lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050722164859.GA8434@piware.de>
Date: Fri Jul 22 17:49:07 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-151-2] zlib vulnerabilities

===========================================================
Ubuntu Security Notice USN-151-2	      July 22, 2005
dpkg, ia32-libs, amd64-libs vulnerabilities
CAN-2005-1849, CAN-2005-2096
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

amd64-libs
amd64-libs-dev
dpkg
dpkg-dev
dselect
ia32-libs
ia32-libs-dev

On Ubuntu 4.10, the problem can be corrected by upgrading the affected
package to version 0.5ubuntu2.1 (ia32-libs and ia32-libs-dev),
1.0ubuntu3.1 (amd64-libs and amd64-libs-dev), and 1.10.22ubuntu2.1
(dpkg, dpkg-dev, dpkg-doc and dselect).

On Ubuntu 5.04, the problem can be corrected by upgrading the affected
package to version 0.5ubuntu3.1 (ia32-libs and ia32-libs-dev),
1.1ubuntu0.1 (amd64-libs and amd64-libs-dev), and 1.10.27ubuntu1.1
(dpkg, dpkg-dev, dpkg-doc and dselect).  

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could
be exploited to cause Denial of Service attacks or even arbitrary code
execution with malicious data streams.

Most applications use the shared library provided by the "zlib1g"
package; however, some packages contain copies of the affected zlib
code, so they need to be upgraded as well.


Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/amd64-libs/amd64-libs_1.0ubuntu3.1.dsc
      Size/MD5:      566 597900edb4fcbc1f6b6bb844ec97c36f
    http://security.ubuntu.com/ubuntu/pool/main/a/amd64-libs/amd64-libs_1.0ubuntu3.1.tar.gz
      Size/MD5: 49207700 da5e4434540b089c37ecce6cd64daedb
    http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.22ubuntu2.1.dsc
      Size/MD5:      685 f28488761e95199837ac7e69d3fad589
    http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.22ubuntu2.1.tar.gz
      Size/MD5:  1724814 e66d889e3bad96722e235179a6be1a2d
    http://security.ubuntu.com/ubuntu/pool/main/i/ia32-libs/ia32-libs_0.5ubuntu2.1.dsc
      Size/MD5:      569 6708cdc169856401811296f4d1a0a577
    http://security.ubuntu.com/ubuntu/pool/main/i/ia32-libs/ia32-libs_0.5ubuntu2.1.tar.gz
      Size/MD5: 116066186 a90e9f2b245bffca461f8fb8564390e8

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.10.22ubuntu2.1_all.deb
      Size/MD5:   165928 de79b4016b3d513e48aadf5d133e5471
    http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-doc_1.10.22ubuntu2.1_all.deb
      Size/MD5:    10634 74e028be2ace14e94337eb4371b4185d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.22ubuntu2.1_amd64.deb
      Size/MD5:  1300476 85d20f6a8dcf63f214a09b4aa5189587
    http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.10.22ubuntu2.1_amd64.deb
      Size/MD5:   124242 ac29013f8aea0d158b803140f110bd2f
    http://security.ubuntu.com/ubuntu/pool/main/i/ia32-libs/ia32-libs-dev_0.5ubuntu2.1_amd64.deb
      Size/MD5:  2168452 b13960c23aceaf24ce34a5ca59dc15bf
    http://security.ubuntu.com/ubuntu/pool/main/i/ia32-libs/ia32-libs_0.5ubuntu2.1_amd64.deb
      Size/MD5:  7340220 2a1c4fbd03d40a5c1d5bcbb2fa38f6c2

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/a/amd64-libs/amd64-libs-dev_1.0ubuntu3.1_i386.deb
      Size/MD5: 18578394 e7de564f64d09a60ef01fca731dfb212
    http://security.ubuntu.com/ubuntu/pool/main/a/amd64-libs/amd64-libs_1.0ubuntu3.1_i386.deb
      Size/MD5:  4491436 9d68ffa8ebf723669dd736176b78d1ed
    http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.22ubuntu2.1_i386.deb
      Size/MD5:  1270512 9d0dea1f9a4859d044dbd3092db04941
    http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.10.22ubuntu2.1_i386.deb
      Size/MD5:   117126 4607019cfb6916086f368a703270cf3b

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.22ubuntu2.1_powerpc.deb
      Size/MD5:  1299160 8314f4a3a1385ea3b1cec4eac9c56b62
    http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.10.22ubuntu2.1_powerpc.deb
      Size/MD5:   125660 fe036e45cf73ad31e923ce8a7639b3bd

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/amd64-libs/amd64-libs_1.1ubuntu0.1.dsc
      Size/MD5:      559 6faab22d1f08ee941b9f7c77df4dee6b
    http://security.ubuntu.com/ubuntu/pool/main/a/amd64-libs/amd64-libs_1.1ubuntu0.1.tar.gz
      Size/MD5: 49205918 1782974f00a630deb7117ae2e65e1d3b
    http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.27ubuntu1.1.dsc
      Size/MD5:      756 7c2ceea00047dc018305a4e8c7b921b9
    http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.27ubuntu1.1.tar.gz
      Size/MD5:  2115640 4ad640f42b0a186e1cd11155fad4488e
    http://security.ubuntu.com/ubuntu/pool/main/i/ia32-libs/ia32-libs_0.5ubuntu3.1.dsc
      Size/MD5:      580 6c9abd5ab7ad0434731ac2bb42e9d4d5
    http://security.ubuntu.com/ubuntu/pool/main/i/ia32-libs/ia32-libs_0.5ubuntu3.1.tar.gz
      Size/MD5: 150314670 c49ebe0b41858f8b19438e48615a8ebd

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.10.27ubuntu1.1_all.deb
      Size/MD5:   166736 a4f4c32feb4e6a77378aaad2d3a2e8c7
    http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-doc_1.10.27ubuntu1.1_all.deb
      Size/MD5:    10610 12e8d712d0196aca0f8bd4ea01cb43c1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.27ubuntu1.1_amd64.deb
      Size/MD5:  1758074 3b1f6ed0624d1e51fba27a034cdef5c4
    http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.10.27ubuntu1.1_amd64.deb
      Size/MD5:   124312 1b1c95376c42a30b49b18f06fe932188
    http://security.ubuntu.com/ubuntu/pool/main/i/ia32-libs/ia32-libs-dev_0.5ubuntu3.1_amd64.deb
      Size/MD5:  2168448 e380e70fa36262325f2a64841460e8b5
    http://security.ubuntu.com/ubuntu/pool/main/i/ia32-libs/ia32-libs_0.5ubuntu3.1_amd64.deb
      Size/MD5:  7340126 1d950a66ec1b6a8f0bde791d62ae79c8

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/a/amd64-libs/amd64-libs-dev_1.1ubuntu0.1_i386.deb
      Size/MD5: 18578320 17b3cd5a7d9450b82117c4d4f4c6358a
    http://security.ubuntu.com/ubuntu/pool/main/a/amd64-libs/amd64-libs_1.1ubuntu0.1_i386.deb
      Size/MD5:  4491660 18409adee3747a554565a2f4ac883d52
    http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.27ubuntu1.1_i386.deb
      Size/MD5:  1726710 80786e07cb0a0d23e41929ea33e77580
    http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.10.27ubuntu1.1_i386.deb
      Size/MD5:   116966 35d53d10d6787a06596743325d52bf4a

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.27ubuntu1.1_powerpc.deb
      Size/MD5:  1762542 38296bfcd1e1ee1d426d38de9d682710
    http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.10.27ubuntu1.1_powerpc.deb
      Size/MD5:   125738 008f6431cc6919f46eae3b19b20be637
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050722/6d3132e5/attachment.bin

Powered by blists - more mailing lists