[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20080324204717.GO22504@outflux.net>
Date: Mon, 24 Mar 2008 13:47:17 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-590-1] bzip2 vulnerability
===========================================================
Ubuntu Security Notice USN-590-1 March 24, 2008
bzip2 vulnerability
CVE-2008-1372
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libbz2-1.0 1.0.3-0ubuntu2.1
Ubuntu 6.10:
libbz2-1.0 1.0.3-3ubuntu0.1
Ubuntu 7.04:
libbz2-1.0 1.0.3-6ubuntu0.1
Ubuntu 7.10:
libbz2-1.0 1.0.4-0ubuntu2.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that bzip2 did not correctly handle certain malformed
archives. If a user or automated system were tricked into processing
a specially crafted bzip2 archive, applications linked against libbz2
could be made to crash, possibly leading to a denial of service.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-0ubuntu2.1.diff.gz
Size/MD5: 72067 9b73f1a1cbea8f8e7dfba9b0cd358bf3
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-0ubuntu2.1.dsc
Size/MD5: 833 180fa43bfd8645b2a0c353b8927961c4
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3.orig.tar.gz
Size/MD5: 669075 8a716bebecb6e647d2e8a29ea5d8447f
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-0ubuntu2.1_amd64.deb
Size/MD5: 268000 b9532e26529bda8991e97cd819544aba
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib32bz2-1.0_1.0.3-0ubuntu2.1_amd64.deb
Size/MD5: 38388 baf7e58f129b30288d0cf1f76df39255
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib32bz2-dev_1.0.3-0ubuntu2.1_amd64.deb
Size/MD5: 30688 1c98274562642c9a3dee9bb91c070b5a
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.3-0ubuntu2.1_amd64.deb
Size/MD5: 40978 b904382cd76c9ffcd0dc92a5c3219a1a
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.3-0ubuntu2.1_amd64.deb
Size/MD5: 32500 f6bf61f94fc0b4351fd79532df9025b1
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-0ubuntu2.1_i386.deb
Size/MD5: 265034 71b410100340e0df581c1dd8b5dfe316
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-1.0_1.0.3-0ubuntu2.1_i386.deb
Size/MD5: 35690 ad14744ff24eb1decb20995a7a9bbeb1
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-dev_1.0.3-0ubuntu2.1_i386.deb
Size/MD5: 29518 a835eb9af19b2c045393c8c4c483f51c
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.3-0ubuntu2.1_i386.deb
Size/MD5: 43012 4407f311343b9ca791aabf98bfdcd751
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.3-0ubuntu2.1_i386.deb
Size/MD5: 32564 1b4dbd9a480cf4515cd7a7b64e1c215b
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-0ubuntu2.1_powerpc.deb
Size/MD5: 268616 c397d3782a2b937a84f05d39bbe0666d
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-1.0_1.0.3-0ubuntu2.1_powerpc.deb
Size/MD5: 39518 5dc92398adb2a55977e4aa395062deac
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-dev_1.0.3-0ubuntu2.1_powerpc.deb
Size/MD5: 33064 d8d02ff467de3cb1aa966d01d55bff63
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.3-0ubuntu2.1_powerpc.deb
Size/MD5: 43586 2c0696f8499181a13ca2c4a019972b9f
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.3-0ubuntu2.1_powerpc.deb
Size/MD5: 33864 60dde6ba6b87d7bb261e04dfe1a89560
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-0ubuntu2.1_sparc.deb
Size/MD5: 266558 69f664880f5c2d982a7906c21d01b60d
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-1.0_1.0.3-0ubuntu2.1_sparc.deb
Size/MD5: 37524 1cc8f48aa7130c5d6523aa9be202b1d5
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-dev_1.0.3-0ubuntu2.1_sparc.deb
Size/MD5: 31480 9a826b5230f20fe079150562ab96d427
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.3-0ubuntu2.1_sparc.deb
Size/MD5: 40510 3a5787038eb631638918245f0ecb0460
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.3-0ubuntu2.1_sparc.deb
Size/MD5: 32010 7a05d5fe1e1b4a90dfef111e01e6c661
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-3ubuntu0.1.diff.gz
Size/MD5: 72910 f0ee43d65ceafedcfb89e84d7a6a84b5
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-3ubuntu0.1.dsc
Size/MD5: 887 6dbabc13e388138fc8bd271f7c521218
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3.orig.tar.gz
Size/MD5: 669075 8a716bebecb6e647d2e8a29ea5d8447f
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-3ubuntu0.1_amd64.deb
Size/MD5: 268466 ba96d43b05d0f4d70d0693b8ec6dc45a
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib32bz2-1.0_1.0.3-3ubuntu0.1_amd64.deb
Size/MD5: 36484 54ac11540a1f9ebeb2e8207581565b27
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib32bz2-dev_1.0.3-3ubuntu0.1_amd64.deb
Size/MD5: 29258 61502f1c1dd54ece6a210c4a27aa841f
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.3-3ubuntu0.1_amd64.deb
Size/MD5: 41320 ec4c49a63283a2ce8961549ef884b32c
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.3-3ubuntu0.1_amd64.deb
Size/MD5: 32404 884923c398c46a105597a07231e40dfc
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-3ubuntu0.1_i386.deb
Size/MD5: 265994 2cf7a465438cba563663bac727eb0171
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-1.0_1.0.3-3ubuntu0.1_i386.deb
Size/MD5: 35976 be6b7111e0b6ab34d4f59fd3c3ef79c2
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-dev_1.0.3-3ubuntu0.1_i386.deb
Size/MD5: 29390 996172c9d38f0f74eb9b7636cb50e4a9
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.3-3ubuntu0.1_i386.deb
Size/MD5: 41724 5eb28101d70842d52add63c4ded3a78b
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.3-3ubuntu0.1_i386.deb
Size/MD5: 32130 6669754e7924ae13e0c78549585dab68
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-3ubuntu0.1_powerpc.deb
Size/MD5: 269554 dce122e34946819b3aca55663958689e
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-1.0_1.0.3-3ubuntu0.1_powerpc.deb
Size/MD5: 41886 80c1da7a792929a6a2f913a79d07e871
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-dev_1.0.3-3ubuntu0.1_powerpc.deb
Size/MD5: 34972 2f7ebbbcc7b471a6521989acca861c23
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.3-3ubuntu0.1_powerpc.deb
Size/MD5: 45914 61ee3716c49ef08178b99228a00660d7
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.3-3ubuntu0.1_powerpc.deb
Size/MD5: 35752 b21e379f844f57083ec6fa72b4f21926
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-3ubuntu0.1_sparc.deb
Size/MD5: 267394 3248ae0bb35ad6d238df41eb18d5631b
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-1.0_1.0.3-3ubuntu0.1_sparc.deb
Size/MD5: 40442 2c936325437b86c1cffed94af70b5967
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-dev_1.0.3-3ubuntu0.1_sparc.deb
Size/MD5: 33844 b20b3fa3e3272b6dfd8e81cd01d1376e
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.3-3ubuntu0.1_sparc.deb
Size/MD5: 41908 cae6101436671a4ec22079d19c5073f3
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.3-3ubuntu0.1_sparc.deb
Size/MD5: 33130 97a7d92dc65a87ab27fd35148ef2b601
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-6ubuntu0.1.diff.gz
Size/MD5: 73260 fd44facd77b9d5c8ee403c87956959d3
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-6ubuntu0.1.dsc
Size/MD5: 998 a0e1544931745cc9219b440f5a50ed33
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3.orig.tar.gz
Size/MD5: 669075 8a716bebecb6e647d2e8a29ea5d8447f
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-6ubuntu0.1_amd64.deb
Size/MD5: 269010 7fd27a00599be078eaa69431b3427614
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib32bz2-1.0_1.0.3-6ubuntu0.1_amd64.deb
Size/MD5: 37204 a302c00544f28f77748248d2947967e3
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib32bz2-dev_1.0.3-6ubuntu0.1_amd64.deb
Size/MD5: 29296 1291a663855bfca22a9a7730a6445982
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.3-6ubuntu0.1_amd64.deb
Size/MD5: 41938 53509b290d6b38e9fd1ce3c70e5815ef
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.3-6ubuntu0.1_amd64.deb
Size/MD5: 32416 7242fc55f28d1c7982a22e6797e29642
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-6ubuntu0.1_i386.deb
Size/MD5: 266466 29d5d61cc8ec2d32b84475e5624a5e1e
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-1.0_1.0.3-6ubuntu0.1_i386.deb
Size/MD5: 36576 f850663d1ae752357646bbe40b049f8c
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-dev_1.0.3-6ubuntu0.1_i386.deb
Size/MD5: 29392 b447037b639fd00b97c2c9caae277da3
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.3-6ubuntu0.1_i386.deb
Size/MD5: 42306 8f14ca607c277581f7b3ae84b4716ab4
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.3-6ubuntu0.1_i386.deb
Size/MD5: 32098 db5b00b2ca199be08e13a306803b91c2
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-6ubuntu0.1_powerpc.deb
Size/MD5: 271630 86e6f57b81c780aee0b2bd91e5429e10
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-1.0_1.0.3-6ubuntu0.1_powerpc.deb
Size/MD5: 42422 f75ff05ab027e94f0a24fbd7634f4a57
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-dev_1.0.3-6ubuntu0.1_powerpc.deb
Size/MD5: 34918 8d5a7b0b94806d8e405a03a92d61f68d
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.3-6ubuntu0.1_powerpc.deb
Size/MD5: 47436 2e371d647ff08833e0108718e7a216e5
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.3-6ubuntu0.1_powerpc.deb
Size/MD5: 35706 0bdaa4e65a73f0b2b54a54847e69d734
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-6ubuntu0.1_sparc.deb
Size/MD5: 268298 16d932810a4f43245341394cedb3a99c
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-1.0_1.0.3-6ubuntu0.1_sparc.deb
Size/MD5: 41354 cb83e7203ce37dbd8b26de9533e5acbb
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-dev_1.0.3-6ubuntu0.1_sparc.deb
Size/MD5: 33992 754e583ecd06426b9a7ceb64e0c8454b
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.3-6ubuntu0.1_sparc.deb
Size/MD5: 42488 a7aa7db5f92553b7cfc386e62a408f5a
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.3-6ubuntu0.1_sparc.deb
Size/MD5: 32994 56b05fbc008a7e8c07d96eca551d3688
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.4-0ubuntu2.1.diff.gz
Size/MD5: 72929 d71a1950e9b6665ca07da25d3e70d377
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.4-0ubuntu2.1.dsc
Size/MD5: 941 d5800a50a383b6643ffc1f394c6130bc
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.4.orig.tar.gz
Size/MD5: 841221 fc310b254f6ba5fbb5da018f04533688
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2-doc_1.0.4-0ubuntu2.1_all.deb
Size/MD5: 327412 cba2f8043e206d019796dfc9083a57d4
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.4-0ubuntu2.1_amd64.deb
Size/MD5: 46802 ed4ea9c52fa96cae4ef7acf6a6f60a23
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib32bz2-1.0_1.0.4-0ubuntu2.1_amd64.deb
Size/MD5: 37354 adffef220c30bd947f7784c897dd2e79
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib32bz2-dev_1.0.4-0ubuntu2.1_amd64.deb
Size/MD5: 29040 4886f1c7781b656bbbc4955a7e191a44
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.4-0ubuntu2.1_amd64.deb
Size/MD5: 42808 289a6459e679b9c53249d7d47e7effd7
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.4-0ubuntu2.1_amd64.deb
Size/MD5: 31674 7e831b49cf92a1f7e60cefb1c50a88ae
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.4-0ubuntu2.1_i386.deb
Size/MD5: 44742 e2f6842369c8bbe0388d43d282abdd30
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-1.0_1.0.4-0ubuntu2.1_i386.deb
Size/MD5: 36912 14499394e7099fe7c0110a1326d63205
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-dev_1.0.4-0ubuntu2.1_i386.deb
Size/MD5: 29542 add7aacd22dadeb234856b9f9a0ec414
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.4-0ubuntu2.1_i386.deb
Size/MD5: 43094 e19195eb92daaa687cb2072672201c25
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.4-0ubuntu2.1_i386.deb
Size/MD5: 30954 040a5868fb8a016e08e5dd9e5ec1a446
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.4-0ubuntu2.1_powerpc.deb
Size/MD5: 49208 b2898aa7fa213ae0774bce2e2d3758fc
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-1.0_1.0.4-0ubuntu2.1_powerpc.deb
Size/MD5: 42660 434f7394c2ea5b9cc10e0bee2873a516
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-dev_1.0.4-0ubuntu2.1_powerpc.deb
Size/MD5: 34944 a79290347970fc38d55f63012b210470
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.4-0ubuntu2.1_powerpc.deb
Size/MD5: 48154 81516aa253c227097cf57ac526061ee5
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.4-0ubuntu2.1_powerpc.deb
Size/MD5: 34782 207352da7d6f414dbb20eb449f279ebc
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.4-0ubuntu2.1_sparc.deb
Size/MD5: 46304 681bcace6d88ba3dad0a9611fd38aa82
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-1.0_1.0.4-0ubuntu2.1_sparc.deb
Size/MD5: 41586 e5885183ba0d1ff58bbdef629741883c
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-dev_1.0.4-0ubuntu2.1_sparc.deb
Size/MD5: 34102 0ab8ccc082f6f675ed2f81865aa9f51b
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.4-0ubuntu2.1_sparc.deb
Size/MD5: 43444 2ff7c281c9b4864bb5a63724dd637e73
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.4-0ubuntu2.1_sparc.deb
Size/MD5: 32148 5c3c764e38985ea2225440dcad7a7c13
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists