[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20051109182137.GA5011@piware.de>
Date: Wed, 9 Nov 2005 13:21:37 -0500
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-151-4] rpm vulnerability
===========================================================
Ubuntu Security Notice USN-151-4 November 09, 2005
rpm vulnerability
CVE-2005-1849, CVE-2005-2096
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
lsb-rpm
The problem can be corrected by upgrading the affected package to
version 4.0.4-28ubuntu2.1 (for Ubuntu 4.10), 4.0.4-29ubuntu1.1 (for
Ubuntu 5.04), or 4.0.4-31ubuntu1.1 (for Ubuntu 5.10). In general, a
standard system upgrade is sufficient to effect the necessary changes.
Details follow:
USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could
be exploited to cause Denial of Service attacks or even arbitrary code
execution with malicious data streams.
Since lsb-rpm is statically linked against the zlib library, it is also
affected by these issues. The updated packagages have been rebuilt
against the fixed zlib.
Please note that lsb-rpm is not officially supported (it is in the "universe"
component of the archive).
Updated packages for Ubuntu 4.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-28ubuntu2.1.diff.gz
Size/MD5: 104152 3512e5a5982e80eec9c47097c1abcab0
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-28ubuntu2.1.dsc
Size/MD5: 743 75a216bf04376b2965fdc6f421da9117
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4.orig.tar.gz
Size/MD5: 5865692 b0c3093d2f0d850760e59ac1db9bf152
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-28ubuntu2.1_amd64.deb
Size/MD5: 484306 8d65173dc64656d07670eb76ef50c48c
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-28ubuntu2.1_amd64.deb
Size/MD5: 382618 ab876104c24d65d40a42f4464b2cc2a4
http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-28ubuntu2.1_amd64.deb
Size/MD5: 879240 1e904758215537cb71185114d2d2fdce
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-28ubuntu2.1_amd64.deb
Size/MD5: 519706 be983d50f61cfd0260617aa1a5364686
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-28ubuntu2.1_i386.deb
Size/MD5: 437176 6b366219315af863fbdaea691badc6e1
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-28ubuntu2.1_i386.deb
Size/MD5: 359618 b395c5dc497897b59e64d389b0f06060
http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-28ubuntu2.1_i386.deb
Size/MD5: 815882 f4c442e7de8efd84c6f649debcd34200
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-28ubuntu2.1_i386.deb
Size/MD5: 516424 a16cc0c0303275537df571a683b48c61
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-28ubuntu2.1_powerpc.deb
Size/MD5: 509710 89a59a25b06bd82d9b279ce44bff12b5
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-28ubuntu2.1_powerpc.deb
Size/MD5: 386056 3f02d5ed65df1a5924d0b58f61966e03
http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-28ubuntu2.1_powerpc.deb
Size/MD5: 906620 b81695bb99a459690415851b704016b8
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-28ubuntu2.1_powerpc.deb
Size/MD5: 525366 8a6775242836a0ff0f031508a9b7f1f6
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-29ubuntu1.1.diff.gz
Size/MD5: 104605 ded8ebf7a2e2f17f3c73eb761b2e688d
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-29ubuntu1.1.dsc
Size/MD5: 743 6cc9d90aa7fc16b8f4b4bc0943e0999c
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4.orig.tar.gz
Size/MD5: 5865692 b0c3093d2f0d850760e59ac1db9bf152
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-29ubuntu1.1_amd64.deb
Size/MD5: 484510 031b93a22f11539c77bdde4c7a7fd942
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-29ubuntu1.1_amd64.deb
Size/MD5: 382960 f3d2183092c18d4d955dc9f47b8bfd85
http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-29ubuntu1.1_amd64.deb
Size/MD5: 917666 fbed813e6386fb855bad364297231dcd
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-29ubuntu1.1_amd64.deb
Size/MD5: 246620 0d4597422332fe23e596e6843399d5a2
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-29ubuntu1.1_i386.deb
Size/MD5: 437506 c9d45c2c612849165cb24c4a696b2d99
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-29ubuntu1.1_i386.deb
Size/MD5: 360084 62ff35425b9a1282faf601a8b6a42a46
http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-29ubuntu1.1_i386.deb
Size/MD5: 817326 f02954eba6d51835d4687ab8f201a94a
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-29ubuntu1.1_i386.deb
Size/MD5: 242144 3aa62cae004a512e77e5400b4dcdad58
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-29ubuntu1.1_powerpc.deb
Size/MD5: 510066 f1e4b85c2a191683779cc924713c6089
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-29ubuntu1.1_powerpc.deb
Size/MD5: 386662 9ffd067e2f4909b51252fb821e18f918
http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-29ubuntu1.1_powerpc.deb
Size/MD5: 892954 d7aede34a0ed6bcc492bbfe264f23d08
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-29ubuntu1.1_powerpc.deb
Size/MD5: 249702 0aa79e831af41fdf66149a03524ea95f
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-31ubuntu1.1.diff.gz
Size/MD5: 105623 8e2337bba9b6c8c027bdb68eb75aafc0
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-31ubuntu1.1.dsc
Size/MD5: 794 d33a163ca10c82c64617b746fb477317
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4.orig.tar.gz
Size/MD5: 5865692 b0c3093d2f0d850760e59ac1db9bf152
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-31ubuntu1.1_amd64.deb
Size/MD5: 495044 c31549b7e13a14e0893188bf6cb2f6c9
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-31ubuntu1.1_amd64.deb
Size/MD5: 394174 c7c3a20b9e7fbb06a289db6f364fd6a6
http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-31ubuntu1.1_amd64.deb
Size/MD5: 983332 f33776b4ce3d03ef05df2ce3c0506189
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-31ubuntu1.1_amd64.deb
Size/MD5: 246344 218b855da8afb60b9cb0b8c080593820
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-31ubuntu1.1_i386.deb
Size/MD5: 437468 303a7fcf82954da89bd2cee396ce6ba6
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-31ubuntu1.1_i386.deb
Size/MD5: 362410 35532ce8b4cdcdce6ae2408bda1384fa
http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-31ubuntu1.1_i386.deb
Size/MD5: 841566 88c9fa9c782451462f2d2b94d8b73431
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-31ubuntu1.1_i386.deb
Size/MD5: 242302 a6fc5dd5819b6f76431e32e095d9e971
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-31ubuntu1.1_powerpc.deb
Size/MD5: 505094 82125d87ee950a5445d123cc487513df
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-31ubuntu1.1_powerpc.deb
Size/MD5: 385584 6871ddddccc683c0e2c37aec8426850b
http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-31ubuntu1.1_powerpc.deb
Size/MD5: 1015290 c34ad68589b0eebaba5b99c6f1ee95f5
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-31ubuntu1.1_powerpc.deb
Size/MD5: 250512 dcea419a1d0640e65d4889d392b8353e
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists