lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20081218001213.GU9250@outflux.net>
Date: Wed, 17 Dec 2008 16:12:13 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-692-1] Gadu vulnerability

===========================================================
Ubuntu Security Notice USN-692-1          December 17, 2008
ekg, libgadu vulnerability
CVE-2008-4776
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libgadu3                        1:1.6+20051103-1ubuntu1.1

Ubuntu 7.10:
  libgadu3                        1:1.7~rc2-2ubuntu0.7.10.1

Ubuntu 8.04 LTS:
  libgadu3                        1:1.7~rc2-2ubuntu0.8.04.1

Ubuntu 8.10:
  libgadu3                        1:1.8.0+r592-1ubuntu0.1

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

It was discovered that the Gadu library, used by some Instant Messaging
clients, did not correctly verify certain packet sizes from the server.
If a user connected to a malicious server, clients using Gadu could be
made to crash, leading to a denial of service.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/ekg_1.6+20051103-1ubuntu1.1.diff.gz
      Size/MD5:    35354 ecdf6037647d24e67e420299f8bf3c2f
    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/ekg_1.6+20051103-1ubuntu1.1.dsc
      Size/MD5:      819 b6e90f714e487383e6d0bf67e98c8957
    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/ekg_1.6+20051103.orig.tar.gz
      Size/MD5:   503834 5bea3583499a8b9989016af9221b3a07

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu-dev_1.6+20051103-1ubuntu1.1_amd64.deb
      Size/MD5:   133146 85cfd1168568f5fd6edf848fc4f91d63
    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu3_1.6+20051103-1ubuntu1.1_amd64.deb
      Size/MD5:    67886 874ac814a70dfae5a61bdad164b78c76
    http://security.ubuntu.com/ubuntu/pool/universe/e/ekg/ekg_1.6+20051103-1ubuntu1.1_amd64.deb
      Size/MD5:   293566 06f87355ed9349e215af731b968501ce

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu-dev_1.6+20051103-1ubuntu1.1_i386.deb
      Size/MD5:   127014 5fd41a5c0bce4258e6f4bb82f51eaf1c
    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu3_1.6+20051103-1ubuntu1.1_i386.deb
      Size/MD5:    64248 168adb89a8a875ccf6eb4302cab920a4
    http://security.ubuntu.com/ubuntu/pool/universe/e/ekg/ekg_1.6+20051103-1ubuntu1.1_i386.deb
      Size/MD5:   273378 71859a4928ec1ce2ab8117fdda02aeeb

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu-dev_1.6+20051103-1ubuntu1.1_powerpc.deb
      Size/MD5:   134160 7b90cbde1411221e822c1952641f1379
    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu3_1.6+20051103-1ubuntu1.1_powerpc.deb
      Size/MD5:    68306 a5485f32dc2d84340286d02a3161c713
    http://security.ubuntu.com/ubuntu/pool/universe/e/ekg/ekg_1.6+20051103-1ubuntu1.1_powerpc.deb
      Size/MD5:   292000 f36a1f2c5ec9d0325532e86d0cc2150e

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu-dev_1.6+20051103-1ubuntu1.1_sparc.deb
      Size/MD5:   130728 58ffd885d139feb7b99fdffc5c59fb7b
    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu3_1.6+20051103-1ubuntu1.1_sparc.deb
      Size/MD5:    66288 487246f4be79c8f597ebf7bc641e3a64
    http://security.ubuntu.com/ubuntu/pool/universe/e/ekg/ekg_1.6+20051103-1ubuntu1.1_sparc.deb
      Size/MD5:   279900 0769cb58f813ac14c05ef99073b4e940

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/ekg_1.7~rc2-2ubuntu0.7.10.1.diff.gz
      Size/MD5:    37621 2630b60a3377c5041390339f0193e38e
    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/ekg_1.7~rc2-2ubuntu0.7.10.1.dsc
      Size/MD5:      898 164b0b16597df5d35869ac22e725d371
    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/ekg_1.7~rc2.orig.tar.gz
      Size/MD5:   514073 b4ea482130e163af1456699e2e6983d9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu-dev_1.7~rc2-2ubuntu0.7.10.1_amd64.deb
      Size/MD5:   135710 0f0852a49e3b5d61ad106b50b66254b4
    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu3_1.7~rc2-2ubuntu0.7.10.1_amd64.deb
      Size/MD5:    70258 8e6f4f8c9311f66513c2b44c076080d6
    http://security.ubuntu.com/ubuntu/pool/universe/e/ekg/ekg_1.7~rc2-2ubuntu0.7.10.1_amd64.deb
      Size/MD5:   303716 c0f68dbd421b0d8d1b6412258f0910ee

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu-dev_1.7~rc2-2ubuntu0.7.10.1_i386.deb
      Size/MD5:   131008 8ea62b04f2f1e792c73cfa3c970d4335
    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu3_1.7~rc2-2ubuntu0.7.10.1_i386.deb
      Size/MD5:    68534 01c43060568238fa64560e8034b230c9
    http://security.ubuntu.com/ubuntu/pool/universe/e/ekg/ekg_1.7~rc2-2ubuntu0.7.10.1_i386.deb
      Size/MD5:   288280 f888d53d0be1b5c289af31ef0aac4c1d

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/e/ekg/libgadu-dev_1.7~rc2-2ubuntu0.7.10.1_lpia.deb
      Size/MD5:   131152 7585ad03f5102cf0d8a2474f7fe847f4
    http://ports.ubuntu.com/pool/main/e/ekg/libgadu3_1.7~rc2-2ubuntu0.7.10.1_lpia.deb
      Size/MD5:    68268 3e70f68fdc63e4a5b74b507f27d85899
    http://ports.ubuntu.com/pool/universe/e/ekg/ekg_1.7~rc2-2ubuntu0.7.10.1_lpia.deb
      Size/MD5:   289262 240454e1e2bd680f19d51fec789eaa7e

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu-dev_1.7~rc2-2ubuntu0.7.10.1_powerpc.deb
      Size/MD5:   136414 80d3b74dfc7830281299a0008ee698ef
    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu3_1.7~rc2-2ubuntu0.7.10.1_powerpc.deb
      Size/MD5:    72814 8f2becd8d8bcf7b4121b2032f9e6b8b2
    http://security.ubuntu.com/ubuntu/pool/universe/e/ekg/ekg_1.7~rc2-2ubuntu0.7.10.1_powerpc.deb
      Size/MD5:   309510 c4292bed634562a167f6ca6815b104a9

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu-dev_1.7~rc2-2ubuntu0.7.10.1_sparc.deb
      Size/MD5:   133568 6e1eda0c8cfafdf1c313d76dd55179a8
    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu3_1.7~rc2-2ubuntu0.7.10.1_sparc.deb
      Size/MD5:    69130 e9b5b481457a31a0088faf6f9e4fd5b8
    http://security.ubuntu.com/ubuntu/pool/universe/e/ekg/ekg_1.7~rc2-2ubuntu0.7.10.1_sparc.deb
      Size/MD5:   293516 269e5f570f8e73ed05283e741fd5a7eb

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/ekg_1.7~rc2-2ubuntu0.8.04.1.diff.gz
      Size/MD5:    37621 4f8153beb288bbb17dd12b4899d52cc2
    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/ekg_1.7~rc2-2ubuntu0.8.04.1.dsc
      Size/MD5:      898 c823300aa9787825452741e7eaac4c06
    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/ekg_1.7~rc2.orig.tar.gz
      Size/MD5:   514073 b4ea482130e163af1456699e2e6983d9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu-dev_1.7~rc2-2ubuntu0.8.04.1_amd64.deb
      Size/MD5:   135846 a53426800c4b2fcd884ebaf4f644be42
    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu3_1.7~rc2-2ubuntu0.8.04.1_amd64.deb
      Size/MD5:    70412 72f947f4f475819467d1887a71e6e36f
    http://security.ubuntu.com/ubuntu/pool/universe/e/ekg/ekg_1.7~rc2-2ubuntu0.8.04.1_amd64.deb
      Size/MD5:   304942 4fc22bc0fc1b0cf290925c2ae05dea05

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu-dev_1.7~rc2-2ubuntu0.8.04.1_i386.deb
      Size/MD5:   131050 07d5a303a5453a2b0c939c7dddfbd5fa
    http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu3_1.7~rc2-2ubuntu0.8.04.1_i386.deb
      Size/MD5:    68542 63a28252c3ed0be329f51e999777fc4b
    http://security.ubuntu.com/ubuntu/pool/universe/e/ekg/ekg_1.7~rc2-2ubuntu0.8.04.1_i386.deb
      Size/MD5:   288754 ad4d3d5df8790d02362ea01dc0d08175

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/e/ekg/libgadu-dev_1.7~rc2-2ubuntu0.8.04.1_lpia.deb
      Size/MD5:   131106 faeeebb5cdf8ef53e028a8f40ff518bb
    http://ports.ubuntu.com/pool/main/e/ekg/libgadu3_1.7~rc2-2ubuntu0.8.04.1_lpia.deb
      Size/MD5:    68244 a772f8587f19bf6bf40633e228a1d893
    http://ports.ubuntu.com/pool/universe/e/ekg/ekg_1.7~rc2-2ubuntu0.8.04.1_lpia.deb
      Size/MD5:   289866 86d46900275e4a594e79a8dfc3ee58fc

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/e/ekg/libgadu-dev_1.7~rc2-2ubuntu0.8.04.1_powerpc.deb
      Size/MD5:   136430 861f396868e2bcdaeb751b9fe99da39f
    http://ports.ubuntu.com/pool/main/e/ekg/libgadu3_1.7~rc2-2ubuntu0.8.04.1_powerpc.deb
      Size/MD5:    72790 2d4fb39156f56470948bdebad126e06f
    http://ports.ubuntu.com/pool/universe/e/ekg/ekg_1.7~rc2-2ubuntu0.8.04.1_powerpc.deb
      Size/MD5:   312890 9202b3fc1c7c609d43d020cd63da15a1

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/e/ekg/libgadu-dev_1.7~rc2-2ubuntu0.8.04.1_sparc.deb
      Size/MD5:   133302 d94ce7c558f7284ed112acad5598aca0
    http://ports.ubuntu.com/pool/main/e/ekg/libgadu3_1.7~rc2-2ubuntu0.8.04.1_sparc.deb
      Size/MD5:    68874 b7f7d8f419c5d8d42d5d4d608af5386f
    http://ports.ubuntu.com/pool/universe/e/ekg/ekg_1.7~rc2-2ubuntu0.8.04.1_sparc.deb
      Size/MD5:   294728 69270b1e3e9ccdb4c01b5bf7414a5505

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgadu/libgadu_1.8.0+r592-1ubuntu0.1.diff.gz
      Size/MD5:   316123 78702148bc8d2265163cad5ebf6c6947
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgadu/libgadu_1.8.0+r592-1ubuntu0.1.dsc
      Size/MD5:     1177 3f33173b78724e7b42fe2d97c1ca9016
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgadu/libgadu_1.8.0+r592.orig.tar.gz
      Size/MD5:   135539 81ea4c95105f58844d69ba986a019f2a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgadu/libgadu-dev_1.8.0+r592-1ubuntu0.1_amd64.deb
      Size/MD5:   300328 92d2738cbb32befaaa209f863ea76333
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgadu/libgadu3-dbg_1.8.0+r592-1ubuntu0.1_amd64.deb
      Size/MD5:    75114 187ccb00d87c68d12b9766dae9c76549
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgadu/libgadu3_1.8.0+r592-1ubuntu0.1_amd64.deb
      Size/MD5:    53210 1ec98de46df579cedf51b5d10456d7d6

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgadu/libgadu-dev_1.8.0+r592-1ubuntu0.1_i386.deb
      Size/MD5:   296434 d769d7330e1f55ca7a818825c6eef405
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgadu/libgadu3-dbg_1.8.0+r592-1ubuntu0.1_i386.deb
      Size/MD5:    71528 3e996e51e3b54612bc2ec05b5555fa7e
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgadu/libgadu3_1.8.0+r592-1ubuntu0.1_i386.deb
      Size/MD5:    52816 8b0027e18dde9b5314cf02571fdb3dcb

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libg/libgadu/libgadu-dev_1.8.0+r592-1ubuntu0.1_lpia.deb
      Size/MD5:   294800 3f396841910d09f1675eb6c4c6b3449a
    http://ports.ubuntu.com/pool/main/libg/libgadu/libgadu3-dbg_1.8.0+r592-1ubuntu0.1_lpia.deb
      Size/MD5:    73250 64d69daaecc16873b2cac921ca858034
    http://ports.ubuntu.com/pool/main/libg/libgadu/libgadu3_1.8.0+r592-1ubuntu0.1_lpia.deb
      Size/MD5:    50864 c0b9544fd49c0754c0c84fe1c40f31e0

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libg/libgadu/libgadu-dev_1.8.0+r592-1ubuntu0.1_powerpc.deb
      Size/MD5:   302722 790b4db9965f837022f3b4a6d0958d7a
    http://ports.ubuntu.com/pool/main/libg/libgadu/libgadu3-dbg_1.8.0+r592-1ubuntu0.1_powerpc.deb
      Size/MD5:    74812 b269ca7d6f2c53b84a991f7b05e2ca43
    http://ports.ubuntu.com/pool/main/libg/libgadu/libgadu3_1.8.0+r592-1ubuntu0.1_powerpc.deb
      Size/MD5:    56448 e09cfe6e5f2d9c5db301cd5254c9f411

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/libg/libgadu/libgadu-dev_1.8.0+r592-1ubuntu0.1_sparc.deb
      Size/MD5:   298756 9a04817c427765ed2ae24a184dff95b4
    http://ports.ubuntu.com/pool/main/libg/libgadu/libgadu3-dbg_1.8.0+r592-1ubuntu0.1_sparc.deb
      Size/MD5:    66332 f70f08fc07a3dc62b860073c4055035a
    http://ports.ubuntu.com/pool/main/libg/libgadu/libgadu3_1.8.0+r592-1ubuntu0.1_sparc.deb
      Size/MD5:    52114 b65ab637169c92b060858d28f3bc96f7


Download attachment "signature.asc" of type "application/pgp-signature" (236 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ