lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050517125840.GB10222@piware.de>
Date: Tue May 17 13:58:55 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-127-1] bzip2 vulnerabilities

===========================================================
Ubuntu Security Notice USN-127-1	       May 17, 2005
bzip2 vulnerabilities
CAN-2005-0953, CAN-2005-1260
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

bzip2
libbz2-1.0

The problem can be corrected by upgrading the affected package to
version 1.0.2-1ubuntu0.1 (for Ubuntu 4.10), or 1.0.2-2ubuntu0.1 (for
Ubuntu 5.04).  In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

Imran Ghory discovered a race condition in the file permission restore
code of bunzip2. While a user was decompressing a file, a local
attacker with write permissions in the directory of that file could
replace the target file with a hard link. This would cause bzip2 to
restore the file permissions to the hard link target instead of to the
bzip2 output file, which could be exploited to gain read or even write
access to files of other users. (CAN-2005-0953)

Specially crafted bzip2 archives caused an infinite loop in the
decompressor which resulted in an indefinitively large output file
("decompression bomb"). This could be exploited to a Denial of Service
attack due to disk space exhaustion on systems which automatically
process user supplied bzip2 compressed files. (CAN-2005-1260)

Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.2-1ubuntu0.1.diff.gz
      Size/MD5:    11463 f41f690ff6fbab41b51f4bc74a94ccec
    http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.2-1ubuntu0.1.dsc
      Size/MD5:      582 35cc8d1071721389a1f15ca23c0b423f
    http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.2.orig.tar.gz
      Size/MD5:   665198 ee76864958d568677f03db8afad92beb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.2-1ubuntu0.1_amd64.deb
      Size/MD5:   231626 c1d7730fffe239921b5029bbcae76aac
    http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.2-1ubuntu0.1_amd64.deb
      Size/MD5:    36272 d4a9299e4b06726dc88a513ffd8ec55d
    http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.2-1ubuntu0.1_amd64.deb
      Size/MD5:    29898 4386a71c42656cf99b33baeb99e79b4c

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.2-1ubuntu0.1_i386.deb
      Size/MD5:   228992 8bd1ee063e22d07353a45781f2e66ce3
    http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.2-1ubuntu0.1_i386.deb
      Size/MD5:    37162 a09cbb601c062ed1c98a62aa6b174e27
    http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.2-1ubuntu0.1_i386.deb
      Size/MD5:    29260 8eeeebcecb057b94a1174a809d0d6038

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.2-1ubuntu0.1_powerpc.deb
      Size/MD5:   232182 0554e36432c93a0c3c1d92382ac79a6c
    http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.2-1ubuntu0.1_powerpc.deb
      Size/MD5:    41406 6e44800b5f55a65e100024c9f4b60d81
    http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.2-1ubuntu0.1_powerpc.deb
      Size/MD5:    33602 6127c224707e15755237526b62cc1264

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.2-2ubuntu0.1.diff.gz
      Size/MD5:    11648 ffa0f303e1b1138672df8af3ed61a36d
    http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.2-2ubuntu0.1.dsc
      Size/MD5:      605 038fc61ae3c6a5f1ca3e4b36db33f9b0
    http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.2.orig.tar.gz
      Size/MD5:   665198 ee76864958d568677f03db8afad92beb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.2-2ubuntu0.1_amd64.deb
      Size/MD5:   231960 70e59024cfde7094249c8db0d7762c50
    http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.2-2ubuntu0.1_amd64.deb
      Size/MD5:    36822 462dadc1b8dff11c045a45b295c2ca21
    http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.2-2ubuntu0.1_amd64.deb
      Size/MD5:    30270 026c8e240a2e0fcea47d532c209af032

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.2-2ubuntu0.1_i386.deb
      Size/MD5:   229180 a05a675282214a1c944eb6c90e0cc717
    http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.2-2ubuntu0.1_i386.deb
      Size/MD5:    37688 28d2f72a15e8d664aa8b2cb60fc58ca1
    http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.2-2ubuntu0.1_i386.deb
      Size/MD5:    29626 e42f8c47d203c668549c08d02faebe45

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.2-2ubuntu0.1_powerpc.deb
      Size/MD5:   232506 30a2fa79bd53c66c6678dd4d581bc0a6
    http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.2-2ubuntu0.1_powerpc.deb
      Size/MD5:    41972 90061fab66d20ccd3358988d8eda230f
    http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.2-2ubuntu0.1_powerpc.deb
      Size/MD5:    33968 4e8568f2f05a32a84268e5bc088185ef
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050517/503e6c53/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ