lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070507145929.GL20826@outflux.net>
Date: Mon, 7 May 2007 07:59:29 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-457-1] elinks vulnerability

=========================================================== 
Ubuntu Security Notice USN-457-1               May 07, 2007
elinks vulnerability
CVE-2007-2027
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  elinks                                   0.10.6-1ubuntu3.1

Ubuntu 6.10:
  elinks                                   0.11.1-1ubuntu2.1

Ubuntu 7.04:
  elinks                                   0.11.1-1.2ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Arnaud Giersch discovered that elinks incorrectly attempted to load 
gettext catalogs from a relative path.  If a user were tricked into 
running elinks from a specific directory, a local attacker could execute 
code with user privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ubuntu3.1.diff.gz
      Size/MD5:    28603 0b577b8bc6a3103935c52313a495a954
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ubuntu3.1.dsc
      Size/MD5:      738 0346748aaf2922418ec4dfe02e05c402
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6.orig.tar.gz
      Size/MD5:  3651428 0243203b9e54cf0cf002fca31244ce79

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.10.6-1ubuntu3.1_amd64.deb
      Size/MD5:   732216 d65ba4e4120fd88105adbc628a035a6f
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ubuntu3.1_amd64.deb
      Size/MD5:   906586 c3e80e8bd41f6d80c808042ed5cc1dbe

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.10.6-1ubuntu3.1_i386.deb
      Size/MD5:   682826 3b0209a4be268773185eef2d84c9e5b8
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ubuntu3.1_i386.deb
      Size/MD5:   845256 8ff10117a0c6db4c2ef0eab9b3bf5d12

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.10.6-1ubuntu3.1_powerpc.deb
      Size/MD5:   720792 e7a37e565245b54369375f92ed27ffb6
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ubuntu3.1_powerpc.deb
      Size/MD5:   889754 d52e3c0396583d7cbeae247a38103bf7

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.10.6-1ubuntu3.1_sparc.deb
      Size/MD5:   697444 f772ddcb471071477319b3b215608761
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ubuntu3.1_sparc.deb
      Size/MD5:   862440 0068be4d0c31e5c2ff9f46b8a6be801d

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ubuntu2.1.diff.gz
      Size/MD5:    28019 0d1b17d1b227466a560b0339df296dbc
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ubuntu2.1.dsc
      Size/MD5:      747 1e2a390cbc0823d457526485d1ca6ea5
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1.orig.tar.gz
      Size/MD5:  3863617 dce0fa7cb2b6e7194ddd00e34825218b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.11.1-1ubuntu2.1_amd64.deb
      Size/MD5:   460190 b950f302e8d80c25a65d6a089f3decd1
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ubuntu2.1_amd64.deb
      Size/MD5:   663668 de6d149b63992cb82358dd6fa4af10fe

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.11.1-1ubuntu2.1_i386.deb
      Size/MD5:   418540 c1fa34ff7a666af59c870cf6f97630e3
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ubuntu2.1_i386.deb
      Size/MD5:   621394 84a5bb5d26fada7ee6b9339e0b482895

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.11.1-1ubuntu2.1_powerpc.deb
      Size/MD5:   453056 26a74199993524ba5e340327eed6b614
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ubuntu2.1_powerpc.deb
      Size/MD5:   656246 3f9124e00688cca093ac6c8774d5e435

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.11.1-1ubuntu2.1_sparc.deb
      Size/MD5:   420584 74fb042c9fad6c10a9a3e2f6319b6b2e
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ubuntu2.1_sparc.deb
      Size/MD5:   622998 0bc6cf62c301a3604650c43a79710af9

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1.2ubuntu2.1.diff.gz
      Size/MD5:    28210 bbeba395c87822c7321705240db4111f
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1.2ubuntu2.1.dsc
      Size/MD5:      835 1ea4932dbbca4cc35be5c09c4c30b4a5
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1.orig.tar.gz
      Size/MD5:  3863617 dce0fa7cb2b6e7194ddd00e34825218b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.11.1-1.2ubuntu2.1_amd64.deb
      Size/MD5:   468628 6708c389f70a0357d98bb8cef8aa9a21
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1.2ubuntu2.1_amd64.deb
      Size/MD5:   667030 96db4f0809720d771667ccf46ab560bf

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.11.1-1.2ubuntu2.1_i386.deb
      Size/MD5:   424988 7935559185262ef203ae0fea05b938bd
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1.2ubuntu2.1_i386.deb
      Size/MD5:   625330 d67339cc55560497dd7c1d0d65d5c970

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.11.1-1.2ubuntu2.1_powerpc.deb
      Size/MD5:   462868 4335d0429e367f8910f475af2d851b2a
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1.2ubuntu2.1_powerpc.deb
      Size/MD5:   665126 e6be8d6ccfe1505991c1b83f10554b48

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.11.1-1.2ubuntu2.1_sparc.deb
      Size/MD5:   429848 b99d4994ed4b9617ba2c7340e09e5cb1
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1.2ubuntu2.1_sparc.deb
      Size/MD5:   630918 a40bbdb9d05e26f291d7c85b7e9a0d8f


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ