lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1228235042.8552.1.camel@mdlinux.technorage.com>
Date: Tue, 02 Dec 2008 11:24:02 -0500
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk,
	"bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>
Subject: [USN-683-1] Imlib2 vulnerability

===========================================================
Ubuntu Security Notice USN-683-1          December 02, 2008
imlib2 vulnerability
CVE-2008-5187
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libimlib2                       1.2.1-2ubuntu0.3

Ubuntu 7.10:
  libimlib2                       1.3.0.0debian1-4ubuntu0.1

Ubuntu 8.04 LTS:
  libimlib2                       1.4.0-1ubuntu1.1

Ubuntu 8.10:
  libimlib2                       1.4.0-1.1ubuntu1.1

After a standard system upgrade you need to restart any applications that
use Imlib2 to effect the necessary changes.

Details follow:

It was discovered that Imlib2 did not correctly handle certain malformed
XPM images. If a user were tricked into opening a specially crafted image
with an application that uses Imlib2, an attacker could cause a denial of
service and possibly execute arbitrary code with the user's privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1-2ubuntu0.3.diff.gz
      Size/MD5:   111655 1db5e38ae075ba7879e2379de336fa60
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1-2ubuntu0.3.dsc
      Size/MD5:      753 d207af283f3356525dd8bf1863b18dde
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1.orig.tar.gz
      Size/MD5:   911360 deb3c9713339fe9ca964e100cce42cd1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.3_amd64.deb
      Size/MD5:   352032 ca8a615db5f3fe5f9d9e7be5bc6e5251
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.3_amd64.deb
      Size/MD5:   214630 575972ea6305a67fb7dba4a9767bd738

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.3_i386.deb
      Size/MD5:   302506 558d3ca8288047f906d0abe64cacff0a
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.3_i386.deb
      Size/MD5:   193346 8814a94983cb3dc69c8751f8ffb0c0a7

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.3_powerpc.deb
      Size/MD5:   341950 42cd29c55636cf54b595d40a1d8da334
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.3_powerpc.deb
      Size/MD5:   212852 aebcc16c8a0f26d97ff9b8853bc96344

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.3_sparc.deb
      Size/MD5:   318490 f96156937b2ac3fddfef13feab5c317b
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.3_sparc.deb
      Size/MD5:   194030 74b17b7473671d6bce17168e3a93892e

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.3.0.0debian1-4ubuntu0.1.diff.gz
      Size/MD5:    13311 8aace634a15651f892a707288bb06d80
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.3.0.0debian1-4ubuntu0.1.dsc
      Size/MD5:      873 b0131ffc8e50111ef870a805d74b5603
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.3.0.0debian1.orig.tar.gz
      Size/MD5:   617750 7f389463afdb09310fa61e5036714bb3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4ubuntu0.1_amd64.deb
      Size/MD5:   365864 03137784605c2957899f2e3ea98c7abb
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0debian1-4ubuntu0.1_amd64.deb
      Size/MD5:   213966 04d1d6d16c95ef15d400b69f946ef465

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4ubuntu0.1_i386.deb
      Size/MD5:   334386 8964c1cf0d89fce685e45c275fe9b398
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0debian1-4ubuntu0.1_i386.deb
      Size/MD5:   205672 7eda0e69c39446878a3604fcfa2bd100

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4ubuntu0.1_lpia.deb
      Size/MD5:   341396 c566cf2c1190d50307518180ecbaf1f8
    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.3.0.0debian1-4ubuntu0.1_lpia.deb
      Size/MD5:   209212 cbdccce66f76e6811562e07c69b00001

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4ubuntu0.1_powerpc.deb
      Size/MD5:   362434 7174f6ee1792aa3e93f90ec6cf6bd05b
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0debian1-4ubuntu0.1_powerpc.deb
      Size/MD5:   229776 a5bfce5092d800574750491de6f24f71

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4ubuntu0.1_sparc.deb
      Size/MD5:   338858 a727f8fe8ee40579070f519ffe850ea6
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0debian1-4ubuntu0.1_sparc.deb
      Size/MD5:   200882 6cb8819fdc9d1782627c516510aec328

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0-1ubuntu1.1.diff.gz
      Size/MD5:    56206 26e4031ba0fcdb20ab253d387503c4f3
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0-1ubuntu1.1.dsc
      Size/MD5:      843 8801c85496cc40b02fd9c8c8e7a5ecf4
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0.orig.tar.gz
      Size/MD5:   845017 1f7f497798e06085767d645b0673562a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1.1_amd64.deb
      Size/MD5:   344406 c04c37389fb2d858d0b564ec88ffaf28
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.1_amd64.deb
      Size/MD5:   199718 5c231fd28f7c89db183623a76136058b

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1.1_i386.deb
      Size/MD5:   309666 4268bead6afda98818eddf883709ce2b
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.1_i386.deb
      Size/MD5:   190212 3e60cdf97e47607e3fc821af96c1fbb1

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1.1_lpia.deb
      Size/MD5:   318240 5846ac281ac72f03a22a391e21476c37
    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.1_lpia.deb
      Size/MD5:   194098 413867c3a222937d5d90ee0ff4e9af61

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1.1_powerpc.deb
      Size/MD5:   336314 e0028411b4af81155c1982ff337d42ee
    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.1_powerpc.deb
      Size/MD5:   211612 2df6e5a5df87ca1d3a95d7918ff01a65

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1.1_sparc.deb
      Size/MD5:   314234 67fccb39c18bcb39a773b0eb5e2fe9e1
    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.1_sparc.deb
      Size/MD5:   181098 3bf535ce2f3d9385e61b271426e45c37

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0-1.1ubuntu1.1.diff.gz
      Size/MD5:    56403 70e219ec859f25bdf7ac45f07faa2afe
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0-1.1ubuntu1.1.dsc
      Size/MD5:     1246 4e61ec19bae78ef99c632a398a4dd081
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0.orig.tar.gz
      Size/MD5:   845017 1f7f497798e06085767d645b0673562a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.4.0-1.1ubuntu1.1_amd64.deb
      Size/MD5:   357022 ea21a9132b0654c39c05866edec72dd8
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.4.0-1.1ubuntu1.1_amd64.deb
      Size/MD5:   206042 a8648520afe8a53116613df55736712b

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.4.0-1.1ubuntu1.1_i386.deb
      Size/MD5:   319786 487eced921c7baa6be606961f6020dd0
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.4.0-1.1ubuntu1.1_i386.deb
      Size/MD5:   196246 4015b74d4e91e1720bdcc6d537de3bc2

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1.1ubuntu1.1_lpia.deb
      Size/MD5:   324676 827319f43ba42952929ee373b4659d91
    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1.1ubuntu1.1_lpia.deb
      Size/MD5:   197582 ac1494911ce7181bf413933b0d10c1b0

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1.1ubuntu1.1_powerpc.deb
      Size/MD5:   348320 5c8fac9d47df022aabaed60ec895caee
    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1.1ubuntu1.1_powerpc.deb
      Size/MD5:   219940 5d8a707d8a1278d90c1d39e5da9fa3f1

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1.1ubuntu1.1_sparc.deb
      Size/MD5:   321206 89fb42e14d2e5f4edb2edfd290e544f2
    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1.1ubuntu1.1_sparc.deb
      Size/MD5:   185468 96423e069f49158142bf1b5d8627e5b4



Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ