[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20100803185159.GM3948@outflux.net>
Date: Tue, 3 Aug 2010 11:52:00 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-964-2] Likewise Open regression
===========================================================
Ubuntu Security Notice USN-964-2 July 29, 2010
likewise-open regression
https://launchpad.net/bugs/610300
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 10.04 LTS:
likewise-open 5.4.0.42111-2ubuntu1.2
In general, a standard system update will make all the necessary changes.
Details follow:
USN-964-1 fixed vulnerabilities in Likewise Open. The upstream fixes
were incomplete, which caused problems running certain services. This
update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Matt Weatherford discovered that Likewise Open did not correctly check
password expiration for the local-provider account. A local attacker could
exploit this to log into a system they would otherwise not have access to.
Updated packages for Ubuntu 10.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/l/likewise-open/likewise-open_5.4.0.42111-2ubuntu1.2.diff.gz
Size/MD5: 64730 c06c995d1587c6e6412db742006534fd
http://security.ubuntu.com/ubuntu/pool/main/l/likewise-open/likewise-open_5.4.0.42111-2ubuntu1.2.dsc
Size/MD5: 1650 06e9edfb159003f9bd729fa01f1721ba
http://security.ubuntu.com/ubuntu/pool/main/l/likewise-open/likewise-open_5.4.0.42111.orig.tar.gz
Size/MD5: 18092080 19620caa003a2b5d72333a89bf1374f2
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open5-eventlog_5.4.0.42111-2ubuntu1.2_all.deb
Size/MD5: 5494 4fea19be64844bb8f1cbcc3dd1193a10
http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open5-gui_5.4.0.42111-2ubuntu1.2_all.deb
Size/MD5: 5494 17747612d1dfa470664416147e52f5bb
http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open5-libs_5.4.0.42111-2ubuntu1.2_all.deb
Size/MD5: 5488 2a0895620bdcb3a5ae3de034f3a577f9
http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open5-lsass_5.4.0.42111-2ubuntu1.2_all.deb
Size/MD5: 5974 74cdea31f3008c8bf26d8b4323d66aad
http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open5-netlogon_5.4.0.42111-2ubuntu1.2_all.deb
Size/MD5: 5494 0da6e70ca8f61f9ea32ae810da9c23b7
http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open5-rpc_5.4.0.42111-2ubuntu1.2_all.deb
Size/MD5: 5488 76f4f77dce0e9b2e0c992b0f730aefef
http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open5_5.4.0.42111-2ubuntu1.2_all.deb
Size/MD5: 5478 0d0428eccd22b3a9d87234601058e636
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/l/likewise-open/likewise-open_5.4.0.42111-2ubuntu1.2_amd64.deb
Size/MD5: 3098034 074eb0ffcb5322844b63ad0d720e06d1
http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open-gui_5.4.0.42111-2ubuntu1.2_amd64.deb
Size/MD5: 29198 99e45c76b1aac9dc4c121c0eff487c88
http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open-server_5.4.0.42111-2ubuntu1.2_amd64.deb
Size/MD5: 561310 b3ceb8663fc378b955c4d1dfef924901
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/l/likewise-open/likewise-open_5.4.0.42111-2ubuntu1.2_i386.deb
Size/MD5: 2677376 c7bf46ea2debdf7ec2f751b765a1607d
http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open-gui_5.4.0.42111-2ubuntu1.2_i386.deb
Size/MD5: 28228 98e0e33cedffeb75c019d25f5c42723b
http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open-server_5.4.0.42111-2ubuntu1.2_i386.deb
Size/MD5: 480296 7b09a17fa783d8459bbd832a74337af6
Download attachment "signature.asc" of type "application/pgp-signature" (237 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists