[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20100923215906.GA3399@nxnw.org>
Date: Thu, 23 Sep 2010 14:59:06 -0700
From: Steve Beattie <sbeattie@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-991-1] quassel vulnerability
===========================================================
Ubuntu Security Notice USN-991-1 September 23, 2010
quassel vulnerability
https://launchpad.net/bugs/629774
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.04:
quassel 0.4.1-0ubuntu3.1
quassel-core 0.4.1-0ubuntu3.1
Ubuntu 9.10:
quassel 0.5.0-0ubuntu1.2
quassel-core 0.5.0-0ubuntu1.2
Ubuntu 10.04 LTS:
quassel 0.6.1-0ubuntu1.1
quassel-core 0.6.1-0ubuntu1.1
After a standard system update you need to restart quassel or
quasselcore to make all the necessary changes.
Details follow:
Jima discovered that quassel would respond to a single privmsg
containing multiple CTCP requests with multiple NOTICEs, possibly
resulting in a denial of service against the IRC connection.
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.4.1-0ubuntu3.1.diff.gz
Size/MD5: 14652 af43ed7a72ffa090d37c2d0d00702078
http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.4.1-0ubuntu3.1.dsc
Size/MD5: 1963 5ae8d0ff60b5b06b895bb9ae171d5245
http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.4.1.orig.tar.gz
Size/MD5: 3387386 ad02d180d013e4e802405bc0d4fbc92f
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel-data_0.4.1-0ubuntu3.1_all.deb
Size/MD5: 473278 ed6d2d9ce47958e33c22d53eeb130eb1
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.4.1-0ubuntu3.1_amd64.deb
Size/MD5: 19585188 055a31fd179133cea112d8ade393af00
http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-client_0.4.1-0ubuntu3.1_amd64.deb
Size/MD5: 16123196 4768b70faa56de99a58887eba390df0f
http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-core_0.4.1-0ubuntu3.1_amd64.deb
Size/MD5: 5329522 59c6d37437fe451c63a57ac97e16a73e
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.4.1-0ubuntu3.1_i386.deb
Size/MD5: 19364706 5accb85ff4b7650cef63ea278d68240c
http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-client_0.4.1-0ubuntu3.1_i386.deb
Size/MD5: 15952248 61e3e2a169bd98c1ddb4e281f658588e
http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-core_0.4.1-0ubuntu3.1_i386.deb
Size/MD5: 5235750 6312c44c3bf5bac1db19898f335a607e
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/q/quassel/quassel_0.4.1-0ubuntu3.1_lpia.deb
Size/MD5: 19463224 baa50d79d8a62f81c6864a5db776e7eb
http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client_0.4.1-0ubuntu3.1_lpia.deb
Size/MD5: 16028358 88bc16020301f4bfc678737932d3b199
http://ports.ubuntu.com/pool/universe/q/quassel/quassel-core_0.4.1-0ubuntu3.1_lpia.deb
Size/MD5: 5263036 aca976fd07ee5ff6dbb3ee73267781c1
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/q/quassel/quassel_0.4.1-0ubuntu3.1_powerpc.deb
Size/MD5: 20086318 f5e0299a1d9419a08955f4706768f15d
http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client_0.4.1-0ubuntu3.1_powerpc.deb
Size/MD5: 16547258 91262f19d6d83196f7124b90e5d331a7
http://ports.ubuntu.com/pool/universe/q/quassel/quassel-core_0.4.1-0ubuntu3.1_powerpc.deb
Size/MD5: 5444286 7628daecf48ef865fc46fee187b89815
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/q/quassel/quassel_0.4.1-0ubuntu3.1_sparc.deb
Size/MD5: 901540 b050e39630f12db8759a6d0071501b6a
http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client_0.4.1-0ubuntu3.1_sparc.deb
Size/MD5: 748492 5d3f95e15324a98ffe371154c7846681
http://ports.ubuntu.com/pool/universe/q/quassel/quassel-core_0.4.1-0ubuntu3.1_sparc.deb
Size/MD5: 286256 1451beeb70db724cab56ccc61b188600
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.5.0-0ubuntu1.2.diff.gz
Size/MD5: 17877 a7e04cda3cc45e3409eb57a4ea20148c
http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.5.0-0ubuntu1.2.dsc
Size/MD5: 1991 6ff013a9b19d1d76b87817da84d37687
http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.5.0.orig.tar.gz
Size/MD5: 3708203 24e2733475557ba9641d83a74442a329
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel-data_0.5.0-0ubuntu1.2_all.deb
Size/MD5: 1118114 daef742c8ed0581b36866a6230f57279
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel-dbg_0.5.0-0ubuntu1.2_amd64.deb
Size/MD5: 13617108 94c8dc2426de0bad88137cfdd10157f3
http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.5.0-0ubuntu1.2_amd64.deb
Size/MD5: 798800 84c29f58597f26952cd99af53fd20044
http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-client_0.5.0-0ubuntu1.2_amd64.deb
Size/MD5: 643210 e9284ca8bd9338440f66f9ec9df5c144
http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-core_0.5.0-0ubuntu1.2_amd64.deb
Size/MD5: 289588 ec455d993f45fee6fb369a428bb2d1b9
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel-dbg_0.5.0-0ubuntu1.2_i386.deb
Size/MD5: 13398662 8a4946ca41efeb8e5da0d4a1de40f94c
http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.5.0-0ubuntu1.2_i386.deb
Size/MD5: 718874 88985af3b8b3c0ec86475603d0bd911c
http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-client_0.5.0-0ubuntu1.2_i386.deb
Size/MD5: 573058 24ba9f3e8c54a2184d21a8070798528a
http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-core_0.5.0-0ubuntu1.2_i386.deb
Size/MD5: 258348 faf03e06b48194cae6b7397e9b31d7bf
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/q/quassel/quassel-dbg_0.5.0-0ubuntu1.2_lpia.deb
Size/MD5: 13484634 ea119b79c6f10c5f468f42a1261a21fe
http://ports.ubuntu.com/pool/main/q/quassel/quassel_0.5.0-0ubuntu1.2_lpia.deb
Size/MD5: 750220 c93f8350459ab54a67d4ed15674c161e
http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client_0.5.0-0ubuntu1.2_lpia.deb
Size/MD5: 598854 eecdc6c1fe079d1f91fb1ae9e75fe888
http://ports.ubuntu.com/pool/universe/q/quassel/quassel-core_0.5.0-0ubuntu1.2_lpia.deb
Size/MD5: 266918 35caabd03e6e96765abf21fb3e96ba25
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/q/quassel/quassel-dbg_0.5.0-0ubuntu1.2_powerpc.deb
Size/MD5: 13362254 455876ecad334f3d47cc961f9d542882
http://ports.ubuntu.com/pool/main/q/quassel/quassel_0.5.0-0ubuntu1.2_powerpc.deb
Size/MD5: 683910 428a6c2c5ac213f37f4be7d07d24421e
http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client_0.5.0-0ubuntu1.2_powerpc.deb
Size/MD5: 550606 98c59f305f95b778a427eda949870e18
http://ports.ubuntu.com/pool/universe/q/quassel/quassel-core_0.5.0-0ubuntu1.2_powerpc.deb
Size/MD5: 240866 00f3f5d56de26f7c198f4d5b1c42a83f
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/q/quassel/quassel-dbg_0.5.0-0ubuntu1.2_sparc.deb
Size/MD5: 12870536 0c26033e159f8fa8e0515d231ed8b5dc
http://ports.ubuntu.com/pool/main/q/quassel/quassel_0.5.0-0ubuntu1.2_sparc.deb
Size/MD5: 697712 5db7fc580d0a5668f57eea842e6d6d96
http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client_0.5.0-0ubuntu1.2_sparc.deb
Size/MD5: 562214 8017a2a7aaa61766db7669bb25610f67
http://ports.ubuntu.com/pool/universe/q/quassel/quassel-core_0.5.0-0ubuntu1.2_sparc.deb
Size/MD5: 238760 e5684b9ee3244cbacf89d39efc64a864
Updated packages for Ubuntu 10.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.6.1-0ubuntu1.1.diff.gz
Size/MD5: 17335 6ef325c343740527c723a98f2610b4b0
http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.6.1-0ubuntu1.1.dsc
Size/MD5: 2103 29587f5b391aa00a8383a0fc86aa48fb
http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.6.1.orig.tar.gz
Size/MD5: 2955756 6bda53416187ce4d80c498ec7742a3ff
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel-data_0.6.1-0ubuntu1.1_all.deb
Size/MD5: 411078 142d15c7c197a5678440c8bc1663cfbc
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel-dbg_0.6.1-0ubuntu1.1_amd64.deb
Size/MD5: 13762064 ac4fa17c3f153b31e48710836cd04118
http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.6.1-0ubuntu1.1_amd64.deb
Size/MD5: 848954 3dfe977c0e08d67f0e768e7ff21cbeaa
http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-client-qt4_0.6.1-0ubuntu1.1_amd64.deb
Size/MD5: 7738614 cc022c8cb8a20d98b264d5b9071dbb2c
http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-client_0.6.1-0ubuntu1.1_amd64.deb
Size/MD5: 689906 8620ad03d7d1b6292d8f73e38d8521e7
http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-core_0.6.1-0ubuntu1.1_amd64.deb
Size/MD5: 300578 095fe9ebe92dcbccd68c2caae9eaddd6
http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-qt4_0.6.1-0ubuntu1.1_amd64.deb
Size/MD5: 9180230 b2361610cb686f6b0fec9c12ec3b3105
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel-dbg_0.6.1-0ubuntu1.1_i386.deb
Size/MD5: 13850914 f3d28f9ad948bd49511f921afd8b8c76
http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.6.1-0ubuntu1.1_i386.deb
Size/MD5: 775228 afe558076285e911a1d4a4f03b36d7ee
http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-client-qt4_0.6.1-0ubuntu1.1_i386.deb
Size/MD5: 7643656 f5545c998ff3da6a4813ad8c05379007
http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-client_0.6.1-0ubuntu1.1_i386.deb
Size/MD5: 624750 5b85e0ad310fbdff8f6b46cbcf1f0269
http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-core_0.6.1-0ubuntu1.1_i386.deb
Size/MD5: 267622 be3e9ddff363ccfbf84b026012c65716
http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-qt4_0.6.1-0ubuntu1.1_i386.deb
Size/MD5: 9092034 c141744e896c1883cf3fd16b56301e3a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/q/quassel/quassel-dbg_0.6.1-0ubuntu1.1_powerpc.deb
Size/MD5: 13629256 b1c44c71d90612b77ac6620d31c28682
http://ports.ubuntu.com/pool/main/q/quassel/quassel_0.6.1-0ubuntu1.1_powerpc.deb
Size/MD5: 726084 2e80db84854a26657dc2dd780b2823bc
http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client-qt4_0.6.1-0ubuntu1.1_powerpc.deb
Size/MD5: 7503830 514e0af5679a3d50a93f520e2d6a7ae5
http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client_0.6.1-0ubuntu1.1_powerpc.deb
Size/MD5: 591360 dbb809d80a8172cc2d4c66092c016751
http://ports.ubuntu.com/pool/universe/q/quassel/quassel-core_0.6.1-0ubuntu1.1_powerpc.deb
Size/MD5: 249718 6f01517af6d40a9df03c561588969219
http://ports.ubuntu.com/pool/universe/q/quassel/quassel-qt4_0.6.1-0ubuntu1.1_powerpc.deb
Size/MD5: 8903884 6f639491914209752e14b6e2e145e1fe
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/q/quassel/quassel-dbg_0.6.1-0ubuntu1.1_sparc.deb
Size/MD5: 13122498 84562bf0f6cf99ad0b6a1f2eed93684d
http://ports.ubuntu.com/pool/main/q/quassel/quassel_0.6.1-0ubuntu1.1_sparc.deb
Size/MD5: 695148 1b45d6d593296d3166bad999541f7b72
http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client-qt4_0.6.1-0ubuntu1.1_sparc.deb
Size/MD5: 7314170 c8dcff3fce69ecc8fce569ea1b254ef6
http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client_0.6.1-0ubuntu1.1_sparc.deb
Size/MD5: 567846 c39e338a570d34aa267c7a4739a2d52c
http://ports.ubuntu.com/pool/universe/q/quassel/quassel-core_0.6.1-0ubuntu1.1_sparc.deb
Size/MD5: 232296 d7ed93144b074fc6947ef7a0125d9c6e
http://ports.ubuntu.com/pool/universe/q/quassel/quassel-qt4_0.6.1-0ubuntu1.1_sparc.deb
Size/MD5: 8626464 13cfeaa7f4c722cffd6042e481ae731f
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists