[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1252951691.10635.17.camel@mdlinux.technorage.com>
Date: Mon, 14 Sep 2009 14:08:11 -0400
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-831-1] OpenEXR vulnerabilities
===========================================================
Ubuntu Security Notice USN-831-1 September 14, 2009
openexr vulnerabilities
CVE-2009-1720, CVE-2009-1721, CVE-2009-1722
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
libopenexr2ldbl 1.2.2-4.4ubuntu1.1
Ubuntu 8.10:
libopenexr6 1.6.1-3ubuntu1.8.10.1
Ubuntu 9.04:
libopenexr6 1.6.1-3ubuntu1.9.04.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Drew Yao discovered several flaws in the way OpenEXR handled certain
malformed EXR image files. If a user were tricked into opening a crafted
EXR image file, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the user
invoking the program. (CVE-2009-1720, CVE-2009-1721)
It was discovered that OpenEXR did not properly handle certain malformed
EXR image files. If a user were tricked into opening a crafted EXR image
file, an attacker could cause a denial of service via application crash, or
possibly execute arbitrary code with the privileges of the user invoking
the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2009-1722)
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.2.2-4.4ubuntu1.1.diff.gz
Size/MD5: 14554 bcb5ecaf21b59a7710683a68aba0bb2b
http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.2.2-4.4ubuntu1.1.dsc
Size/MD5: 854 79f78a28a14dc93802a157e8e07da8b2
http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.2.2.orig.tar.gz
Size/MD5: 9324108 a2e56af78dc47c7294ff188c8f78394b
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr-dev_1.2.2-4.4ubuntu1.1_amd64.deb
Size/MD5: 520502 bc8ae0a36129711cf8d3fe76ce9ba08a
http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr2ldbl_1.2.2-4.4ubuntu1.1_amd64.deb
Size/MD5: 286262 9f04235664daaae9a7f7e7b73380c48c
http://security.ubuntu.com/ubuntu/pool/universe/o/openexr/openexr_1.2.2-4.4ubuntu1.1_amd64.deb
Size/MD5: 734166 1f69f5a3df60c97112ae6cd10703c57e
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr-dev_1.2.2-4.4ubuntu1.1_i386.deb
Size/MD5: 489298 bf984b8b16376d340a740e53604cfdac
http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr2ldbl_1.2.2-4.4ubuntu1.1_i386.deb
Size/MD5: 287666 f450d951805adacac919a4200e4079c8
http://security.ubuntu.com/ubuntu/pool/universe/o/openexr/openexr_1.2.2-4.4ubuntu1.1_i386.deb
Size/MD5: 731418 50a185e5cbef2dde80897bd3b794bca5
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.2.2-4.4ubuntu1.1_lpia.deb
Size/MD5: 489194 c3204af1c07b5e8d91c77e8afc7f493b
http://ports.ubuntu.com/pool/main/o/openexr/libopenexr2ldbl_1.2.2-4.4ubuntu1.1_lpia.deb
Size/MD5: 287298 7c2fc36791080636a0bbe7278ed42555
http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.2.2-4.4ubuntu1.1_lpia.deb
Size/MD5: 731534 57578bfd60be8abf7fcda8d5bafef26f
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.2.2-4.4ubuntu1.1_powerpc.deb
Size/MD5: 589576 90a3f35339b108824d79a0f0107a12cf
http://ports.ubuntu.com/pool/main/o/openexr/libopenexr2ldbl_1.2.2-4.4ubuntu1.1_powerpc.deb
Size/MD5: 364716 0887057dc3b0d4e0ffee844453729327
http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.2.2-4.4ubuntu1.1_powerpc.deb
Size/MD5: 754718 f7392e608b57a36e331a6fd704fd0345
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.2.2-4.4ubuntu1.1_sparc.deb
Size/MD5: 538130 448b7ce51d6dd79d945da1e3e79558f1
http://ports.ubuntu.com/pool/main/o/openexr/libopenexr2ldbl_1.2.2-4.4ubuntu1.1_sparc.deb
Size/MD5: 348778 438f6f0bf164bfbfc5d6231ae9812d61
http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.2.2-4.4ubuntu1.1_sparc.deb
Size/MD5: 732896 b3032617d77a87167a5b324df68cfebc
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.6.1-3ubuntu1.8.10.1.diff.gz
Size/MD5: 10364 e9b92379d848ea8041bb24f373abce27
http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.6.1-3ubuntu1.8.10.1.dsc
Size/MD5: 1435 447d6de5b9270ee023190c6f6d4c5fd4
http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.6.1.orig.tar.gz
Size/MD5: 13632660 11951f164f9c872b183df75e66de145a
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.8.10.1_amd64.deb
Size/MD5: 407912 2f3b7facf838d3128cf2c1f0c4e1c815
http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.8.10.1_amd64.deb
Size/MD5: 241494 22b5cb24558e05f772bcacd72235036f
http://security.ubuntu.com/ubuntu/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.8.10.1_amd64.deb
Size/MD5: 2773456 45d601ad97839d69fc59608d9604fdf8
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.8.10.1_i386.deb
Size/MD5: 381918 9bd3511e0753b8b6f93645fa4aa43f73
http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.8.10.1_i386.deb
Size/MD5: 246430 57dd3cfeaa869d1e841f9464c8ec2902
http://security.ubuntu.com/ubuntu/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.8.10.1_i386.deb
Size/MD5: 2771286 c183b01a23042f8850646fbae7e8ef85
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.8.10.1_lpia.deb
Size/MD5: 388238 9b356f52196cf4095783f18e7a603e5e
http://ports.ubuntu.com/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.8.10.1_lpia.deb
Size/MD5: 247922 aeac742568e377354f55332ad8b78d06
http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.8.10.1_lpia.deb
Size/MD5: 2772774 c586fcbaf277a38f1d5af05826254663
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.8.10.1_powerpc.deb
Size/MD5: 424732 2368ddc9d9638ea099e9fc120d652a92
http://ports.ubuntu.com/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.8.10.1_powerpc.deb
Size/MD5: 262556 90531ff5022483bd42440a63bcdcbe34
http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.8.10.1_powerpc.deb
Size/MD5: 2785810 531d8286b0dbed5876de654d9c5a0e15
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.8.10.1_sparc.deb
Size/MD5: 381484 d265eb57c9803ca3421bbb809151f60d
http://ports.ubuntu.com/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.8.10.1_sparc.deb
Size/MD5: 250576 0d76214dc4310f943241df4cb495abd0
http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.8.10.1_sparc.deb
Size/MD5: 2772058 c5e289674d121ef825e54f9dc47b00ae
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.6.1-3ubuntu1.9.04.1.diff.gz
Size/MD5: 10370 cac945dee35c0411a697b27a46f0e42f
http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.6.1-3ubuntu1.9.04.1.dsc
Size/MD5: 1435 24179d6fa85e4047aa3dc3c694f155bf
http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.6.1.orig.tar.gz
Size/MD5: 13632660 11951f164f9c872b183df75e66de145a
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.9.04.1_amd64.deb
Size/MD5: 407908 fc55d45abf5c0c97e71515ecebd528c7
http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.9.04.1_amd64.deb
Size/MD5: 240858 d7f9b1dd22ef238a9ac08f8f207965d9
http://security.ubuntu.com/ubuntu/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.9.04.1_amd64.deb
Size/MD5: 2773408 616015ed9d2bb5ca69f5e41ea6f5efbf
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.9.04.1_i386.deb
Size/MD5: 381850 e7362ba5c8c7623053e7ba2d64d261c7
http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.9.04.1_i386.deb
Size/MD5: 246152 6b5da6b29cd500b56e400909c21b803a
http://security.ubuntu.com/ubuntu/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.9.04.1_i386.deb
Size/MD5: 2771250 266caa9d44e92ccdf8c74affca342a4d
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.9.04.1_lpia.deb
Size/MD5: 388080 0d501381d79dcbd662a2f0dcde11baf4
http://ports.ubuntu.com/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.9.04.1_lpia.deb
Size/MD5: 247390 829f6cd695b52589edcde2a64cf5e0f1
http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.9.04.1_lpia.deb
Size/MD5: 2772724 f3988f7f58639e1e5cf49beaf08ccfdb
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.9.04.1_powerpc.deb
Size/MD5: 424104 bfa85703ce1182fdc174811b9e90fc9c
http://ports.ubuntu.com/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.9.04.1_powerpc.deb
Size/MD5: 261896 4b4275c8576aa92bbd48cfe6223b8e3c
http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.9.04.1_powerpc.deb
Size/MD5: 2785844 91802584d1c61f988087a68e8706e72a
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.9.04.1_sparc.deb
Size/MD5: 381044 9adf5c3aa866865b9a8b2273eb40e697
http://ports.ubuntu.com/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.9.04.1_sparc.deb
Size/MD5: 249858 828d97de309d99c0f5a0999174df0e97
http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.9.04.1_sparc.deb
Size/MD5: 2772008 60fd8f4cff249108a15d60c5b0ce119b
Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists