lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20100331194101.GD11735@outflux.net>
Date: Wed, 31 Mar 2010 12:41:01 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-922-1] libnss-db vulnerability

===========================================================
Ubuntu Security Notice USN-922-1             March 31, 2010
libnss-db vulnerability
CVE-2010-0826
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  libnss-db                       2.2.3pre1-3ubuntu1.8.04.2

Ubuntu 8.10:
  libnss-db                       2.2.3pre1-3ubuntu1.8.10.2

Ubuntu 9.04:
  libnss-db                       2.2.3pre1-3ubuntu3.9.04.2

Ubuntu 9.10:
  libnss-db                       2.2.3pre1-3ubuntu3.9.10.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Stephane Chazelas discovered that libnss-db did not correctly set up a
database environment.  A local attacker could exploit this to read the
first line of arbitrary files, leading to a loss of privacy and possibly
privilege escalation.


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.04.2.diff.gz
      Size/MD5:   517634 340efc402c8b2f7326c3f16ab694d0df
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.04.2.dsc
      Size/MD5:     1022 69032365bd9f24e8a99cbc8d68eb415e
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1.orig.tar.gz
      Size/MD5:   235360 b4440ba2865d28e9068e465426c19ede

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.04.2_amd64.deb
      Size/MD5:    27790 5b4f1ca2abf0c63e88c1dc3ea9b2e862

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.04.2_i386.deb
      Size/MD5:    26078 333db9551f6d7b13a1c7e77abe8a8d64

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.04.2_lpia.deb
      Size/MD5:    25830 71fcfc9642e9d41f4023a481487a12e0

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.04.2_powerpc.deb
      Size/MD5:    29488 3526a671bc2f498945b630e2801a0120

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.04.2_sparc.deb
      Size/MD5:    25974 1d3286113878cd972956710285c28aef

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.10.2.diff.gz
      Size/MD5:   520678 30aa88974f0353eb151484fdb08221a7
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.10.2.dsc
      Size/MD5:     1454 3d5c2f0c417203490962f6993e07fc7a
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1.orig.tar.gz
      Size/MD5:   235360 b4440ba2865d28e9068e465426c19ede

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.10.2_amd64.deb
      Size/MD5:    27864 1f8814425488e56279bc3cafa98a344b

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.10.2_i386.deb
      Size/MD5:    26102 2a393ea3d246bdb80fb785ed9f385f08

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.10.2_lpia.deb
      Size/MD5:    26030 80e48bbb31ba51552a26eba264e2f3a0

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.10.2_powerpc.deb
      Size/MD5:    29406 3742ba8e8b62b4417ba6063511076dc7

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.10.2_sparc.deb
      Size/MD5:    26192 7fac30eec8b18445296530c21a0ac54e

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.04.2.diff.gz
      Size/MD5:   520796 8b8385951a229138681591fc6d9c066d
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.04.2.dsc
      Size/MD5:     1454 bd14227b2e022d15b27dc7376cb78b44
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1.orig.tar.gz
      Size/MD5:   235360 b4440ba2865d28e9068e465426c19ede

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.04.2_amd64.deb
      Size/MD5:    27994 4af7bd72b6cf6f8787f761e49bbda5f4

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.04.2_i386.deb
      Size/MD5:    26232 c97642d832eaf8f90b3d563434c9498d

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.04.2_lpia.deb
      Size/MD5:    26138 a38eedb037ba1eeb93ee0d4a35233869

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.04.2_powerpc.deb
      Size/MD5:    29550 b1fdb2c966e8e81425a5838ef043a26f

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.04.2_sparc.deb
      Size/MD5:    26250 e7a918fec55b148e9ff3d749e217387e

Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.10.2.diff.gz
      Size/MD5:   520798 8bfc7f33c0f7ced9ca4cc47c854c11e9
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.10.2.dsc
      Size/MD5:     1454 b79b2833b0c30cd92edb44513837e53c
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1.orig.tar.gz
      Size/MD5:   235360 b4440ba2865d28e9068e465426c19ede

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.10.2_amd64.deb
      Size/MD5:    28130 14a4238962ee33e44489d94e4dbfeddb

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.10.2_i386.deb
      Size/MD5:    26372 47716613b66e9ee0be23cc46f7493bf2

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.10.2_lpia.deb
      Size/MD5:    26130 93caa6343ce3d324b029b213ed95a257

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.10.2_powerpc.deb
      Size/MD5:    27488 e400c27ac8269da19c2e2c26253652d9

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.10.2_sparc.deb
      Size/MD5:    26234 0611d6a34a988914154ef6484e7472d5


Download attachment "signature.asc" of type "application/pgp-signature" (237 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ