lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050912153701.GA27593@box79162.elkhouse.de>
Date: Mon, 12 Sep 2005 17:37:01 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-83-2] LessTif 1 vulnerabilities

===========================================================
Ubuntu Security Notice USN-83-2		 September 12, 2005
lesstif1-1 vulnerabilities
CAN-2004-0914
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

lesstif1

The problem can be corrected by upgrading the affected package to
version 1:0.93.94-4ubuntu1.4.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

USN-83-1 fixed some vulnerabilities in the "lesstif2" library. The
older "lesstif1" library was also affected, however, a fix was not yet
available at that time. This USN fixes the flaws for lesstif1.

Please note that there are no supported applications that use this
library, so this only affects you if you use third-party applications
which use lesstif1.

For your convenience, here is the relevant part of the USN-83-1
description:

  Several vulnerabilities have been found in the XPM image decoding
  functions of the LessTif library. If an attacker tricked a user into
  loading a malicious XPM image with an application that uses LessTif,
  he could exploit this to execute arbitrary code in the context of
  the user opening the image.

  Ubuntu does not contain any server applications using LessTif, so
  there is no possibility of privilege escalation.


  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1-1_0.93.94-4ubuntu1.4.diff.gz
      Size/MD5:   120384 728cea45df73cfac025aab648667ba26
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1-1_0.93.94-4ubuntu1.4.dsc
      Size/MD5:      864 f7a77c6d69d735c64e480407bc744b6b
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1-1_0.93.94.orig.tar.gz
      Size/MD5:  4862623 9eb87b5470333ccb31425a47d24f5a96

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif-doc_0.93.94-4ubuntu1.4_all.deb
      Size/MD5:   342270 0c35f7bdddb569d91eb28399e266ba79

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/l/lesstif1-1/lesstif-bin_0.93.94-4ubuntu1.4_amd64.deb
      Size/MD5:   176996 d5ad4f18af977e3e6fda8aff1f8b5942
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif-dev_0.93.94-4ubuntu1.4_amd64.deb
      Size/MD5:   919372 b15bc0f2b55e10ccf92cb0d3dd01f52d
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1_0.93.94-4ubuntu1.4_amd64.deb
      Size/MD5:   662418 985665bdc0a646fa21538a2b64801271
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2-dev_0.93.94-4ubuntu1.4_amd64.deb
      Size/MD5:  1068818 48621de47a78ad4561e216d0ee20fa56
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2_0.93.94-4ubuntu1.4_amd64.deb
      Size/MD5:   743454 8ea85ba224c678b5052aa8fe8535bae9

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/l/lesstif1-1/lesstif-bin_0.93.94-4ubuntu1.4_i386.deb
      Size/MD5:   159652 ca7bc02a28b971ad8c5aab26213bba88
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif-dev_0.93.94-4ubuntu1.4_i386.deb
      Size/MD5:   805232 89e719ca3265064bc7bf4614766d7407
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1_0.93.94-4ubuntu1.4_i386.deb
      Size/MD5:   599756 860536eae168c35c97ef6f5a880bf002
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2-dev_0.93.94-4ubuntu1.4_i386.deb
      Size/MD5:   934130 0ac40da1c5dc9e774df200bf51eedbf7
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2_0.93.94-4ubuntu1.4_i386.deb
      Size/MD5:   674398 44dd744e49359462acddb071c2dde808

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/l/lesstif1-1/lesstif-bin_0.93.94-4ubuntu1.4_powerpc.deb
      Size/MD5:   171920 180a779c3eb2783dfc4b882af996b8e5
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif-dev_0.93.94-4ubuntu1.4_powerpc.deb
      Size/MD5:   947886 e29147ec36b74014861eeb90a85f19c6
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1_0.93.94-4ubuntu1.4_powerpc.deb
      Size/MD5:   627706 fa9045896ab981aaf4b71759978d9129
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2-dev_0.93.94-4ubuntu1.4_powerpc.deb
      Size/MD5:  1094798 4112aa0f5cb26adc74430a8a6fe17343
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2_0.93.94-4ubuntu1.4_powerpc.deb
      Size/MD5:   706780 2fa548597283134ba0f7dd400f6c298e

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ