lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1277146170.14388.46.camel@mdlinux.technorage.com>
Date: Mon, 21 Jun 2010 14:49:30 -0400
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-955-1] OPIE vulnerability

===========================================================
Ubuntu Security Notice USN-955-1              June 21, 2010
opie vulnerability
CVE-2010-1938
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.04:
  libopie-dev                     2.40~dfsg-0ubuntu1.9.04.1

Ubuntu 9.10:
  libopie-dev                     2.40~dfsg-0ubuntu1.9.10.1

Ubuntu 10.04 LTS:
  libopie-dev                     2.40~dfsg-0ubuntu1.10.04.1

In general, a standard system update will make all the necessary changes.

Details follow:

Maksymilian Arciemowicz and Adam Zabrocki discovered that OPIE incorrectly
handled long usernames. A remote attacker could exploit this with a crafted
username and make applications linked against libopie crash, leading to a
denial of service.


Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg-0ubuntu1.9.04.1.diff.gz
      Size/MD5:     9412 6e9e9190b066ff3ce4d79c44af2cfebe
    http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg-0ubuntu1.9.04.1.dsc
      Size/MD5:     1139 7e1e1f2997befa10ae8cffabfa4db522
    http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg.orig.tar.gz
      Size/MD5:   174823 4a2be4eedcefedd106af82aa06aedd60

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.04.1_amd64.deb
      Size/MD5:    32852 b9c79d257b6a746d0ad07053e41d15a5
    http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.04.1_amd64.deb
      Size/MD5:    44898 48b0a257f368ac90c41eb3484e147b0b
    http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.04.1_amd64.deb
      Size/MD5:    48514 d3bfc3b527faaadbd82d6ca83c2f1ca7

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.04.1_i386.deb
      Size/MD5:    31798 ed4992c032d6947a2cfea458a6ad2c51
    http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.04.1_i386.deb
      Size/MD5:    44102 9cddebdf2ff4e1cbca7d14e8cb15b984
    http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.04.1_i386.deb
      Size/MD5:    47654 688e469a8a7958453e3e205c4f3768c8

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.04.1_lpia.deb
      Size/MD5:    30716 08cb73e7ff0534a082f9a6659e0ce333
    http://ports.ubuntu.com/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.04.1_lpia.deb
      Size/MD5:    43802 219ba660fd518ba025bb044e78a3a625
    http://ports.ubuntu.com/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.04.1_lpia.deb
      Size/MD5:    47284 251588648175ef401d32d3890b30a50a

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.04.1_powerpc.deb
      Size/MD5:    33580 f585ffa422c9d61630c8d9bd4ce4dc1e
    http://ports.ubuntu.com/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.04.1_powerpc.deb
      Size/MD5:    46016 e344999d7cbbf96b42322a503bc19845
    http://ports.ubuntu.com/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.04.1_powerpc.deb
      Size/MD5:    48928 a07244aee0e9e844cac51ea172a59be6

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.04.1_sparc.deb
      Size/MD5:    32112 09c04bef194c1a1e4c71cd43dd3ac537
    http://ports.ubuntu.com/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.04.1_sparc.deb
      Size/MD5:    45388 f2c093ff244a2ee6072a70cfd0fe75ca
    http://ports.ubuntu.com/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.04.1_sparc.deb
      Size/MD5:    48594 4779a75bb2a444dea595c4e83726f3b3

Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg-0ubuntu1.9.10.1.diff.gz
      Size/MD5:     9416 1b4036959fde389a79c60555cb294082
    http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg-0ubuntu1.9.10.1.dsc
      Size/MD5:     1139 b15759930af9e24a9858f1912003d654
    http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg.orig.tar.gz
      Size/MD5:   174823 4a2be4eedcefedd106af82aa06aedd60

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.10.1_amd64.deb
      Size/MD5:    33946 bbcf3722c4eec05dcc85714bb4905519
    http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.10.1_amd64.deb
      Size/MD5:    45872 2904223e62ddc578dd9cec239f9cea51
    http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.10.1_amd64.deb
      Size/MD5:    49212 63025a249846bf7a9fe283d0447f83ed

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.10.1_i386.deb
      Size/MD5:    32460 371573fae6f6061e73efbf641293e1f8
    http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.10.1_i386.deb
      Size/MD5:    44720 17c63c58981fe7dba64f848a20224e13
    http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.10.1_i386.deb
      Size/MD5:    48218 f24bdb5f2e0f42b88d43307cbb78cc8c

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.10.1_lpia.deb
      Size/MD5:    31496 98769948900f0e6a9fb3b30cd09ad418
    http://ports.ubuntu.com/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.10.1_lpia.deb
      Size/MD5:    44596 963a18749621b7615ba19ec5b0ad1a4e
    http://ports.ubuntu.com/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.10.1_lpia.deb
      Size/MD5:    47840 705abfed82e0e64ea47046e59947681a

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.10.1_powerpc.deb
      Size/MD5:    33648 dab512cd68ebce9a256c7b126250176e
    http://ports.ubuntu.com/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.10.1_powerpc.deb
      Size/MD5:    45774 291e20a894ec6cca0d15f355ebd99f3e
    http://ports.ubuntu.com/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.10.1_powerpc.deb
      Size/MD5:    48682 b7cacffb565f7a765bda1df9d3667c75

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.10.1_sparc.deb
      Size/MD5:    32326 d5afe5e50292147af7fd593ccc8f45eb
    http://ports.ubuntu.com/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.10.1_sparc.deb
      Size/MD5:    45628 1e6435a28498b1d1660555eb2feff9b1
    http://ports.ubuntu.com/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.10.1_sparc.deb
      Size/MD5:    48570 64b774c24b1d32889ad3e177a030d9db

Updated packages for Ubuntu 10.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg-0ubuntu1.10.04.1.diff.gz
      Size/MD5:     9417 7d69bcb66c523fabb6bcb77f6f49a75a
    http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg-0ubuntu1.10.04.1.dsc
      Size/MD5:     1143 b5ef0adf98f91a9ad6e47d51c30545ce
    http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg.orig.tar.gz
      Size/MD5:   174823 4a2be4eedcefedd106af82aa06aedd60

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.10.04.1_amd64.deb
      Size/MD5:    33830 89f9d096e9869d76540c50875c666a2a
    http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.10.04.1_amd64.deb
      Size/MD5:    45772 f4b2493ccb1e7c77ed29003349a82cd3
    http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.10.04.1_amd64.deb
      Size/MD5:    49080 efce404aa45a9a51431396e213db5425

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.10.04.1_i386.deb
      Size/MD5:    32276 d387fa29e024e41302e0001d6c498b31
    http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.10.04.1_i386.deb
      Size/MD5:    44642 5b26dafeeefca98b742c083c41d9b4bc
    http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.10.04.1_i386.deb
      Size/MD5:    48008 c892f45587d5d39879c48e0f6d2d001e

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.10.04.1_powerpc.deb
      Size/MD5:    33566 e741a9deb923cfb671bbc1812610b882
    http://ports.ubuntu.com/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.10.04.1_powerpc.deb
      Size/MD5:    45678 c53206c0d347bd0b97a37eedaa197790
    http://ports.ubuntu.com/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.10.04.1_powerpc.deb
      Size/MD5:    48600 ffcd300b5f3fa6e5c11651dc0434bbba

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.10.04.1_sparc.deb
      Size/MD5:    33506 3c577ee37bc07cf204b317e2b75bb10b
    http://ports.ubuntu.com/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.10.04.1_sparc.deb
      Size/MD5:    46780 20f06a8f6a908e494bdb9e398de11f71
    http://ports.ubuntu.com/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.10.04.1_sparc.deb
      Size/MD5:    49756 9d18a9f6dfb7cb9333207f7566e0d54f




Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ