lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20100803185159.GM3948@outflux.net>
Date: Tue, 3 Aug 2010 11:52:00 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-964-2] Likewise Open regression

===========================================================
Ubuntu Security Notice USN-964-2              July 29, 2010
likewise-open regression
https://launchpad.net/bugs/610300
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.04 LTS:
  likewise-open                   5.4.0.42111-2ubuntu1.2

In general, a standard system update will make all the necessary changes.

Details follow:

USN-964-1 fixed vulnerabilities in Likewise Open. The upstream fixes
were incomplete, which caused problems running certain services. This
update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 Matt Weatherford discovered that Likewise Open did not correctly check
 password expiration for the local-provider account. A local attacker could
 exploit this to log into a system they would otherwise not have access to.


Updated packages for Ubuntu 10.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/likewise-open/likewise-open_5.4.0.42111-2ubuntu1.2.diff.gz
      Size/MD5:    64730 c06c995d1587c6e6412db742006534fd
    http://security.ubuntu.com/ubuntu/pool/main/l/likewise-open/likewise-open_5.4.0.42111-2ubuntu1.2.dsc
      Size/MD5:     1650 06e9edfb159003f9bd729fa01f1721ba
    http://security.ubuntu.com/ubuntu/pool/main/l/likewise-open/likewise-open_5.4.0.42111.orig.tar.gz
      Size/MD5: 18092080 19620caa003a2b5d72333a89bf1374f2

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open5-eventlog_5.4.0.42111-2ubuntu1.2_all.deb
      Size/MD5:     5494 4fea19be64844bb8f1cbcc3dd1193a10
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open5-gui_5.4.0.42111-2ubuntu1.2_all.deb
      Size/MD5:     5494 17747612d1dfa470664416147e52f5bb
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open5-libs_5.4.0.42111-2ubuntu1.2_all.deb
      Size/MD5:     5488 2a0895620bdcb3a5ae3de034f3a577f9
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open5-lsass_5.4.0.42111-2ubuntu1.2_all.deb
      Size/MD5:     5974 74cdea31f3008c8bf26d8b4323d66aad
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open5-netlogon_5.4.0.42111-2ubuntu1.2_all.deb
      Size/MD5:     5494 0da6e70ca8f61f9ea32ae810da9c23b7
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open5-rpc_5.4.0.42111-2ubuntu1.2_all.deb
      Size/MD5:     5488 76f4f77dce0e9b2e0c992b0f730aefef
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open5_5.4.0.42111-2ubuntu1.2_all.deb
      Size/MD5:     5478 0d0428eccd22b3a9d87234601058e636

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/l/likewise-open/likewise-open_5.4.0.42111-2ubuntu1.2_amd64.deb
      Size/MD5:  3098034 074eb0ffcb5322844b63ad0d720e06d1
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open-gui_5.4.0.42111-2ubuntu1.2_amd64.deb
      Size/MD5:    29198 99e45c76b1aac9dc4c121c0eff487c88
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open-server_5.4.0.42111-2ubuntu1.2_amd64.deb
      Size/MD5:   561310 b3ceb8663fc378b955c4d1dfef924901

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/l/likewise-open/likewise-open_5.4.0.42111-2ubuntu1.2_i386.deb
      Size/MD5:  2677376 c7bf46ea2debdf7ec2f751b765a1607d
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open-gui_5.4.0.42111-2ubuntu1.2_i386.deb
      Size/MD5:    28228 98e0e33cedffeb75c019d25f5c42723b
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open-server_5.4.0.42111-2ubuntu1.2_i386.deb
      Size/MD5:   480296 7b09a17fa783d8459bbd832a74337af6


Download attachment "signature.asc" of type "application/pgp-signature" (237 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ