lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 16 Feb 2005 15:45:32 +0100
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: [USN-83-1] LessTif 2 vulnerabilities

===========================================================
Ubuntu Security Notice USN-83-1		  February 16, 2005
lesstif1-1 vulnerabilities
CAN-2004-0914
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

lesstif2

The problem can be corrected by upgrading the affected package to
version 1:0.93.94-4ubuntu1.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Several vulnerabilities have been found in the XPM image decoding
functions of the LessTif library. If an attacker tricked a user into
loading a malicious XPM image with an application that uses LessTif,
he could exploit this to execute arbitrary code in the context of the
user opening the image.

Ubuntu does not contain any server applications using LessTif, so
there is no possibility of privilege escalation.

Please note that this update only fixes lesstif2. The older lesstif1
version is also affected. A proper fix for lesstif1 will still take
some time and will be done in a separate USN. However, no Ubuntu
application uses lesstif1, so this could only affect you if you use
third party software which depends on this library.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1-1_0.93.94-4ubuntu1.1.diff.gz
      Size/MD5:   106165 7862c4bca521ac44fa51ec413291a893
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1-1_0.93.94-4ubuntu1.1.dsc
      Size/MD5:      864 e98b3773a457fa1d31437792bc59c572
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1-1_0.93.94.orig.tar.gz
      Size/MD5:  4862623 9eb87b5470333ccb31425a47d24f5a96

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif-doc_0.93.94-4ubuntu1.1_all.deb
      Size/MD5:   342038 dfaf44658bdd3dbc189919ddc46dd124

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/l/lesstif1-1/lesstif-bin_0.93.94-4ubuntu1.1_amd64.deb
      Size/MD5:   176768 b87d9271f12b3429830d2ef9797c7691
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif-dev_0.93.94-4ubuntu1.1_amd64.deb
      Size/MD5:   917162 6a7ef68078cb2688777f5bd52225ae9c
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1_0.93.94-4ubuntu1.1_amd64.deb
      Size/MD5:   660570 ca9223c84b259836eca8682e4657f5c8
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2-dev_0.93.94-4ubuntu1.1_amd64.deb
      Size/MD5:  1067970 7d62d335c729ac9de38bf064c7bacc56
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2_0.93.94-4ubuntu1.1_amd64.deb
      Size/MD5:   742606 db847dfc1c2b2ae2a319322bc6203afa

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/l/lesstif1-1/lesstif-bin_0.93.94-4ubuntu1.1_i386.deb
      Size/MD5:   159374 ea4b92fdde96eb648074dbfe209b3898
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif-dev_0.93.94-4ubuntu1.1_i386.deb
      Size/MD5:   803566 b4b46757d9e9a8135115304206cea3be
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1_0.93.94-4ubuntu1.1_i386.deb
      Size/MD5:   597886 554790b9bee5fe30646a873c29b4db27
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2-dev_0.93.94-4ubuntu1.1_i386.deb
      Size/MD5:   933332 461643cc6eb37dc1d2021242dc87cbdd
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2_0.93.94-4ubuntu1.1_i386.deb
      Size/MD5:   673282 9b128c9b9fb5f5a54cd16e9e87ed0082

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/l/lesstif1-1/lesstif-bin_0.93.94-4ubuntu1.1_powerpc.deb
      Size/MD5:   171684 4ae91873e024a56f3e0176ae5d9afe44
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif-dev_0.93.94-4ubuntu1.1_powerpc.deb
      Size/MD5:   946008 ce77211f5a1b6a2d17e0429473ef3e76
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1_0.93.94-4ubuntu1.1_powerpc.deb
      Size/MD5:   625936 2b5d6a5ca302cbc801c885077e14c61d
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2-dev_0.93.94-4ubuntu1.1_powerpc.deb
      Size/MD5:  1093972 3d0df04841498a8e5882430bd2a40b16
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2_0.93.94-4ubuntu1.1_powerpc.deb
      Size/MD5:   706052 fead0ca59a8901f10094e5654f5ea687

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)


Powered by blists - more mailing lists