lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 27 Jan 2010 23:58:07 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-891-1] lintian vulnerabilities

===========================================================
Ubuntu Security Notice USN-891-1           January 28, 2010
lintian vulnerabilities
CVE-2009-4013, CVE-2009-4014, CVE-2009-4015
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  lintian                         1.23.16ubuntu2.1

Ubuntu 8.04 LTS:
  lintian                         1.23.46ubuntu0.1

Ubuntu 8.10:
  lintian                         1.24.3ubuntu0.1

Ubuntu 9.04:
  lintian                         2.2.5ubuntu1.1

Ubuntu 9.10:
  lintian                         2.2.17ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that lintian did not correctly validate certain
filenames when processing input.  If a user or an automated system
were tricked into running lintian on a specially crafted set of files,
a remote attacker could execute arbitrary code with user privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.16ubuntu2.1.dsc
      Size/MD5:      830 a47fe6f70e2eba48fb33d0564b9725e4
    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.16ubuntu2.1.tar.gz
      Size/MD5:   276511 50d6bfca45e5bed01983bdc83b00d19a

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.16ubuntu2.1_all.deb
      Size/MD5:   238462 db9ef682ad8968f5654e5cf61eefb758

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.46ubuntu0.1.dsc
      Size/MD5:     1015 f920dd072c6a0f3a468999c3bbbbe121
    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.46ubuntu0.1.tar.gz
      Size/MD5:   396901 7778649c0f4fb64428b9b4ff895e1a37

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.46ubuntu0.1_all.deb
      Size/MD5:   329624 9a624f6eb3664bb2c22be3d1af3206d6

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.24.3ubuntu0.1.dsc
      Size/MD5:     1244 0f8c73db743ead863a7d3488b476ee0d
    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.24.3ubuntu0.1.tar.gz
      Size/MD5:   485785 a7d56250c3cb465c4312aa40ad5beda0

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.24.3ubuntu0.1_all.deb
      Size/MD5:   359254 a6caa1f945de160e203f28bbfd842912

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.5ubuntu1.1.dsc
      Size/MD5:     1284 e4c08e6d5485857e84d5354cdf01e9f6
    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.5ubuntu1.1.tar.gz
      Size/MD5:   634606 d3fee56c7bedbe0088ce8749f44bcacf

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.5ubuntu1.1_all.deb
      Size/MD5:   437450 927b8d2bf0fde9a62267a44d7f1779d3

Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.17ubuntu1.1.dsc
      Size/MD5:     1283 2845994c571ce78a3be8b2121c950db9
    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.17ubuntu1.1.tar.gz
      Size/MD5:   747007 dab8b5b18c5f0904df90b07027223af0

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.17ubuntu1.1_all.deb
      Size/MD5:   475958 4b633e03d586b04674a9c8266b6d3273


Download attachment "signature.asc" of type "application/pgp-signature" (237 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ