lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061106225749.GA5636@outflux.net>
Date: Mon, 6 Nov 2006 14:57:49 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-376-2] imlib2 regression fix

=========================================================== 
Ubuntu Security Notice USN-376-2          November 06, 2006
imlib2 regression fix
https://launchpad.net/bugs/70278
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  libimlib2                                1.2.0-2.2ubuntu2.2

Ubuntu 6.06 LTS:
  libimlib2                                1.2.1-2ubuntu0.2

Ubuntu 6.10:
  libimlib2                                1.2.1-2ubuntu1.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-376-1 provided an update to imlib2 to fix several security 
vulnerabilities.  Unfortunately the update broke JPG file handling in 
certain situations.  This update corrects this problem.  We apologize 
for the inconvenience.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.0-2.2ubuntu2.2.diff.gz
      Size/MD5:   100818 e8dff95caa549ea2fd1af7d2de9aee58
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.0-2.2ubuntu2.2.dsc
      Size/MD5:      749 f9049d9ca97993d4cd056e6c2c86bb63
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.0.orig.tar.gz
      Size/MD5:   891164 dfc6d3cc270354af22ef9b5e3b312003

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.0-2.2ubuntu2.2_amd64.deb
      Size/MD5:   343112 3fb67561e36117ed6d99d7e8e42ac6aa
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.0-2.2ubuntu2.2_amd64.deb
      Size/MD5:   206720 f88f40f4418e06026eccac8eca559548

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.0-2.2ubuntu2.2_i386.deb
      Size/MD5:   300406 20d1688b9bbf22d33e5c6d77df6dca4e
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.0-2.2ubuntu2.2_i386.deb
      Size/MD5:   193222 17875024cb41610c963083e40646a0d2

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.0-2.2ubuntu2.2_powerpc.deb
      Size/MD5:   341300 96cf4ecab8533b81e33f563ef278a06b
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.0-2.2ubuntu2.2_powerpc.deb
      Size/MD5:   213404 7b70d0c52f571934d204859ee4d96d63

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.0-2.2ubuntu2.2_sparc.deb
      Size/MD5:   320952 f38291aa97591734498e2ba98a73c9d7
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.0-2.2ubuntu2.2_sparc.deb
      Size/MD5:   197394 4005474dbfcdc9d4f44acc2a885c7e14

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1-2ubuntu0.2.diff.gz
      Size/MD5:   104753 4e1e182e906e259dc9a2586fa0174f29
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1-2ubuntu0.2.dsc
      Size/MD5:      745 fe3d81e99a36ed39794e503cdbdd10f3
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1.orig.tar.gz
      Size/MD5:   911360 deb3c9713339fe9ca964e100cce42cd1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.2_amd64.deb
      Size/MD5:   351960 b5c0beb546499b2e514f4ad9c839c5c5
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.2_amd64.deb
      Size/MD5:   214428 7d279f8b198dbb91dd7a12a1b00b9000

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.2_i386.deb
      Size/MD5:   302276 945559a74bcbbd2ebcf70b4f66a6d5ce
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.2_i386.deb
      Size/MD5:   193240 200c49dce9e76b1bda7a04dbc91feef0

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.2_powerpc.deb
      Size/MD5:   341740 17c3a1a0df09b9adb1c0d96e72198139
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.2_powerpc.deb
      Size/MD5:   212664 8725b495a363c158b0c0635bf62037e8

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.2_sparc.deb
      Size/MD5:   317986 db59965eb6b628176cad489c36e65387
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.2_sparc.deb
      Size/MD5:   193972 24e908087ce009babc6f09c5a674ee68

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1-2ubuntu1.2.diff.gz
      Size/MD5:   104781 90169057fab62f3b75a76b3c28448c85
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1-2ubuntu1.2.dsc
      Size/MD5:      745 ec9d548c0b036b28e4dcd18befb6d85a
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1.orig.tar.gz
      Size/MD5:   911360 deb3c9713339fe9ca964e100cce42cd1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu1.2_amd64.deb
      Size/MD5:   354252 847ee621197a9bf5d770ea3fb017bd80
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu1.2_amd64.deb
      Size/MD5:   218454 f9d16f6228524c9d0f60e82a0e6b1a80

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu1.2_i386.deb
      Size/MD5:   318144 f6d02165ee217cb302ef5ff673eff5f6
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu1.2_i386.deb
      Size/MD5:   202868 1ce98d7ade3518e4bcb1fe39dc01a700

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu1.2_powerpc.deb
      Size/MD5:   345836 27a9c89433973b6087fd43c2810ca95b
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu1.2_powerpc.deb
      Size/MD5:   218072 b0f9911799c1a06577a2f2dc4e0baa36

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu1.2_sparc.deb
      Size/MD5:   324238 58c0100339f7439c1276e8855dce9dac
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu1.2_sparc.deb
      Size/MD5:   198208 2d2cf4ba67afa01c918d90405589828a

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ