lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1225997126.9467.6.camel@mdlinux>
Date: Thu, 06 Nov 2008 13:45:26 -0500
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-664-1] Tk vulnerability

===========================================================
Ubuntu Security Notice USN-664-1          November 06, 2008
tk8.0, tk8.3, tk8.4 vulnerability
CVE-2008-0553
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  tk8.0                           8.0.5-11ubuntu0.1
  tk8.3                           8.3.5-4ubuntu1.2
  tk8.4                           8.4.12-0ubuntu1.2

Ubuntu 7.10:
  tk8.3                           8.3.5-6ubuntu3.1
  tk8.4                           8.4.15-1ubuntu1.1

Ubuntu 8.04 LTS:
  tk8.4                           8.4.16-2ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that Tk could be made to overrun a buffer when loading
certain images. If a user were tricked into opening a specially crafted
GIF image, remote attackers could cause a denial of service or execute
arbitrary code with user privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.0/tk8.0_8.0.5-11ubuntu0.1.diff.gz
      Size/MD5:   455767 624a4aaeda503706d929f7d8f203a3e3
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.0/tk8.0_8.0.5-11ubuntu0.1.dsc
      Size/MD5:     1019 9f9fde8c98171c13cf504bb2c2bdde17
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.0/tk8.0_8.0.5.orig.tar.gz
      Size/MD5:  2033223 3ae92b86c01ec99a1872697294839e64
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.2.diff.gz
      Size/MD5:    28060 51b033f7ac63ec0dc35fb3ebcb50f418
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.2.dsc
      Size/MD5:     1023 49db61772bb838f83df230b214161907
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5.orig.tar.gz
      Size/MD5:  2598030 363a55d31d94e05159e9212074c68004
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.2.diff.gz
      Size/MD5:    21534 2e49f47d0df578cddbfb9775469d168b
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.2.dsc
      Size/MD5:     1083 a3ad94f647e37b3da2d3ea2274bb6f08
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12.orig.tar.gz
      Size/MD5:  3245547 316491cb82d898b434842353aed1f0d6

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-doc_8.4.12-0ubuntu1.2_all.deb
      Size/MD5:   788200 01dc19de0b3d36acea0541622129a442
    http://security.ubuntu.com/ubuntu/pool/universe/t/tk8.0/tk8.0-doc_8.0.5-11ubuntu0.1_all.deb
      Size/MD5:   555110 8da51243a21a0d0e03c4bb5c33389e42
    http://security.ubuntu.com/ubuntu/pool/universe/t/tk8.3/tk8.3-doc_8.3.5-4ubuntu1.2_all.deb
      Size/MD5:   656938 24d91aed7f2612ac56b56bbf16a6b3a8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.0/tk8.0_8.0.5-11ubuntu0.1_amd64.deb
      Size/MD5:  1242594 9c6cb511fc3ec39fc4f338f616597307
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-4ubuntu1.2_amd64.deb
      Size/MD5:   697568 d47ef6fa6c4269899d84273a3c502318
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.2_amd64.deb
      Size/MD5:  2919866 9851c5e98c5820edee0cb73134e4465f
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-0ubuntu1.2_amd64.deb
      Size/MD5:   846932 7203e3548032f5e126c3e04adddcd9bb
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.2_amd64.deb
      Size/MD5:  1012164 e8d1cc364274f2c92fff254bf0cf31ff
    http://security.ubuntu.com/ubuntu/pool/universe/t/tk8.0/tk8.0-dev_8.0.5-11ubuntu0.1_amd64.deb
      Size/MD5:   564798 d6aaa3faa675ae34f5517b9a800ec4e7

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.0/tk8.0_8.0.5-11ubuntu0.1_i386.deb
      Size/MD5:  1112956 b27a3e79df915bff0aa557bdae8eac0d
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-4ubuntu1.2_i386.deb
      Size/MD5:   648134 6747530f3380f84cbdc637e2c4ed3429
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.2_i386.deb
      Size/MD5:  2732568 5f1bc057480c20a0e66414b58a34ff58
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-0ubuntu1.2_i386.deb
      Size/MD5:   793148 229b89170088c480db48a32f92ff28ba
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.2_i386.deb
      Size/MD5:   956516 0f531a37707a2e5db21c050fbaf752bd
    http://security.ubuntu.com/ubuntu/pool/universe/t/tk8.0/tk8.0-dev_8.0.5-11ubuntu0.1_i386.deb
      Size/MD5:   521652 6c10e6945c334c1506dacc9970367d03

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.0/tk8.0_8.0.5-11ubuntu0.1_powerpc.deb
      Size/MD5:  1230088 02a5a6f0bc73b94fd4c16d31bc633109
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-4ubuntu1.2_powerpc.deb
      Size/MD5:   660074 c89495d38a922de0f188199d47971dbc
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.2_powerpc.deb
      Size/MD5:  2932018 5e9388afbb35c561aff87c1ae83a322e
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-0ubuntu1.2_powerpc.deb
      Size/MD5:   806852 8d6a9dcacbf8725abf1f0beead19de65
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.2_powerpc.deb
      Size/MD5:   999658 c483c85e3736eccf66f597f2e3deea13
    http://security.ubuntu.com/ubuntu/pool/universe/t/tk8.0/tk8.0-dev_8.0.5-11ubuntu0.1_powerpc.deb
      Size/MD5:   533942 2b539c0f193b96518588ea1ba35d0cf6

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.0/tk8.0_8.0.5-11ubuntu0.1_sparc.deb
      Size/MD5:  1128404 dd01474892069952e4d23b7e46db81c8
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-4ubuntu1.2_sparc.deb
      Size/MD5:   680266 2500c749b23b90a590d193f6687f4835
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.2_sparc.deb
      Size/MD5:  2792458 c8c5259f432014f64d0a3f91de2d1125
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-0ubuntu1.2_sparc.deb
      Size/MD5:   826916 ba6ab8fd313bd283accfc849e56b7d30
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.2_sparc.deb
      Size/MD5:   979172 0dc20a66a68b6b09227fa607ad9e9864
    http://security.ubuntu.com/ubuntu/pool/universe/t/tk8.0/tk8.0-dev_8.0.5-11ubuntu0.1_sparc.deb
      Size/MD5:   538652 3d27539675cdf3fbf2a05546321ad736

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu3.1.diff.gz
      Size/MD5:    28401 56ae8da9e13ba5c50b5383a87e518452
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu3.1.dsc
      Size/MD5:     1162 9377043998c247fea3cb21cb2e93a49c
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5.orig.tar.gz
      Size/MD5:  2598030 363a55d31d94e05159e9212074c68004
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.15-1ubuntu1.1.diff.gz
      Size/MD5:    11022 fabe1a67b27e694f25b384746589bbb8
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.15-1ubuntu1.1.dsc
      Size/MD5:     1277 09200463daf224b1f7ab29b95bb50a3a
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.15.orig.tar.gz
      Size/MD5:  3340313 68777568d818e1980dda4b6b02b92f1a

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-doc_8.3.5-6ubuntu3.1_all.deb
      Size/MD5:   657166 4713b2254c2467e6975c7a2fd2be4346
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-doc_8.4.15-1ubuntu1.1_all.deb
      Size/MD5:   806328 4e47f9174acbf2dd54a90b52991ec806

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu3.1_amd64.deb
      Size/MD5:   697782 8d9f3c14931017633eef838c86b866e8
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu3.1_amd64.deb
      Size/MD5:   838492 2def3ba9f59eddd2c7a6dd4a4ed504b4
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.15-1ubuntu1.1_amd64.deb
      Size/MD5:   865754 539d4df4c8f30b21d8d3be213b9e2613
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.15-1ubuntu1.1_amd64.deb
      Size/MD5:  1036114 b7f8a3d7f278382d4208f69f22c292a1

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu3.1_i386.deb
      Size/MD5:   672294 253fbc3e57601da574d4902318104e27
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu3.1_i386.deb
      Size/MD5:   809568 d14ddfa099c9e1d86e51c33ca4297a6b
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.15-1ubuntu1.1_i386.deb
      Size/MD5:   840150 45ae7d4de5e8307b43da6fed285e0f0f
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.15-1ubuntu1.1_i386.deb
      Size/MD5:  1002570 0feb06f1239d4dc3a09cecebb818df80

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu3.1_lpia.deb
      Size/MD5:   664762 6b2c167a411b5bc6b51e897dbfc72d44
    http://ports.ubuntu.com/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu3.1_lpia.deb
      Size/MD5:   809050 11fc7f117ba6f757a9cc3d4dabde6a61
    http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4-dev_8.4.15-1ubuntu1.1_lpia.deb
      Size/MD5:   832466 5aadc7ef038e680eeb50ff329578c7e7
    http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4_8.4.15-1ubuntu1.1_lpia.deb
      Size/MD5:  1002542 93e6840019c82592f4acdce31e7d8832

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu3.1_powerpc.deb
      Size/MD5:   671038 7a7cc41b5cafa1a63d0e7c0c97a2e3e1
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu3.1_powerpc.deb
      Size/MD5:   844566 0fb95d839a8b8ed6244818c6217738fb
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.15-1ubuntu1.1_powerpc.deb
      Size/MD5:   841154 8405745783c484b3391101a6d238f2c4
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.15-1ubuntu1.1_powerpc.deb
      Size/MD5:  1042582 27069ff173a63b8c6e5b7755666ca238

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu3.1_sparc.deb
      Size/MD5:   686192 4b6bbb17d26c6f730457f847b6b086ca
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu3.1_sparc.deb
      Size/MD5:   814140 c662b08e362151a5b6168383c2558e6f
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.15-1ubuntu1.1_sparc.deb
      Size/MD5:   850358 6ef19660783562ad79980d834d22af7e
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.15-1ubuntu1.1_sparc.deb
      Size/MD5:  1009164 9cf16927296e3566146cab438e5bcf0c

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.16-2ubuntu1.1.diff.gz
      Size/MD5:    11255 fddfeb381414ae5ad3f1b666f0a3bbb3
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.16-2ubuntu1.1.dsc
      Size/MD5:     1343 2239977514a8b8b5a55a152264f8567b
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.16.orig.tar.gz
      Size/MD5:  3344618 24d18fbebe3bb8853e418431be01bf2c

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-doc_8.4.16-2ubuntu1.1_all.deb
      Size/MD5:   810520 ef5e83ada9997a86ea6c81d53dcc069a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.16-2ubuntu1.1_amd64.deb
      Size/MD5:   875806 d01319038e80337d979c4f0c1a425cb8
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.16-2ubuntu1.1_amd64.deb
      Size/MD5:  1041820 2c9caebfc0d4d920b34502f056aa928a

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.16-2ubuntu1.1_i386.deb
      Size/MD5:   843216 d6efa05e7cb077b59c8e4b37dadedde9
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.16-2ubuntu1.1_i386.deb
      Size/MD5:  1001132 c7d3727a22902bc4573fd7f685e1f381

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4-dev_8.4.16-2ubuntu1.1_lpia.deb
      Size/MD5:   836000 f91f94686955b0b76362206336a96929
    http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4_8.4.16-2ubuntu1.1_lpia.deb
      Size/MD5:   999502 fdd407d2c354c3b61baffb84550af475

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4-dev_8.4.16-2ubuntu1.1_powerpc.deb
      Size/MD5:   852414 119d5a95f72b3e21d7a49b5411be4cfa
    http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4_8.4.16-2ubuntu1.1_powerpc.deb
      Size/MD5:  1043522 d7c78251011f26489c28eb54bfabb699

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4-dev_8.4.16-2ubuntu1.1_sparc.deb
      Size/MD5:   841910 d7123dbc22b32711a226e49c95db23dc
    http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4_8.4.16-2ubuntu1.1_sparc.deb
      Size/MD5:  1001600 fe343da05ac4e8e03e81ceb805e04dc2



Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ