[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070115123231.GA5893@piware.de>
Date: Mon, 15 Jan 2007 13:32:31 +0100
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-407-1] libgtop2 vulnerability
===========================================================
Ubuntu Security Notice USN-407-1 January 15, 2007
libgtop2 vulnerability
https://launchpad.net/bugs/79206
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.10:
libgtop2-5 2.12.0-0ubuntu1.1
Ubuntu 6.06 LTS:
libgtop2-7 2.14.1-0ubuntu1.1
Ubuntu 6.10:
libgtop2-7 2.14.4-0ubuntu1.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Liu Qishuai discovered a buffer overflow in the /proc parsing routines
in libgtop. By creating and running a process in a specially crafted
long path and tricking an user into running gnome-system-monitor, an
attacker could exploit this to execute arbitrary code with the user's
privileges.
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2_2.12.0-0ubuntu1.1.diff.gz
Size/MD5: 5556 791af1d912da088b5dbdbaf8aa37b20b
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2_2.12.0-0ubuntu1.1.dsc
Size/MD5: 1421 24db7b76b5aec3e8e061197535a203db
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2_2.12.0.orig.tar.gz
Size/MD5: 1039660 358b710c463b01ba58ef0b8fe6b23818
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-5_2.12.0-0ubuntu1.1_amd64.deb
Size/MD5: 59536 00690fbaa259fc912f510534157fe157
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.12.0-0ubuntu1.1_amd64.deb
Size/MD5: 99396 3aa6528a1bcf3371b7b7eb1ce9a5b92f
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-5_2.12.0-0ubuntu1.1_i386.deb
Size/MD5: 58386 9195d353c45adca3994a25022eae9a36
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.12.0-0ubuntu1.1_i386.deb
Size/MD5: 96894 d6ec48f3be35baeaaffb780c1cf5512a
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-5_2.12.0-0ubuntu1.1_powerpc.deb
Size/MD5: 60424 4f8c50214d838f77395e8c098284ba43
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.12.0-0ubuntu1.1_powerpc.deb
Size/MD5: 99330 1c587f04173e0c0addb0840b470783e6
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-5_2.12.0-0ubuntu1.1_sparc.deb
Size/MD5: 58068 4f8f39bab5f25b4539c21daf8f466852
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.12.0-0ubuntu1.1_sparc.deb
Size/MD5: 96764 28a224d481b8f6afd86e46378b719d0f
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2_2.14.1-0ubuntu1.1.diff.gz
Size/MD5: 6343 dbc3bc45b84f78f49633a92ad6993818
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2_2.14.1-0ubuntu1.1.dsc
Size/MD5: 1418 78cd77e17c3825e7118bc7fe12c71156
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2_2.14.1.orig.tar.gz
Size/MD5: 930295 84a7ac187e609594565bb6e731d21287
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-7_2.14.1-0ubuntu1.1_amd64.deb
Size/MD5: 62640 22fdd503710884583da14ba62a088759
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.14.1-0ubuntu1.1_amd64.deb
Size/MD5: 102940 1205833458f90c9f641a9ec4acd99e61
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-7_2.14.1-0ubuntu1.1_i386.deb
Size/MD5: 61060 e1bab8b7cdcec2a6a56956b193bf4e07
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.14.1-0ubuntu1.1_i386.deb
Size/MD5: 100084 e7d740a94cc1a2186ce0a6dfec492e8c
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-7_2.14.1-0ubuntu1.1_powerpc.deb
Size/MD5: 63616 4d22b62d6b16e9de6e56e684fbc18ff9
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.14.1-0ubuntu1.1_powerpc.deb
Size/MD5: 102736 0b54b07153901282568b4913fbfc74d1
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-7_2.14.1-0ubuntu1.1_sparc.deb
Size/MD5: 60818 5cd7e26033bc1449f924de0a654dab3d
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.14.1-0ubuntu1.1_sparc.deb
Size/MD5: 99980 4b27af2bb2c86df2238a4c8a555ca427
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2_2.14.4-0ubuntu1.1.diff.gz
Size/MD5: 6911 9cd6e7d03dc79a89c5cb36e9d49e75fb
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2_2.14.4-0ubuntu1.1.dsc
Size/MD5: 1490 4fae35724137fad1a1fa89411f2c2c3a
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2_2.14.4.orig.tar.gz
Size/MD5: 925125 2fc3b461babfafa01fb39bef4c995972
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-common_2.14.4-0ubuntu1.1_all.deb
Size/MD5: 37164 e541a24286e6712b58b0e394bcdd0038
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-7_2.14.4-0ubuntu1.1_amd64.deb
Size/MD5: 64950 6aa31cf8c983f041d491bb43614c7aab
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.14.4-0ubuntu1.1_amd64.deb
Size/MD5: 105226 0c8fd72b054f29f2298b6767ef11488c
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-7_2.14.4-0ubuntu1.1_i386.deb
Size/MD5: 64556 b7f8feb0f615bcbb9a21fd69a5ed06cd
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.14.4-0ubuntu1.1_i386.deb
Size/MD5: 103190 d3d89561e57a6c8eb7c83a87b97893e9
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-7_2.14.4-0ubuntu1.1_powerpc.deb
Size/MD5: 65904 17b3c114fe2a1fe5d65721cb3d7ddf75
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.14.4-0ubuntu1.1_powerpc.deb
Size/MD5: 104692 5dc40cc4de80736623324d1a7d4aa627
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-7_2.14.4-0ubuntu1.1_sparc.deb
Size/MD5: 63780 ee5af234c8f29ecfabf208f69c98d3e3
http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.14.4-0ubuntu1.1_sparc.deb
Size/MD5: 102848 588b6443f995fcf63263bcaaa6eaf592
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists