lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20100415194013.GA1233@severus.strandboge.com>
Date: Thu, 15 Apr 2010 14:40:13 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-890-6] CMake vulnerabilities

===========================================================
Ubuntu Security Notice USN-890-6             April 15, 2010
cmake vulnerabilities
CVE-2009-3560, CVE-2009-3720
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  cmake                           2.4.7-1ubuntu0.1

Ubuntu 8.10:
  cmake                           2.6.0-4ubuntu2.1

Ubuntu 9.04:
  cmake                           2.6.2-1ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-890-1 fixed vulnerabilities in Expat. This update provides the
corresponding updates for CMake.

Original advisory details:

 Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did
 not properly process malformed XML. If a user or application linked against
 Expat were tricked into opening a crafted XML file, an attacker could cause
 a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)
 
 It was discovered that Expat did not properly process malformed UTF-8
 sequences. If a user or application linked against Expat were tricked into
 opening a crafted XML file, an attacker could cause a denial of service via
 application crash. (CVE-2009-3560)


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.4.7-1ubuntu0.1.diff.gz
      Size/MD5:    19304 4847577a13e831bf4c9362c095c57469
    http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.4.7-1ubuntu0.1.dsc
      Size/MD5:      754 2c34c737d1e386a07a5c76a7dd13a944
    http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.4.7.orig.tar.gz
      Size/MD5:  2600960 4476c423b8f74266136964e42ea88028

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.4.7-1ubuntu0.1_amd64.deb
      Size/MD5:  4898346 b9e4db27145fa5221400abf495d3a13e

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.4.7-1ubuntu0.1_i386.deb
      Size/MD5:  4807750 f19cd2ee80eb82fb0ae8bf141052b412

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/c/cmake/cmake_2.4.7-1ubuntu0.1_lpia.deb
      Size/MD5:  4932126 400097697c5d46f1495598be78ada933

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/c/cmake/cmake_2.4.7-1ubuntu0.1_powerpc.deb
      Size/MD5:  5022506 447f8cda06dc9951cc16dbac30936bf9

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/c/cmake/cmake_2.4.7-1ubuntu0.1_sparc.deb
      Size/MD5:  5218650 55ff806b82d2388df3cbbbe42aac6773

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.6.0-4ubuntu2.1.diff.gz
      Size/MD5:   154440 0ecd99b1f92f8074a00b35f724285c60
    http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.6.0-4ubuntu2.1.dsc
      Size/MD5:     1209 a588561c8c0c8b452502684165f10cb4
    http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.6.0.orig.tar.gz
      Size/MD5:  3460096 e95ae003672dfc6c8151a1ee49a0d4a6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.6.0-4ubuntu2.1_amd64.deb
      Size/MD5:  7620672 8f60ccfa287b26094722152989cbf68d
    http://security.ubuntu.com/ubuntu/pool/universe/c/cmake/cmake-gui_2.6.0-4ubuntu2.1_amd64.deb
      Size/MD5:  1772702 8e12e02b3614acc99bdb53feb1b746e1

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.6.0-4ubuntu2.1_i386.deb
      Size/MD5:  7501566 dc6ea30046469b047921ac7c390fdaf5
    http://security.ubuntu.com/ubuntu/pool/universe/c/cmake/cmake-gui_2.6.0-4ubuntu2.1_i386.deb
      Size/MD5:  1742578 207d27cfebb112d24bdbf65437c11a34

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/c/cmake/cmake_2.6.0-4ubuntu2.1_lpia.deb
      Size/MD5:  7620894 3c4841d74f829b790d68facb4289d124
    http://ports.ubuntu.com/pool/universe/c/cmake/cmake-gui_2.6.0-4ubuntu2.1_lpia.deb
      Size/MD5:  1770858 22a3eeef881a72ebb5e28463df324bc2

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/c/cmake/cmake_2.6.0-4ubuntu2.1_powerpc.deb
      Size/MD5:  7694198 3f6a00a9deae3edda8c19c2c645be864
    http://ports.ubuntu.com/pool/universe/c/cmake/cmake-gui_2.6.0-4ubuntu2.1_powerpc.deb
      Size/MD5:  1792360 60da0c6cdc7fc11dfac10ef4b00aa588

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/c/cmake/cmake_2.6.0-4ubuntu2.1_sparc.deb
      Size/MD5:  7696576 7725dd1c71b483b6d57b6ff9e2e16655
    http://ports.ubuntu.com/pool/universe/c/cmake/cmake-gui_2.6.0-4ubuntu2.1_sparc.deb
      Size/MD5:  1789250 7dace86e239c8e71290eca7e4c29126a

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.6.2-1ubuntu1.1.diff.gz
      Size/MD5:    28215 1aa2652fdd0711a9c58614fcf13b73c5
    http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.6.2-1ubuntu1.1.dsc
      Size/MD5:     1241 a001577d3d45df9bd41d6fb80307561f
    http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.6.2.orig.tar.gz
      Size/MD5:  3543548 9e82aa3beb991aa8e5797cf330618d42

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.6.2-1ubuntu1.1_amd64.deb
      Size/MD5:  8007590 9c2ac087a4ac56485388575feb92fdf6
    http://security.ubuntu.com/ubuntu/pool/universe/c/cmake/cmake-gui_2.6.2-1ubuntu1.1_amd64.deb
      Size/MD5:  1822586 f70ed4aa0602d577d2715cbe0080fe30

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.6.2-1ubuntu1.1_i386.deb
      Size/MD5:  7881542 cb66a414801daf0b4f470cdd1b086954
    http://security.ubuntu.com/ubuntu/pool/universe/c/cmake/cmake-gui_2.6.2-1ubuntu1.1_i386.deb
      Size/MD5:  1790112 50a29ca0d173992162b348b24ef45f5c

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/c/cmake/cmake_2.6.2-1ubuntu1.1_lpia.deb
      Size/MD5:  8004730 246213701cf12b36577a6e9076e0d219
    http://ports.ubuntu.com/pool/universe/c/cmake/cmake-gui_2.6.2-1ubuntu1.1_lpia.deb
      Size/MD5:  1819698 1cf8173dbc8f14e17f2a63510a29f7da

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/c/cmake/cmake_2.6.2-1ubuntu1.1_powerpc.deb
      Size/MD5:  8077794 e5bf93fad8f4335ba748a6f7244ffb70
    http://ports.ubuntu.com/pool/universe/c/cmake/cmake-gui_2.6.2-1ubuntu1.1_powerpc.deb
      Size/MD5:  1840362 ef93012a5d74ae00b323396db61e1d98

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/c/cmake/cmake_2.6.2-1ubuntu1.1_sparc.deb
      Size/MD5:  8066556 61e07c3d66649dd2f56a81a1a9d5b4a2
    http://ports.ubuntu.com/pool/universe/c/cmake/cmake-gui_2.6.2-1ubuntu1.1_sparc.deb
      Size/MD5:  1834274 889b932bc20c732ffb887fc88eb1a215




Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ