[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20100128075807.GO17345@outflux.net>
Date: Wed, 27 Jan 2010 23:58:07 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-891-1] lintian vulnerabilities
===========================================================
Ubuntu Security Notice USN-891-1 January 28, 2010
lintian vulnerabilities
CVE-2009-4013, CVE-2009-4014, CVE-2009-4015
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
lintian 1.23.16ubuntu2.1
Ubuntu 8.04 LTS:
lintian 1.23.46ubuntu0.1
Ubuntu 8.10:
lintian 1.24.3ubuntu0.1
Ubuntu 9.04:
lintian 2.2.5ubuntu1.1
Ubuntu 9.10:
lintian 2.2.17ubuntu1.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that lintian did not correctly validate certain
filenames when processing input. If a user or an automated system
were tricked into running lintian on a specially crafted set of files,
a remote attacker could execute arbitrary code with user privileges.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.16ubuntu2.1.dsc
Size/MD5: 830 a47fe6f70e2eba48fb33d0564b9725e4
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.16ubuntu2.1.tar.gz
Size/MD5: 276511 50d6bfca45e5bed01983bdc83b00d19a
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.16ubuntu2.1_all.deb
Size/MD5: 238462 db9ef682ad8968f5654e5cf61eefb758
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.46ubuntu0.1.dsc
Size/MD5: 1015 f920dd072c6a0f3a468999c3bbbbe121
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.46ubuntu0.1.tar.gz
Size/MD5: 396901 7778649c0f4fb64428b9b4ff895e1a37
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.46ubuntu0.1_all.deb
Size/MD5: 329624 9a624f6eb3664bb2c22be3d1af3206d6
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.24.3ubuntu0.1.dsc
Size/MD5: 1244 0f8c73db743ead863a7d3488b476ee0d
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.24.3ubuntu0.1.tar.gz
Size/MD5: 485785 a7d56250c3cb465c4312aa40ad5beda0
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.24.3ubuntu0.1_all.deb
Size/MD5: 359254 a6caa1f945de160e203f28bbfd842912
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.5ubuntu1.1.dsc
Size/MD5: 1284 e4c08e6d5485857e84d5354cdf01e9f6
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.5ubuntu1.1.tar.gz
Size/MD5: 634606 d3fee56c7bedbe0088ce8749f44bcacf
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.5ubuntu1.1_all.deb
Size/MD5: 437450 927b8d2bf0fde9a62267a44d7f1779d3
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.17ubuntu1.1.dsc
Size/MD5: 1283 2845994c571ce78a3be8b2121c950db9
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.17ubuntu1.1.tar.gz
Size/MD5: 747007 dab8b5b18c5f0904df90b07027223af0
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.17ubuntu1.1_all.deb
Size/MD5: 475958 4b633e03d586b04674a9c8266b6d3273
Download attachment "signature.asc" of type "application/pgp-signature" (237 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists