lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20051109182137.GA5011@piware.de>
Date: Wed, 9 Nov 2005 13:21:37 -0500
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-151-4] rpm vulnerability

===========================================================
Ubuntu Security Notice USN-151-4	  November 09, 2005
rpm vulnerability
CVE-2005-1849, CVE-2005-2096
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

lsb-rpm

The problem can be corrected by upgrading the affected package to
version 4.0.4-28ubuntu2.1 (for Ubuntu 4.10), 4.0.4-29ubuntu1.1 (for
Ubuntu 5.04), or 4.0.4-31ubuntu1.1 (for Ubuntu 5.10).  In general, a
standard system upgrade is sufficient to effect the necessary changes.

Details follow:

USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could
be exploited to cause Denial of Service attacks or even arbitrary code
execution with malicious data streams.

Since lsb-rpm is statically linked against the zlib library, it is also
affected by these issues. The updated packagages have been rebuilt
against the fixed zlib.

Please note that lsb-rpm is not officially supported (it is in the "universe"
component of the archive).


Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-28ubuntu2.1.diff.gz
      Size/MD5:   104152 3512e5a5982e80eec9c47097c1abcab0
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-28ubuntu2.1.dsc
      Size/MD5:      743 75a216bf04376b2965fdc6f421da9117
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4.orig.tar.gz
      Size/MD5:  5865692 b0c3093d2f0d850760e59ac1db9bf152

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-28ubuntu2.1_amd64.deb
      Size/MD5:   484306 8d65173dc64656d07670eb76ef50c48c
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-28ubuntu2.1_amd64.deb
      Size/MD5:   382618 ab876104c24d65d40a42f4464b2cc2a4
    http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-28ubuntu2.1_amd64.deb
      Size/MD5:   879240 1e904758215537cb71185114d2d2fdce
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-28ubuntu2.1_amd64.deb
      Size/MD5:   519706 be983d50f61cfd0260617aa1a5364686

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-28ubuntu2.1_i386.deb
      Size/MD5:   437176 6b366219315af863fbdaea691badc6e1
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-28ubuntu2.1_i386.deb
      Size/MD5:   359618 b395c5dc497897b59e64d389b0f06060
    http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-28ubuntu2.1_i386.deb
      Size/MD5:   815882 f4c442e7de8efd84c6f649debcd34200
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-28ubuntu2.1_i386.deb
      Size/MD5:   516424 a16cc0c0303275537df571a683b48c61

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-28ubuntu2.1_powerpc.deb
      Size/MD5:   509710 89a59a25b06bd82d9b279ce44bff12b5
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-28ubuntu2.1_powerpc.deb
      Size/MD5:   386056 3f02d5ed65df1a5924d0b58f61966e03
    http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-28ubuntu2.1_powerpc.deb
      Size/MD5:   906620 b81695bb99a459690415851b704016b8
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-28ubuntu2.1_powerpc.deb
      Size/MD5:   525366 8a6775242836a0ff0f031508a9b7f1f6

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-29ubuntu1.1.diff.gz
      Size/MD5:   104605 ded8ebf7a2e2f17f3c73eb761b2e688d
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-29ubuntu1.1.dsc
      Size/MD5:      743 6cc9d90aa7fc16b8f4b4bc0943e0999c
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4.orig.tar.gz
      Size/MD5:  5865692 b0c3093d2f0d850760e59ac1db9bf152

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-29ubuntu1.1_amd64.deb
      Size/MD5:   484510 031b93a22f11539c77bdde4c7a7fd942
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-29ubuntu1.1_amd64.deb
      Size/MD5:   382960 f3d2183092c18d4d955dc9f47b8bfd85
    http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-29ubuntu1.1_amd64.deb
      Size/MD5:   917666 fbed813e6386fb855bad364297231dcd
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-29ubuntu1.1_amd64.deb
      Size/MD5:   246620 0d4597422332fe23e596e6843399d5a2

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-29ubuntu1.1_i386.deb
      Size/MD5:   437506 c9d45c2c612849165cb24c4a696b2d99
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-29ubuntu1.1_i386.deb
      Size/MD5:   360084 62ff35425b9a1282faf601a8b6a42a46
    http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-29ubuntu1.1_i386.deb
      Size/MD5:   817326 f02954eba6d51835d4687ab8f201a94a
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-29ubuntu1.1_i386.deb
      Size/MD5:   242144 3aa62cae004a512e77e5400b4dcdad58

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-29ubuntu1.1_powerpc.deb
      Size/MD5:   510066 f1e4b85c2a191683779cc924713c6089
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-29ubuntu1.1_powerpc.deb
      Size/MD5:   386662 9ffd067e2f4909b51252fb821e18f918
    http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-29ubuntu1.1_powerpc.deb
      Size/MD5:   892954 d7aede34a0ed6bcc492bbfe264f23d08
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-29ubuntu1.1_powerpc.deb
      Size/MD5:   249702 0aa79e831af41fdf66149a03524ea95f

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-31ubuntu1.1.diff.gz
      Size/MD5:   105623 8e2337bba9b6c8c027bdb68eb75aafc0
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-31ubuntu1.1.dsc
      Size/MD5:      794 d33a163ca10c82c64617b746fb477317
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4.orig.tar.gz
      Size/MD5:  5865692 b0c3093d2f0d850760e59ac1db9bf152

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-31ubuntu1.1_amd64.deb
      Size/MD5:   495044 c31549b7e13a14e0893188bf6cb2f6c9
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-31ubuntu1.1_amd64.deb
      Size/MD5:   394174 c7c3a20b9e7fbb06a289db6f364fd6a6
    http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-31ubuntu1.1_amd64.deb
      Size/MD5:   983332 f33776b4ce3d03ef05df2ce3c0506189
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-31ubuntu1.1_amd64.deb
      Size/MD5:   246344 218b855da8afb60b9cb0b8c080593820

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-31ubuntu1.1_i386.deb
      Size/MD5:   437468 303a7fcf82954da89bd2cee396ce6ba6
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-31ubuntu1.1_i386.deb
      Size/MD5:   362410 35532ce8b4cdcdce6ae2408bda1384fa
    http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-31ubuntu1.1_i386.deb
      Size/MD5:   841566 88c9fa9c782451462f2d2b94d8b73431
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-31ubuntu1.1_i386.deb
      Size/MD5:   242302 a6fc5dd5819b6f76431e32e095d9e971

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-31ubuntu1.1_powerpc.deb
      Size/MD5:   505094 82125d87ee950a5445d123cc487513df
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-31ubuntu1.1_powerpc.deb
      Size/MD5:   385584 6871ddddccc683c0e2c37aec8426850b
    http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-31ubuntu1.1_powerpc.deb
      Size/MD5:  1015290 c34ad68589b0eebaba5b99c6f1ee95f5
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-31ubuntu1.1_powerpc.deb
      Size/MD5:   250512 dcea419a1d0640e65d4889d392b8353e

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ