| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070830000506.GS30545@outflux.net>
Date: Wed, 29 Aug 2007 17:05:07 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-507-1] tcp-wrappers vulnerability
===========================================================
Ubuntu Security Notice USN-507-1 August 30, 2007
tcp-wrappers vulnerability
https://launchpad.net/bugs/135332
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 7.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 7.04:
libwrap0 7.6.dbs-11ubuntu0.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that the TCP wrapper library was incorrectly allowing
connections to services that did not specify server-side connection
details. Remote attackers could connect to services that had been
configured to block such connections. This only affected Ubuntu Feisty.
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcp-wrappers_7.6.dbs-11ubuntu0.1.diff.gz
Size/MD5: 51563 a66ffe0947add0d626dc9d813298c931
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcp-wrappers_7.6.dbs-11ubuntu0.1.dsc
Size/MD5: 784 4430f26d95e93408a174206b2da912d2
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcp-wrappers_7.6.dbs.orig.tar.gz
Size/MD5: 99548 3a8f32fa7a030d84c7260578ffb46c29
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0-dev_7.6.dbs-11ubuntu0.1_amd64.deb
Size/MD5: 37234 297a97e32256bfd222a08b7a249fca50
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0_7.6.dbs-11ubuntu0.1_amd64.deb
Size/MD5: 30876 81ab1ff3bc887cba421857b92599f064
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcpd_7.6.dbs-11ubuntu0.1_amd64.deb
Size/MD5: 80144 c502d7ca97203abef9d8468ae14a2751
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0-dev_7.6.dbs-11ubuntu0.1_i386.deb
Size/MD5: 34432 64f1a0e9d0dc0dd2eae5af32d35e8a2b
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0_7.6.dbs-11ubuntu0.1_i386.deb
Size/MD5: 29374 31f7af2847ae763f268c0f3a4c683335
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcpd_7.6.dbs-11ubuntu0.1_i386.deb
Size/MD5: 78086 8ee708787754927c56bed98631cc739c
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0-dev_7.6.dbs-11ubuntu0.1_powerpc.deb
Size/MD5: 37028 62d8517de1af829ebd5baf0cc39d2cbb
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0_7.6.dbs-11ubuntu0.1_powerpc.deb
Size/MD5: 32804 0cc1db9a4c4f5577a99e887d8094c86a
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcpd_7.6.dbs-11ubuntu0.1_powerpc.deb
Size/MD5: 87362 54d419fa50c66cad5c04ad2ca3ed4163
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0-dev_7.6.dbs-11ubuntu0.1_sparc.deb
Size/MD5: 35094 e400ccb9a4c8f78c1e451d5a3602958f
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0_7.6.dbs-11ubuntu0.1_sparc.deb
Size/MD5: 28856 abe647adb76cba044f17786e028da758
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcpd_7.6.dbs-11ubuntu0.1_sparc.deb
Size/MD5: 79062 e6e97f4e4e585dfaef10f08a1608952b
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists