lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 23 Jan 2007 17:30:00 -0800
From: Kees Cook <>
Subject: [USN-412-1] GeoIP vulnerability

Ubuntu Security Notice USN-412-1           January 23, 2007
geoip vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  geoip-bin                                1.3.10-1ubuntu0.1

Ubuntu 6.06 LTS:
  geoip-bin                                1.3.14-2ubuntu0.1

Ubuntu 6.10:
  geoip-bin                                1.3.17-1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Dean Gaudet discovered that the GeoIP update tool did not validate the 
filename responses from the update server.  A malicious server, or 
man-in-the-middle system posing as a server, could write to arbitrary 
files with user privileges.

Updated packages for Ubuntu 5.10:

  Source archives:
      Size/MD5:    19361 1577a4756cbfcbc08fee1d6ab88df63c
      Size/MD5:      619 718ec1b30033bf8c552d0dec546cae84
      Size/MD5:   623578 617adbadc30525ed1b76bd85d2df0848

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:    21740 d82e390d020ae7f038972d1e93c7770b
      Size/MD5:    46110 39942b4693519b7e8163726f06938fa4
      Size/MD5:   442618 a5347051848d76f56f60cac3160d4133

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:    20480 5b54a91e89477e3c0b1c360235ce35ec
      Size/MD5:    44040 49d5b66ff34b12e0c927e64467878cbb
      Size/MD5:   439838 fcc414ff57cd78588d02f6a7c24b666f

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:    24108 3a17f77d1d50e6d8cb8ab04d094fcea9
      Size/MD5:    44786 8db0863a597193c3b8e0455fe38c1cd6
      Size/MD5:   444540 9769bd03d33543296cbd721bd3fd758b

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:    20914 aa9e3b039820f95c96555710223b1088
      Size/MD5:    44958 5aa013e81f5f505f2fb5acae3138e75b
      Size/MD5:   440072 c331d12a7f45e1f2467b8dccd13e70dc

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:    37644 fffce27f110b11f57ac1180483672245
      Size/MD5:      621 b27f07aad2bc0bc6249d345cf57a1b97
      Size/MD5:   676699 b0bb68858586e44b30539751c1c2eb72

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:    17250 25a504fbc7a804c6b2c9e9bb031d11fe
      Size/MD5:    48244 6540d56fa4091c3f5f0e097315e60068
      Size/MD5:   457716 60c072459d9c964acd028521e28a749d

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:    16696 a1d3b8d0a16b5d9fea8531232c41c8ee
      Size/MD5:    46362 b7312b4899edffba1b05c7845ba7175b
      Size/MD5:   455014 c1de51f98c8840450505d9955d2136cd

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:    19610 b259e96b0f7b6875771b4c4b513dc331
      Size/MD5:    47086 0789205be3acaf2f679116e413134fc0
      Size/MD5:   458658 39d545b4555018fb6cfcc00c2c30405c

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:    16890 b73477c481d785d917dff731a9039371
      Size/MD5:    47712 fdea5cabbd70f9af016514688b1a10f9
      Size/MD5:   455872 3dae362b3c420556c1b30b7dc3dc5827

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:    32292 88f5e421958604218e8fd28265f78ddc
      Size/MD5:      621 a4ad466ec23c97646dee1ebd3ff0085f
      Size/MD5:   777923 513c0a2e93179790c465206e70ddda74

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:    17652 2ee948b5c67f643f375431df37926db0
      Size/MD5:    48162 ecc9d206bf9e0db424afeb84df18ced7
      Size/MD5:   478240 6130b7c288bb9bf2a04d3a8f7d694b9e

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:    17106 a95144d6b85f7e494f772d35e44ffee3
      Size/MD5:    47452 fec7b87ac2baef74654373ffb54cc9e0
      Size/MD5:   476192 af001d792625ff40d7ea51e2bf688c88

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:    20126 5b336326b1754e61765f6b9b53647178
      Size/MD5:    47766 e3a67bbaae13a8d0f04a860c0526d775
      Size/MD5:   479884 e3c1da145ec64ebcb30f31864dfd7a2d

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:    17308 d0719e919c096d850e8e46cc8f6f6c61
      Size/MD5:    47464 14bc103daa37d153c931d2a005ad5d45
      Size/MD5:   475804 db29457bd10e259c16ff020c49513cab

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists