-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1779-1 security@xxxxxxxxxx http://www.debian.org/security/ Thijs Kinkhorst April 26, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : apt Vulnerability : several Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2009-1300 CVE-2009-1358 Debian Bug : 523213 433091 Two vulnerabilities have been discovered in APT, the well-known dpkg frontend. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1300 In time zones where daylight savings time occurs at midnight, the apt cron.daily script fails, stopping new security updates from being applied automatically. CVE-2009-1358 A repository that has been signed with an expired or revoked OpenPGP key would still be considered valid by APT. For the old stable distribution (etch), these problems have been fixed in version 0.6.46.4-0.1+etch1. For the stable distribution (lenny), these problems have been fixed in version 0.7.20.2+lenny1. For the unstable distribution (sid), these problems have been fixed in version 0.7.21. We recommend that you upgrade your apt package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1.tar.gz Size/MD5 checksum: 1798703 e6eaebb8a12f5243668ca56e65c8c71e http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1.dsc Size/MD5 checksum: 1108 c631100edac082afe2dddb28030ed6ff Architecture independent packages: http://security.debian.org/pool/updates/main/a/apt/apt-doc_0.6.46.4-0.1+etch1_all.deb Size/MD5 checksum: 89752 999f34683b7cb7818258ac1ebfca701c http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-doc_0.6.46.4-0.1+etch1_all.deb Size/MD5 checksum: 112248 b91e59e2e1093ecbe387ccc7e8111d73 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_alpha.deb Size/MD5 checksum: 216152 3fde92f88576df84cb57aaf846ba3816 http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_alpha.deb Size/MD5 checksum: 84560 48019ace277299ac3495eb77ddb94320 http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_alpha.deb Size/MD5 checksum: 1505198 088f74bfebfac8c33f19e5b05f536761 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_amd64.deb Size/MD5 checksum: 198456 7cad50de61d033a85b079211ab282ec7 http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_amd64.deb Size/MD5 checksum: 84796 66930e40732a85913fff7815591ea784 http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_amd64.deb Size/MD5 checksum: 1448634 b29859a90e52b5f47048f38e115e44dd arm architecture (ARM) http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_arm.deb Size/MD5 checksum: 214264 5ab7d5e622e9425b3f5163b007e7e71e http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_arm.deb Size/MD5 checksum: 83810 04ec509e12759ee2af94881e0d5ef724 http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_arm.deb Size/MD5 checksum: 1497802 2a03e41c76e2720707dbbfb790c17f62 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_i386.deb Size/MD5 checksum: 84166 6aa9a63c060eb0461b66f67e35ed20c7 http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_i386.deb Size/MD5 checksum: 198392 7245c5ea84b1c4eefa816af20868a794 http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_i386.deb Size/MD5 checksum: 1438190 73f115b27de4fdf11af97e2b5afca613 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_ia64.deb Size/MD5 checksum: 247928 a7c2581155ab49d35af4d365d51dbf8e http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_ia64.deb Size/MD5 checksum: 84186 c94ee0563a7531b142d8728699f17d96 http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_ia64.deb Size/MD5 checksum: 1631044 4313242ccadf096fd8088c27050141e9 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_mips.deb Size/MD5 checksum: 1413928 0d07461fb18e97564be6227cf04031e9 http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_mips.deb Size/MD5 checksum: 195524 35b9ad4c2121fde59d5a67f52f01ce1c http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_mips.deb Size/MD5 checksum: 84186 3fd16873a28ee85e1b42c6f6bb801852 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_mipsel.deb Size/MD5 checksum: 84192 715de146cd96db7fc9421df5dd4fd5e5 http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_mipsel.deb Size/MD5 checksum: 195046 6bf1cd0ee7cc374a55c0cbfec7f1a2a7 http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_mipsel.deb Size/MD5 checksum: 1410850 192ab91f19c4fd4f7a49bbe82bd9ccaa powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_powerpc.deb Size/MD5 checksum: 1450594 f90c89e0e003ac88befb170a14709afc http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_powerpc.deb Size/MD5 checksum: 206392 7d78be4ec2c5ac8a1c06b88e27053541 http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_powerpc.deb Size/MD5 checksum: 84190 1e771c856f024be9ddd7b5c86b599b8e s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_s390.deb Size/MD5 checksum: 188942 fd67a46fd4260be589b2634d2df509f8 http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_s390.deb Size/MD5 checksum: 84186 0d4d1110459a4d334332218f3cf9f9ac http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_s390.deb Size/MD5 checksum: 1430202 55abf0323abb3ce4df57b82706b1ec1c sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_sparc.deb Size/MD5 checksum: 1423156 f7dcd42161f64afc103bfa53f853c34e http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_sparc.deb Size/MD5 checksum: 85288 e8402a5ced27cae1c8ba13df05e8972b http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_sparc.deb Size/MD5 checksum: 189344 63b3411e1f3aea4920aee57fd92be904 Debian GNU/Linux 5.0 alias lenny - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1.tar.gz Size/MD5 checksum: 2043258 c23dc4256af67c1644a9dbc5ae0115c8 http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1.dsc Size/MD5 checksum: 1540 60e740d25e23101d5f7a9c90b90ee698 Architecture independent packages: http://security.debian.org/pool/updates/main/a/apt/apt-doc_0.7.20.2+lenny1_all.deb Size/MD5 checksum: 102110 099c1c85cb08d668e9e4668516ebc763 http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-doc_0.7.20.2+lenny1_all.deb Size/MD5 checksum: 125292 68c3671fa441778e16dbbe838cc893e5 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_alpha.deb Size/MD5 checksum: 59682 c6f12690975904f490bae51e8896d2d2 http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_alpha.deb Size/MD5 checksum: 108326 e9ba5bbd066c440766eddd3f568f0762 http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_alpha.deb Size/MD5 checksum: 215062 3e20fc15cdca71bba1011828f0bf7b7d http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_alpha.deb Size/MD5 checksum: 1733134 6c1a53539011c887e6436c98dd2f9459 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_amd64.deb Size/MD5 checksum: 192392 5c7789c5c31c810c45ad5ff9914449d0 http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_amd64.deb Size/MD5 checksum: 1657772 1e7f04ceddd59e28213c67d7fd7a0cac http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_amd64.deb Size/MD5 checksum: 59416 52d21612bd4ad79d834c4e86ddd70e00 http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_amd64.deb Size/MD5 checksum: 108906 b67790820711fb84894286e75a552464 arm architecture (ARM) http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_arm.deb Size/MD5 checksum: 207490 b6ae12f5fe907f0aae2cba5aefdae74e http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_arm.deb Size/MD5 checksum: 61332 18784a8161b32752a27e5ac6f7ba3fbc http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_arm.deb Size/MD5 checksum: 109296 7bbcd9dd0c351d822b651cdc71d8b5d3 http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_arm.deb Size/MD5 checksum: 1715472 96a43332145ddc6a32c33cd470d2a98b armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_armel.deb Size/MD5 checksum: 183664 26c61ff554b0870d7b3b076c58e4cd48 http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_armel.deb Size/MD5 checksum: 1618204 0ece85e822c3a6b9a5fcdbd95154d6fc http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_armel.deb Size/MD5 checksum: 109100 b5d6253870c61ffcfd86bcbd3abfdc69 http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_armel.deb Size/MD5 checksum: 59644 7867c8452ef5dc79e7db094d35e823a7 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_i386.deb Size/MD5 checksum: 1639116 f2021728f2e92ffe32f7eb1bdc2d6231 http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_i386.deb Size/MD5 checksum: 107586 e5ac47a6a1892c8ae12b0c25136b163d http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_i386.deb Size/MD5 checksum: 188158 a0f4a903e2fc11d9d6535d310e7f5a9e http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_i386.deb Size/MD5 checksum: 58824 68cbda40b139645b347d3168e09c722b ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_ia64.deb Size/MD5 checksum: 62086 351cdc33240bebee0e0a117ba6d3bbe6 http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_ia64.deb Size/MD5 checksum: 107180 44f5541e6a61acd8b118cb7c69760ec5 http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_ia64.deb Size/MD5 checksum: 241400 5f124aa45329433fd321f26c855acd98 http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_ia64.deb Size/MD5 checksum: 1845584 d817332b5edd89be78c54c9952776879 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_mips.deb Size/MD5 checksum: 59008 6a278db4d415830cec5c5eb6b636492b http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_mips.deb Size/MD5 checksum: 191408 bd2dcf570bee282e29ec379db8a32f14 http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_mips.deb Size/MD5 checksum: 107180 ce3b0385df6fd640bb3b1a2ae35a25d5 http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_mips.deb Size/MD5 checksum: 1616524 78ad8122717febb7952a1d6b14d27250 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_mipsel.deb Size/MD5 checksum: 107190 e231d8c9eea5e564a6d19e9eefc4c25e http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_mipsel.deb Size/MD5 checksum: 190900 4528466ab570e603256df256ea2de659 http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_mipsel.deb Size/MD5 checksum: 58926 48dec2bd2641270e95b4bdea5cc0a8d5 http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_mipsel.deb Size/MD5 checksum: 1612746 92056ec6276c0b931859e6110125b861 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_powerpc.deb Size/MD5 checksum: 1706540 da3fd3aaab8a8e7c2e7028bbd05237a5 http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_powerpc.deb Size/MD5 checksum: 61758 768c59f133efa8d32293ec8cbb756d57 http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_powerpc.deb Size/MD5 checksum: 107198 d8483f3ebee001a9524e5c60a2f8201b http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_powerpc.deb Size/MD5 checksum: 211530 b656601d1a6b1dac2a0c43a99ba43e33 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_s390.deb Size/MD5 checksum: 59122 34cad4143dc249606699d6580ff5fb66 http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_s390.deb Size/MD5 checksum: 190036 57f06428b14903ce2d7821fd40261593 http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_s390.deb Size/MD5 checksum: 107188 2b4e8b377bf7aad46621dd933c68792c http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_s390.deb Size/MD5 checksum: 1649230 8405441f082af794841ba20cebaa7807 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_sparc.deb Size/MD5 checksum: 1649532 608c2627d477e3053b53dc622020c449 http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_sparc.deb Size/MD5 checksum: 192880 5dccb38f4a4cc0dca8aaa485f4168aa3 http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_sparc.deb Size/MD5 checksum: 108746 ff9121fd1ff12c3b6bf406b43126ff44 http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_sparc.deb Size/MD5 checksum: 60400 d6e12757ed28a524264f5e0b426e6779 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJJ9H6fAAoJECIIoQCMVaAciTIIAJ2GW/XljzRPQcISazdbjmQm VV2OywJUYwKcEBhscNFdf2TuAJaJ2ViRGboqirKzboFq+eDDDPBES5MAP6nOW771 6kAoj3vxHZJXoRe8hjaYGz40frOFdQF/nP7tFtoSCLVUDLxwyz5YFSe1mS0tYe6s MX9Bi14wsqeB+MKDULUJwG8UGBrxz2pP15kDF83s17uLe0RmSoKmHMwAaF/0TkqW hE74JsV0PUa9ITPInzvbcxdfQPL76PjWRKaXwduOGrnctL3+xQPqiCPosYdAwalJ JUqj+pUPchdSDOY9cn8srRmhWU80ITypeE4UBMfAT4LIV3LkNZaOZpy76remUis= =woEu -----END PGP SIGNATURE-----