lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1283262033.2693.8.camel@mdlinux>
Date: Tue, 31 Aug 2010 09:40:33 -0400
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-980-1] bogofilter vulnerability

===========================================================
Ubuntu Security Notice USN-980-1            August 31, 2010
bogofilter vulnerability
CVE-2010-2494
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  bogofilter-bdb                  1.1.5-2ubuntu5.1
  bogofilter-sqlite               1.1.5-2ubuntu5.1

Ubuntu 9.04:
  bogofilter-bdb                  1.1.7-1ubuntu1.1
  bogofilter-sqlite               1.1.7-1ubuntu1.1

Ubuntu 9.10:
  bogofilter-bdb                  1.2.0-3ubuntu1.1
  bogofilter-sqlite               1.2.0-3ubuntu1.1

Ubuntu 10.04 LTS:
  bogofilter-bdb                  1.2.1-0ubuntu1.1
  bogofilter-sqlite               1.2.1-0ubuntu1.1

In general, a standard system update will make all the necessary changes.

Details follow:

Julius Plenz discovered that bogofilter incorrectly handled certain
malformed encodings. By sending a specially crafted email, a remote
attacker could exploit this and cause bogofilter to crash, resulting in a
denial of service.


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.1.5-2ubuntu5.1.diff.gz
      Size/MD5:    13124 b6ee9d49921fa299b635a28fa18dd4be
    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.1.5-2ubuntu5.1.dsc
      Size/MD5:      755 73b56da23c7163d0a8c450ef67b4fff2
    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.1.5.orig.tar.gz
      Size/MD5:   941091 25558e2e72350ee2e4edfc1b617f6738

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-common_1.1.5-2ubuntu5.1_all.deb
      Size/MD5:   140846 8b175c0cc7454fc041c8e4fa4d5c7012

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-bdb_1.1.5-2ubuntu5.1_amd64.deb
      Size/MD5:   290240 54324e20a3957d58deb1859c2b5a75a4
    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.1.5-2ubuntu5.1_amd64.deb
      Size/MD5:      990 ee300bbfc91cd72cbd9054c2ec63b98c
    http://security.ubuntu.com/ubuntu/pool/universe/b/bogofilter/bogofilter-sqlite_1.1.5-2ubuntu5.1_amd64.deb
      Size/MD5:   258212 b47ece61ffd2a3fceab8eecb5ad5a6c8

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-bdb_1.1.5-2ubuntu5.1_i386.deb
      Size/MD5:   250502 b477ced4d57d1cce1afa423e67b3daa9
    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.1.5-2ubuntu5.1_i386.deb
      Size/MD5:      992 aced72a57d01e9090975389fd5045556
    http://security.ubuntu.com/ubuntu/pool/universe/b/bogofilter/bogofilter-sqlite_1.1.5-2ubuntu5.1_i386.deb
      Size/MD5:   222082 7a00a12152e3fdc39823ba5506eef300

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter-bdb_1.1.5-2ubuntu5.1_lpia.deb
      Size/MD5:   251156 baa6f3f3080b89018b5d45290a2ef501
    http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter_1.1.5-2ubuntu5.1_lpia.deb
      Size/MD5:      992 da0054089dc62499e768aea106514048
    http://ports.ubuntu.com/pool/universe/b/bogofilter/bogofilter-sqlite_1.1.5-2ubuntu5.1_lpia.deb
      Size/MD5:   223226 86bf43b9cb2d871ff5918de66de63b91

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter-bdb_1.1.5-2ubuntu5.1_powerpc.deb
      Size/MD5:   292258 93144af8f7bfdb314c76c86cf5641f74
    http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter_1.1.5-2ubuntu5.1_powerpc.deb
      Size/MD5:      994 a83b40375a671dc6a75cf1f1e4be2484
    http://ports.ubuntu.com/pool/universe/b/bogofilter/bogofilter-sqlite_1.1.5-2ubuntu5.1_powerpc.deb
      Size/MD5:   260294 05f1819dc1becae65a2bfb337609fee9

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter-bdb_1.1.5-2ubuntu5.1_sparc.deb
      Size/MD5:   264080 e4079ee51a2014881151e92ce03079d0
    http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter_1.1.5-2ubuntu5.1_sparc.deb
      Size/MD5:      990 acf139ff7b91b2d80f7004862a05b109
    http://ports.ubuntu.com/pool/universe/b/bogofilter/bogofilter-sqlite_1.1.5-2ubuntu5.1_sparc.deb
      Size/MD5:   234776 345c3d38f339ca34c1ee9be88f032e07

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.1.7-1ubuntu1.1.diff.gz
      Size/MD5:    13616 c08781f9bfe6f570c1bc2307ae11161a
    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.1.7-1ubuntu1.1.dsc
      Size/MD5:     1180 c8b7e5c0d3c5c243db8fff2e1d688073
    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.1.7.orig.tar.gz
      Size/MD5:  1052405 fdcb770769c013110631eca4c0473cd7

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-common_1.1.7-1ubuntu1.1_all.deb
      Size/MD5:   148564 70d3c0ab73871852654a57bfe016a08e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-bdb_1.1.7-1ubuntu1.1_amd64.deb
      Size/MD5:   252222 025302b891c115d6e5e897853edf8881
    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.1.7-1ubuntu1.1_amd64.deb
      Size/MD5:      992 175c57bbc34a4e8c02fcd32ed96300db
    http://security.ubuntu.com/ubuntu/pool/universe/b/bogofilter/bogofilter-sqlite_1.1.7-1ubuntu1.1_amd64.deb
      Size/MD5:   221928 ba11994535768b9f81caea6ac1b32095

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-bdb_1.1.7-1ubuntu1.1_i386.deb
      Size/MD5:   216410 93574d9b673c1390c2342b2e935d02d5
    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.1.7-1ubuntu1.1_i386.deb
      Size/MD5:      988 d93e84c6199397a0ce970a876ebdf2c7
    http://security.ubuntu.com/ubuntu/pool/universe/b/bogofilter/bogofilter-sqlite_1.1.7-1ubuntu1.1_i386.deb
      Size/MD5:   189288 e44d1fd3125821eafad1dbf7ad46994a

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter-bdb_1.1.7-1ubuntu1.1_lpia.deb
      Size/MD5:   216160 8c9e4cc288978c30c1e553bf5638c39e
    http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter_1.1.7-1ubuntu1.1_lpia.deb
      Size/MD5:      990 f56132ba70c63ba9948d475317f92c0c
    http://ports.ubuntu.com/pool/universe/b/bogofilter/bogofilter-sqlite_1.1.7-1ubuntu1.1_lpia.deb
      Size/MD5:   189190 90c25ec9ba11ae099e4cd11133ffaa5e

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter-bdb_1.1.7-1ubuntu1.1_powerpc.deb
      Size/MD5:   251186 3d8239fb2cfe77f60ccda8a22f1fb8d4
    http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter_1.1.7-1ubuntu1.1_powerpc.deb
      Size/MD5:      992 28994fc9e054c7d2f59719c8b65c9a50
    http://ports.ubuntu.com/pool/universe/b/bogofilter/bogofilter-sqlite_1.1.7-1ubuntu1.1_powerpc.deb
      Size/MD5:   219522 485225b433d38097277acefb495b83fe

Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.2.0-3ubuntu1.1.diff.gz
      Size/MD5:    16725 4b85d4c5217aa510c54d1895a5cc6757
    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.2.0-3ubuntu1.1.dsc
      Size/MD5:     1186 f27708f3d29cfb017795c39c8f49e72c
    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.2.0.orig.tar.gz
      Size/MD5:  1115489 4bbc9adc30d4f8e3a547f9be18a1cb74

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-common_1.2.0-3ubuntu1.1_all.deb
      Size/MD5:   143500 3d0d0e7fe445dc7ee4656dd48f0a046b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-bdb_1.2.0-3ubuntu1.1_amd64.deb
      Size/MD5:   261546 5e458ee93ba58ae9041075c9ad50433a
    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.2.0-3ubuntu1.1_amd64.deb
      Size/MD5:      920 c48a74bde14ea70d611beb5fc6c32a33
    http://security.ubuntu.com/ubuntu/pool/universe/b/bogofilter/bogofilter-sqlite_1.2.0-3ubuntu1.1_amd64.deb
      Size/MD5:   232576 eae18c2190d6695e69ca7ae08e698182

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-bdb_1.2.0-3ubuntu1.1_i386.deb
      Size/MD5:   238956 38157ad2bcfa643bfb5efdbb7ae51d87
    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.2.0-3ubuntu1.1_i386.deb
      Size/MD5:     1162 102eb3e4b246cad57fd5e9015eee03db
    http://security.ubuntu.com/ubuntu/pool/universe/b/bogofilter/bogofilter-sqlite_1.2.0-3ubuntu1.1_i386.deb
      Size/MD5:   202762 3dfdd452b7e5f38f8f01a9e15a36af78

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter-bdb_1.2.0-3ubuntu1.1_lpia.deb
      Size/MD5:   226534 844c124739c60029de60f59db12a75ec
    http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter_1.2.0-3ubuntu1.1_lpia.deb
      Size/MD5:      924 8da1b32882940069d69b16d403cfe4de
    http://ports.ubuntu.com/pool/universe/b/bogofilter/bogofilter-sqlite_1.2.0-3ubuntu1.1_lpia.deb
      Size/MD5:   200120 a63d8d2bce195fa4e2bb6dccd5981028

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter-bdb_1.2.0-3ubuntu1.1_powerpc.deb
      Size/MD5:   256624 dad26a754830cc0baea3ce81349987a8
    http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter_1.2.0-3ubuntu1.1_powerpc.deb
      Size/MD5:      926 546c9c02063e49edea72b94462ebe9ca
    http://ports.ubuntu.com/pool/universe/b/bogofilter/bogofilter-sqlite_1.2.0-3ubuntu1.1_powerpc.deb
      Size/MD5:   223154 e4afbb362bf39aebb3d67b7260afa4c3

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter-bdb_1.2.0-3ubuntu1.1_sparc.deb
      Size/MD5:   242240 eff218a05c6134c9784a8f8d77f1b6a9
    http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter_1.2.0-3ubuntu1.1_sparc.deb
      Size/MD5:      922 3fbb27d8e9e483c36593f7bcf46a1b8e
    http://ports.ubuntu.com/pool/universe/b/bogofilter/bogofilter-sqlite_1.2.0-3ubuntu1.1_sparc.deb
      Size/MD5:   212574 852bdffa8dd7498a865712a79b11fc7c

Updated packages for Ubuntu 10.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.2.1-0ubuntu1.1.diff.gz
      Size/MD5:    16946 8c6271479b997b3a974ba4667c99f2df
    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.2.1-0ubuntu1.1.dsc
      Size/MD5:     1186 74fff31c493c20c30ec8c8fb8a95d06a
    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.2.1.orig.tar.gz
      Size/MD5:  1038393 a12a16d88d6d565dacf2a5e6259a3337

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-common_1.2.1-0ubuntu1.1_all.deb
      Size/MD5:   143950 ec70eb23bfa2bf5382dcfa403e3ba0d7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-bdb_1.2.1-0ubuntu1.1_amd64.deb
      Size/MD5:   264698 c283a3af9f8e2661e67797965b2bd259
    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.2.1-0ubuntu1.1_amd64.deb
      Size/MD5:      940 6a6871e9c71187180f3be65bb82ae75d
    http://security.ubuntu.com/ubuntu/pool/universe/b/bogofilter/bogofilter-sqlite_1.2.1-0ubuntu1.1_amd64.deb
      Size/MD5:   235336 1a598a35a1cde47b15ee9b31750071b1

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-bdb_1.2.1-0ubuntu1.1_i386.deb
      Size/MD5:   242562 f1d97b33a23dcab3383e0cdb2e76a237
    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.2.1-0ubuntu1.1_i386.deb
      Size/MD5:     1238 e0a76b44f6331f761a08aae0b1308b63
    http://security.ubuntu.com/ubuntu/pool/universe/b/bogofilter/bogofilter-sqlite_1.2.1-0ubuntu1.1_i386.deb
      Size/MD5:   205758 57cfaaa35e1119f07e3ae0ca4bfb3569

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter-bdb_1.2.1-0ubuntu1.1_powerpc.deb
      Size/MD5:   260076 ad0a4af418c1c08c5908c7886f08f0b8
    http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter_1.2.1-0ubuntu1.1_powerpc.deb
      Size/MD5:      942 1377ba01128cd159b5e8416e9db18c22
    http://ports.ubuntu.com/pool/universe/b/bogofilter/bogofilter-sqlite_1.2.1-0ubuntu1.1_powerpc.deb
      Size/MD5:   226964 ad6839f9cc1de76d1681ec9d155910e0

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter-bdb_1.2.1-0ubuntu1.1_sparc.deb
      Size/MD5:   250644 afa3ea4f35d95b369f8a5ff9b0951831
    http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter_1.2.1-0ubuntu1.1_sparc.deb
      Size/MD5:      940 d2605ef133f54f3442bd35de5be9c387
    http://ports.ubuntu.com/pool/universe/b/bogofilter/bogofilter-sqlite_1.2.1-0ubuntu1.1_sparc.deb
      Size/MD5:   219336 d47e239a3b57efb71700847015071b1f




Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ