[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070328055529.GE27744@outflux.net>
Date: Tue, 27 Mar 2007 22:55:29 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-446-1] NAS vulnerabilities
===========================================================
Ubuntu Security Notice USN-446-1 March 28, 2007
nas vulnerabilities
CVE-2007-1543, CVE-2007-1544, CVE-2007-1545, CVE-2007-1546, CVE-2007-1547
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.10:
nas 1.7-2ubuntu2.1
Ubuntu 6.06 LTS:
nas 1.7-3ubuntu3.2
Ubuntu 6.10:
nas 1.8-2ubuntu0.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Luigi Auriemma discovered multiple flaws in the Network Audio System
server. Remote attackers could send specially crafted network requests
that could lead to a denial of service or execution of arbitrary code.
Note that default Ubuntu installs do not include the NAS server.
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.7-2ubuntu2.1.diff.gz
Size/MD5: 124147 332f758365415875e2fad07237f9278c
http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.7-2ubuntu2.1.dsc
Size/MD5: 730 ee6f6df697aec1ec7a29d47f6c9a51e6
http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.7.orig.tar.gz
Size/MD5: 1288569 c9918e9c9c95d587a95b455bbabe3b49
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas-doc_1.7-2ubuntu2.1_all.deb
Size/MD5: 150542 ae7b918f6a06202e697059870461e187
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-2ubuntu2.1_amd64.deb
Size/MD5: 540818 c8fa856d7349f9e12534e3d709b6ba07
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-2ubuntu2.1_amd64.deb
Size/MD5: 75436 a5e2e99650cae805190432b3c2114b0a
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-2ubuntu2.1_amd64.deb
Size/MD5: 529074 4fc9011d47a586d02750bcd9ad84cdb8
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-2ubuntu2.1_amd64.deb
Size/MD5: 103706 e17e40e6e65bccdc622b6d2be87fcc9b
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-2ubuntu2.1_i386.deb
Size/MD5: 486146 e1f56f4633c4add7c8e4b76cc2e81196
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-2ubuntu2.1_i386.deb
Size/MD5: 70132 5664d1a64bdd73ffdeaa0127eec445c5
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-2ubuntu2.1_i386.deb
Size/MD5: 464716 365ea3a2a6bd9a098c3c97d3150b28ca
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-2ubuntu2.1_i386.deb
Size/MD5: 91842 c24df4f0fffa84da67e7c8a40031dc0d
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-2ubuntu2.1_powerpc.deb
Size/MD5: 553780 f5414461809394dafbb5ec087a49e1e6
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-2ubuntu2.1_powerpc.deb
Size/MD5: 74904 f354c5adcaf9458f4407007b32374b0c
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-2ubuntu2.1_powerpc.deb
Size/MD5: 531104 c60b5d7bf26c6783b9c666ee2c80fcaa
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-2ubuntu2.1_powerpc.deb
Size/MD5: 101502 9414403556f37f361431706d25a53322
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-2ubuntu2.1_sparc.deb
Size/MD5: 500100 322f31a7d9f6ffd85256d79f9cfbdb73
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-2ubuntu2.1_sparc.deb
Size/MD5: 70350 d21dc792aa7c05411bea50cc1ce11c17
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-2ubuntu2.1_sparc.deb
Size/MD5: 473872 d6dfb963b07fecec31a46f6fa5013f79
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-2ubuntu2.1_sparc.deb
Size/MD5: 95996 7e3c2aa190df5cfdb6cddc2d2ef88b8b
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.7-3ubuntu3.2.diff.gz
Size/MD5: 125275 e9316af5b0d46add5e549b33a4bcb1b8
http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.7-3ubuntu3.2.dsc
Size/MD5: 738 a4b4807d1594af28ff5e4a0abef06492
http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.7.orig.tar.gz
Size/MD5: 1288569 c9918e9c9c95d587a95b455bbabe3b49
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas-doc_1.7-3ubuntu3.2_all.deb
Size/MD5: 150638 187aa7c18e5eb18767a407e70dbdd890
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-3ubuntu3.2_amd64.deb
Size/MD5: 537496 cf840b32a05e2e222d7b10f90bda7334
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-3ubuntu3.2_amd64.deb
Size/MD5: 75578 16b0706a472e0609e05dce510f7f981b
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-3ubuntu3.2_amd64.deb
Size/MD5: 529432 48d7008046fa99f8b554e5ab3932ba3e
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-3ubuntu3.2_amd64.deb
Size/MD5: 104656 34c02a1947fb76d1fbe9710dd6df5116
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-3ubuntu3.2_i386.deb
Size/MD5: 483858 4e614dce3393afa53f1fd4ebf38878a1
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-3ubuntu3.2_i386.deb
Size/MD5: 70136 b66f4a7250047f1aee828a8b509fb3d3
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-3ubuntu3.2_i386.deb
Size/MD5: 464304 d76701b80c524c9b1cf76e62665e416a
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-3ubuntu3.2_i386.deb
Size/MD5: 92824 c238846647d5f2127a08c4c27bdca14f
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-3ubuntu3.2_powerpc.deb
Size/MD5: 553162 d55bcbb414e5232358542fe2feb00f1d
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-3ubuntu3.2_powerpc.deb
Size/MD5: 74974 1dcef91879ff0d615273c8469c5820e8
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-3ubuntu3.2_powerpc.deb
Size/MD5: 529856 6acae7ef312e28c23265bc75862f5510
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-3ubuntu3.2_powerpc.deb
Size/MD5: 102642 5e19cf9fe84b8dec4c86b8dc14abc715
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-3ubuntu3.2_sparc.deb
Size/MD5: 495218 034c2f89030aaf0665595b77a238c621
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-3ubuntu3.2_sparc.deb
Size/MD5: 70282 d486beda5c19b1fee14c34056771cdc3
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-3ubuntu3.2_sparc.deb
Size/MD5: 470660 76d261ee5e688a40b8336c3564465064
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-3ubuntu3.2_sparc.deb
Size/MD5: 96572 468b4ea95fbd35a756dd37209672c81a
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.8-2ubuntu0.1.diff.gz
Size/MD5: 486360 6f70fb0b12d28fc4047bafab1f05ad4e
http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.8-2ubuntu0.1.dsc
Size/MD5: 741 f6364e27c83d39993587fa6df5d33fcf
http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.8.orig.tar.gz
Size/MD5: 1290578 7e5ecab75a48c75b0c6305fcced34a97
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas-doc_1.8-2ubuntu0.1_all.deb
Size/MD5: 151512 47a5b58301b632434c20f7e676e2b8b8
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.8-2ubuntu0.1_amd64.deb
Size/MD5: 530554 95e890a585ccb1a5bf5f2f11c2a0f3f3
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.8-2ubuntu0.1_amd64.deb
Size/MD5: 76418 b0cbe51548e3be240c8e28a79e3358e7
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.8-2ubuntu0.1_amd64.deb
Size/MD5: 531858 6fb0694366e749673ef394cd6d8034fa
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.8-2ubuntu0.1_amd64.deb
Size/MD5: 107686 86dcdb055ed7565066936ffe447c285f
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.8-2ubuntu0.1_i386.deb
Size/MD5: 500982 b7f07eda337d5ca9d6b7a0e7f045c795
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.8-2ubuntu0.1_i386.deb
Size/MD5: 73154 f2479e362021178cd58f32ee1e047b58
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.8-2ubuntu0.1_i386.deb
Size/MD5: 491312 f692b013ec19670122bb0d08a85c73d2
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.8-2ubuntu0.1_i386.deb
Size/MD5: 98656 60ee6df2b99ff93aab4f6f291d00f260
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.8-2ubuntu0.1_powerpc.deb
Size/MD5: 554626 3f0e29a26c43ded0b67b08a326b377eb
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.8-2ubuntu0.1_powerpc.deb
Size/MD5: 76554 9690b68e179d84688fd483983f8ad661
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.8-2ubuntu0.1_powerpc.deb
Size/MD5: 540452 6e69ca01a4471838ee5dbdafd480e969
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.8-2ubuntu0.1_powerpc.deb
Size/MD5: 107366 26369bf75e7292029a0fe138df14c251
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.8-2ubuntu0.1_sparc.deb
Size/MD5: 492578 3005b9b8efce6ce23d88affd0080e5ae
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.8-2ubuntu0.1_sparc.deb
Size/MD5: 71502 ff149d04c07b629e87826eeb5bc30750
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.8-2ubuntu0.1_sparc.deb
Size/MD5: 477328 79742d8dfa73f401215bead40576e81c
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.8-2ubuntu0.1_sparc.deb
Size/MD5: 100758 137f01e00b44096dfb33e13dd2fe584f
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists