[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061101153748.GY23017@outflux.net>
Date: Wed, 1 Nov 2006 07:37:48 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-370-1] screen vulnerability
===========================================================
Ubuntu Security Notice USN-370-1 October 31, 2006
screen vulnerability
CVE-2006-4573
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.04:
screen 4.0.2-4.1ubuntu2.5.04
Ubuntu 5.10:
screen 4.0.2-4.1ubuntu2.5.10
Ubuntu 6.06 LTS:
screen 4.0.2-4.1ubuntu5.6.06
Ubuntu 6.10:
screen 4.0.2-4.1ubuntu5.6.10
After a standard system upgrade you need to restart any running screen
sessions to effect the necessary changes.
Details follow:
cstone and Rich Felker discovered a programming error in the UTF8 string
handling code of "screen" leading to a denial of service. If a crafted
string was displayed within a screen session, screen would crash or
possibly execute arbitrary code.
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.04.diff.gz
Size/MD5: 34158 cba61559263bcc4370232cdadc6e582f
http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.04.dsc
Size/MD5: 648 f6c73c29a88533bec08a0c7a596af8da
http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2.orig.tar.gz
Size/MD5: 840519 ed68ea9b43d9fba0972cb017a24940a1
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.04_amd64.deb
Size/MD5: 600012 b2f316afe7637709a5da52356d0e05ec
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.04_i386.deb
Size/MD5: 577644 d8b407353de17ecda15979be0f42f892
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.04_powerpc.deb
Size/MD5: 593876 3fa2c203b8aa9f7178d9489bc547845a
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.10.diff.gz
Size/MD5: 34163 6070d837711a9eb26aed7f6e253b8976
http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.10.dsc
Size/MD5: 648 b10627fdfffa9eb56c883febe4e1d879
http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2.orig.tar.gz
Size/MD5: 840519 ed68ea9b43d9fba0972cb017a24940a1
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.10_amd64.deb
Size/MD5: 608874 cafd5e3cebd014b2f91ad1abc9be6ea7
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.10_i386.deb
Size/MD5: 580646 a5e927874bef8d3989d728758bf37c4a
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.10_powerpc.deb
Size/MD5: 598392 8e667231c080709c1900d543cdc6575f
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.10_sparc.deb
Size/MD5: 596636 6bb3b98e8575d7c5bedf3c4306c37bd8
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.06.diff.gz
Size/MD5: 54523 ffd98c68cd22cec18f7017b0e26e0003
http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.06.dsc
Size/MD5: 648 cc1098ba02b1f371e2d8afe72a06802c
http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2.orig.tar.gz
Size/MD5: 840519 ed68ea9b43d9fba0972cb017a24940a1
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.06_amd64.deb
Size/MD5: 609606 2ed54b9ddd4626ea693d0c549c1ddefa
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.06_i386.deb
Size/MD5: 580748 38ef03be6459a041f92668b550b3efa7
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.06_powerpc.deb
Size/MD5: 598866 3213b3cef084f98fa010a719535aa72a
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.06_sparc.deb
Size/MD5: 594890 bd551cba69f370ed1ffc2aa3b9eb39ec
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.10.diff.gz
Size/MD5: 54524 eebf0a7b77625db94987d03d0171252f
http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.10.dsc
Size/MD5: 648 e4cb0fca076db296eaf91f57b87e32f1
http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2.orig.tar.gz
Size/MD5: 840519 ed68ea9b43d9fba0972cb017a24940a1
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.10_amd64.deb
Size/MD5: 606076 d302fc97f5890de4a22ef77580f04c00
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.10_i386.deb
Size/MD5: 584358 f01e1a4282ac189db902c252f92d6a7f
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.10_powerpc.deb
Size/MD5: 599994 ac26d1da763cdad66e9fa8b1846968e6
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.10_sparc.deb
Size/MD5: 597784 76c7fd9e1ed7b229fb5de57f60394db1
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists