Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2009.1606 New Shibboleth packages fix cross-site scripting 8 December 2009 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: shibboleth-sp shibboleth-sp2 opensaml2 Publisher: Debian Operating System: Debian GNU/Linux 4 Debian GNU/Linux 5 Impact/Access: Cross-site Scripting -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2009-3300 Reference: ESB-2009.1480 Original Bulletin: http://www.debian.org/security/2009/dsa-1947 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------ Debian Security Advisory DSA-1947-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff December 07, 2009 http://www.debian.org/security/faq - - ------------------------------------------------------------------------ Package : shibboleth-sp, shibboleth-sp2, opensaml2 Vulnerability : missing input sanitising Problem type : remote Debian-specific: no CVE Id(s) : CVE-2009-3300 Matt Elder discovered that Shibboleth, a federated web single sign-on system is vulnerable to script injection through redirection URLs. More details can be found in the Shibboleth advisory at http://shibboleth.internet2.edu/secadv/secadv_20091104.txt For the old stable distribution (etch), this problem has been fixed in version 1.3f.dfsg1-2+etch2 of shibboleth-sp. For the stable distribution (lenny), this problem has been fixed in version 1.3.1.dfsg1-3+lenny2 of shibboleth-sp, version 2.0.dfsg1-4+lenny2 of shibboleth-sp2 and version 2.0-2+lenny2 of opensaml2. For the unstable distribution (sid), this problem has been fixed in version 2.3+dfsg-1 of shibboleth-sp2, version 2.3-1 of opensaml2 and version 1.3.1-1 of xmltooling. We recommend that you upgrade your Shibboleth packages. Upgrade instructions - - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - - ------------------------------- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3f.dfsg1-2+etch2.diff.gz Size/MD5 checksum: 35169 ce866f75fd4a3e360bcf1f40328a6775 http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3f.dfsg1.orig.tar.gz Size/MD5 checksum: 731365 7aba8f84ff20013dea55a4a34306791a http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3f.dfsg1-2+etch2.dsc Size/MD5 checksum: 957 4b81922200999d83b4e6e300dc4105b2 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_alpha.deb Size/MD5 checksum: 599542 bc648aff189d0a1ab1cfaa8b552ca3c2 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_alpha.deb Size/MD5 checksum: 218758 84f33e347e9905f7a8ea10f7ccefef38 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_alpha.deb Size/MD5 checksum: 81606 ff24f6a6f67605f54970d80effacbbdb http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_alpha.deb Size/MD5 checksum: 4220522 696dd0f5e47dc671cc975becf0de468f amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_amd64.deb Size/MD5 checksum: 458596 74e93d23170bb31caebfe2ca129d07d0 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_amd64.deb Size/MD5 checksum: 78106 54e21b28a39741ed8e7174f1f461b36f http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_amd64.deb Size/MD5 checksum: 4016352 ed12fa9ff63849bbaebff10b69910042 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_amd64.deb Size/MD5 checksum: 201502 99f8013c58e15a4e7f631c2b6163df80 arm architecture (ARM) http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_arm.deb Size/MD5 checksum: 463996 e9b59a2da0e48c3c28d5cc6496fb610a http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_arm.deb Size/MD5 checksum: 224674 443c6592e797a5f3029ddfc6e4d39b6e http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_arm.deb Size/MD5 checksum: 77274 eb8e738461d2ce57747d00c0372ccd0c http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_arm.deb Size/MD5 checksum: 3777924 c8fc18d5e616f85e3bf4be7e72660a6d hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_hppa.deb Size/MD5 checksum: 91240 6d3bf6784f6c37ac33bd5c187ffff78f http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_hppa.deb Size/MD5 checksum: 4681852 45a47043bead90d8c5b4d7d055f3481c http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_hppa.deb Size/MD5 checksum: 236856 9fcd23ec0055d336e830afbff9e0bfc4 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_hppa.deb Size/MD5 checksum: 523584 39dae9be500d372f40d79cd173208c83 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_i386.deb Size/MD5 checksum: 433480 4d36fe53ea41d60d8a9271a8283f982e http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_i386.deb Size/MD5 checksum: 76582 2e8ccdf193b826c7edea81d64928e306 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_i386.deb Size/MD5 checksum: 201376 43e1ccf246c06173bb0b726435f0d815 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_i386.deb Size/MD5 checksum: 3717328 706787e36afd27879765043b36e21b67 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_ia64.deb Size/MD5 checksum: 4282674 6cf33d6e7e648f927d7471c1e14faeda http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_ia64.deb Size/MD5 checksum: 261082 42ecc6cb79ccaeb51ed216460854a6ef http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_ia64.deb Size/MD5 checksum: 606936 ad107c7889b6d3656b09494956872099 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_ia64.deb Size/MD5 checksum: 93558 e42b24b08c6724e038885bbb740b7ca8 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_mipsel.deb Size/MD5 checksum: 188188 08e68a767cef9f6a17300355346ebb29 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_mipsel.deb Size/MD5 checksum: 3739418 16b2bbe8b61dcce84d0b59cd1deab413 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_mipsel.deb Size/MD5 checksum: 474312 0f630ad847bd524394fd8a2fb09a3bf6 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_mipsel.deb Size/MD5 checksum: 74468 fea5404f1e3c957dea0725a8dc592026 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_s390.deb Size/MD5 checksum: 4882170 69ef571c49fc850cc72c2ece4034cc26 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_s390.deb Size/MD5 checksum: 431890 0dca24c94492a6315d1fdbec36084135 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_s390.deb Size/MD5 checksum: 202306 8ca8e9ef70f686c74bb847872e4aec48 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_s390.deb Size/MD5 checksum: 78436 a282913025fea52ca355b0ccd3eaae59 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_sparc.deb Size/MD5 checksum: 4013874 821e9b9bc96fef947d18f6784d3b1854 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_sparc.deb Size/MD5 checksum: 78344 50dc4f9244ac311dca6bfbc81214c978 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_sparc.deb Size/MD5 checksum: 416304 13ca14493e80f0ff8e7f94ccdb660abf http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_sparc.deb Size/MD5 checksum: 209108 ecb31ca29a9d247d212a63df040d9a64 Debian GNU/Linux 5.0 alias lenny - - -------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2_2.0-2+lenny2.diff.gz Size/MD5 checksum: 7717 be1470ec19b079abbea465c586a6db9c http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2_2.0-2+lenny2.dsc Size/MD5 checksum: 1450 ae583eaffa9dc2ab9fc37f15bfbf9817 http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3.1.dfsg1-3+lenny2.diff.gz Size/MD5 checksum: 34141 89b96ed5094e36c9da588f2fe0c815d9 http://security.debian.org/pool/updates/main/s/shibboleth-sp2/shibboleth-sp2_2.0.dfsg1-4+lenny2.diff.gz Size/MD5 checksum: 17174 b9b0333f56c573d4a7f9bf608cbc4a89 http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2_2.0.orig.tar.gz Size/MD5 checksum: 705058 85968f3c72cb789b11c9d01209e4d46b http://security.debian.org/pool/updates/main/s/shibboleth-sp2/shibboleth-sp2_2.0.dfsg1-4+lenny2.dsc Size/MD5 checksum: 1672 7cef2a57583d84e46a214475c4a25393 http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3.1.dfsg1.orig.tar.gz Size/MD5 checksum: 761686 996ac4370cd8cb91528169c1e2c337b6 http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3.1.dfsg1-3+lenny2.dsc Size/MD5 checksum: 1601 b7d6efd2896e7e3cee6463c14c23b122 http://security.debian.org/pool/updates/main/s/shibboleth-sp2/shibboleth-sp2_2.0.dfsg1.orig.tar.gz Size/MD5 checksum: 726871 836fccbf614fc8edfc1fdbefcf0ba489 Architecture independent packages: http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-doc_2.0-2+lenny2_all.deb Size/MD5 checksum: 365940 551bf56b7ca0618a515b4cde3c9046c7 http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-schemas_2.0-2+lenny2_all.deb Size/MD5 checksum: 25680 681338ca7d060ab79c9f26527902d8dc http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-doc_2.0.dfsg1-4+lenny2_all.deb Size/MD5 checksum: 258520 39b8bdad69f6bfa31730c459da5b575c http://security.debian.org/pool/updates/main/s/shibboleth-sp2/shibboleth-sp2-schemas_2.0.dfsg1-4+lenny2_all.deb Size/MD5 checksum: 15434 4f601fe9b3886b22316a141e01e707a6 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_alpha.deb Size/MD5 checksum: 575686 69d92528ea88a49b28931fc0fd3653f7 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_alpha.deb Size/MD5 checksum: 84258 4de37104dcc335289e01785cd85d4c85 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_alpha.deb Size/MD5 checksum: 218348 8f31cca573d9e3158458c7ec76a09e88 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_alpha.deb Size/MD5 checksum: 4126894 3eaf35288a38c8d14e4c72340661a594 http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_alpha.deb Size/MD5 checksum: 241522 385e1e70d3b296c97bf34783c2cf173f http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_alpha.deb Size/MD5 checksum: 941354 123fbab68a88df7843839b0406345488 http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_alpha.deb Size/MD5 checksum: 39842 d8c15efea7f3d01bd06b6197a8920235 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_amd64.deb Size/MD5 checksum: 228568 dc4196ddec55f46b1a8eac7185b88a48 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_amd64.deb Size/MD5 checksum: 81744 a55299c3b74a93da9a592dac059b01c9 http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_amd64.deb Size/MD5 checksum: 44592 4b419a7302251bc7b4692d66bff18528 http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_amd64.deb Size/MD5 checksum: 840692 1ff155d1f8cd16aa3a84aa8efb1193e9 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_amd64.deb Size/MD5 checksum: 201410 8edd3a696833973b204a6d71dcdab807 http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_amd64.deb Size/MD5 checksum: 39838 ab0ae6d0efddc77e13f9bd4c5310c542 http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_amd64.deb Size/MD5 checksum: 28440 9bb20149248ac6f087e4cc43646d1f8c http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_amd64.deb Size/MD5 checksum: 456000 b8ca326fcf83b65d8dca6e9784f53066 http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_amd64.deb Size/MD5 checksum: 1192090 7803aa94b252c6ea8f0fbbb85c5daa2a http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_amd64.deb Size/MD5 checksum: 3836116 2a44bac39c2cb29039c56cbb95e5786a arm architecture (ARM) http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_arm.deb Size/MD5 checksum: 228470 71a7c3343665c48ede56d46a0c262221 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_arm.deb Size/MD5 checksum: 455568 ea8a41453fc01b7bdfa1c9071327333c http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_arm.deb Size/MD5 checksum: 77508 7117b5f842db50750bb549fce98b19f9 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_arm.deb Size/MD5 checksum: 3581714 51dd8fdf617457b087d06ca7a5736a94 http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_arm.deb Size/MD5 checksum: 44828 c311aa275750cfd43afd388b153e8416 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_arm.deb Size/MD5 checksum: 214548 f3defb04bd5965851b36ac8d6cb3d151 http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_arm.deb Size/MD5 checksum: 27214 d88ee290fdfd74f37e64f04805cfcc18 http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_arm.deb Size/MD5 checksum: 40368 586a3581ca90e7e7ee0e88c146687e62 http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_arm.deb Size/MD5 checksum: 1164554 1f88ecccc1c33e3faab2b3f7a4452dd7 http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_arm.deb Size/MD5 checksum: 946436 ed86edf1c11e206e5d032bb5181ad50a armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_armel.deb Size/MD5 checksum: 205908 0e0678da76fed65ae488470dfe10a0c9 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_armel.deb Size/MD5 checksum: 476654 f6d54f691090bf50254dbd386c6d769c http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_armel.deb Size/MD5 checksum: 69910 ba99d299af96261c579e25e66908abab http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_armel.deb Size/MD5 checksum: 770344 b86196f10236b070b803cd4471f4c423 http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_armel.deb Size/MD5 checksum: 45088 c339ef2f9f15e520e82a1d51bfd95aae http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_armel.deb Size/MD5 checksum: 24718 db0f484a05d4122d24f8545975c15326 http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_armel.deb Size/MD5 checksum: 1036358 67b6c4e429c5e111b0ec13efb45d7882 http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_armel.deb Size/MD5 checksum: 40430 f90d19f99a707de0b382b8e9e4b1e198 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_armel.deb Size/MD5 checksum: 3558576 c47ab3119943a9566da8ddc09ca660f1 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_armel.deb Size/MD5 checksum: 185672 3882aafaf772ec0efef1467d73423aee hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_hppa.deb Size/MD5 checksum: 44690 179fd0ce973904e527a4689d4277394f http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_hppa.deb Size/MD5 checksum: 1028004 fda64b9c3d563d0ca69ab75589df9537 http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_hppa.deb Size/MD5 checksum: 1390048 f4c926a6071013c7036a80e26f28fa11 http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_hppa.deb Size/MD5 checksum: 29416 8464d0da9c99a042352cb2d3283e7ea8 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_hppa.deb Size/MD5 checksum: 4490366 9f2d49bb26c07d0590a267a956d0ecd6 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_hppa.deb Size/MD5 checksum: 233514 553109e5fe95a921708fa43c2f390ae1 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_hppa.deb Size/MD5 checksum: 537212 1c245ff84054296d0ed17e927a306ee0 http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_hppa.deb Size/MD5 checksum: 251682 24496f3bc7ab7f61814a11c926c5df9b http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_hppa.deb Size/MD5 checksum: 88700 8cb6c26058a0a110af40ceb8b5390467 http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_hppa.deb Size/MD5 checksum: 40654 dd810fe55b07f82ceb95bf9ea836e3ea i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_i386.deb Size/MD5 checksum: 39896 92ee9791f3230e4ea0af774d21f94168 http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_i386.deb Size/MD5 checksum: 830196 69baa4d5223c2de49c11efb1f5221a60 http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_i386.deb Size/MD5 checksum: 1083380 5172f568a27adc2bed46aa20f676dff5 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_i386.deb Size/MD5 checksum: 3517742 7a113810a43f06c3d6a3c5dab6e07016 http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_i386.deb Size/MD5 checksum: 44708 2ed6b07d9ef09967812b79e897034310 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_i386.deb Size/MD5 checksum: 199976 baa7d28e34b5fde83cc018b5a5d4c15a http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_i386.deb Size/MD5 checksum: 78690 03c98f8a8ab9c46c51211cf03477a596 http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_i386.deb Size/MD5 checksum: 220864 e29f350428d1b68225d7c8ba7cd3a1ae http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_i386.deb Size/MD5 checksum: 27222 139eb0bb1b4509126eb0f314bd06b3c6 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_i386.deb Size/MD5 checksum: 424062 813d3d51730c919ce8cce2619e8cb7a4 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_ia64.deb Size/MD5 checksum: 1141736 e154e2940d769255c27812c88e6008ef http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_ia64.deb Size/MD5 checksum: 617516 446aab21fce2d72a0329aaacb13b0218 http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_ia64.deb Size/MD5 checksum: 39822 c1d1672a1133ef3dc3e06bb35d44178a http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_ia64.deb Size/MD5 checksum: 44824 3860e662f447487c2d9bf8205456aece http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_ia64.deb Size/MD5 checksum: 257036 30475f72472985773c1865ac17bd3c89 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_ia64.deb Size/MD5 checksum: 4090302 8b6a05199dc1320125556dfc7926fae4 http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_ia64.deb Size/MD5 checksum: 272332 83c9fa6e5604e602c3bc4f14a06eeae5 http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_ia64.deb Size/MD5 checksum: 33502 4eed857b2d83a40e68d93e98ade6abc8 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_ia64.deb Size/MD5 checksum: 95656 89ebd5d71ad2b141d236d8c9b6a43903 http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_ia64.deb Size/MD5 checksum: 1490970 713ad5906467e5b90cc4a3f53f0744f3 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_mips.deb Size/MD5 checksum: 44844 6b456d8c52239872cbd9f5542bff784b http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_mips.deb Size/MD5 checksum: 73664 f41bdb4eb005b8625dea2e409364ff87 http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_mips.deb Size/MD5 checksum: 1193866 808245a31a56eabf2c0e5709b8fd2428 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_mips.deb Size/MD5 checksum: 470078 540998727df1f5c9428313f758cf884a http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_mips.deb Size/MD5 checksum: 39848 87bd4c93eb79695af218c0808a09e35a http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_mips.deb Size/MD5 checksum: 215272 4860e20d43c86f2735a31f44670618ec http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_mips.deb Size/MD5 checksum: 26668 62fb10d72d7ed01330fccf10286bbe6a http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_mips.deb Size/MD5 checksum: 184228 4e33ed1450dc3e80bebe4ba6e77a838b http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_mips.deb Size/MD5 checksum: 777292 e1e41bc61eccd7ecaea9584d38bf58e6 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_mips.deb Size/MD5 checksum: 3850956 d5f8bcc45254c4ef6d92d080556291b5 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_mipsel.deb Size/MD5 checksum: 182718 51b45846a45e5e82cc9e19c945a90ea5 http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_mipsel.deb Size/MD5 checksum: 26546 86462ca5f14e03a354f66d78a2d2cd26 http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_mipsel.deb Size/MD5 checksum: 213836 5ea221d730e499c8d119fadae2a10cf4 http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_mipsel.deb Size/MD5 checksum: 767516 609ed9d94b80fc8de162755940085083 http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_mipsel.deb Size/MD5 checksum: 39856 260898221c2f3d98aa4d2feea9dd8c79 http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_mipsel.deb Size/MD5 checksum: 44834 4888af4ae1674af7cb9f3ad0bc8ed08d http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_mipsel.deb Size/MD5 checksum: 3558410 71a2d6eeaf4f098991037d9591960959 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_mipsel.deb Size/MD5 checksum: 465932 0b83d1e7850c8db7bbe6ba6910f277ec http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_mipsel.deb Size/MD5 checksum: 72646 d9d3544bf7737fd39c05fa581d7a0d09 http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_mipsel.deb Size/MD5 checksum: 1090376 cd526c5cebb53ccce2328f082daa74c7 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_powerpc.deb Size/MD5 checksum: 204176 7cb6fb9fb3236cc8511d651c775d073e http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_powerpc.deb Size/MD5 checksum: 460872 1447cb90c1f474fd61cc9983cfa556d3 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_powerpc.deb Size/MD5 checksum: 87052 d313378dd667914afa23fe31b6c05ee3 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_powerpc.deb Size/MD5 checksum: 4448862 2f5163953f563c2f019c1dbc9bab43dc s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_s390.deb Size/MD5 checksum: 1233568 235630e792f502b5c37faae115045df9 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_s390.deb Size/MD5 checksum: 428186 103147901d6a2cfaeff2035ff2c28288 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_s390.deb Size/MD5 checksum: 197704 27ec7c3bd31a449d20da04226b6e468c http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_s390.deb Size/MD5 checksum: 44804 cd801280cf417fae3e179ef4fe3a66e1 http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_s390.deb Size/MD5 checksum: 848578 de7ce789ecb6c16795b931402f0b1660 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_s390.deb Size/MD5 checksum: 4723822 97ac517c81a1d4dab7935a2be919cca7 http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_s390.deb Size/MD5 checksum: 80696 92acd50da0e8385d15aae03ffc1a0d02 http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_s390.deb Size/MD5 checksum: 229200 2441d31d47eabc618d623d32d7e13b5d http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_s390.deb Size/MD5 checksum: 39816 1cc5bd0bd313ca10b6da5724c48731c4 http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_s390.deb Size/MD5 checksum: 28226 f4847e4e43da82482df59db35202f2d2 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_sparc.deb Size/MD5 checksum: 3816108 f57bba921d5e899118e7fe8f5bb23f65 http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_sparc.deb Size/MD5 checksum: 27342 3c40d8e2de20d5dcc598bd710af5656b http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_sparc.deb Size/MD5 checksum: 40232 c2d60a1f8c2b5796274c15e4ca5a10ed http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_sparc.deb Size/MD5 checksum: 79978 ad93d7013e82d2a3c00989bd52fb5439 http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_sparc.deb Size/MD5 checksum: 44848 8c6c3a8de0ab991d34114ee39bf2f3db http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_sparc.deb Size/MD5 checksum: 206984 57e6d5d73e1d1e7751471c0759fa5977 http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_sparc.deb Size/MD5 checksum: 218028 7424acce24e5c5c0017d04030e176377 http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_sparc.deb Size/MD5 checksum: 1344914 a1fab1a73f632b64a8cd65d253716481 http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_sparc.deb Size/MD5 checksum: 1009372 037974812670103391815dd83fa3e0fa http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_sparc.deb Size/MD5 checksum: 408546 720bec76be68d6ed4300c38c125745e1 These files will probably be moved into the stable distribution on its next update. - - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAksdiFEACgkQXm3vHE4uylrf/ACbB/myWpo9JRUeLW/3EFj54dpW 7F4AoOj8o5BTtsSFcDJsk2EKAEn3OcFR =W0/x - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iD8DBQFLHcfFNVH5XJJInbgRAgMTAJ9fs0aog+s70jJEVnNXwAZOj2rpAQCfcFXd znOLaFe9T9Usw1563geMGbw= =xR8j -----END PGP SIGNATURE-----