lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050307200825.GA25715@box79162.elkhouse.de>
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-92-1] LessTif vulnerabilities

===========================================================
Ubuntu Security Notice USN-92-1		     March 07, 2005
lesstif1-1 vulnerabilities
CAN-2005-0605
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

lesstif1
lesstif2

The problem can be corrected by upgrading the affected package to
version 1:0.93.94-4ubuntu1.3.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Several vulnerabilities have been found in the XPM image decoding
functions of the LessTif library. If an attacker tricked a user into
loading a malicious XPM image with an application that uses LessTif,
he could exploit this to execute arbitrary code in the context of the
user opening the image.

Ubuntu does not contain any server applications using LessTif, so
there is no possibility of privilege escalation.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1-1_0.93.94-4ubuntu1.3.diff.gz
      Size/MD5:   106559 10390280498a19d8bedcf41c3ad075b6
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1-1_0.93.94-4ubuntu1.3.dsc
      Size/MD5:      864 ef7eb1b1a2351d703c9d472e147d6b45
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1-1_0.93.94.orig.tar.gz
      Size/MD5:  4862623 9eb87b5470333ccb31425a47d24f5a96

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif-doc_0.93.94-4ubuntu1.3_all.deb
      Size/MD5:   342218 50dba994fe17e5f253c3b44e3bdb493a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/l/lesstif1-1/lesstif-bin_0.93.94-4ubuntu1.3_amd64.deb
      Size/MD5:   176958 845526d2d517b5d43722d32f7b4f96d9
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif-dev_0.93.94-4ubuntu1.3_amd64.deb
      Size/MD5:   917352 bc37061d1a23c0f9e50631e370c6e02a
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1_0.93.94-4ubuntu1.3_amd64.deb
      Size/MD5:   660772 ab61d20f4cad00783adc89eb2e5ad05d
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2-dev_0.93.94-4ubuntu1.3_amd64.deb
      Size/MD5:  1068764 22057fe13cf32c6824b80b1aca8582f8
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2_0.93.94-4ubuntu1.3_amd64.deb
      Size/MD5:   743410 8307888562686c76a7584a437634455e

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/l/lesstif1-1/lesstif-bin_0.93.94-4ubuntu1.3_i386.deb
      Size/MD5:   159596 215b85f45344b66cd9e621b651dae399
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif-dev_0.93.94-4ubuntu1.3_i386.deb
      Size/MD5:   803756 43a39b02e359fc7eba44a2acc651d77f
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1_0.93.94-4ubuntu1.3_i386.deb
      Size/MD5:   598112 fa697d9c1b794e6b5d4f98c3c445695d
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2-dev_0.93.94-4ubuntu1.3_i386.deb
      Size/MD5:   934076 c3404cb03872cd7ad7ed71b734f74f0e
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2_0.93.94-4ubuntu1.3_i386.deb
      Size/MD5:   674350 22c7ce01cf8ee09172d25d494470e6ae

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/l/lesstif1-1/lesstif-bin_0.93.94-4ubuntu1.3_powerpc.deb
      Size/MD5:   171868 4c2102527ad30213dcb759caae0b42db
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif-dev_0.93.94-4ubuntu1.3_powerpc.deb
      Size/MD5:   946186 97efaff3cb3f0c558a65ddff84441d48
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1_0.93.94-4ubuntu1.3_powerpc.deb
      Size/MD5:   626094 7307c73f4fbc10560da35f87ba11ccf3
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2-dev_0.93.94-4ubuntu1.3_powerpc.deb
      Size/MD5:  1094772 0fc4e231e5e9d032065c80b997bc5562
    http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2_0.93.94-4ubuntu1.3_powerpc.deb
      Size/MD5:   706738 d2a53253e733c907eb48d3640024c47a
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050307/af774b6d/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ