lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050722164859.GA8434@piware.de> Date: Fri Jul 22 17:49:07 2005 From: martin.pitt at canonical.com (Martin Pitt) Subject: [USN-151-2] zlib vulnerabilities =========================================================== Ubuntu Security Notice USN-151-2 July 22, 2005 dpkg, ia32-libs, amd64-libs vulnerabilities CAN-2005-1849, CAN-2005-2096 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: amd64-libs amd64-libs-dev dpkg dpkg-dev dselect ia32-libs ia32-libs-dev On Ubuntu 4.10, the problem can be corrected by upgrading the affected package to version 0.5ubuntu2.1 (ia32-libs and ia32-libs-dev), 1.0ubuntu3.1 (amd64-libs and amd64-libs-dev), and 1.10.22ubuntu2.1 (dpkg, dpkg-dev, dpkg-doc and dselect). On Ubuntu 5.04, the problem can be corrected by upgrading the affected package to version 0.5ubuntu3.1 (ia32-libs and ia32-libs-dev), 1.1ubuntu0.1 (amd64-libs and amd64-libs-dev), and 1.10.27ubuntu1.1 (dpkg, dpkg-dev, dpkg-doc and dselect). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Most applications use the shared library provided by the "zlib1g" package; however, some packages contain copies of the affected zlib code, so they need to be upgraded as well. Updated packages for Ubuntu 4.10 (Warty Warthog): Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/amd64-libs/amd64-libs_1.0ubuntu3.1.dsc Size/MD5: 566 597900edb4fcbc1f6b6bb844ec97c36f http://security.ubuntu.com/ubuntu/pool/main/a/amd64-libs/amd64-libs_1.0ubuntu3.1.tar.gz Size/MD5: 49207700 da5e4434540b089c37ecce6cd64daedb http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.22ubuntu2.1.dsc Size/MD5: 685 f28488761e95199837ac7e69d3fad589 http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.22ubuntu2.1.tar.gz Size/MD5: 1724814 e66d889e3bad96722e235179a6be1a2d http://security.ubuntu.com/ubuntu/pool/main/i/ia32-libs/ia32-libs_0.5ubuntu2.1.dsc Size/MD5: 569 6708cdc169856401811296f4d1a0a577 http://security.ubuntu.com/ubuntu/pool/main/i/ia32-libs/ia32-libs_0.5ubuntu2.1.tar.gz Size/MD5: 116066186 a90e9f2b245bffca461f8fb8564390e8 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.10.22ubuntu2.1_all.deb Size/MD5: 165928 de79b4016b3d513e48aadf5d133e5471 http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-doc_1.10.22ubuntu2.1_all.deb Size/MD5: 10634 74e028be2ace14e94337eb4371b4185d amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.22ubuntu2.1_amd64.deb Size/MD5: 1300476 85d20f6a8dcf63f214a09b4aa5189587 http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.10.22ubuntu2.1_amd64.deb Size/MD5: 124242 ac29013f8aea0d158b803140f110bd2f http://security.ubuntu.com/ubuntu/pool/main/i/ia32-libs/ia32-libs-dev_0.5ubuntu2.1_amd64.deb Size/MD5: 2168452 b13960c23aceaf24ce34a5ca59dc15bf http://security.ubuntu.com/ubuntu/pool/main/i/ia32-libs/ia32-libs_0.5ubuntu2.1_amd64.deb Size/MD5: 7340220 2a1c4fbd03d40a5c1d5bcbb2fa38f6c2 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/a/amd64-libs/amd64-libs-dev_1.0ubuntu3.1_i386.deb Size/MD5: 18578394 e7de564f64d09a60ef01fca731dfb212 http://security.ubuntu.com/ubuntu/pool/main/a/amd64-libs/amd64-libs_1.0ubuntu3.1_i386.deb Size/MD5: 4491436 9d68ffa8ebf723669dd736176b78d1ed http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.22ubuntu2.1_i386.deb Size/MD5: 1270512 9d0dea1f9a4859d044dbd3092db04941 http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.10.22ubuntu2.1_i386.deb Size/MD5: 117126 4607019cfb6916086f368a703270cf3b powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.22ubuntu2.1_powerpc.deb Size/MD5: 1299160 8314f4a3a1385ea3b1cec4eac9c56b62 http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.10.22ubuntu2.1_powerpc.deb Size/MD5: 125660 fe036e45cf73ad31e923ce8a7639b3bd Updated packages for Ubuntu 5.04 (Hoary Hedgehog): Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/amd64-libs/amd64-libs_1.1ubuntu0.1.dsc Size/MD5: 559 6faab22d1f08ee941b9f7c77df4dee6b http://security.ubuntu.com/ubuntu/pool/main/a/amd64-libs/amd64-libs_1.1ubuntu0.1.tar.gz Size/MD5: 49205918 1782974f00a630deb7117ae2e65e1d3b http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.27ubuntu1.1.dsc Size/MD5: 756 7c2ceea00047dc018305a4e8c7b921b9 http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.27ubuntu1.1.tar.gz Size/MD5: 2115640 4ad640f42b0a186e1cd11155fad4488e http://security.ubuntu.com/ubuntu/pool/main/i/ia32-libs/ia32-libs_0.5ubuntu3.1.dsc Size/MD5: 580 6c9abd5ab7ad0434731ac2bb42e9d4d5 http://security.ubuntu.com/ubuntu/pool/main/i/ia32-libs/ia32-libs_0.5ubuntu3.1.tar.gz Size/MD5: 150314670 c49ebe0b41858f8b19438e48615a8ebd Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.10.27ubuntu1.1_all.deb Size/MD5: 166736 a4f4c32feb4e6a77378aaad2d3a2e8c7 http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-doc_1.10.27ubuntu1.1_all.deb Size/MD5: 10610 12e8d712d0196aca0f8bd4ea01cb43c1 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.27ubuntu1.1_amd64.deb Size/MD5: 1758074 3b1f6ed0624d1e51fba27a034cdef5c4 http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.10.27ubuntu1.1_amd64.deb Size/MD5: 124312 1b1c95376c42a30b49b18f06fe932188 http://security.ubuntu.com/ubuntu/pool/main/i/ia32-libs/ia32-libs-dev_0.5ubuntu3.1_amd64.deb Size/MD5: 2168448 e380e70fa36262325f2a64841460e8b5 http://security.ubuntu.com/ubuntu/pool/main/i/ia32-libs/ia32-libs_0.5ubuntu3.1_amd64.deb Size/MD5: 7340126 1d950a66ec1b6a8f0bde791d62ae79c8 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/a/amd64-libs/amd64-libs-dev_1.1ubuntu0.1_i386.deb Size/MD5: 18578320 17b3cd5a7d9450b82117c4d4f4c6358a http://security.ubuntu.com/ubuntu/pool/main/a/amd64-libs/amd64-libs_1.1ubuntu0.1_i386.deb Size/MD5: 4491660 18409adee3747a554565a2f4ac883d52 http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.27ubuntu1.1_i386.deb Size/MD5: 1726710 80786e07cb0a0d23e41929ea33e77580 http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.10.27ubuntu1.1_i386.deb Size/MD5: 116966 35d53d10d6787a06596743325d52bf4a powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.27ubuntu1.1_powerpc.deb Size/MD5: 1762542 38296bfcd1e1ee1d426d38de9d682710 http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.10.27ubuntu1.1_powerpc.deb Size/MD5: 125738 008f6431cc6919f46eae3b19b20be637 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050722/6d3132e5/attachment.bin
Powered by blists - more mailing lists