 681338ca7d060ab79c9f26527902d8dc
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-doc_2.0.dfsg1-4+lenny2_all.deb
Size/MD5 checksum: 258520 39b8bdad69f6bfa31730c459da5b575c
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/shibboleth-sp2-schemas_2.0.dfsg1-4+lenny2_all.deb
Size/MD5 checksum: 15434 4f601fe9b3886b22316a141e01e707a6
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_alpha.deb
Size/MD5 checksum: 575686 69d92528ea88a49b28931fc0fd3653f7
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_alpha.deb
Size/MD5 checksum: 84258 4de37104dcc335289e01785cd85d4c85
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_alpha.deb
Size/MD5 checksum: 218348 8f31cca573d9e3158458c7ec76a09e88
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_alpha.deb
Size/MD5 checksum: 4126894 3eaf35288a38c8d14e4c72340661a594
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_alpha.deb
Size/MD5 checksum: 241522 385e1e70d3b296c97bf34783c2cf173f
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_alpha.deb
Size/MD5 checksum: 941354 123fbab68a88df7843839b0406345488
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_alpha.deb
Size/MD5 checksum: 39842 d8c15efea7f3d01bd06b6197a8920235
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_amd64.deb
Size/MD5 checksum: 228568 dc4196ddec55f46b1a8eac7185b88a48
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_amd64.deb
Size/MD5 checksum: 81744 a55299c3b74a93da9a592dac059b01c9
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_amd64.deb
Size/MD5 checksum: 44592 4b419a7302251bc7b4692d66bff18528
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_amd64.deb
Size/MD5 checksum: 840692 1ff155d1f8cd16aa3a84aa8efb1193e9
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_amd64.deb
Size/MD5 checksum: 201410 8edd3a696833973b204a6d71dcdab807
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_amd64.deb
Size/MD5 checksum: 39838 ab0ae6d0efddc77e13f9bd4c5310c542
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_amd64.deb
Size/MD5 checksum: 28440 9bb20149248ac6f087e4cc43646d1f8c
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_amd64.deb
Size/MD5 checksum: 456000 b8ca326fcf83b65d8dca6e9784f53066
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_amd64.deb
Size/MD5 checksum: 1192090 7803aa94b252c6ea8f0fbbb85c5daa2a
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_amd64.deb
Size/MD5 checksum: 3836116 2a44bac39c2cb29039c56cbb95e5786a
arm architecture (ARM)
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_arm.deb
Size/MD5 checksum: 228470 71a7c3343665c48ede56d46a0c262221
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_arm.deb
Size/MD5 checksum: 455568 ea8a41453fc01b7bdfa1c9071327333c
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_arm.deb
Size/MD5 checksum: 77508 7117b5f842db50750bb549fce98b19f9
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_arm.deb
Size/MD5 checksum: 3581714 51dd8fdf617457b087d06ca7a5736a94
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_arm.deb
Size/MD5 checksum: 44828 c311aa275750cfd43afd388b153e8416
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_arm.deb
Size/MD5 checksum: 214548 f3defb04bd5965851b36ac8d6cb3d151
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_arm.deb
Size/MD5 checksum: 27214 d88ee290fdfd74f37e64f04805cfcc18
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_arm.deb
Size/MD5 checksum: 40368 586a3581ca90e7e7ee0e88c146687e62
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_arm.deb
Size/MD5 checksum: 1164554 1f88ecccc1c33e3faab2b3f7a4452dd7
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_arm.deb
Size/MD5 checksum: 946436 ed86edf1c11e206e5d032bb5181ad50a
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_armel.deb
Size/MD5 checksum: 205908 0e0678da76fed65ae488470dfe10a0c9
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_armel.deb
Size/MD5 checksum: 476654 f6d54f691090bf50254dbd386c6d769c
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_armel.deb
Size/MD5 checksum: 69910 ba99d299af96261c579e25e66908abab
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_armel.deb
Size/MD5 checksum: 770344 b86196f10236b070b803cd4471f4c423
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_armel.deb
Size/MD5 checksum: 45088 c339ef2f9f15e520e82a1d51bfd95aae
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_armel.deb
Size/MD5 checksum: 24718 db0f484a05d4122d24f8545975c15326
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_armel.deb
Size/MD5 checksum: 1036358 67b6c4e429c5e111b0ec13efb45d7882
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_armel.deb
Size/MD5 checksum: 40430 f90d19f99a707de0b382b8e9e4b1e198
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_armel.deb
Size/MD5 checksum: 3558576 c47ab3119943a9566da8ddc09ca660f1
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_armel.deb
Size/MD5 checksum: 185672 3882aafaf772ec0efef1467d73423aee
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_hppa.deb
Size/MD5 checksum: 44690 179fd0ce973904e527a4689d4277394f
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_hppa.deb
Size/MD5 checksum: 1028004 fda64b9c3d563d0ca69ab75589df9537
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_hppa.deb
Size/MD5 checksum: 1390048 f4c926a6071013c7036a80e26f28fa11
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_hppa.deb
Size/MD5 checksum: 29416 8464d0da9c99a042352cb2d3283e7ea8
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_hppa.deb
Size/MD5 checksum: 4490366 9f2d49bb26c07d0590a267a956d0ecd6
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_hppa.deb
Size/MD5 checksum: 233514 553109e5fe95a921708fa43c2f390ae1
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_hppa.deb
Size/MD5 checksum: 537212 1c245ff84054296d0ed17e927a306ee0
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_hppa.deb
Size/MD5 checksum: 251682 24496f3bc7ab7f61814a11c926c5df9b
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_hppa.deb
Size/MD5 checksum: 88700 8cb6c26058a0a110af40ceb8b5390467
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_hppa.deb
Size/MD5 checksum: 40654 dd810fe55b07f82ceb95bf9ea836e3ea
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_i386.deb
Size/MD5 checksum: 39896 92ee9791f3230e4ea0af774d21f94168
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_i386.deb
Size/MD5 checksum: 830196 69baa4d5223c2de49c11efb1f5221a60
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_i386.deb
Size/MD5 checksum: 1083380 5172f568a27adc2bed46aa20f676dff5
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_i386.deb
Size/MD5 checksum: 3517742 7a113810a43f06c3d6a3c5dab6e07016
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_i386.deb
Size/MD5 checksum: 44708 2ed6b07d9ef09967812b79e897034310
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_i386.deb
Size/MD5 checksum: 199976 baa7d28e34b5fde83cc018b5a5d4c15a
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_i386.deb
Size/MD5 checksum: 78690 03c98f8a8ab9c46c51211cf03477a596
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_i386.deb
Size/MD5 checksum: 220864 e29f350428d1b68225d7c8ba7cd3a1ae
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_i386.deb
Size/MD5 checksum: 27222 139eb0bb1b4509126eb0f314bd06b3c6
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_i386.deb
Size/MD5 checksum: 424062 813d3d51730c919ce8cce2619e8cb7a4
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_ia64.deb
Size/MD5 checksum: 1141736 e154e2940d769255c27812c88e6008ef
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_ia64.deb
Size/MD5 checksum: 617516 446aab21fce2d72a0329aaacb13b0218
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_ia64.deb
Size/MD5 checksum: 39822 c1d1672a1133ef3dc3e06bb35d44178a
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_ia64.deb
Size/MD5 checksum: 44824 3860e662f447487c2d9bf8205456aece
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_ia64.deb
Size/MD5 checksum: 257036 30475f72472985773c1865ac17bd3c89
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_ia64.deb
Size/MD5 checksum: 4090302 8b6a05199dc1320125556dfc7926fae4
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_ia64.deb
Size/MD5 checksum: 272332 83c9fa6e5604e602c3bc4f14a06eeae5
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_ia64.deb
Size/MD5 checksum: 33502 4eed857b2d83a40e68d93e98ade6abc8
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_ia64.deb
Size/MD5 checksum: 95656 89ebd5d71ad2b141d236d8c9b6a43903
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_ia64.deb
Size/MD5 checksum: 1490970 713ad5906467e5b90cc4a3f53f0744f3
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_mips.deb
Size/MD5 checksum: 44844 6b456d8c52239872cbd9f5542bff784b
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_mips.deb
Size/MD5 checksum: 73664 f41bdb4eb005b8625dea2e409364ff87
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_mips.deb
Size/MD5 checksum: 1193866 808245a31a56eabf2c0e5709b8fd2428
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_mips.deb
Size/MD5 checksum: 470078 540998727df1f5c9428313f758cf884a
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_mips.deb
Size/MD5 checksum: 39848 87bd4c93eb79695af218c0808a09e35a
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_mips.deb
Size/MD5 checksum: 215272 4860e20d43c86f2735a31f44670618ec
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_mips.deb
Size/MD5 checksum: 26668 62fb10d72d7ed01330fccf10286bbe6a
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_mips.deb
Size/MD5 checksum: 184228 4e33ed1450dc3e80bebe4ba6e77a838b
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_mips.deb
Size/MD5 checksum: 777292 e1e41bc61eccd7ecaea9584d38bf58e6
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_mips.deb
Size/MD5 checksum: 3850956 d5f8bcc45254c4ef6d92d080556291b5
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_mipsel.deb
Size/MD5 checksum: 182718 51b45846a45e5e82cc9e19c945a90ea5
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_mipsel.deb
Size/MD5 checksum: 26546 86462ca5f14e03a354f66d78a2d2cd26
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_mipsel.deb
Size/MD5 checksum: 213836 5ea221d730e499c8d119fadae2a10cf4
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_mipsel.deb
Size/MD5 checksum: 767516 609ed9d94b80fc8de162755940085083
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_mipsel.deb
Size/MD5 checksum: 39856 260898221c2f3d98aa4d2feea9dd8c79
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_mipsel.deb
Size/MD5 checksum: 44834 4888af4ae1674af7cb9f3ad0bc8ed08d
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_mipsel.deb
Size/MD5 checksum: 3558410 71a2d6eeaf4f098991037d9591960959
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_mipsel.deb
Size/MD5 checksum: 465932 0b83d1e7850c8db7bbe6ba6910f277ec
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_mipsel.deb
Size/MD5 checksum: 72646 d9d3544bf7737fd39c05fa581d7a0d09
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_mipsel.deb
Size/MD5 checksum: 1090376 cd526c5cebb53ccce2328f082daa74c7
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_powerpc.deb
Size/MD5 checksum: 204176 7cb6fb9fb3236cc8511d651c775d073e
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_powerpc.deb
Size/MD5 checksum: 460872 1447cb90c1f474fd61cc9983cfa556d3
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_powerpc.deb
Size/MD5 checksum: 87052 d313378dd667914afa23fe31b6c05ee3
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_powerpc.deb
Size/MD5 checksum: 4448862 2f5163953f563c2f019c1dbc9bab43dc
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_s390.deb
Size/MD5 checksum: 1233568 235630e792f502b5c37faae115045df9
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_s390.deb
Size/MD5 checksum: 428186 103147901d6a2cfaeff2035ff2c28288
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_s390.deb
Size/MD5 checksum: 197704 27ec7c3bd31a449d20da04226b6e468c
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_s390.deb
Size/MD5 checksum: 44804 cd801280cf417fae3e179ef4fe3a66e1
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_s390.deb
Size/MD5 checksum: 848578 de7ce789ecb6c16795b931402f0b1660
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_s390.deb
Size/MD5 checksum: 4723822 97ac517c81a1d4dab7935a2be919cca7
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_s390.deb
Size/MD5 checksum: 80696 92acd50da0e8385d15aae03ffc1a0d02
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_s390.deb
Size/MD5 checksum: 229200 2441d31d47eabc618d623d32d7e13b5d
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_s390.deb
Size/MD5 checksum: 39816 1cc5bd0bd313ca10b6da5724c48731c4
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_s390.deb
Size/MD5 checksum: 28226 f4847e4e43da82482df59db35202f2d2
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_sparc.deb
Size/MD5 checksum: 3816108 f57bba921d5e899118e7fe8f5bb23f65
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_sparc.deb
Size/MD5 checksum: 27342 3c40d8e2de20d5dcc598bd710af5656b
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_sparc.deb
Size/MD5 checksum: 40232 c2d60a1f8c2b5796274c15e4ca5a10ed
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_sparc.deb
Size/MD5 checksum: 79978 ad93d7013e82d2a3c00989bd52fb5439
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_sparc.deb
Size/MD5 checksum: 44848 8c6c3a8de0ab991d34114ee39bf2f3db
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_sparc.deb
Size/MD5 checksum: 206984 57e6d5d73e1d1e7751471c0759fa5977
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_sparc.deb
Size/MD5 checksum: 218028 7424acce24e5c5c0017d04030e176377
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_sparc.deb
Size/MD5 checksum: 1344914 a1fab1a73f632b64a8cd65d253716481
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_sparc.deb
Size/MD5 checksum: 1009372 037974812670103391815dd83fa3e0fa
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_sparc.deb
Size/MD5 checksum: 408546 720bec76be68d6ed4300c38c125745e1
These files will probably be moved into the stable distribution on
its next update.
- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksdiFEACgkQXm3vHE4uylrf/ACbB/myWpo9JRUeLW/3EFj54dpW
7F4AoOj8o5BTtsSFcDJsk2EKAEn3OcFR
=W0/x
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFLHcfFNVH5XJJInbgRAgMTAJ9fs0aog+s70jJEVnNXwAZOj2rpAQCfcFXd
znOLaFe9T9Usw1563geMGbw=
=xR8j
-----END PGP SIGNATURE-----