[SA34488] Debian update for auth2db

----------------------------------------------------------------------

Secunia is pleased to announce the release of the annual Secunia
report for 2008.

Highlights from the 2008 report:
* Vulnerability Research
* Software Inspection Results
* Secunia Research Highlights
* Secunia Advisory Statistics

Request the full 2008 Report here:
http://secunia.com/advisories/try_vi/request_2008_report/

Stay Secure,

Secunia

----------------------------------------------------------------------

TITLE:
Debian update for auth2db

SECUNIA ADVISORY ID:
SA34488

VERIFY ADVISORY:
http://secunia.com/advisories/34488/

DESCRIPTION:
Debian has issued an update for auth2db. This fixes a vulnerability,
which can be exploited by malicious people to conduct SQL injection
attacks.

Certain input is not properly sanitised before being used in SQL
queries. This can be exploited to manipulate SQL queries by injecting
specially crafted multibyte character encoded data.

SOLUTION:
Apply updated packages.

-- Debian GNU/Linux 5.0 alias lenny --

Source archives:

http://security.debian.org/pool/updates/main/a/auth2db/auth2db_0.2.5-2+dfsg-1+lenny1.dsc
Size/MD5 checksum: 1124 6a583f694b1d8925e134c09aa093bbe2
http://security.debian.org/pool/updates/main/a/auth2db/auth2db_0.2.5-2+dfsg.orig.tar.gz
Size/MD5 checksum: 1648457 30187f48d223c6eb43a4c4a050a210bf
http://security.debian.org/pool/updates/main/a/auth2db/auth2db_0.2.5-2+dfsg-1+lenny1.diff.gz
Size/MD5 checksum: 660051 22884e0a64958362dd10fb9d95cc605c

Architecture independent packages:

http://security.debian.org/pool/updates/main/a/auth2db/auth2db_0.2.5-2+dfsg-1+lenny1_all.deb
Size/MD5 checksum: 29286 92513e873ad82b08553b96185d3619ea
http://security.debian.org/pool/updates/main/a/auth2db/auth2db-filters_0.2.5-2+dfsg-1+lenny1_all.deb
Size/MD5 checksum: 13970 897b87dfe350e656c05a944e7d2b1fc9
http://security.debian.org/pool/updates/main/a/auth2db/auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb
Size/MD5 checksum: 648700 7421594af2889badd95f52fc11e600aa
http://security.debian.org/pool/updates/main/a/auth2db/auth2db-frontend_0.2.5-2+dfsg-1+lenny1_all.deb
Size/MD5 checksum: 566262 7753eb86bcb06358042702547008110e

-- Debian GNU/Linux unstable alias sid --

Fixed in version 0.2.5-2+dfsg-1.1.

ORIGINAL ADVISORY:
DSA-1757-1:
http://lists.debian.org/debian-security-announce/2009/msg00067.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=wz.bluesnow.secunia%40blogger.com

----------------------------------------------------------------------