lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070328055529.GE27744@outflux.net>
Date: Tue, 27 Mar 2007 22:55:29 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-446-1] NAS vulnerabilities

=========================================================== 
Ubuntu Security Notice USN-446-1             March 28, 2007
nas vulnerabilities
CVE-2007-1543, CVE-2007-1544, CVE-2007-1545, CVE-2007-1546, CVE-2007-1547
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  nas                                      1.7-2ubuntu2.1

Ubuntu 6.06 LTS:
  nas                                      1.7-3ubuntu3.2

Ubuntu 6.10:
  nas                                      1.8-2ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Luigi Auriemma discovered multiple flaws in the Network Audio System 
server.  Remote attackers could send specially crafted network requests 
that could lead to a denial of service or execution of arbitrary code.  
Note that default Ubuntu installs do not include the NAS server.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.7-2ubuntu2.1.diff.gz
      Size/MD5:   124147 332f758365415875e2fad07237f9278c
    http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.7-2ubuntu2.1.dsc
      Size/MD5:      730 ee6f6df697aec1ec7a29d47f6c9a51e6
    http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.7.orig.tar.gz
      Size/MD5:  1288569 c9918e9c9c95d587a95b455bbabe3b49

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas-doc_1.7-2ubuntu2.1_all.deb
      Size/MD5:   150542 ae7b918f6a06202e697059870461e187

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-2ubuntu2.1_amd64.deb
      Size/MD5:   540818 c8fa856d7349f9e12534e3d709b6ba07
    http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-2ubuntu2.1_amd64.deb
      Size/MD5:    75436 a5e2e99650cae805190432b3c2114b0a
    http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-2ubuntu2.1_amd64.deb
      Size/MD5:   529074 4fc9011d47a586d02750bcd9ad84cdb8
    http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-2ubuntu2.1_amd64.deb
      Size/MD5:   103706 e17e40e6e65bccdc622b6d2be87fcc9b

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-2ubuntu2.1_i386.deb
      Size/MD5:   486146 e1f56f4633c4add7c8e4b76cc2e81196
    http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-2ubuntu2.1_i386.deb
      Size/MD5:    70132 5664d1a64bdd73ffdeaa0127eec445c5
    http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-2ubuntu2.1_i386.deb
      Size/MD5:   464716 365ea3a2a6bd9a098c3c97d3150b28ca
    http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-2ubuntu2.1_i386.deb
      Size/MD5:    91842 c24df4f0fffa84da67e7c8a40031dc0d

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-2ubuntu2.1_powerpc.deb
      Size/MD5:   553780 f5414461809394dafbb5ec087a49e1e6
    http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-2ubuntu2.1_powerpc.deb
      Size/MD5:    74904 f354c5adcaf9458f4407007b32374b0c
    http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-2ubuntu2.1_powerpc.deb
      Size/MD5:   531104 c60b5d7bf26c6783b9c666ee2c80fcaa
    http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-2ubuntu2.1_powerpc.deb
      Size/MD5:   101502 9414403556f37f361431706d25a53322

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-2ubuntu2.1_sparc.deb
      Size/MD5:   500100 322f31a7d9f6ffd85256d79f9cfbdb73
    http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-2ubuntu2.1_sparc.deb
      Size/MD5:    70350 d21dc792aa7c05411bea50cc1ce11c17
    http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-2ubuntu2.1_sparc.deb
      Size/MD5:   473872 d6dfb963b07fecec31a46f6fa5013f79
    http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-2ubuntu2.1_sparc.deb
      Size/MD5:    95996 7e3c2aa190df5cfdb6cddc2d2ef88b8b

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.7-3ubuntu3.2.diff.gz
      Size/MD5:   125275 e9316af5b0d46add5e549b33a4bcb1b8
    http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.7-3ubuntu3.2.dsc
      Size/MD5:      738 a4b4807d1594af28ff5e4a0abef06492
    http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.7.orig.tar.gz
      Size/MD5:  1288569 c9918e9c9c95d587a95b455bbabe3b49

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas-doc_1.7-3ubuntu3.2_all.deb
      Size/MD5:   150638 187aa7c18e5eb18767a407e70dbdd890

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-3ubuntu3.2_amd64.deb
      Size/MD5:   537496 cf840b32a05e2e222d7b10f90bda7334
    http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-3ubuntu3.2_amd64.deb
      Size/MD5:    75578 16b0706a472e0609e05dce510f7f981b
    http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-3ubuntu3.2_amd64.deb
      Size/MD5:   529432 48d7008046fa99f8b554e5ab3932ba3e
    http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-3ubuntu3.2_amd64.deb
      Size/MD5:   104656 34c02a1947fb76d1fbe9710dd6df5116

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-3ubuntu3.2_i386.deb
      Size/MD5:   483858 4e614dce3393afa53f1fd4ebf38878a1
    http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-3ubuntu3.2_i386.deb
      Size/MD5:    70136 b66f4a7250047f1aee828a8b509fb3d3
    http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-3ubuntu3.2_i386.deb
      Size/MD5:   464304 d76701b80c524c9b1cf76e62665e416a
    http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-3ubuntu3.2_i386.deb
      Size/MD5:    92824 c238846647d5f2127a08c4c27bdca14f

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-3ubuntu3.2_powerpc.deb
      Size/MD5:   553162 d55bcbb414e5232358542fe2feb00f1d
    http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-3ubuntu3.2_powerpc.deb
      Size/MD5:    74974 1dcef91879ff0d615273c8469c5820e8
    http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-3ubuntu3.2_powerpc.deb
      Size/MD5:   529856 6acae7ef312e28c23265bc75862f5510
    http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-3ubuntu3.2_powerpc.deb
      Size/MD5:   102642 5e19cf9fe84b8dec4c86b8dc14abc715

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-3ubuntu3.2_sparc.deb
      Size/MD5:   495218 034c2f89030aaf0665595b77a238c621
    http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-3ubuntu3.2_sparc.deb
      Size/MD5:    70282 d486beda5c19b1fee14c34056771cdc3
    http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-3ubuntu3.2_sparc.deb
      Size/MD5:   470660 76d261ee5e688a40b8336c3564465064
    http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-3ubuntu3.2_sparc.deb
      Size/MD5:    96572 468b4ea95fbd35a756dd37209672c81a

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.8-2ubuntu0.1.diff.gz
      Size/MD5:   486360 6f70fb0b12d28fc4047bafab1f05ad4e
    http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.8-2ubuntu0.1.dsc
      Size/MD5:      741 f6364e27c83d39993587fa6df5d33fcf
    http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.8.orig.tar.gz
      Size/MD5:  1290578 7e5ecab75a48c75b0c6305fcced34a97

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas-doc_1.8-2ubuntu0.1_all.deb
      Size/MD5:   151512 47a5b58301b632434c20f7e676e2b8b8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.8-2ubuntu0.1_amd64.deb
      Size/MD5:   530554 95e890a585ccb1a5bf5f2f11c2a0f3f3
    http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.8-2ubuntu0.1_amd64.deb
      Size/MD5:    76418 b0cbe51548e3be240c8e28a79e3358e7
    http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.8-2ubuntu0.1_amd64.deb
      Size/MD5:   531858 6fb0694366e749673ef394cd6d8034fa
    http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.8-2ubuntu0.1_amd64.deb
      Size/MD5:   107686 86dcdb055ed7565066936ffe447c285f

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.8-2ubuntu0.1_i386.deb
      Size/MD5:   500982 b7f07eda337d5ca9d6b7a0e7f045c795
    http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.8-2ubuntu0.1_i386.deb
      Size/MD5:    73154 f2479e362021178cd58f32ee1e047b58
    http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.8-2ubuntu0.1_i386.deb
      Size/MD5:   491312 f692b013ec19670122bb0d08a85c73d2
    http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.8-2ubuntu0.1_i386.deb
      Size/MD5:    98656 60ee6df2b99ff93aab4f6f291d00f260

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.8-2ubuntu0.1_powerpc.deb
      Size/MD5:   554626 3f0e29a26c43ded0b67b08a326b377eb
    http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.8-2ubuntu0.1_powerpc.deb
      Size/MD5:    76554 9690b68e179d84688fd483983f8ad661
    http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.8-2ubuntu0.1_powerpc.deb
      Size/MD5:   540452 6e69ca01a4471838ee5dbdafd480e969
    http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.8-2ubuntu0.1_powerpc.deb
      Size/MD5:   107366 26369bf75e7292029a0fe138df14c251

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.8-2ubuntu0.1_sparc.deb
      Size/MD5:   492578 3005b9b8efce6ce23d88affd0080e5ae
    http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.8-2ubuntu0.1_sparc.deb
      Size/MD5:    71502 ff149d04c07b629e87826eeb5bc30750
    http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.8-2ubuntu0.1_sparc.deb
      Size/MD5:   477328 79742d8dfa73f401215bead40576e81c
    http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.8-2ubuntu0.1_sparc.deb
      Size/MD5:   100758 137f01e00b44096dfb33e13dd2fe584f


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ