[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070507145929.GL20826@outflux.net>
Date: Mon, 7 May 2007 07:59:29 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-457-1] elinks vulnerability
===========================================================
Ubuntu Security Notice USN-457-1 May 07, 2007
elinks vulnerability
CVE-2007-2027
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
elinks 0.10.6-1ubuntu3.1
Ubuntu 6.10:
elinks 0.11.1-1ubuntu2.1
Ubuntu 7.04:
elinks 0.11.1-1.2ubuntu2.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Arnaud Giersch discovered that elinks incorrectly attempted to load
gettext catalogs from a relative path. If a user were tricked into
running elinks from a specific directory, a local attacker could execute
code with user privileges.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ubuntu3.1.diff.gz
Size/MD5: 28603 0b577b8bc6a3103935c52313a495a954
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ubuntu3.1.dsc
Size/MD5: 738 0346748aaf2922418ec4dfe02e05c402
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6.orig.tar.gz
Size/MD5: 3651428 0243203b9e54cf0cf002fca31244ce79
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.10.6-1ubuntu3.1_amd64.deb
Size/MD5: 732216 d65ba4e4120fd88105adbc628a035a6f
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ubuntu3.1_amd64.deb
Size/MD5: 906586 c3e80e8bd41f6d80c808042ed5cc1dbe
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.10.6-1ubuntu3.1_i386.deb
Size/MD5: 682826 3b0209a4be268773185eef2d84c9e5b8
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ubuntu3.1_i386.deb
Size/MD5: 845256 8ff10117a0c6db4c2ef0eab9b3bf5d12
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.10.6-1ubuntu3.1_powerpc.deb
Size/MD5: 720792 e7a37e565245b54369375f92ed27ffb6
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ubuntu3.1_powerpc.deb
Size/MD5: 889754 d52e3c0396583d7cbeae247a38103bf7
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.10.6-1ubuntu3.1_sparc.deb
Size/MD5: 697444 f772ddcb471071477319b3b215608761
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ubuntu3.1_sparc.deb
Size/MD5: 862440 0068be4d0c31e5c2ff9f46b8a6be801d
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ubuntu2.1.diff.gz
Size/MD5: 28019 0d1b17d1b227466a560b0339df296dbc
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ubuntu2.1.dsc
Size/MD5: 747 1e2a390cbc0823d457526485d1ca6ea5
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1.orig.tar.gz
Size/MD5: 3863617 dce0fa7cb2b6e7194ddd00e34825218b
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.11.1-1ubuntu2.1_amd64.deb
Size/MD5: 460190 b950f302e8d80c25a65d6a089f3decd1
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ubuntu2.1_amd64.deb
Size/MD5: 663668 de6d149b63992cb82358dd6fa4af10fe
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.11.1-1ubuntu2.1_i386.deb
Size/MD5: 418540 c1fa34ff7a666af59c870cf6f97630e3
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ubuntu2.1_i386.deb
Size/MD5: 621394 84a5bb5d26fada7ee6b9339e0b482895
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.11.1-1ubuntu2.1_powerpc.deb
Size/MD5: 453056 26a74199993524ba5e340327eed6b614
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ubuntu2.1_powerpc.deb
Size/MD5: 656246 3f9124e00688cca093ac6c8774d5e435
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.11.1-1ubuntu2.1_sparc.deb
Size/MD5: 420584 74fb042c9fad6c10a9a3e2f6319b6b2e
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ubuntu2.1_sparc.deb
Size/MD5: 622998 0bc6cf62c301a3604650c43a79710af9
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1.2ubuntu2.1.diff.gz
Size/MD5: 28210 bbeba395c87822c7321705240db4111f
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1.2ubuntu2.1.dsc
Size/MD5: 835 1ea4932dbbca4cc35be5c09c4c30b4a5
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1.orig.tar.gz
Size/MD5: 3863617 dce0fa7cb2b6e7194ddd00e34825218b
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.11.1-1.2ubuntu2.1_amd64.deb
Size/MD5: 468628 6708c389f70a0357d98bb8cef8aa9a21
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1.2ubuntu2.1_amd64.deb
Size/MD5: 667030 96db4f0809720d771667ccf46ab560bf
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.11.1-1.2ubuntu2.1_i386.deb
Size/MD5: 424988 7935559185262ef203ae0fea05b938bd
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1.2ubuntu2.1_i386.deb
Size/MD5: 625330 d67339cc55560497dd7c1d0d65d5c970
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.11.1-1.2ubuntu2.1_powerpc.deb
Size/MD5: 462868 4335d0429e367f8910f475af2d851b2a
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1.2ubuntu2.1_powerpc.deb
Size/MD5: 665126 e6be8d6ccfe1505991c1b83f10554b48
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.11.1-1.2ubuntu2.1_sparc.deb
Size/MD5: 429848 b99d4994ed4b9617ba2c7340e09e5cb1
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1.2ubuntu2.1_sparc.deb
Size/MD5: 630918 a40bbdb9d05e26f291d7c85b7e9a0d8f
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists