lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri Oct 28 23:27:02 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-151-3] zlib vulnerabilities

===========================================================
Ubuntu Security Notice USN-151-3	   October 28, 2005
aide vulnerabilities
CVE-2005-1849, CVE-2005-2096
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

aide

The problem can be corrected by upgrading the affected package to
version 0.10-3ubuntu0.1 (for Ubuntu 4.10), 0.10-4ubuntu0.1 (for Ubuntu
5.04), or 0.10-6.1ubuntu0.1 (for Ubuntu 5.10).  In general, a standard
system upgrade is sufficient to effect the necessary changes.

Details follow:

USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could
be exploited to cause Denial of Service attacks or even arbitrary code
execution with malicious data streams.

Since aide is statically linked against the zlib library, it is also
affected by these issues. The updated packagages have been rebuilt
against the fixed zlib.

Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-3ubuntu0.1.diff.gz
      Size/MD5:    28081 d569b7974a6204481346128876a0a530
    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-3ubuntu0.1.dsc
      Size/MD5:      703 cc5158a58a35e46dfc0bee0b0a34380b
    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10.orig.tar.gz
      Size/MD5:   234184 39eb7d21064cac7b409c45d038b86cd8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-3ubuntu0.1_amd64.deb
      Size/MD5:   413050 086e1a2279c3cd8ac1b6a2414d48ce18

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-3ubuntu0.1_i386.deb
      Size/MD5:   398942 07096e82a51ee10ce965571e08342952

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-3ubuntu0.1_powerpc.deb
      Size/MD5:   430230 77d787a8f00bf5058b21010a2c52acfa

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-4ubuntu0.1.diff.gz
      Size/MD5:    29359 366869464761485ef3d29915ae294ab1
    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-4ubuntu0.1.dsc
      Size/MD5:      703 28126aa389a49cc5354e6c704237b334
    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10.orig.tar.gz
      Size/MD5:   234184 39eb7d21064cac7b409c45d038b86cd8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-4ubuntu0.1_amd64.deb
      Size/MD5:   465630 63bc8c81c424d4bfb00c233a2e97695d

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-4ubuntu0.1_i386.deb
      Size/MD5:   431590 109018a99a6588f7f48ee8be595bf2b6

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-4ubuntu0.1_powerpc.deb
      Size/MD5:   471800 73571a01182d41ec0f5ce73cd5b8cdbc

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-6.1ubuntu0.1.diff.gz
      Size/MD5:    36588 1428d11ede7d4d4996b9f6d719aa9557
    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-6.1ubuntu0.1.dsc
      Size/MD5:      763 715edd426517405c0f81feff1e7511c7
    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10.orig.tar.gz
      Size/MD5:   234184 39eb7d21064cac7b409c45d038b86cd8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-6.1ubuntu0.1_amd64.deb
      Size/MD5:   513230 9a1477b093630a538262a137d7c37730

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-6.1ubuntu0.1_i386.deb
      Size/MD5:   451422 41c84d68e6e4e69fe919109e00576051

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-6.1ubuntu0.1_powerpc.deb
      Size/MD5:   581134 df0712d4d04b4854243c01f7696eb0c5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051028/4d51c5cb/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ