lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20080109053838.GO17869@outflux.net>
Date: Tue, 8 Jan 2008 21:38:38 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-562-1] opal vulnerability

=========================================================== 
Ubuntu Security Notice USN-562-1           January 08, 2008
opal vulnerability
CVE-2007-4924
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libopal-2.2.0                   2.2.1-1ubuntu1.1

Ubuntu 6.10:
  libopal-2.2.0                   2.2.3.dfsg-0ubuntu2.1

Ubuntu 7.04:
  libopal-2.2.0                   2.2.3.dfsg-2ubuntu2.1

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

Jose Miguel Esparza discovered that certain SIP headers were not correctly
validated.  A remote attacker could send a specially crafted packet to
an application linked against opal (e.g. Ekiga) causing it to crash, leading
to a denial of service.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.1-1ubuntu1.1.diff.gz
      Size/MD5:    11096 b4b07166b50466354a8924d710b025f3
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.1-1ubuntu1.1.dsc
      Size/MD5:     1070 5e38c929e92b70f9ef5adb379e6929f8
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.1.orig.tar.gz
      Size/MD5:  4144566 01b73a88d2d6419401ce456079da9015

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-doc_2.2.1-1ubuntu1.1_all.deb
      Size/MD5:  8056090 5a0e5d81828f8e686dcd3d4ed71f4e6e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.1-1ubuntu1.1_amd64.deb
      Size/MD5:  3268152 6894adea417cca1c9a183eb09e03e1d9
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.1-1ubuntu1.1_amd64.deb
      Size/MD5:   688128 30e8332cee33b8a28a538a353afa0c48
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.1-1ubuntu1.1_amd64.deb
      Size/MD5:   488962 bdea241ba2c40bc55340c7ac56679669
    http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.1-1ubuntu1.1_amd64.deb
      Size/MD5:   107400 d1b07a8b04ee2a58dfda81ec77e27729

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.1-1ubuntu1.1_i386.deb
      Size/MD5:  3012214 0767dbdce48daae6bd7eeb91d662ab1b
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.1-1ubuntu1.1_i386.deb
      Size/MD5:   673982 052b5fb240d8c38636cf7192dca7cfac
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.1-1ubuntu1.1_i386.deb
      Size/MD5:   488946 6753474950ff2f1b8755a9ae379ac9df
    http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.1-1ubuntu1.1_i386.deb
      Size/MD5:   105936 3745ad80eddc40fe702b7ecfe5cb1470

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.1-1ubuntu1.1_powerpc.deb
      Size/MD5:  3088304 e6adec0b8b464760b544295425b7b494
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.1-1ubuntu1.1_powerpc.deb
      Size/MD5:   686320 4c043e01d3f0fa42ee8f8f4796866436
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.1-1ubuntu1.1_powerpc.deb
      Size/MD5:   488940 7eccb3f391205c28ed4b4f1523fbe367
    http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.1-1ubuntu1.1_powerpc.deb
      Size/MD5:   106844 55329249f59278b465226d6fc904a895

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.1-1ubuntu1.1_sparc.deb
      Size/MD5:  3152776 c4470f1fedd707bddfabfebd9251c8ff
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.1-1ubuntu1.1_sparc.deb
      Size/MD5:   690974 75f438123d1dbc1726967d02a1692be4
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.1-1ubuntu1.1_sparc.deb
      Size/MD5:   488962 c23a127d94a671e685b6a07b78691e2f
    http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.1-1ubuntu1.1_sparc.deb
      Size/MD5:   104420 5278e79c1ecc8fd177699f12baec69bb

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.3.dfsg-0ubuntu2.1.diff.gz
      Size/MD5:    14292 0db1d447c8665685f515e6cba72ab2ea
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.3.dfsg-0ubuntu2.1.dsc
      Size/MD5:     1090 13fb03b67ef3c7c60091f244032e3dac
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.3.dfsg.orig.tar.gz
      Size/MD5:  3997608 29066ddbe461be125e4e60b37f103239

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-doc_2.2.3.dfsg-0ubuntu2.1_all.deb
      Size/MD5:  7903920 7b56b39dc1107ae12d9afd4976c7150b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-0ubuntu2.1_amd64.deb
      Size/MD5:  2944672 fb35c70fed70c3b2d59ef3468f24108c
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-0ubuntu2.1_amd64.deb
      Size/MD5:     9538 66baa146670cfb77c70f235a0085b36d
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-0ubuntu2.1_amd64.deb
      Size/MD5:   435490 8c99d8893d796ea9763e03419ed0de27
    http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-0ubuntu2.1_amd64.deb
      Size/MD5:    49536 95caa2f7ee0f2307efcd6f2e1284fc3a

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-0ubuntu2.1_i386.deb
      Size/MD5:  2810080 97086a0cc8b9fdb5705c34d4d93c191f
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-0ubuntu2.1_i386.deb
      Size/MD5:     9544 8923ac17f69f308cef14521ad7536817
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-0ubuntu2.1_i386.deb
      Size/MD5:   435502 0fcc9b5d9b2b761a5faadc9cbd6ab631
    http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-0ubuntu2.1_i386.deb
      Size/MD5:    48984 c3c128ce190efaa9896541b45c2b55b6

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-0ubuntu2.1_powerpc.deb
      Size/MD5:  2888534 b0d62b6cbc72c5a3afe47ce5663f7aa2
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-0ubuntu2.1_powerpc.deb
      Size/MD5:     9540 70aee7d211494010d6764152c3ecf1b8
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-0ubuntu2.1_powerpc.deb
      Size/MD5:   435504 46734f0e2e2f5b9126da85f8e3f7e743
    http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-0ubuntu2.1_powerpc.deb
      Size/MD5:    48896 9720814dc4d6015b8ad804e30696318d

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-0ubuntu2.1_sparc.deb
      Size/MD5:  3124518 651bf36123395f9d124826ca7c1a050f
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-0ubuntu2.1_sparc.deb
      Size/MD5:     9540 35a158ac5a170a005041c0381b3bb73c
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-0ubuntu2.1_sparc.deb
      Size/MD5:   435484 7a4e45e296282d54f4723ea0c654495e
    http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-0ubuntu2.1_sparc.deb
      Size/MD5:    46740 e32b2e4ad3a919a68478700fe3d10a23

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.3.dfsg-2ubuntu2.1.diff.gz
      Size/MD5:    25132 1fa21438372c7651ba02392c9aad1b4d
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.3.dfsg-2ubuntu2.1.dsc
      Size/MD5:     1178 36fc039c14064756fba29c0c8b01abc9
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.3.dfsg.orig.tar.gz
      Size/MD5:  3997608 29066ddbe461be125e4e60b37f103239

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-doc_2.2.3.dfsg-2ubuntu2.1_all.deb
      Size/MD5:  7890546 37012a53b21133c92eb20194f2455541

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-2ubuntu2.1_amd64.deb
      Size/MD5:  3113332 e29de0ddb690dd360389c0e2a40bddb8
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-2ubuntu2.1_amd64.deb
      Size/MD5:   643418 23b86253db671b09a49169c14b640239
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-2ubuntu2.1_amd64.deb
      Size/MD5:   448872 bf6977e923e71f2292352cec151524e3
    http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-2ubuntu2.1_amd64.deb
      Size/MD5:    64062 3c7fb4443a6722a1cea15a0f376e0f28

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-2ubuntu2.1_i386.deb
      Size/MD5:  2985634 b436430981821e5509c918b81f761c50
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-2ubuntu2.1_i386.deb
      Size/MD5:   628264 1ff7e87ba5ed04549d0fd6fe557f788c
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-2ubuntu2.1_i386.deb
      Size/MD5:   448884 18a4c843fb9cee713bcc7a85392bad74
    http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-2ubuntu2.1_i386.deb
      Size/MD5:    63484 db2f76f304bae69df2107e94245759b9

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-2ubuntu2.1_powerpc.deb
      Size/MD5:  3173122 b069bc945ffa6559491f327fc1e0e2ca
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-2ubuntu2.1_powerpc.deb
      Size/MD5:   642632 fb77c05cc314f5adc6b059312b046b8f
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-2ubuntu2.1_powerpc.deb
      Size/MD5:   448874 98405d8a3437dccf87dbd8fe380adcbd
    http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-2ubuntu2.1_powerpc.deb
      Size/MD5:    67956 0fef40743c604f29731766225ef1fbdc

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-2ubuntu2.1_sparc.deb
      Size/MD5:  3317222 e57aaeda796c21177d158e2d1e1933a3
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-2ubuntu2.1_sparc.deb
      Size/MD5:   646432 65757c6fae3a0c94b2b550a2ab2bf6ea
    http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-2ubuntu2.1_sparc.deb
      Size/MD5:   448874 eedc3b551d2a02fc32aede484d77a516
    http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-2ubuntu2.1_sparc.deb
      Size/MD5:    61864 a9d758067dff32251256b4c159ea173e


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ