[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20091005213438.GP7496@outflux.net>
Date: Mon, 5 Oct 2009 14:34:38 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-841-1] GLib vulnerability
===========================================================
Ubuntu Security Notice USN-841-1 October 05, 2009
glib2.0 vulnerability
CVE-2009-3289
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
libglib2.0-0 2.16.6-0ubuntu1.2
Ubuntu 8.10:
libglib2.0-0 2.18.2-0ubuntu2.2
Ubuntu 9.04:
libglib2.0-0 2.20.1-0ubuntu2.1
After a standard system upgrade you need to restart your session to effect
the necessary changes.
Details follow:
Arand Nash discovered that applications linked to GLib (e.g. Nautilus)
did not correctly copy symlinks. If a user copied symlinks with GLib,
the symlink target files would become world-writable, allowing local
attackers to gain access to potentially sensitive information.
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.16.6-0ubuntu1.2.diff.gz
Size/MD5: 36482 5a747f19839228824de8b801306697b1
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.16.6-0ubuntu1.2.dsc
Size/MD5: 1168 b073d48a3ef03f58d58a647ba6bc5152
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.16.6.orig.tar.gz
Size/MD5: 6491460 65c594a471406a377bee8171a2ea43d4
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-doc_2.16.6-0ubuntu1.2_all.deb
Size/MD5: 1131446 3554e3c1d7ff9e967b2a70118ed269d0
http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-data_2.16.6-0ubuntu1.2_all.deb
Size/MD5: 968 8b2ba86fa2ce1c1ce6f87449a29ba398
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-0ubuntu1.2_amd64.deb
Size/MD5: 1177628 74b9bb38332276d8f27e84a2a989923c
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.16.6-0ubuntu1.2_amd64.deb
Size/MD5: 824766 5d60a5bbee4bb5f5a503cf17b6b968d8
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.16.6-0ubuntu1.2_amd64.deb
Size/MD5: 985446 30a551102c0dc05911b28d18f09094e2
http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libgio-fam_2.16.6-0ubuntu1.2_amd64.deb
Size/MD5: 48396 5fbd8935fc8cdfbc87ddee9dd5ea906e
http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-udeb_2.16.6-0ubuntu1.2_amd64.udeb
Size/MD5: 1307488 0e797f76924ae31a0a54f596207c1c18
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-0ubuntu1.2_i386.deb
Size/MD5: 1102278 322adce90ad9052eb05e97acb2bb3aed
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.16.6-0ubuntu1.2_i386.deb
Size/MD5: 758442 d60d1a00d850acc2bf29301d2e708c94
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.16.6-0ubuntu1.2_i386.deb
Size/MD5: 872458 21872fd8706eccc3260906e9e18b81f6
http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libgio-fam_2.16.6-0ubuntu1.2_i386.deb
Size/MD5: 46706 5e4456b1527efd940e01c7aca7c65072
http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-udeb_2.16.6-0ubuntu1.2_i386.udeb
Size/MD5: 1241052 ca6659a5062d06e9f95a794d25aa0bec
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-0ubuntu1.2_lpia.deb
Size/MD5: 1126498 a8cf538453e395b610fd43a0e1d3995c
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.16.6-0ubuntu1.2_lpia.deb
Size/MD5: 749728 b8ab5b52627b33a02dc628518f6e8cc1
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.16.6-0ubuntu1.2_lpia.deb
Size/MD5: 866292 d24055f7c9b3c22743b23b1db647f8c8
http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.16.6-0ubuntu1.2_lpia.deb
Size/MD5: 46612 7b5d6df79a5cc8a2a776b0c67b30a889
http://ports.ubuntu.com/pool/universe/g/glib2.0/libglib2.0-udeb_2.16.6-0ubuntu1.2_lpia.udeb
Size/MD5: 1232302 fafbeb120762dfb6b82d401106729d21
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-0ubuntu1.2_powerpc.deb
Size/MD5: 1166088 050d4dd8978470c1093993d6c90e596a
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.16.6-0ubuntu1.2_powerpc.deb
Size/MD5: 825162 ecffe44dd39ccfd545503ca4a71fa7e0
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.16.6-0ubuntu1.2_powerpc.deb
Size/MD5: 1033488 700541c029701259dd63002d839e6b58
http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.16.6-0ubuntu1.2_powerpc.deb
Size/MD5: 48212 365fa4ae6a0d78604327e3512fffb461
http://ports.ubuntu.com/pool/universe/g/glib2.0/libglib2.0-udeb_2.16.6-0ubuntu1.2_powerpc.udeb
Size/MD5: 1307814 dd8adeb8031b2bf15835c3c6ab294867
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-0ubuntu1.2_sparc.deb
Size/MD5: 1031494 f32564a7f6e9690edacbf0f780cef5eb
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.16.6-0ubuntu1.2_sparc.deb
Size/MD5: 781614 be1710dc92c6743fa361e5e3e09b1ef9
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.16.6-0ubuntu1.2_sparc.deb
Size/MD5: 954028 d0096984a450e243d3000477eb57fc68
http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.16.6-0ubuntu1.2_sparc.deb
Size/MD5: 47426 adb02e18065700850fc14681a73ad940
http://ports.ubuntu.com/pool/universe/g/glib2.0/libglib2.0-udeb_2.16.6-0ubuntu1.2_sparc.udeb
Size/MD5: 1264164 2721162b1d7cb0a32ab3ba614d1be5c9
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.18.2-0ubuntu2.2.diff.gz
Size/MD5: 35443 73649aa00b9d205898ae59e370fd9e9d
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.18.2-0ubuntu2.2.dsc
Size/MD5: 1590 a926c661d9c479a13a4411142bbf3c72
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.18.2.orig.tar.gz
Size/MD5: 6792476 0f2bf241fc93d95a0bd599a9c2a352ca
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-data_2.18.2-0ubuntu2.2_all.deb
Size/MD5: 958 99a3c187fb42b5474cbd9084bd0030d0
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-doc_2.18.2-0ubuntu2.2_all.deb
Size/MD5: 1152092 f2fe37185e9baeb1053d679532b8b065
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.18.2-0ubuntu2.2_amd64.deb
Size/MD5: 1248558 0e994c01e40a02dca07eb3e97dbc18bb
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.18.2-0ubuntu2.2_amd64.deb
Size/MD5: 842792 4b0ac82667ecef56cc860beccdee293e
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.18.2-0ubuntu2.2_amd64.deb
Size/MD5: 1027690 ab9170d2e4e7a59cbacda17f4cd26a83
http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libgio-fam_2.18.2-0ubuntu2.2_amd64.deb
Size/MD5: 44238 f554baa4009cb2f94d3a772b61588a66
http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-udeb_2.18.2-0ubuntu2.2_amd64.udeb
Size/MD5: 1401396 b03b104e47ef33b7dc39dcdeaf19be90
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.18.2-0ubuntu2.2_i386.deb
Size/MD5: 1173950 6fca09b423847cd228c54bfb2cae0b8f
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.18.2-0ubuntu2.2_i386.deb
Size/MD5: 771386 59fc2f39bf44711d3f71e931fac145d9
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.18.2-0ubuntu2.2_i386.deb
Size/MD5: 910734 5b6b4f5f29cfdd0bc10feea8568fdc99
http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libgio-fam_2.18.2-0ubuntu2.2_i386.deb
Size/MD5: 42770 2fc72afdfb182c5d98a6025c9781d50c
http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-udeb_2.18.2-0ubuntu2.2_i386.udeb
Size/MD5: 1330248 b35f040211be097dde97b42cfb670434
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.18.2-0ubuntu2.2_lpia.deb
Size/MD5: 1195246 1e0c8d42046bb26ca77faf7f33e273c3
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.18.2-0ubuntu2.2_lpia.deb
Size/MD5: 760718 e2715639702d39739133dc050359afe3
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.18.2-0ubuntu2.2_lpia.deb
Size/MD5: 901700 0ef039e50122f10423ef12cf0983541c
http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.18.2-0ubuntu2.2_lpia.deb
Size/MD5: 42636 b958b2a50e892a45c950ad2b85a935b0
http://ports.ubuntu.com/pool/universe/g/glib2.0/libglib2.0-udeb_2.18.2-0ubuntu2.2_lpia.udeb
Size/MD5: 1319542 25ac302084e325749e0b9fc1b4c7f0b3
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.18.2-0ubuntu2.2_powerpc.deb
Size/MD5: 1237952 1e714a4b235f51b8d36a458878fbe093
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.18.2-0ubuntu2.2_powerpc.deb
Size/MD5: 845898 458dd666f452eb766156fbf3c6dad720
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.18.2-0ubuntu2.2_powerpc.deb
Size/MD5: 1079876 8e0767a4ab92de24c1616ed8f4d528d3
http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.18.2-0ubuntu2.2_powerpc.deb
Size/MD5: 44050 45fe62276a6a3b92281969762601f78f
http://ports.ubuntu.com/pool/universe/g/glib2.0/libglib2.0-udeb_2.18.2-0ubuntu2.2_powerpc.udeb
Size/MD5: 1404280 9cb23943f8aa9e63e80fe489caecca64
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.18.2-0ubuntu2.2_sparc.deb
Size/MD5: 1077380 058daceb636ddcd10164358265cb24ff
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.18.2-0ubuntu2.2_sparc.deb
Size/MD5: 791034 83ee279d3e7824d6d39a2adfed996787
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.18.2-0ubuntu2.2_sparc.deb
Size/MD5: 985278 cef0af3b99bf2da441e416e0b14e8352
http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.18.2-0ubuntu2.2_sparc.deb
Size/MD5: 43316 928da79d94b2fe648ae0eb8b88e0b91d
http://ports.ubuntu.com/pool/universe/g/glib2.0/libglib2.0-udeb_2.18.2-0ubuntu2.2_sparc.udeb
Size/MD5: 1349944 9cb36ac4a77838ba835e4054ebc8006a
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.20.1-0ubuntu2.1.diff.gz
Size/MD5: 37116 868528ad6cb52e2d44545af18fc1ce68
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.20.1-0ubuntu2.1.dsc
Size/MD5: 1787 da3e90ca36741d5707fecf76e8721f5a
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.20.1.orig.tar.gz
Size/MD5: 7130990 855be1b668ceaec3320c702212c95638
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-data_2.20.1-0ubuntu2.1_all.deb
Size/MD5: 988 a45364a2d8509221d95b1ad8c1b06dd8
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-doc_2.20.1-0ubuntu2.1_all.deb
Size/MD5: 1173566 392137fd234e3b18599cd83cc23de82e
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.20.1-0ubuntu2.1_amd64.deb
Size/MD5: 1267456 ac0577ab5b91c87f538fe4c51e37dc4b
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.20.1-0ubuntu2.1_amd64.deb
Size/MD5: 848734 d593e59a3c013ee23dc4abf59a24b4f3
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.20.1-0ubuntu2.1_amd64.deb
Size/MD5: 1045830 b1453c6d591e7c9bcf321cb01c9b2c1c
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-udeb_2.20.1-0ubuntu2.1_amd64.udeb
Size/MD5: 1474384 b2239443a6a9a7ff36a7fdfe2e73c668
http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libgio-fam_2.20.1-0ubuntu2.1_amd64.deb
Size/MD5: 34548 47a0ab55b3eb9f7b52c9527f81e963a9
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.20.1-0ubuntu2.1_i386.deb
Size/MD5: 1191820 a0b07904592f136ad4ee93a8948da580
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.20.1-0ubuntu2.1_i386.deb
Size/MD5: 777212 4b21124cbefa06dfab88a4d7891db90b
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.20.1-0ubuntu2.1_i386.deb
Size/MD5: 927792 3f55a23af4269bf4f194b48a784b0b25
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-udeb_2.20.1-0ubuntu2.1_i386.udeb
Size/MD5: 1403190 e685faa392ba17bf58f764336a28f5f7
http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libgio-fam_2.20.1-0ubuntu2.1_i386.deb
Size/MD5: 33190 e3db9d13b73405a007d425a2c1c2df1e
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.20.1-0ubuntu2.1_lpia.deb
Size/MD5: 1210906 9036b0463ab9702f87b5d4a6ff2ea0bb
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.20.1-0ubuntu2.1_lpia.deb
Size/MD5: 765332 e24d23f1ed35765d084cb3324b2993a7
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.20.1-0ubuntu2.1_lpia.deb
Size/MD5: 917694 3d04fe7b5635311d9f5ad51d09995777
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-udeb_2.20.1-0ubuntu2.1_lpia.udeb
Size/MD5: 1391182 f2f71f14300d89635fb2b739a44f6132
http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.20.1-0ubuntu2.1_lpia.deb
Size/MD5: 33072 fd27bbd1ef6586b26259164104d1c132
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.20.1-0ubuntu2.1_powerpc.deb
Size/MD5: 1255082 55cc71be24c6a43187d3997ca8b2fcba
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.20.1-0ubuntu2.1_powerpc.deb
Size/MD5: 853460 35e80083e1c62411d92855e6d75f864e
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.20.1-0ubuntu2.1_powerpc.deb
Size/MD5: 1101358 6cd274b60f52dd837e8ce2f2281e8060
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-udeb_2.20.1-0ubuntu2.1_powerpc.udeb
Size/MD5: 1478758 a1430354b79feadb28d8113681337d63
http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.20.1-0ubuntu2.1_powerpc.deb
Size/MD5: 34664 084bfefc579f5bd8edef02cdbd1d667b
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.20.1-0ubuntu2.1_sparc.deb
Size/MD5: 1090202 9fcf2e1a5176ad1b9b694d59d826e588
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.20.1-0ubuntu2.1_sparc.deb
Size/MD5: 797802 367f79748bd2021b0da5935a7f522750
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.20.1-0ubuntu2.1_sparc.deb
Size/MD5: 1003874 80701dd1515c302b4c73f71265cdfe39
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-udeb_2.20.1-0ubuntu2.1_sparc.udeb
Size/MD5: 1423862 8f042b442ac55ddfb3b2935363bcd58a
http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.20.1-0ubuntu2.1_sparc.deb
Size/MD5: 33802 1ccc2b53c8127c0fa4b4f91859f9ae7d
Download attachment "signature.asc" of type "application/pgp-signature" (236 bytes)
Powered by blists - more mailing lists