[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20081209010830.GK25309@outflux.net>
Date: Mon, 8 Dec 2008 17:08:30 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-688-1] Compiz vulnerability
===========================================================
Ubuntu Security Notice USN-688-1 December 09, 2008
compiz-fusion-plugins-main vulnerability
https://launchpad.net/bugs/247088
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 7.10:
compiz-fusion-plugins-main 0.5.2+git20070928-0ubuntu2.2
Ubuntu 8.04 LTS:
compiz-fusion-plugins-main 0.7.4-0ubuntu6.2
Ubuntu 8.10:
compiz-fusion-plugins-main 0.7.8-0ubuntu2.2
After a standard system upgrade you need to restart your session to effect
the necessary changes.
Details follow:
It was discovered that the Expo plugin for Compiz did not correctly
restrict the screensaver window from being moved with the mouse. A local
attacker could use the mouse to move the screensaver off the screen and
gain access to the locked desktop session underneath. Default installs
of Ubuntu were not vulnerable as Expo does not come pre-configured with
mouse bindings.
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.5.2+git20070928-0ubuntu2.2.diff.gz
Size/MD5: 6940 908f18f70e5e5ce25a80a24ee382c2cf
http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.5.2+git20070928-0ubuntu2.2.dsc
Size/MD5: 1076 c77f41e2604af5b9c2178f5143ab43ba
http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.5.2+git20070928.orig.tar.gz
Size/MD5: 1169880 c9d2d0a79772b0cd5f2e8d0d7ecb0b42
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.5.2+git20070928-0ubuntu2.2_amd64.deb
Size/MD5: 684974 67fb6d639643a507a93112bda52d6d1c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.5.2+git20070928-0ubuntu2.2_i386.deb
Size/MD5: 605018 39d081428f3eef55fd210f334f3195a1
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.5.2+git20070928-0ubuntu2.2_lpia.deb
Size/MD5: 595446 e4c85be6fdcb507ee48b4372230ab882
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.5.2+git20070928-0ubuntu2.2_powerpc.deb
Size/MD5: 748366 99e7275d0f9c1ca83dc88912dea66cc4
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.5.2+git20070928-0ubuntu2.2_sparc.deb
Size/MD5: 658196 955f0a6ceed04e7794d68079cc2cd1ae
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.7.4-0ubuntu6.2.diff.gz
Size/MD5: 9677 eaa5a32ecaef533e03bfb19470be292f
http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.7.4-0ubuntu6.2.dsc
Size/MD5: 1015 867855f7a87dbcf33826f8f5e8d4bc22
http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.7.4.orig.tar.gz
Size/MD5: 1946360 5f08c81a9fa665b64567a1315a687639
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.7.4-0ubuntu6.2_amd64.deb
Size/MD5: 1312844 a41bce12c2767fa2fd27be7c52bd9255
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.7.4-0ubuntu6.2_i386.deb
Size/MD5: 1216920 bf2589ca5e96e3064aa5211e8b2ec0f8
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.7.4-0ubuntu6.2_lpia.deb
Size/MD5: 1208602 ac6c37f851120b25ed2d89454afc866b
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.7.4-0ubuntu6.2_powerpc.deb
Size/MD5: 1384120 7e0e2f1742eb455761d98b176a186d0c
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.7.4-0ubuntu6.2_sparc.deb
Size/MD5: 1275232 ba4ad36e09250b0f6bebf3331760eada
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.7.8-0ubuntu2.2.diff.gz
Size/MD5: 7976 d3bf2dd3e2abe665670f12e25cedd36b
http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.7.8-0ubuntu2.2.dsc
Size/MD5: 1484 0da7380d4a7fa563f1c65f860aba9e6a
http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.7.8.orig.tar.gz
Size/MD5: 1598127 f609893d1b6e8c3e1dde7582ee9819c6
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.7.8-0ubuntu2.2_amd64.deb
Size/MD5: 1354870 5ad3f60ac31294789753e1711f700c2d
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.7.8-0ubuntu2.2_i386.deb
Size/MD5: 1269372 16fa80ab73703d309d8ccbd0a1c2a857
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.7.8-0ubuntu2.2_lpia.deb
Size/MD5: 1256944 6e67cf095f86f4849afc7858e89ffe96
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.7.8-0ubuntu2.2_powerpc.deb
Size/MD5: 1414088 5cc96fa4a0ba8377a972789c9c9b95a3
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.7.8-0ubuntu2.2_sparc.deb
Size/MD5: 1308828 81858602a24a309a5d8084a5311aa44d
Download attachment "signature.asc" of type "application/pgp-signature" (236 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists