lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070115123231.GA5893@piware.de>
Date: Mon, 15 Jan 2007 13:32:31 +0100
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-407-1] libgtop2 vulnerability

=========================================================== 
Ubuntu Security Notice USN-407-1           January 15, 2007
libgtop2 vulnerability
https://launchpad.net/bugs/79206
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  libgtop2-5                               2.12.0-0ubuntu1.1

Ubuntu 6.06 LTS:
  libgtop2-7                               2.14.1-0ubuntu1.1

Ubuntu 6.10:
  libgtop2-7                               2.14.4-0ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Liu Qishuai discovered a buffer overflow in the /proc parsing routines
in libgtop. By creating and running a process in a specially crafted
long path and tricking an user into running gnome-system-monitor, an
attacker could exploit this to execute arbitrary code with the user's
privileges.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2_2.12.0-0ubuntu1.1.diff.gz
      Size/MD5:     5556 791af1d912da088b5dbdbaf8aa37b20b
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2_2.12.0-0ubuntu1.1.dsc
      Size/MD5:     1421 24db7b76b5aec3e8e061197535a203db
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2_2.12.0.orig.tar.gz
      Size/MD5:  1039660 358b710c463b01ba58ef0b8fe6b23818

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-5_2.12.0-0ubuntu1.1_amd64.deb
      Size/MD5:    59536 00690fbaa259fc912f510534157fe157
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.12.0-0ubuntu1.1_amd64.deb
      Size/MD5:    99396 3aa6528a1bcf3371b7b7eb1ce9a5b92f

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-5_2.12.0-0ubuntu1.1_i386.deb
      Size/MD5:    58386 9195d353c45adca3994a25022eae9a36
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.12.0-0ubuntu1.1_i386.deb
      Size/MD5:    96894 d6ec48f3be35baeaaffb780c1cf5512a

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-5_2.12.0-0ubuntu1.1_powerpc.deb
      Size/MD5:    60424 4f8c50214d838f77395e8c098284ba43
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.12.0-0ubuntu1.1_powerpc.deb
      Size/MD5:    99330 1c587f04173e0c0addb0840b470783e6

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-5_2.12.0-0ubuntu1.1_sparc.deb
      Size/MD5:    58068 4f8f39bab5f25b4539c21daf8f466852
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.12.0-0ubuntu1.1_sparc.deb
      Size/MD5:    96764 28a224d481b8f6afd86e46378b719d0f

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2_2.14.1-0ubuntu1.1.diff.gz
      Size/MD5:     6343 dbc3bc45b84f78f49633a92ad6993818
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2_2.14.1-0ubuntu1.1.dsc
      Size/MD5:     1418 78cd77e17c3825e7118bc7fe12c71156
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2_2.14.1.orig.tar.gz
      Size/MD5:   930295 84a7ac187e609594565bb6e731d21287

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-7_2.14.1-0ubuntu1.1_amd64.deb
      Size/MD5:    62640 22fdd503710884583da14ba62a088759
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.14.1-0ubuntu1.1_amd64.deb
      Size/MD5:   102940 1205833458f90c9f641a9ec4acd99e61

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-7_2.14.1-0ubuntu1.1_i386.deb
      Size/MD5:    61060 e1bab8b7cdcec2a6a56956b193bf4e07
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.14.1-0ubuntu1.1_i386.deb
      Size/MD5:   100084 e7d740a94cc1a2186ce0a6dfec492e8c

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-7_2.14.1-0ubuntu1.1_powerpc.deb
      Size/MD5:    63616 4d22b62d6b16e9de6e56e684fbc18ff9
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.14.1-0ubuntu1.1_powerpc.deb
      Size/MD5:   102736 0b54b07153901282568b4913fbfc74d1

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-7_2.14.1-0ubuntu1.1_sparc.deb
      Size/MD5:    60818 5cd7e26033bc1449f924de0a654dab3d
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.14.1-0ubuntu1.1_sparc.deb
      Size/MD5:    99980 4b27af2bb2c86df2238a4c8a555ca427

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2_2.14.4-0ubuntu1.1.diff.gz
      Size/MD5:     6911 9cd6e7d03dc79a89c5cb36e9d49e75fb
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2_2.14.4-0ubuntu1.1.dsc
      Size/MD5:     1490 4fae35724137fad1a1fa89411f2c2c3a
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2_2.14.4.orig.tar.gz
      Size/MD5:   925125 2fc3b461babfafa01fb39bef4c995972

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-common_2.14.4-0ubuntu1.1_all.deb
      Size/MD5:    37164 e541a24286e6712b58b0e394bcdd0038

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-7_2.14.4-0ubuntu1.1_amd64.deb
      Size/MD5:    64950 6aa31cf8c983f041d491bb43614c7aab
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.14.4-0ubuntu1.1_amd64.deb
      Size/MD5:   105226 0c8fd72b054f29f2298b6767ef11488c

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-7_2.14.4-0ubuntu1.1_i386.deb
      Size/MD5:    64556 b7f8feb0f615bcbb9a21fd69a5ed06cd
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.14.4-0ubuntu1.1_i386.deb
      Size/MD5:   103190 d3d89561e57a6c8eb7c83a87b97893e9

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-7_2.14.4-0ubuntu1.1_powerpc.deb
      Size/MD5:    65904 17b3c114fe2a1fe5d65721cb3d7ddf75
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.14.4-0ubuntu1.1_powerpc.deb
      Size/MD5:   104692 5dc40cc4de80736623324d1a7d4aa627

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-7_2.14.4-0ubuntu1.1_sparc.deb
      Size/MD5:    63780 ee5af234c8f29ecfabf208f69c98d3e3
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.14.4-0ubuntu1.1_sparc.deb
      Size/MD5:   102848 588b6443f995fcf63263bcaaa6eaf592

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ