[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1277146170.14388.46.camel@mdlinux.technorage.com>
Date: Mon, 21 Jun 2010 14:49:30 -0400
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-955-1] OPIE vulnerability
===========================================================
Ubuntu Security Notice USN-955-1 June 21, 2010
opie vulnerability
CVE-2010-1938
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.04:
libopie-dev 2.40~dfsg-0ubuntu1.9.04.1
Ubuntu 9.10:
libopie-dev 2.40~dfsg-0ubuntu1.9.10.1
Ubuntu 10.04 LTS:
libopie-dev 2.40~dfsg-0ubuntu1.10.04.1
In general, a standard system update will make all the necessary changes.
Details follow:
Maksymilian Arciemowicz and Adam Zabrocki discovered that OPIE incorrectly
handled long usernames. A remote attacker could exploit this with a crafted
username and make applications linked against libopie crash, leading to a
denial of service.
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg-0ubuntu1.9.04.1.diff.gz
Size/MD5: 9412 6e9e9190b066ff3ce4d79c44af2cfebe
http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg-0ubuntu1.9.04.1.dsc
Size/MD5: 1139 7e1e1f2997befa10ae8cffabfa4db522
http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg.orig.tar.gz
Size/MD5: 174823 4a2be4eedcefedd106af82aa06aedd60
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.04.1_amd64.deb
Size/MD5: 32852 b9c79d257b6a746d0ad07053e41d15a5
http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.04.1_amd64.deb
Size/MD5: 44898 48b0a257f368ac90c41eb3484e147b0b
http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.04.1_amd64.deb
Size/MD5: 48514 d3bfc3b527faaadbd82d6ca83c2f1ca7
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.04.1_i386.deb
Size/MD5: 31798 ed4992c032d6947a2cfea458a6ad2c51
http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.04.1_i386.deb
Size/MD5: 44102 9cddebdf2ff4e1cbca7d14e8cb15b984
http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.04.1_i386.deb
Size/MD5: 47654 688e469a8a7958453e3e205c4f3768c8
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.04.1_lpia.deb
Size/MD5: 30716 08cb73e7ff0534a082f9a6659e0ce333
http://ports.ubuntu.com/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.04.1_lpia.deb
Size/MD5: 43802 219ba660fd518ba025bb044e78a3a625
http://ports.ubuntu.com/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.04.1_lpia.deb
Size/MD5: 47284 251588648175ef401d32d3890b30a50a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.04.1_powerpc.deb
Size/MD5: 33580 f585ffa422c9d61630c8d9bd4ce4dc1e
http://ports.ubuntu.com/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.04.1_powerpc.deb
Size/MD5: 46016 e344999d7cbbf96b42322a503bc19845
http://ports.ubuntu.com/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.04.1_powerpc.deb
Size/MD5: 48928 a07244aee0e9e844cac51ea172a59be6
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.04.1_sparc.deb
Size/MD5: 32112 09c04bef194c1a1e4c71cd43dd3ac537
http://ports.ubuntu.com/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.04.1_sparc.deb
Size/MD5: 45388 f2c093ff244a2ee6072a70cfd0fe75ca
http://ports.ubuntu.com/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.04.1_sparc.deb
Size/MD5: 48594 4779a75bb2a444dea595c4e83726f3b3
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg-0ubuntu1.9.10.1.diff.gz
Size/MD5: 9416 1b4036959fde389a79c60555cb294082
http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg-0ubuntu1.9.10.1.dsc
Size/MD5: 1139 b15759930af9e24a9858f1912003d654
http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg.orig.tar.gz
Size/MD5: 174823 4a2be4eedcefedd106af82aa06aedd60
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.10.1_amd64.deb
Size/MD5: 33946 bbcf3722c4eec05dcc85714bb4905519
http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.10.1_amd64.deb
Size/MD5: 45872 2904223e62ddc578dd9cec239f9cea51
http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.10.1_amd64.deb
Size/MD5: 49212 63025a249846bf7a9fe283d0447f83ed
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.10.1_i386.deb
Size/MD5: 32460 371573fae6f6061e73efbf641293e1f8
http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.10.1_i386.deb
Size/MD5: 44720 17c63c58981fe7dba64f848a20224e13
http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.10.1_i386.deb
Size/MD5: 48218 f24bdb5f2e0f42b88d43307cbb78cc8c
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.10.1_lpia.deb
Size/MD5: 31496 98769948900f0e6a9fb3b30cd09ad418
http://ports.ubuntu.com/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.10.1_lpia.deb
Size/MD5: 44596 963a18749621b7615ba19ec5b0ad1a4e
http://ports.ubuntu.com/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.10.1_lpia.deb
Size/MD5: 47840 705abfed82e0e64ea47046e59947681a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.10.1_powerpc.deb
Size/MD5: 33648 dab512cd68ebce9a256c7b126250176e
http://ports.ubuntu.com/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.10.1_powerpc.deb
Size/MD5: 45774 291e20a894ec6cca0d15f355ebd99f3e
http://ports.ubuntu.com/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.10.1_powerpc.deb
Size/MD5: 48682 b7cacffb565f7a765bda1df9d3667c75
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.10.1_sparc.deb
Size/MD5: 32326 d5afe5e50292147af7fd593ccc8f45eb
http://ports.ubuntu.com/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.10.1_sparc.deb
Size/MD5: 45628 1e6435a28498b1d1660555eb2feff9b1
http://ports.ubuntu.com/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.10.1_sparc.deb
Size/MD5: 48570 64b774c24b1d32889ad3e177a030d9db
Updated packages for Ubuntu 10.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg-0ubuntu1.10.04.1.diff.gz
Size/MD5: 9417 7d69bcb66c523fabb6bcb77f6f49a75a
http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg-0ubuntu1.10.04.1.dsc
Size/MD5: 1143 b5ef0adf98f91a9ad6e47d51c30545ce
http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg.orig.tar.gz
Size/MD5: 174823 4a2be4eedcefedd106af82aa06aedd60
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.10.04.1_amd64.deb
Size/MD5: 33830 89f9d096e9869d76540c50875c666a2a
http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.10.04.1_amd64.deb
Size/MD5: 45772 f4b2493ccb1e7c77ed29003349a82cd3
http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.10.04.1_amd64.deb
Size/MD5: 49080 efce404aa45a9a51431396e213db5425
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.10.04.1_i386.deb
Size/MD5: 32276 d387fa29e024e41302e0001d6c498b31
http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.10.04.1_i386.deb
Size/MD5: 44642 5b26dafeeefca98b742c083c41d9b4bc
http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.10.04.1_i386.deb
Size/MD5: 48008 c892f45587d5d39879c48e0f6d2d001e
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.10.04.1_powerpc.deb
Size/MD5: 33566 e741a9deb923cfb671bbc1812610b882
http://ports.ubuntu.com/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.10.04.1_powerpc.deb
Size/MD5: 45678 c53206c0d347bd0b97a37eedaa197790
http://ports.ubuntu.com/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.10.04.1_powerpc.deb
Size/MD5: 48600 ffcd300b5f3fa6e5c11651dc0434bbba
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.10.04.1_sparc.deb
Size/MD5: 33506 3c577ee37bc07cf204b317e2b75bb10b
http://ports.ubuntu.com/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.10.04.1_sparc.deb
Size/MD5: 46780 20f06a8f6a908e494bdb9e398de11f71
http://ports.ubuntu.com/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.10.04.1_sparc.deb
Size/MD5: 49756 9d18a9f6dfb7cb9333207f7566e0d54f
Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists