lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060809091441.GB5045@piware.de>
Date: Wed, 9 Aug 2006 11:14:41 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-333-1] libwmf vulnerability

=========================================================== 
Ubuntu Security Notice USN-333-1            August 09, 2006
libwmf vulnerability
CVE-2006-3376
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libwmf0.2-7                              0.2.8-1.1ubuntu0.1

Ubuntu 5.10:
  libwmf0.2-7                              0.2.8.3-2ubuntu0.1

Ubuntu 6.06 LTS:
  libwmf0.2-7                              0.2.8.3-3.1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

An integer overflow was found in the handling of the MaxRecordSize
field in the WMF header parser. By tricking a user into opening a
specially crafted WMF image file with an application that uses this
library, an attacker could exploit this to execute arbitrary code with
the user's privileges.


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8-1.1ubuntu0.1.diff.gz
      Size/MD5:     5304 e7805fbd610d936cfd64a4ad5529d604
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8-1.1ubuntu0.1.dsc
      Size/MD5:      699 b38be3ecef264877a0a8aa57a3ef369f
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.orig.tar.gz
      Size/MD5:  1620489 269fb225cd44f40cc877fb6c63706112

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-doc_0.2.8-1.1ubuntu0.1_all.deb
      Size/MD5:   271748 8ab9644a6b59216b32c4669b8fd1d08d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8-1.1ubuntu0.1_amd64.deb
      Size/MD5:    20734 0423e72e4668c7c706e31591e751db7d
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8-1.1ubuntu0.1_amd64.deb
      Size/MD5:   204060 acfd872c6e935d9df25e055ceb4b1cf3
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8-1.1ubuntu0.1_amd64.deb
      Size/MD5:   174006 85eab7d6300451d9cb0a05f3b0b0955f

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8-1.1ubuntu0.1_i386.deb
      Size/MD5:    18732 ff99549d18b4f31a21522e042d87bba6
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8-1.1ubuntu0.1_i386.deb
      Size/MD5:   190000 0c037a6a429249d2e95f92152cce6233
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8-1.1ubuntu0.1_i386.deb
      Size/MD5:   164928 e8aa9895eedcf46955a21a5b7114895c

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8-1.1ubuntu0.1_powerpc.deb
      Size/MD5:    25900 4018e7b12756dd292734e06641d9c215
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8-1.1ubuntu0.1_powerpc.deb
      Size/MD5:   208320 8445f174ede961f90c0634e786d3d549
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8-1.1ubuntu0.1_powerpc.deb
      Size/MD5:   178750 b0db830818c196f815c0d26f161a7141

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.3-2ubuntu0.1.diff.gz
      Size/MD5:     7142 f60eca63b5d87fdfb5fd70a20a799122
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.3-2ubuntu0.1.dsc
      Size/MD5:      788 4fab72640e6cbc31616d80e9ff1efb5d
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.3.orig.tar.gz
      Size/MD5:  1737021 c7246bb724664189ade7895547387e6a

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-doc_0.2.8.3-2ubuntu0.1_all.deb
      Size/MD5:   271728 f1022f283d9cdd656521f8bd1f001337

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-2ubuntu0.1_amd64.deb
      Size/MD5:    15452 6aacb2892e64bc40eaa73cce7bf6106a
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-2ubuntu0.1_amd64.deb
      Size/MD5:   197976 d3006052733be31d47830d2f31d3cea8
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-2ubuntu0.1_amd64.deb
      Size/MD5:   174604 e96c6f24abd2c42103118329ac843dd2

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-2ubuntu0.1_i386.deb
      Size/MD5:    13944 7a000303b7b8b9848dc84c448832462b
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-2ubuntu0.1_i386.deb
      Size/MD5:   178664 f0287b3bd1ef0211760f25f3776271ba
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-2ubuntu0.1_i386.deb
      Size/MD5:   159446 c53a29f7446d173ad15ab336901c216d

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-2ubuntu0.1_powerpc.deb
      Size/MD5:    19682 68ed2e16fec205e4afe66fee41aedceb
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-2ubuntu0.1_powerpc.deb
      Size/MD5:   198396 8217bfc3dbd8add5ec7f10072b7064da
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-2ubuntu0.1_powerpc.deb
      Size/MD5:   178588 31bd92a0662e02d7561c6bfe62942021

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-2ubuntu0.1_sparc.deb
      Size/MD5:    14736 1440557ccc8d651710a479fa52ddf43f
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-2ubuntu0.1_sparc.deb
      Size/MD5:   193558 b43e73a341c099675ad0f5854708f1f1
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-2ubuntu0.1_sparc.deb
      Size/MD5:   167780 318f0310c891fbb97d7f66f3feb6bd89

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.3-3.1ubuntu0.1.diff.gz
      Size/MD5:     7333 f521b721712b0ab752beebfcacbc2bca
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.3-3.1ubuntu0.1.dsc
      Size/MD5:      787 ba7f7d57497ed05232a1ee2e335136a6
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.3.orig.tar.gz
      Size/MD5:  1737021 c7246bb724664189ade7895547387e6a

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-doc_0.2.8.3-3.1ubuntu0.1_all.deb
      Size/MD5:   271718 965951077a2c870395a0b7ac95bd079a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-3.1ubuntu0.1_amd64.deb
      Size/MD5:    17938 20f0cc89d3269a20acc92a186e136cb5
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-3.1ubuntu0.1_amd64.deb
      Size/MD5:   207380 3e6194a937189c03f9cd3920c9d2625e
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-3.1ubuntu0.1_amd64.deb
      Size/MD5:   182314 49375dc6d7673b40fc18a36e3fb18bd4

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-3.1ubuntu0.1_i386.deb
      Size/MD5:    16282 d764d015b1b6d54226ea7462c6cc46e8
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-3.1ubuntu0.1_i386.deb
      Size/MD5:   186178 aa417806aabee6b99cc006d51c9432d6
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-3.1ubuntu0.1_i386.deb
      Size/MD5:   167174 35ffec3f86bf13c3cc78a56a3e6b3f66

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-3.1ubuntu0.1_powerpc.deb
      Size/MD5:    23138 bc6dcaf6487a7a37387588464aa7145c
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-3.1ubuntu0.1_powerpc.deb
      Size/MD5:   207374 a58e4fd73d7fda4a0c0ded54a41aee84
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-3.1ubuntu0.1_powerpc.deb
      Size/MD5:   186184 ef834ca675034ea667e96dbb2b833ee0

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-3.1ubuntu0.1_sparc.deb
      Size/MD5:    17060 9b46ecdd77450c7ca65155336e27a01b
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-3.1ubuntu0.1_sparc.deb
      Size/MD5:   202286 e83a995ff9afc034ce1fad2c233c41e7
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-3.1ubuntu0.1_sparc.deb
      Size/MD5:   175900 66ee4f8648d68321a6f8e2ed72ab957e

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ