[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061204220156.GH3984@outflux.net>
Date: Mon, 4 Dec 2006 14:01:56 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-391-1] libgsf vulnerability
===========================================================
Ubuntu Security Notice USN-391-1 December 04, 2006
libgsf vulnerability
CVE-2006-4514
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.10:
libgsf-1 1.12.3-3ubuntu3.1
Ubuntu 6.06 LTS:
libgsf-1-113 1.13.99-0ubuntu2.1
Ubuntu 6.10:
libgsf-1-114 1.14.1-2ubuntu1.1
After a standard system upgrade you need to restart your desktop session
to effect the necessary changes.
Details follow:
A heap overflow was discovered in the OLE processing code in libgsf. If
a user were tricked into opening a specially crafted OLE document, an
attacker could execute arbitrary code with the user's privileges.
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf_1.12.3-3ubuntu3.1.diff.gz
Size/MD5: 27753 80621e2ac15a13b5287615a1be6b607c
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf_1.12.3-3ubuntu3.1.dsc
Size/MD5: 850 e4f4a30353ddd96a4b0fb9c2609f6175
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf_1.12.3.orig.tar.gz
Size/MD5: 693033 976b3563b39d22d303b912a7dd336e50
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dbg_1.12.3-3ubuntu3.1_amd64.deb
Size/MD5: 93916 e3f251d2a19dd04508b3fd70118fea9b
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dev_1.12.3-3ubuntu3.1_amd64.deb
Size/MD5: 224874 cf37dac4ff14f771d8a282dfeced02d9
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1_1.12.3-3ubuntu3.1_amd64.deb
Size/MD5: 127156 d7c0a9ba1e3aa0ad9d0fa3cd9eb15a9b
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dbg_1.12.3-3ubuntu3.1_amd64.deb
Size/MD5: 10806 ec1d092fc45eb5d0fb1253f427f38a5c
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dev_1.12.3-3ubuntu3.1_amd64.deb
Size/MD5: 56998 9ead84cd7f21f16afede42b7bc5641fd
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1_1.12.3-3ubuntu3.1_amd64.deb
Size/MD5: 49902 6dccb6462809ec7c3a1df450141e4999
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dbg_1.12.3-3ubuntu3.1_i386.deb
Size/MD5: 86528 7ba7b433ee55244de36652d87256e2c1
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dev_1.12.3-3ubuntu3.1_i386.deb
Size/MD5: 208374 76524689f50ffe03b125c504c4898ca0
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1_1.12.3-3ubuntu3.1_i386.deb
Size/MD5: 119320 adeca028c0d161f4ef51861ca3f1ca4a
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dbg_1.12.3-3ubuntu3.1_i386.deb
Size/MD5: 9882 0a768d6ea600c3522cce25a0a90d5928
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dev_1.12.3-3ubuntu3.1_i386.deb
Size/MD5: 56072 911ec2cfba647e50a653b75e69024e04
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1_1.12.3-3ubuntu3.1_i386.deb
Size/MD5: 49386 194b149dfe80139285ed17e07df361bc
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dbg_1.12.3-3ubuntu3.1_powerpc.deb
Size/MD5: 96010 c6bd3befc34850dbb2c2878508af0df5
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dev_1.12.3-3ubuntu3.1_powerpc.deb
Size/MD5: 230668 e65c9f0e97d2a57087367364f5dd6255
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1_1.12.3-3ubuntu3.1_powerpc.deb
Size/MD5: 129918 72f74656095359513b5d4a08d488ac75
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dbg_1.12.3-3ubuntu3.1_powerpc.deb
Size/MD5: 12526 84cd66738f8722663f33d2b3aed58ace
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dev_1.12.3-3ubuntu3.1_powerpc.deb
Size/MD5: 57162 b05d543c92c391f0c6ddd2e100baa99c
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1_1.12.3-3ubuntu3.1_powerpc.deb
Size/MD5: 51180 dd8d3a43ff9885747e4e6f524cb1c5e2
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dbg_1.12.3-3ubuntu3.1_sparc.deb
Size/MD5: 90552 767d0cdc300d3c4a7f208f510abb96ab
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dev_1.12.3-3ubuntu3.1_sparc.deb
Size/MD5: 217050 58be4ccddce2a59201686b95f3dd95bd
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1_1.12.3-3ubuntu3.1_sparc.deb
Size/MD5: 124138 67a412538e0325c2e5281bcb72d5e773
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dbg_1.12.3-3ubuntu3.1_sparc.deb
Size/MD5: 9734 105ed044c45d9fd15140f0197151b561
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dev_1.12.3-3ubuntu3.1_sparc.deb
Size/MD5: 56502 dc87b8a235afa899b731dd802b258190
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1_1.12.3-3ubuntu3.1_sparc.deb
Size/MD5: 49386 77bee1354c91c61874f28a059f029016
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf_1.13.99-0ubuntu2.1.diff.gz
Size/MD5: 9363 b1c523b8d8d38c7304441f4911a45358
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf_1.13.99-0ubuntu2.1.dsc
Size/MD5: 893 40e98355919e234ae2d344b35033b6c5
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf_1.13.99.orig.tar.gz
Size/MD5: 740978 dfd0c75b75066c4f30d484c79c045a62
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-common_1.13.99-0ubuntu2.1_all.deb
Size/MD5: 44520 1e5736725ef753e9ce8ae592d8d6d77e
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-1-113-dbg_1.13.99-0ubuntu2.1_amd64.deb
Size/MD5: 100194 1c1f61eb471bdacebb9b560ab6de14c2
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-113_1.13.99-0ubuntu2.1_amd64.deb
Size/MD5: 129670 6d6e52bde88de0d68949c1fbba6c3165
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dev_1.13.99-0ubuntu2.1_amd64.deb
Size/MD5: 240642 b6e5163afb458255e6672bb91363ea93
http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-bin_1.13.99-0ubuntu2.1_amd64.deb
Size/MD5: 51230 804d35ba7f4878b06ae14c01b2d21fea
http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-gnome-1-113-dbg_1.13.99-0ubuntu2.1_amd64.deb
Size/MD5: 10744 82daa38d026b93f917e312199c018b08
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-113_1.13.99-0ubuntu2.1_amd64.deb
Size/MD5: 52686 701b5d256a00525c6d4b40fba6841e20
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dev_1.13.99-0ubuntu2.1_amd64.deb
Size/MD5: 60278 68d31197c6ae7124ae04f711b15ba5b4
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-1-113-dbg_1.13.99-0ubuntu2.1_i386.deb
Size/MD5: 92654 bcb9d24b9016e846f894edda0fcfd876
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-113_1.13.99-0ubuntu2.1_i386.deb
Size/MD5: 121370 2fe82e4c0194aa74dd63c24d0b594872
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dev_1.13.99-0ubuntu2.1_i386.deb
Size/MD5: 222942 46e3a01f6c482e1915ab0189490a9ce9
http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-bin_1.13.99-0ubuntu2.1_i386.deb
Size/MD5: 51108 3e5126f0dac4a1dd275ba0226c0cd9bb
http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-gnome-1-113-dbg_1.13.99-0ubuntu2.1_i386.deb
Size/MD5: 9812 770fa769202ea9f386ed8e80e95e23f7
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-113_1.13.99-0ubuntu2.1_i386.deb
Size/MD5: 52160 16bf0d5d03d01dc71c3a55fed9e5e036
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dev_1.13.99-0ubuntu2.1_i386.deb
Size/MD5: 59356 ac80966bdca86c14889eb1695a156472
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-1-113-dbg_1.13.99-0ubuntu2.1_powerpc.deb
Size/MD5: 101980 53744f68ed423a7fe66d503915a10e24
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-113_1.13.99-0ubuntu2.1_powerpc.deb
Size/MD5: 130764 291a79c8ef5da7d71014b8e4c4aa3ae1
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dev_1.13.99-0ubuntu2.1_powerpc.deb
Size/MD5: 247112 9ae3b0a2cacdc9434ab69b002a51ba1d
http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-bin_1.13.99-0ubuntu2.1_powerpc.deb
Size/MD5: 52914 6e2cffd5f173e5d607c9848642ee6131
http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-gnome-1-113-dbg_1.13.99-0ubuntu2.1_powerpc.deb
Size/MD5: 12420 ca70e82767500f48de7f322b160a706b
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-113_1.13.99-0ubuntu2.1_powerpc.deb
Size/MD5: 53986 37edad0daf13f5735c02aa19865e9558
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dev_1.13.99-0ubuntu2.1_powerpc.deb
Size/MD5: 60458 f0807524a5015359301e881e2bd60db0
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-1-113-dbg_1.13.99-0ubuntu2.1_sparc.deb
Size/MD5: 96218 be46011a498d119d834e286f43b77278
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-113_1.13.99-0ubuntu2.1_sparc.deb
Size/MD5: 125986 85ea3ce9588a52019a8e5e2f8be298bd
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dev_1.13.99-0ubuntu2.1_sparc.deb
Size/MD5: 231860 6820fff8de91dd44e6bbaa4cbb01b165
http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-bin_1.13.99-0ubuntu2.1_sparc.deb
Size/MD5: 51246 f31f57b09a465c1bdf250b55ac6a5a5d
http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-gnome-1-113-dbg_1.13.99-0ubuntu2.1_sparc.deb
Size/MD5: 9652 ed2eba00c8360233cdb9574d878aea37
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-113_1.13.99-0ubuntu2.1_sparc.deb
Size/MD5: 52142 78de48d6c9602c35e0ce831895310462
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dev_1.13.99-0ubuntu2.1_sparc.deb
Size/MD5: 59762 8e0f17ca33004cf4061d01217a6f631e
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf_1.14.1-2ubuntu1.1.diff.gz
Size/MD5: 9276 bb8529ca4bbca6befd63abf9d5ee6bd3
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf_1.14.1-2ubuntu1.1.dsc
Size/MD5: 886 8a360c2db8e5f18d3ff10150a678bf66
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf_1.14.1.orig.tar.gz
Size/MD5: 736910 bf918b450a946a365719f78a957700bf
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-common_1.14.1-2ubuntu1.1_all.deb
Size/MD5: 45716 1cf2b68bb59e6c99406718d95e85b51b
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-114-dbg_1.14.1-2ubuntu1.1_amd64.deb
Size/MD5: 101202 2fc4818219dd2eec12be797f9694e2d1
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-114_1.14.1-2ubuntu1.1_amd64.deb
Size/MD5: 132190 4919dee1959bd79ef9b9e687e05faccb
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dev_1.14.1-2ubuntu1.1_amd64.deb
Size/MD5: 241188 254fef90bced7a4c7af377534b3abbf0
http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-bin_1.14.1-2ubuntu1.1_amd64.deb
Size/MD5: 53160 07c590ffa9b4678b415dd2f43705f5c9
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-114-dbg_1.14.1-2ubuntu1.1_amd64.deb
Size/MD5: 10768 5fbf90f0eecda7b4b5ff445aeecd41f0
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-114_1.14.1-2ubuntu1.1_amd64.deb
Size/MD5: 54292 d2278a4d4e1b3adfae427c40416c038d
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dev_1.14.1-2ubuntu1.1_amd64.deb
Size/MD5: 61232 ead489a5ea7dd59be1958e5ad9b9dce1
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-114-dbg_1.14.1-2ubuntu1.1_i386.deb
Size/MD5: 97614 a581f24e84734643739425a131e16b35
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-114_1.14.1-2ubuntu1.1_i386.deb
Size/MD5: 127752 48371720e8b5a76b30be2a57cbb6e3fc
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dev_1.14.1-2ubuntu1.1_i386.deb
Size/MD5: 226382 b74f367c699e81dca2cbfa83d90cf2d5
http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-bin_1.14.1-2ubuntu1.1_i386.deb
Size/MD5: 52754 1baf5e199555747eeeb9059c443ace50
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-114-dbg_1.14.1-2ubuntu1.1_i386.deb
Size/MD5: 10158 3d73aa4297945362a562b3b24b345c95
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-114_1.14.1-2ubuntu1.1_i386.deb
Size/MD5: 53642 161a02edd48a803d3d088a6bb592e0e4
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dev_1.14.1-2ubuntu1.1_i386.deb
Size/MD5: 60252 05fb5a2706802e46a7fed8639537d377
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-114-dbg_1.14.1-2ubuntu1.1_powerpc.deb
Size/MD5: 103532 bf47b7789302ef795e12d7539b89f561
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-114_1.14.1-2ubuntu1.1_powerpc.deb
Size/MD5: 133352 6b66a2247fb20df145507c05fb68f12c
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dev_1.14.1-2ubuntu1.1_powerpc.deb
Size/MD5: 247112 7215b6cfc282fbc2b6f87c44ee10629b
http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-bin_1.14.1-2ubuntu1.1_powerpc.deb
Size/MD5: 54614 7ae855105d1039b60a396d5279bbb37f
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-114-dbg_1.14.1-2ubuntu1.1_powerpc.deb
Size/MD5: 12586 9d6fd3c99baae16902b57be2e0f55b66
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-114_1.14.1-2ubuntu1.1_powerpc.deb
Size/MD5: 55228 fe64dd66a2dbfd43ddb2ca8d5ec59388
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dev_1.14.1-2ubuntu1.1_powerpc.deb
Size/MD5: 61102 5afa1603f0189763620b0d50b1a114eb
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-114-dbg_1.14.1-2ubuntu1.1_sparc.deb
Size/MD5: 97862 deeb1a4f46bf418ef9d21942d433102c
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-114_1.14.1-2ubuntu1.1_sparc.deb
Size/MD5: 128736 f243a563faa9be216fdd8715137ef7b0
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-1-dev_1.14.1-2ubuntu1.1_sparc.deb
Size/MD5: 232330 0a425b8e18460919255522d84238a4f2
http://security.ubuntu.com/ubuntu/pool/universe/libg/libgsf/libgsf-bin_1.14.1-2ubuntu1.1_sparc.deb
Size/MD5: 52886 ba50b41aa260d9a8fe163d1a6cfeddda
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-114-dbg_1.14.1-2ubuntu1.1_sparc.deb
Size/MD5: 9702 f96c8d050d8d50e32f5e75906c902ae3
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-114_1.14.1-2ubuntu1.1_sparc.deb
Size/MD5: 53318 6cdd39d0eaf62737cb0818c2d8deca05
http://security.ubuntu.com/ubuntu/pool/main/libg/libgsf/libgsf-gnome-1-dev_1.14.1-2ubuntu1.1_sparc.deb
Size/MD5: 60388 2368454dd6d4020d95871f8abd5c7a0a
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists