lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20090316223533.GB6143@severus.strandboge.com>
Date: Mon, 16 Mar 2009 17:35:33 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-738-1] GLib vulnerability

===========================================================
Ubuntu Security Notice USN-738-1             March 16, 2009
glib2.0 vulnerability
CVE-2008-4316
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  libglib2.0-0                    2.14.1-1ubuntu1.1
  libglib2.0-udeb                 2.14.1-1ubuntu1.1

Ubuntu 8.04 LTS:
  libglib2.0-0                    2.16.6-0ubuntu1.1
  libglib2.0-udeb                 2.16.6-0ubuntu1.1

Ubuntu 8.10:
  libglib2.0-0                    2.18.2-0ubuntu2.1
  libglib2.0-udeb                 2.18.2-0ubuntu2.1

After a standard system upgrade you need to reboot your computer to effect
the necessary changes.

Details follow:

Diego Petten discovered that the Base64 encoding functions in GLib did not
properly handle large strings. If a user or automated system were tricked
into processing a crafted Base64 string, an attacker could possibly execute
arbitrary code with the privileges of the user invoking the program.


Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.14.1-1ubuntu1.1.diff.gz
      Size/MD5:    17524 138b9912ad61c1f00d6423d4d6931914
    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.14.1-1ubuntu1.1.dsc
      Size/MD5:     1084 33f307cae0cd17458587a5bc7d2b366c
    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.14.1.orig.tar.gz
      Size/MD5:  4514485 dd436aceda2b0fac690d11129b157dc9

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-data_2.14.1-1ubuntu1.1_all.deb
      Size/MD5:      962 d5405d5d9af95143426424f058465f57
    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-doc_2.14.1-1ubuntu1.1_all.deb
      Size/MD5:   875550 58bae9747659a721826a4cdb48653b26

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.14.1-1ubuntu1.1_amd64.deb
      Size/MD5:   750190 1d2cd4e8d958a45164b29137f062cdef
    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.14.1-1ubuntu1.1_amd64.deb
      Size/MD5:   650836 4bffda1840b9be52d2fade1fe9ce5fdf
    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.14.1-1ubuntu1.1_amd64.deb
      Size/MD5:   703086 b7cd2dba039c62260b2c4b7a2d51bebf
    http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-udeb_2.14.1-1ubuntu1.1_amd64.udeb
      Size/MD5:   818068 c1d3112c7b466bc514af10a47ae5ad9b

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.14.1-1ubuntu1.1_i386.deb
      Size/MD5:   682848 25dade5b71bdc66cdd5dbc8c13475d9f
    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.14.1-1ubuntu1.1_i386.deb
      Size/MD5:   600818 5ca07527317218881b8f40e8461b360c
    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.14.1-1ubuntu1.1_i386.deb
      Size/MD5:   636534 a00c0ec906a128cf5c2b686429159c33
    http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-udeb_2.14.1-1ubuntu1.1_i386.udeb
      Size/MD5:   765878 9de2564e2d720252ef139450d2c11240

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.14.1-1ubuntu1.1_lpia.deb
      Size/MD5:   726462 54577f30c31c779e72ad9a85177e2b3f
    http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.14.1-1ubuntu1.1_lpia.deb
      Size/MD5:   600250 b221636a099efcf4d4aa45506d3541f1
    http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.14.1-1ubuntu1.1_lpia.deb
      Size/MD5:   631880 03b65201612b7505508bb5eb98fd1af4
    http://ports.ubuntu.com/pool/universe/g/glib2.0/libglib2.0-udeb_2.14.1-1ubuntu1.1_lpia.udeb
      Size/MD5:   767286 8d1f140c6dce14b4b251ece60448f383

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.14.1-1ubuntu1.1_powerpc.deb
      Size/MD5:   739568 12b519209bc428c9abb801acd63b6f64
    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.14.1-1ubuntu1.1_powerpc.deb
      Size/MD5:   639720 cc7b0a74e988134820bb19696c260c4d
    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.14.1-1ubuntu1.1_powerpc.deb
      Size/MD5:   742996 9584e0e070ff20863b2db8a017cb435d
    http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-udeb_2.14.1-1ubuntu1.1_powerpc.udeb
      Size/MD5:   807140 aaa49170708207ea18b4f2d03333c317

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.14.1-1ubuntu1.1_sparc.deb
      Size/MD5:   659988 65cc53ae2ccdd2840f823e6da13746f4
    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.14.1-1ubuntu1.1_sparc.deb
      Size/MD5:   623398 7b8409a64a69752eac69d0cf481287d2
    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.14.1-1ubuntu1.1_sparc.deb
      Size/MD5:   687116 586af6af18b7609725bc5dfa233a0538
    http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-udeb_2.14.1-1ubuntu1.1_sparc.udeb
      Size/MD5:   790234 991a32c2b50a3a6642c3bfd4db97d646

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.16.6-0ubuntu1.1.diff.gz
      Size/MD5:    33905 23387ef13b5c8d376cc4c34a2b478b8c
    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.16.6-0ubuntu1.1.dsc
      Size/MD5:     1130 4b0ff87617aac27d5c37ad74e564c090
    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.16.6.orig.tar.gz
      Size/MD5:  6491460 65c594a471406a377bee8171a2ea43d4

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-doc_2.16.6-0ubuntu1.1_all.deb
      Size/MD5:  1163348 68f5bd3e6cff739347b22cef1f74a18c
    http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-data_2.16.6-0ubuntu1.1_all.deb
      Size/MD5:      968 610624ea9065c2fb2f747afaef5b673c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-0ubuntu1.1_amd64.deb
      Size/MD5:  1177248 11381774038a1b6c057371cb4e00bc1b
    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.16.6-0ubuntu1.1_amd64.deb
      Size/MD5:   824454 6baad819579ec0c7c6b8e27f985bedba
    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.16.6-0ubuntu1.1_amd64.deb
      Size/MD5:   985390 c078da0a2f3fbed279025c88e81f6f5a
    http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libgio-fam_2.16.6-0ubuntu1.1_amd64.deb
      Size/MD5:    48242 ea22af17d06494e4a69a3585263c9b0e
    http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-udeb_2.16.6-0ubuntu1.1_amd64.udeb
      Size/MD5:  1307358 b344d52fcaf68319dc5b854008e4d926

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-0ubuntu1.1_i386.deb
      Size/MD5:  1104366 d0dd8d14dcec10ab2a68b9ad79a5d038
    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.16.6-0ubuntu1.1_i386.deb
      Size/MD5:   758540 aa923e2911938c299179754d4c5806f5
    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.16.6-0ubuntu1.1_i386.deb
      Size/MD5:   874390 5f28d5c785e989c8ea1efe55dd7e3c5d
    http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libgio-fam_2.16.6-0ubuntu1.1_i386.deb
      Size/MD5:    46484 6fa7e8e1a6d84e20d03a8d6628e9c8f3
    http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-udeb_2.16.6-0ubuntu1.1_i386.udeb
      Size/MD5:  1238878 13eec74fbd7f4461ad563dd04fa001c8

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-0ubuntu1.1_lpia.deb
      Size/MD5:  1126246 ebfa91d95c7d5e3a79c1b7dd537dc96e
    http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.16.6-0ubuntu1.1_lpia.deb
      Size/MD5:   749438 643ab4beb0d97ae1bcb83f7e17f2ed93
    http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.16.6-0ubuntu1.1_lpia.deb
      Size/MD5:   866202 f67869e2bd1cdbed2461e13e7e1b08cd
    http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.16.6-0ubuntu1.1_lpia.deb
      Size/MD5:    46456 76ef2eb8a31b276046e020fe96387fdd
    http://ports.ubuntu.com/pool/universe/g/glib2.0/libglib2.0-udeb_2.16.6-0ubuntu1.1_lpia.udeb
      Size/MD5:  1232182 2c1606d39bebfd8c8267013432bd5657

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-0ubuntu1.1_powerpc.deb
      Size/MD5:  1165976 ec03b242bbe664869a8ffe86006e8bdc
    http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.16.6-0ubuntu1.1_powerpc.deb
      Size/MD5:   824912 5bff6cc6019577a2ebf5c558231c1d02
    http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.16.6-0ubuntu1.1_powerpc.deb
      Size/MD5:  1033470 d11fcd417812a3028b1d49bbf91970de
    http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.16.6-0ubuntu1.1_powerpc.deb
      Size/MD5:    48066 e1e552ae85742bdf20622d82725ebf77
    http://ports.ubuntu.com/pool/universe/g/glib2.0/libglib2.0-udeb_2.16.6-0ubuntu1.1_powerpc.udeb
      Size/MD5:  1307768 1f140fb5f4143700c5a25cd9aebefe96

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-0ubuntu1.1_sparc.deb
      Size/MD5:  1031254 26dbaeb3fc08bffaccbd95ca89e38654
    http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.16.6-0ubuntu1.1_sparc.deb
      Size/MD5:   781336 0ed705a3fbd1f23324525a0d672a51d7
    http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.16.6-0ubuntu1.1_sparc.deb
      Size/MD5:   953920 33853604999c49363f1948ed3e6437b7
    http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.16.6-0ubuntu1.1_sparc.deb
      Size/MD5:    47272 645a3b1411446a745ea9bf397528bfaf
    http://ports.ubuntu.com/pool/universe/g/glib2.0/libglib2.0-udeb_2.16.6-0ubuntu1.1_sparc.udeb
      Size/MD5:  1264084 3ddff1ddcc82db1dbf71d8e8d721dca6

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.18.2-0ubuntu2.1.diff.gz
      Size/MD5:    32950 fb2918028808c8a64ce59493c54f8af7
    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.18.2-0ubuntu2.1.dsc
      Size/MD5:     1552 3328bb4e4189019d5f4e176cafb281fa
    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.18.2.orig.tar.gz
      Size/MD5:  6792476 0f2bf241fc93d95a0bd599a9c2a352ca

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-data_2.18.2-0ubuntu2.1_all.deb
      Size/MD5:      960 82bb052062e7549056c74f0d78b29205
    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-doc_2.18.2-0ubuntu2.1_all.deb
      Size/MD5:  1152002 5e2500f783559bb9cfb5fdbaece3f3c6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.18.2-0ubuntu2.1_amd64.deb
      Size/MD5:  1248304 0d8cb8be6edfaa6304a80f9deea3acb0
    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.18.2-0ubuntu2.1_amd64.deb
      Size/MD5:   842594 591be969c4f238b16a344fd939d79acc
    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.18.2-0ubuntu2.1_amd64.deb
      Size/MD5:  1027604 91dfe71e0007ed7881176e51e1b8b900
    http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libgio-fam_2.18.2-0ubuntu2.1_amd64.deb
      Size/MD5:    44114 e0ec4eae45f8e47a518dd7388bf06227
    http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-udeb_2.18.2-0ubuntu2.1_amd64.udeb
      Size/MD5:  1401412 98004c1bec49d2598cedec9c26fd6276

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.18.2-0ubuntu2.1_i386.deb
      Size/MD5:  1173896 db2153c03262bd465f15d050651a5842
    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.18.2-0ubuntu2.1_i386.deb
      Size/MD5:   771208 fc627a9cae11d15f8f3582e13a13a080
    http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.18.2-0ubuntu2.1_i386.deb
      Size/MD5:   910628 f85ad3d2608f57bbf581aa4483fb97f4
    http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libgio-fam_2.18.2-0ubuntu2.1_i386.deb
      Size/MD5:    42644 41055523fc27443aeedfb2e1e3740eb4
    http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-udeb_2.18.2-0ubuntu2.1_i386.udeb
      Size/MD5:  1330172 7010f1b8b22ea7e17f0de5ef98a6bf8a

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.18.2-0ubuntu2.1_lpia.deb
      Size/MD5:  1195138 6ab371ce2a75e218a7de6260b4bc57b9
    http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.18.2-0ubuntu2.1_lpia.deb
      Size/MD5:   760558 97da9faad005ee2cf24565518d4e9985
    http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.18.2-0ubuntu2.1_lpia.deb
      Size/MD5:   901682 19bf37c54f3e6fb11b13ec3db08292b9
    http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.18.2-0ubuntu2.1_lpia.deb
      Size/MD5:    42516 023bd2caa36a94489075279cecf03399
    http://ports.ubuntu.com/pool/universe/g/glib2.0/libglib2.0-udeb_2.18.2-0ubuntu2.1_lpia.udeb
      Size/MD5:  1319420 95809f6fbfc8ef3761256f12e5524e98

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.18.2-0ubuntu2.1_powerpc.deb
      Size/MD5:  1237852 df13662cf69aad0ade051afadfbe974a
    http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.18.2-0ubuntu2.1_powerpc.deb
      Size/MD5:   845582 ef5936463716b8f9926ed4574282d313
    http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.18.2-0ubuntu2.1_powerpc.deb
      Size/MD5:  1079766 11eb08fed0b00df691c43f6a1a8fcc13
    http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.18.2-0ubuntu2.1_powerpc.deb
      Size/MD5:    43918 441be4fe2d26600e6675b08b7da29499
    http://ports.ubuntu.com/pool/universe/g/glib2.0/libglib2.0-udeb_2.18.2-0ubuntu2.1_powerpc.udeb
      Size/MD5:  1404140 d28d4a3b73b8407d10ff48980706106d

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.18.2-0ubuntu2.1_sparc.deb
      Size/MD5:  1077366 d68576f4973e127ac1cccb41fc37bb19
    http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.18.2-0ubuntu2.1_sparc.deb
      Size/MD5:   790732 72be4f8c2ee1c0f41747e82736e6aed8
    http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.18.2-0ubuntu2.1_sparc.deb
      Size/MD5:   985182 a3c1cae1359421e28c9068c7cc8a59e9
    http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.18.2-0ubuntu2.1_sparc.deb
      Size/MD5:    43182 19a63d0f654eb9212eb9693ecc4e47f8
    http://ports.ubuntu.com/pool/universe/g/glib2.0/libglib2.0-udeb_2.18.2-0ubuntu2.1_sparc.udeb
      Size/MD5:  1349790 68bb632ebf858ae4eb87cc48a1d76514



Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ