[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20090316223533.GB6143@severus.strandboge.com>
Date: Mon, 16 Mar 2009 17:35:33 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-738-1] GLib vulnerability
===========================================================
Ubuntu Security Notice USN-738-1 March 16, 2009
glib2.0 vulnerability
CVE-2008-4316
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 7.10:
libglib2.0-0 2.14.1-1ubuntu1.1
libglib2.0-udeb 2.14.1-1ubuntu1.1
Ubuntu 8.04 LTS:
libglib2.0-0 2.16.6-0ubuntu1.1
libglib2.0-udeb 2.16.6-0ubuntu1.1
Ubuntu 8.10:
libglib2.0-0 2.18.2-0ubuntu2.1
libglib2.0-udeb 2.18.2-0ubuntu2.1
After a standard system upgrade you need to reboot your computer to effect
the necessary changes.
Details follow:
Diego Petten discovered that the Base64 encoding functions in GLib did not
properly handle large strings. If a user or automated system were tricked
into processing a crafted Base64 string, an attacker could possibly execute
arbitrary code with the privileges of the user invoking the program.
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.14.1-1ubuntu1.1.diff.gz
Size/MD5: 17524 138b9912ad61c1f00d6423d4d6931914
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.14.1-1ubuntu1.1.dsc
Size/MD5: 1084 33f307cae0cd17458587a5bc7d2b366c
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.14.1.orig.tar.gz
Size/MD5: 4514485 dd436aceda2b0fac690d11129b157dc9
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-data_2.14.1-1ubuntu1.1_all.deb
Size/MD5: 962 d5405d5d9af95143426424f058465f57
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-doc_2.14.1-1ubuntu1.1_all.deb
Size/MD5: 875550 58bae9747659a721826a4cdb48653b26
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.14.1-1ubuntu1.1_amd64.deb
Size/MD5: 750190 1d2cd4e8d958a45164b29137f062cdef
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.14.1-1ubuntu1.1_amd64.deb
Size/MD5: 650836 4bffda1840b9be52d2fade1fe9ce5fdf
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.14.1-1ubuntu1.1_amd64.deb
Size/MD5: 703086 b7cd2dba039c62260b2c4b7a2d51bebf
http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-udeb_2.14.1-1ubuntu1.1_amd64.udeb
Size/MD5: 818068 c1d3112c7b466bc514af10a47ae5ad9b
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.14.1-1ubuntu1.1_i386.deb
Size/MD5: 682848 25dade5b71bdc66cdd5dbc8c13475d9f
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.14.1-1ubuntu1.1_i386.deb
Size/MD5: 600818 5ca07527317218881b8f40e8461b360c
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.14.1-1ubuntu1.1_i386.deb
Size/MD5: 636534 a00c0ec906a128cf5c2b686429159c33
http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-udeb_2.14.1-1ubuntu1.1_i386.udeb
Size/MD5: 765878 9de2564e2d720252ef139450d2c11240
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.14.1-1ubuntu1.1_lpia.deb
Size/MD5: 726462 54577f30c31c779e72ad9a85177e2b3f
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.14.1-1ubuntu1.1_lpia.deb
Size/MD5: 600250 b221636a099efcf4d4aa45506d3541f1
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.14.1-1ubuntu1.1_lpia.deb
Size/MD5: 631880 03b65201612b7505508bb5eb98fd1af4
http://ports.ubuntu.com/pool/universe/g/glib2.0/libglib2.0-udeb_2.14.1-1ubuntu1.1_lpia.udeb
Size/MD5: 767286 8d1f140c6dce14b4b251ece60448f383
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.14.1-1ubuntu1.1_powerpc.deb
Size/MD5: 739568 12b519209bc428c9abb801acd63b6f64
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.14.1-1ubuntu1.1_powerpc.deb
Size/MD5: 639720 cc7b0a74e988134820bb19696c260c4d
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.14.1-1ubuntu1.1_powerpc.deb
Size/MD5: 742996 9584e0e070ff20863b2db8a017cb435d
http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-udeb_2.14.1-1ubuntu1.1_powerpc.udeb
Size/MD5: 807140 aaa49170708207ea18b4f2d03333c317
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.14.1-1ubuntu1.1_sparc.deb
Size/MD5: 659988 65cc53ae2ccdd2840f823e6da13746f4
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.14.1-1ubuntu1.1_sparc.deb
Size/MD5: 623398 7b8409a64a69752eac69d0cf481287d2
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.14.1-1ubuntu1.1_sparc.deb
Size/MD5: 687116 586af6af18b7609725bc5dfa233a0538
http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-udeb_2.14.1-1ubuntu1.1_sparc.udeb
Size/MD5: 790234 991a32c2b50a3a6642c3bfd4db97d646
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.16.6-0ubuntu1.1.diff.gz
Size/MD5: 33905 23387ef13b5c8d376cc4c34a2b478b8c
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.16.6-0ubuntu1.1.dsc
Size/MD5: 1130 4b0ff87617aac27d5c37ad74e564c090
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.16.6.orig.tar.gz
Size/MD5: 6491460 65c594a471406a377bee8171a2ea43d4
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-doc_2.16.6-0ubuntu1.1_all.deb
Size/MD5: 1163348 68f5bd3e6cff739347b22cef1f74a18c
http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-data_2.16.6-0ubuntu1.1_all.deb
Size/MD5: 968 610624ea9065c2fb2f747afaef5b673c
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-0ubuntu1.1_amd64.deb
Size/MD5: 1177248 11381774038a1b6c057371cb4e00bc1b
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.16.6-0ubuntu1.1_amd64.deb
Size/MD5: 824454 6baad819579ec0c7c6b8e27f985bedba
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.16.6-0ubuntu1.1_amd64.deb
Size/MD5: 985390 c078da0a2f3fbed279025c88e81f6f5a
http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libgio-fam_2.16.6-0ubuntu1.1_amd64.deb
Size/MD5: 48242 ea22af17d06494e4a69a3585263c9b0e
http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-udeb_2.16.6-0ubuntu1.1_amd64.udeb
Size/MD5: 1307358 b344d52fcaf68319dc5b854008e4d926
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-0ubuntu1.1_i386.deb
Size/MD5: 1104366 d0dd8d14dcec10ab2a68b9ad79a5d038
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.16.6-0ubuntu1.1_i386.deb
Size/MD5: 758540 aa923e2911938c299179754d4c5806f5
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.16.6-0ubuntu1.1_i386.deb
Size/MD5: 874390 5f28d5c785e989c8ea1efe55dd7e3c5d
http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libgio-fam_2.16.6-0ubuntu1.1_i386.deb
Size/MD5: 46484 6fa7e8e1a6d84e20d03a8d6628e9c8f3
http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-udeb_2.16.6-0ubuntu1.1_i386.udeb
Size/MD5: 1238878 13eec74fbd7f4461ad563dd04fa001c8
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-0ubuntu1.1_lpia.deb
Size/MD5: 1126246 ebfa91d95c7d5e3a79c1b7dd537dc96e
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.16.6-0ubuntu1.1_lpia.deb
Size/MD5: 749438 643ab4beb0d97ae1bcb83f7e17f2ed93
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.16.6-0ubuntu1.1_lpia.deb
Size/MD5: 866202 f67869e2bd1cdbed2461e13e7e1b08cd
http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.16.6-0ubuntu1.1_lpia.deb
Size/MD5: 46456 76ef2eb8a31b276046e020fe96387fdd
http://ports.ubuntu.com/pool/universe/g/glib2.0/libglib2.0-udeb_2.16.6-0ubuntu1.1_lpia.udeb
Size/MD5: 1232182 2c1606d39bebfd8c8267013432bd5657
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-0ubuntu1.1_powerpc.deb
Size/MD5: 1165976 ec03b242bbe664869a8ffe86006e8bdc
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.16.6-0ubuntu1.1_powerpc.deb
Size/MD5: 824912 5bff6cc6019577a2ebf5c558231c1d02
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.16.6-0ubuntu1.1_powerpc.deb
Size/MD5: 1033470 d11fcd417812a3028b1d49bbf91970de
http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.16.6-0ubuntu1.1_powerpc.deb
Size/MD5: 48066 e1e552ae85742bdf20622d82725ebf77
http://ports.ubuntu.com/pool/universe/g/glib2.0/libglib2.0-udeb_2.16.6-0ubuntu1.1_powerpc.udeb
Size/MD5: 1307768 1f140fb5f4143700c5a25cd9aebefe96
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-0ubuntu1.1_sparc.deb
Size/MD5: 1031254 26dbaeb3fc08bffaccbd95ca89e38654
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.16.6-0ubuntu1.1_sparc.deb
Size/MD5: 781336 0ed705a3fbd1f23324525a0d672a51d7
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.16.6-0ubuntu1.1_sparc.deb
Size/MD5: 953920 33853604999c49363f1948ed3e6437b7
http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.16.6-0ubuntu1.1_sparc.deb
Size/MD5: 47272 645a3b1411446a745ea9bf397528bfaf
http://ports.ubuntu.com/pool/universe/g/glib2.0/libglib2.0-udeb_2.16.6-0ubuntu1.1_sparc.udeb
Size/MD5: 1264084 3ddff1ddcc82db1dbf71d8e8d721dca6
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.18.2-0ubuntu2.1.diff.gz
Size/MD5: 32950 fb2918028808c8a64ce59493c54f8af7
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.18.2-0ubuntu2.1.dsc
Size/MD5: 1552 3328bb4e4189019d5f4e176cafb281fa
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.18.2.orig.tar.gz
Size/MD5: 6792476 0f2bf241fc93d95a0bd599a9c2a352ca
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-data_2.18.2-0ubuntu2.1_all.deb
Size/MD5: 960 82bb052062e7549056c74f0d78b29205
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-doc_2.18.2-0ubuntu2.1_all.deb
Size/MD5: 1152002 5e2500f783559bb9cfb5fdbaece3f3c6
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.18.2-0ubuntu2.1_amd64.deb
Size/MD5: 1248304 0d8cb8be6edfaa6304a80f9deea3acb0
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.18.2-0ubuntu2.1_amd64.deb
Size/MD5: 842594 591be969c4f238b16a344fd939d79acc
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.18.2-0ubuntu2.1_amd64.deb
Size/MD5: 1027604 91dfe71e0007ed7881176e51e1b8b900
http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libgio-fam_2.18.2-0ubuntu2.1_amd64.deb
Size/MD5: 44114 e0ec4eae45f8e47a518dd7388bf06227
http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-udeb_2.18.2-0ubuntu2.1_amd64.udeb
Size/MD5: 1401412 98004c1bec49d2598cedec9c26fd6276
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.18.2-0ubuntu2.1_i386.deb
Size/MD5: 1173896 db2153c03262bd465f15d050651a5842
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.18.2-0ubuntu2.1_i386.deb
Size/MD5: 771208 fc627a9cae11d15f8f3582e13a13a080
http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.18.2-0ubuntu2.1_i386.deb
Size/MD5: 910628 f85ad3d2608f57bbf581aa4483fb97f4
http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libgio-fam_2.18.2-0ubuntu2.1_i386.deb
Size/MD5: 42644 41055523fc27443aeedfb2e1e3740eb4
http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-udeb_2.18.2-0ubuntu2.1_i386.udeb
Size/MD5: 1330172 7010f1b8b22ea7e17f0de5ef98a6bf8a
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.18.2-0ubuntu2.1_lpia.deb
Size/MD5: 1195138 6ab371ce2a75e218a7de6260b4bc57b9
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.18.2-0ubuntu2.1_lpia.deb
Size/MD5: 760558 97da9faad005ee2cf24565518d4e9985
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.18.2-0ubuntu2.1_lpia.deb
Size/MD5: 901682 19bf37c54f3e6fb11b13ec3db08292b9
http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.18.2-0ubuntu2.1_lpia.deb
Size/MD5: 42516 023bd2caa36a94489075279cecf03399
http://ports.ubuntu.com/pool/universe/g/glib2.0/libglib2.0-udeb_2.18.2-0ubuntu2.1_lpia.udeb
Size/MD5: 1319420 95809f6fbfc8ef3761256f12e5524e98
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.18.2-0ubuntu2.1_powerpc.deb
Size/MD5: 1237852 df13662cf69aad0ade051afadfbe974a
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.18.2-0ubuntu2.1_powerpc.deb
Size/MD5: 845582 ef5936463716b8f9926ed4574282d313
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.18.2-0ubuntu2.1_powerpc.deb
Size/MD5: 1079766 11eb08fed0b00df691c43f6a1a8fcc13
http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.18.2-0ubuntu2.1_powerpc.deb
Size/MD5: 43918 441be4fe2d26600e6675b08b7da29499
http://ports.ubuntu.com/pool/universe/g/glib2.0/libglib2.0-udeb_2.18.2-0ubuntu2.1_powerpc.udeb
Size/MD5: 1404140 d28d4a3b73b8407d10ff48980706106d
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.18.2-0ubuntu2.1_sparc.deb
Size/MD5: 1077366 d68576f4973e127ac1cccb41fc37bb19
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.18.2-0ubuntu2.1_sparc.deb
Size/MD5: 790732 72be4f8c2ee1c0f41747e82736e6aed8
http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.18.2-0ubuntu2.1_sparc.deb
Size/MD5: 985182 a3c1cae1359421e28c9068c7cc8a59e9
http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.18.2-0ubuntu2.1_sparc.deb
Size/MD5: 43182 19a63d0f654eb9212eb9693ecc4e47f8
http://ports.ubuntu.com/pool/universe/g/glib2.0/libglib2.0-udeb_2.18.2-0ubuntu2.1_sparc.udeb
Size/MD5: 1349790 68bb632ebf858ae4eb87cc48a1d76514
Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists