lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 11 Mar 2011 13:21:18 -0600
From: Micah Gersten <micah@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-1087-1] libvpx vulnerability

===========================================================
Ubuntu Security Notice USN-1087-1            March 11, 2011
libvpx vulnerability
CVE-2010-4489
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.10:
  libvpx0                         0.9.5-2~build0.10.10.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

Details follow:

Chris Evans discovered that libvpx did not properly perform bounds
checking. If an application using libvpx opened a specially crafted WebM
file, an attacker could cause a denial of service.


Updated packages for Ubuntu 10.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx_0.9.5-2~build0.10.10.1.debian.tar.gz
      Size/MD5:    11048 c115b3e109a4755efaa01e5b89c56d02
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx_0.9.5-2~build0.10.10.1.dsc
      Size/MD5:     1215 eb2437db5492a8eaabdcb066559ef9aa
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx_0.9.5.orig.tar.bz2
      Size/MD5:  1250422 4bf2f2c76700202c1fe9201fcb0680e3

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx-doc_0.9.5-2~build0.10.10.1_all.deb
      Size/MD5:   229474 84ca7bf3c8ec129cef1d3ffe883a46b7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx-dev_0.9.5-2~build0.10.10.1_amd64.deb
      Size/MD5:   335514 a225a5d9547d5790b2ce543757d94650
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx0-dbg_0.9.5-2~build0.10.10.1_amd64.deb
      Size/MD5:   543526 1896975be601150457a038df07564649
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx0_0.9.5-2~build0.10.10.1_amd64.deb
      Size/MD5:   258726 3afd9e92a7b3890261270f11077d0f49

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx-dev_0.9.5-2~build0.10.10.1_i386.deb
      Size/MD5:   315194 48ba93627e2e04f45a8fca9010468e0b
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx0-dbg_0.9.5-2~build0.10.10.1_i386.deb
      Size/MD5:   509944 dab7d1fea70f16345e99672ac1d6e1a4
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx0_0.9.5-2~build0.10.10.1_i386.deb
      Size/MD5:   236882 4924a55e7f167fc07d3e0b5be3923b3c

  armel architecture (ARM Architecture):

    http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx-dev_0.9.5-2~build0.10.10.1_armel.deb
      Size/MD5:   320462 c2a7da209a25abcd5b47526bd2517a21
    http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx0-dbg_0.9.5-2~build0.10.10.1_armel.deb
      Size/MD5:   483256 b4ba9b76bf8e86420ba47ae91134cf1c
    http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx0_0.9.5-2~build0.10.10.1_armel.deb
      Size/MD5:   260228 afd755c9ab8251adf8f53d302f1c3f63

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx-dev_0.9.5-2~build0.10.10.1_powerpc.deb
      Size/MD5:   314390 5049a1e59ba3de34ac6313a49bdd34e0
    http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx0-dbg_0.9.5-2~build0.10.10.1_powerpc.deb
      Size/MD5:   484516 16a277103707f8da64039387044edc55
    http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx0_0.9.5-2~build0.10.10.1_powerpc.deb
      Size/MD5:   249876 110c4e365f1e545f98bf4b5412a39044





Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists