[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20080109053838.GO17869@outflux.net>
Date: Tue, 8 Jan 2008 21:38:38 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-562-1] opal vulnerability
===========================================================
Ubuntu Security Notice USN-562-1 January 08, 2008
opal vulnerability
CVE-2007-4924
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libopal-2.2.0 2.2.1-1ubuntu1.1
Ubuntu 6.10:
libopal-2.2.0 2.2.3.dfsg-0ubuntu2.1
Ubuntu 7.04:
libopal-2.2.0 2.2.3.dfsg-2ubuntu2.1
After a standard system upgrade you need to restart your session to effect
the necessary changes.
Details follow:
Jose Miguel Esparza discovered that certain SIP headers were not correctly
validated. A remote attacker could send a specially crafted packet to
an application linked against opal (e.g. Ekiga) causing it to crash, leading
to a denial of service.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.1-1ubuntu1.1.diff.gz
Size/MD5: 11096 b4b07166b50466354a8924d710b025f3
http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.1-1ubuntu1.1.dsc
Size/MD5: 1070 5e38c929e92b70f9ef5adb379e6929f8
http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.1.orig.tar.gz
Size/MD5: 4144566 01b73a88d2d6419401ce456079da9015
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-doc_2.2.1-1ubuntu1.1_all.deb
Size/MD5: 8056090 5a0e5d81828f8e686dcd3d4ed71f4e6e
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.1-1ubuntu1.1_amd64.deb
Size/MD5: 3268152 6894adea417cca1c9a183eb09e03e1d9
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.1-1ubuntu1.1_amd64.deb
Size/MD5: 688128 30e8332cee33b8a28a538a353afa0c48
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.1-1ubuntu1.1_amd64.deb
Size/MD5: 488962 bdea241ba2c40bc55340c7ac56679669
http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.1-1ubuntu1.1_amd64.deb
Size/MD5: 107400 d1b07a8b04ee2a58dfda81ec77e27729
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.1-1ubuntu1.1_i386.deb
Size/MD5: 3012214 0767dbdce48daae6bd7eeb91d662ab1b
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.1-1ubuntu1.1_i386.deb
Size/MD5: 673982 052b5fb240d8c38636cf7192dca7cfac
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.1-1ubuntu1.1_i386.deb
Size/MD5: 488946 6753474950ff2f1b8755a9ae379ac9df
http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.1-1ubuntu1.1_i386.deb
Size/MD5: 105936 3745ad80eddc40fe702b7ecfe5cb1470
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.1-1ubuntu1.1_powerpc.deb
Size/MD5: 3088304 e6adec0b8b464760b544295425b7b494
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.1-1ubuntu1.1_powerpc.deb
Size/MD5: 686320 4c043e01d3f0fa42ee8f8f4796866436
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.1-1ubuntu1.1_powerpc.deb
Size/MD5: 488940 7eccb3f391205c28ed4b4f1523fbe367
http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.1-1ubuntu1.1_powerpc.deb
Size/MD5: 106844 55329249f59278b465226d6fc904a895
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.1-1ubuntu1.1_sparc.deb
Size/MD5: 3152776 c4470f1fedd707bddfabfebd9251c8ff
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.1-1ubuntu1.1_sparc.deb
Size/MD5: 690974 75f438123d1dbc1726967d02a1692be4
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.1-1ubuntu1.1_sparc.deb
Size/MD5: 488962 c23a127d94a671e685b6a07b78691e2f
http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.1-1ubuntu1.1_sparc.deb
Size/MD5: 104420 5278e79c1ecc8fd177699f12baec69bb
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.3.dfsg-0ubuntu2.1.diff.gz
Size/MD5: 14292 0db1d447c8665685f515e6cba72ab2ea
http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.3.dfsg-0ubuntu2.1.dsc
Size/MD5: 1090 13fb03b67ef3c7c60091f244032e3dac
http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.3.dfsg.orig.tar.gz
Size/MD5: 3997608 29066ddbe461be125e4e60b37f103239
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-doc_2.2.3.dfsg-0ubuntu2.1_all.deb
Size/MD5: 7903920 7b56b39dc1107ae12d9afd4976c7150b
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-0ubuntu2.1_amd64.deb
Size/MD5: 2944672 fb35c70fed70c3b2d59ef3468f24108c
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-0ubuntu2.1_amd64.deb
Size/MD5: 9538 66baa146670cfb77c70f235a0085b36d
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-0ubuntu2.1_amd64.deb
Size/MD5: 435490 8c99d8893d796ea9763e03419ed0de27
http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-0ubuntu2.1_amd64.deb
Size/MD5: 49536 95caa2f7ee0f2307efcd6f2e1284fc3a
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-0ubuntu2.1_i386.deb
Size/MD5: 2810080 97086a0cc8b9fdb5705c34d4d93c191f
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-0ubuntu2.1_i386.deb
Size/MD5: 9544 8923ac17f69f308cef14521ad7536817
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-0ubuntu2.1_i386.deb
Size/MD5: 435502 0fcc9b5d9b2b761a5faadc9cbd6ab631
http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-0ubuntu2.1_i386.deb
Size/MD5: 48984 c3c128ce190efaa9896541b45c2b55b6
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-0ubuntu2.1_powerpc.deb
Size/MD5: 2888534 b0d62b6cbc72c5a3afe47ce5663f7aa2
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-0ubuntu2.1_powerpc.deb
Size/MD5: 9540 70aee7d211494010d6764152c3ecf1b8
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-0ubuntu2.1_powerpc.deb
Size/MD5: 435504 46734f0e2e2f5b9126da85f8e3f7e743
http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-0ubuntu2.1_powerpc.deb
Size/MD5: 48896 9720814dc4d6015b8ad804e30696318d
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-0ubuntu2.1_sparc.deb
Size/MD5: 3124518 651bf36123395f9d124826ca7c1a050f
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-0ubuntu2.1_sparc.deb
Size/MD5: 9540 35a158ac5a170a005041c0381b3bb73c
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-0ubuntu2.1_sparc.deb
Size/MD5: 435484 7a4e45e296282d54f4723ea0c654495e
http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-0ubuntu2.1_sparc.deb
Size/MD5: 46740 e32b2e4ad3a919a68478700fe3d10a23
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.3.dfsg-2ubuntu2.1.diff.gz
Size/MD5: 25132 1fa21438372c7651ba02392c9aad1b4d
http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.3.dfsg-2ubuntu2.1.dsc
Size/MD5: 1178 36fc039c14064756fba29c0c8b01abc9
http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.3.dfsg.orig.tar.gz
Size/MD5: 3997608 29066ddbe461be125e4e60b37f103239
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-doc_2.2.3.dfsg-2ubuntu2.1_all.deb
Size/MD5: 7890546 37012a53b21133c92eb20194f2455541
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-2ubuntu2.1_amd64.deb
Size/MD5: 3113332 e29de0ddb690dd360389c0e2a40bddb8
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-2ubuntu2.1_amd64.deb
Size/MD5: 643418 23b86253db671b09a49169c14b640239
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-2ubuntu2.1_amd64.deb
Size/MD5: 448872 bf6977e923e71f2292352cec151524e3
http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-2ubuntu2.1_amd64.deb
Size/MD5: 64062 3c7fb4443a6722a1cea15a0f376e0f28
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-2ubuntu2.1_i386.deb
Size/MD5: 2985634 b436430981821e5509c918b81f761c50
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-2ubuntu2.1_i386.deb
Size/MD5: 628264 1ff7e87ba5ed04549d0fd6fe557f788c
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-2ubuntu2.1_i386.deb
Size/MD5: 448884 18a4c843fb9cee713bcc7a85392bad74
http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-2ubuntu2.1_i386.deb
Size/MD5: 63484 db2f76f304bae69df2107e94245759b9
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-2ubuntu2.1_powerpc.deb
Size/MD5: 3173122 b069bc945ffa6559491f327fc1e0e2ca
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-2ubuntu2.1_powerpc.deb
Size/MD5: 642632 fb77c05cc314f5adc6b059312b046b8f
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-2ubuntu2.1_powerpc.deb
Size/MD5: 448874 98405d8a3437dccf87dbd8fe380adcbd
http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-2ubuntu2.1_powerpc.deb
Size/MD5: 67956 0fef40743c604f29731766225ef1fbdc
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-2ubuntu2.1_sparc.deb
Size/MD5: 3317222 e57aaeda796c21177d158e2d1e1933a3
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-2ubuntu2.1_sparc.deb
Size/MD5: 646432 65757c6fae3a0c94b2b550a2ab2bf6ea
http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-2ubuntu2.1_sparc.deb
Size/MD5: 448874 eedc3b551d2a02fc32aede484d77a516
http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-2ubuntu2.1_sparc.deb
Size/MD5: 61864 a9d758067dff32251256b4c159ea173e
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists