lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20100923215906.GA3399@nxnw.org>
Date: Thu, 23 Sep 2010 14:59:06 -0700
From: Steve Beattie <sbeattie@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-991-1] quassel vulnerability

===========================================================
Ubuntu Security Notice USN-991-1         September 23, 2010
quassel vulnerability
https://launchpad.net/bugs/629774
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.04:
  quassel                         0.4.1-0ubuntu3.1
  quassel-core                    0.4.1-0ubuntu3.1

Ubuntu 9.10:
  quassel                         0.5.0-0ubuntu1.2
  quassel-core                    0.5.0-0ubuntu1.2

Ubuntu 10.04 LTS:
  quassel                         0.6.1-0ubuntu1.1
  quassel-core                    0.6.1-0ubuntu1.1

After a standard system update you need to restart quassel or
quasselcore to make all the necessary changes.

Details follow:

Jima discovered that quassel would respond to a single privmsg
containing multiple CTCP requests with multiple NOTICEs, possibly
resulting in a denial of service against the IRC connection.


Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.4.1-0ubuntu3.1.diff.gz
      Size/MD5:    14652 af43ed7a72ffa090d37c2d0d00702078
    http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.4.1-0ubuntu3.1.dsc
      Size/MD5:     1963 5ae8d0ff60b5b06b895bb9ae171d5245
    http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.4.1.orig.tar.gz
      Size/MD5:  3387386 ad02d180d013e4e802405bc0d4fbc92f

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel-data_0.4.1-0ubuntu3.1_all.deb
      Size/MD5:   473278 ed6d2d9ce47958e33c22d53eeb130eb1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.4.1-0ubuntu3.1_amd64.deb
      Size/MD5: 19585188 055a31fd179133cea112d8ade393af00
    http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-client_0.4.1-0ubuntu3.1_amd64.deb
      Size/MD5: 16123196 4768b70faa56de99a58887eba390df0f
    http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-core_0.4.1-0ubuntu3.1_amd64.deb
      Size/MD5:  5329522 59c6d37437fe451c63a57ac97e16a73e

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.4.1-0ubuntu3.1_i386.deb
      Size/MD5: 19364706 5accb85ff4b7650cef63ea278d68240c
    http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-client_0.4.1-0ubuntu3.1_i386.deb
      Size/MD5: 15952248 61e3e2a169bd98c1ddb4e281f658588e
    http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-core_0.4.1-0ubuntu3.1_i386.deb
      Size/MD5:  5235750 6312c44c3bf5bac1db19898f335a607e

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/q/quassel/quassel_0.4.1-0ubuntu3.1_lpia.deb
      Size/MD5: 19463224 baa50d79d8a62f81c6864a5db776e7eb
    http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client_0.4.1-0ubuntu3.1_lpia.deb
      Size/MD5: 16028358 88bc16020301f4bfc678737932d3b199
    http://ports.ubuntu.com/pool/universe/q/quassel/quassel-core_0.4.1-0ubuntu3.1_lpia.deb
      Size/MD5:  5263036 aca976fd07ee5ff6dbb3ee73267781c1

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/q/quassel/quassel_0.4.1-0ubuntu3.1_powerpc.deb
      Size/MD5: 20086318 f5e0299a1d9419a08955f4706768f15d
    http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client_0.4.1-0ubuntu3.1_powerpc.deb
      Size/MD5: 16547258 91262f19d6d83196f7124b90e5d331a7
    http://ports.ubuntu.com/pool/universe/q/quassel/quassel-core_0.4.1-0ubuntu3.1_powerpc.deb
      Size/MD5:  5444286 7628daecf48ef865fc46fee187b89815

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/q/quassel/quassel_0.4.1-0ubuntu3.1_sparc.deb
      Size/MD5:   901540 b050e39630f12db8759a6d0071501b6a
    http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client_0.4.1-0ubuntu3.1_sparc.deb
      Size/MD5:   748492 5d3f95e15324a98ffe371154c7846681
    http://ports.ubuntu.com/pool/universe/q/quassel/quassel-core_0.4.1-0ubuntu3.1_sparc.deb
      Size/MD5:   286256 1451beeb70db724cab56ccc61b188600

Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.5.0-0ubuntu1.2.diff.gz
      Size/MD5:    17877 a7e04cda3cc45e3409eb57a4ea20148c
    http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.5.0-0ubuntu1.2.dsc
      Size/MD5:     1991 6ff013a9b19d1d76b87817da84d37687
    http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.5.0.orig.tar.gz
      Size/MD5:  3708203 24e2733475557ba9641d83a74442a329

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel-data_0.5.0-0ubuntu1.2_all.deb
      Size/MD5:  1118114 daef742c8ed0581b36866a6230f57279

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel-dbg_0.5.0-0ubuntu1.2_amd64.deb
      Size/MD5: 13617108 94c8dc2426de0bad88137cfdd10157f3
    http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.5.0-0ubuntu1.2_amd64.deb
      Size/MD5:   798800 84c29f58597f26952cd99af53fd20044
    http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-client_0.5.0-0ubuntu1.2_amd64.deb
      Size/MD5:   643210 e9284ca8bd9338440f66f9ec9df5c144
    http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-core_0.5.0-0ubuntu1.2_amd64.deb
      Size/MD5:   289588 ec455d993f45fee6fb369a428bb2d1b9

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel-dbg_0.5.0-0ubuntu1.2_i386.deb
      Size/MD5: 13398662 8a4946ca41efeb8e5da0d4a1de40f94c
    http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.5.0-0ubuntu1.2_i386.deb
      Size/MD5:   718874 88985af3b8b3c0ec86475603d0bd911c
    http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-client_0.5.0-0ubuntu1.2_i386.deb
      Size/MD5:   573058 24ba9f3e8c54a2184d21a8070798528a
    http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-core_0.5.0-0ubuntu1.2_i386.deb
      Size/MD5:   258348 faf03e06b48194cae6b7397e9b31d7bf

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/q/quassel/quassel-dbg_0.5.0-0ubuntu1.2_lpia.deb
      Size/MD5: 13484634 ea119b79c6f10c5f468f42a1261a21fe
    http://ports.ubuntu.com/pool/main/q/quassel/quassel_0.5.0-0ubuntu1.2_lpia.deb
      Size/MD5:   750220 c93f8350459ab54a67d4ed15674c161e
    http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client_0.5.0-0ubuntu1.2_lpia.deb
      Size/MD5:   598854 eecdc6c1fe079d1f91fb1ae9e75fe888
    http://ports.ubuntu.com/pool/universe/q/quassel/quassel-core_0.5.0-0ubuntu1.2_lpia.deb
      Size/MD5:   266918 35caabd03e6e96765abf21fb3e96ba25

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/q/quassel/quassel-dbg_0.5.0-0ubuntu1.2_powerpc.deb
      Size/MD5: 13362254 455876ecad334f3d47cc961f9d542882
    http://ports.ubuntu.com/pool/main/q/quassel/quassel_0.5.0-0ubuntu1.2_powerpc.deb
      Size/MD5:   683910 428a6c2c5ac213f37f4be7d07d24421e
    http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client_0.5.0-0ubuntu1.2_powerpc.deb
      Size/MD5:   550606 98c59f305f95b778a427eda949870e18
    http://ports.ubuntu.com/pool/universe/q/quassel/quassel-core_0.5.0-0ubuntu1.2_powerpc.deb
      Size/MD5:   240866 00f3f5d56de26f7c198f4d5b1c42a83f

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/q/quassel/quassel-dbg_0.5.0-0ubuntu1.2_sparc.deb
      Size/MD5: 12870536 0c26033e159f8fa8e0515d231ed8b5dc
    http://ports.ubuntu.com/pool/main/q/quassel/quassel_0.5.0-0ubuntu1.2_sparc.deb
      Size/MD5:   697712 5db7fc580d0a5668f57eea842e6d6d96
    http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client_0.5.0-0ubuntu1.2_sparc.deb
      Size/MD5:   562214 8017a2a7aaa61766db7669bb25610f67
    http://ports.ubuntu.com/pool/universe/q/quassel/quassel-core_0.5.0-0ubuntu1.2_sparc.deb
      Size/MD5:   238760 e5684b9ee3244cbacf89d39efc64a864

Updated packages for Ubuntu 10.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.6.1-0ubuntu1.1.diff.gz
      Size/MD5:    17335 6ef325c343740527c723a98f2610b4b0
    http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.6.1-0ubuntu1.1.dsc
      Size/MD5:     2103 29587f5b391aa00a8383a0fc86aa48fb
    http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.6.1.orig.tar.gz
      Size/MD5:  2955756 6bda53416187ce4d80c498ec7742a3ff

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel-data_0.6.1-0ubuntu1.1_all.deb
      Size/MD5:   411078 142d15c7c197a5678440c8bc1663cfbc

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel-dbg_0.6.1-0ubuntu1.1_amd64.deb
      Size/MD5: 13762064 ac4fa17c3f153b31e48710836cd04118
    http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.6.1-0ubuntu1.1_amd64.deb
      Size/MD5:   848954 3dfe977c0e08d67f0e768e7ff21cbeaa
    http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-client-qt4_0.6.1-0ubuntu1.1_amd64.deb
      Size/MD5:  7738614 cc022c8cb8a20d98b264d5b9071dbb2c
    http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-client_0.6.1-0ubuntu1.1_amd64.deb
      Size/MD5:   689906 8620ad03d7d1b6292d8f73e38d8521e7
    http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-core_0.6.1-0ubuntu1.1_amd64.deb
      Size/MD5:   300578 095fe9ebe92dcbccd68c2caae9eaddd6
    http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-qt4_0.6.1-0ubuntu1.1_amd64.deb
      Size/MD5:  9180230 b2361610cb686f6b0fec9c12ec3b3105

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel-dbg_0.6.1-0ubuntu1.1_i386.deb
      Size/MD5: 13850914 f3d28f9ad948bd49511f921afd8b8c76
    http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.6.1-0ubuntu1.1_i386.deb
      Size/MD5:   775228 afe558076285e911a1d4a4f03b36d7ee
    http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-client-qt4_0.6.1-0ubuntu1.1_i386.deb
      Size/MD5:  7643656 f5545c998ff3da6a4813ad8c05379007
    http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-client_0.6.1-0ubuntu1.1_i386.deb
      Size/MD5:   624750 5b85e0ad310fbdff8f6b46cbcf1f0269
    http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-core_0.6.1-0ubuntu1.1_i386.deb
      Size/MD5:   267622 be3e9ddff363ccfbf84b026012c65716
    http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-qt4_0.6.1-0ubuntu1.1_i386.deb
      Size/MD5:  9092034 c141744e896c1883cf3fd16b56301e3a

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/q/quassel/quassel-dbg_0.6.1-0ubuntu1.1_powerpc.deb
      Size/MD5: 13629256 b1c44c71d90612b77ac6620d31c28682
    http://ports.ubuntu.com/pool/main/q/quassel/quassel_0.6.1-0ubuntu1.1_powerpc.deb
      Size/MD5:   726084 2e80db84854a26657dc2dd780b2823bc
    http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client-qt4_0.6.1-0ubuntu1.1_powerpc.deb
      Size/MD5:  7503830 514e0af5679a3d50a93f520e2d6a7ae5
    http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client_0.6.1-0ubuntu1.1_powerpc.deb
      Size/MD5:   591360 dbb809d80a8172cc2d4c66092c016751
    http://ports.ubuntu.com/pool/universe/q/quassel/quassel-core_0.6.1-0ubuntu1.1_powerpc.deb
      Size/MD5:   249718 6f01517af6d40a9df03c561588969219
    http://ports.ubuntu.com/pool/universe/q/quassel/quassel-qt4_0.6.1-0ubuntu1.1_powerpc.deb
      Size/MD5:  8903884 6f639491914209752e14b6e2e145e1fe

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/q/quassel/quassel-dbg_0.6.1-0ubuntu1.1_sparc.deb
      Size/MD5: 13122498 84562bf0f6cf99ad0b6a1f2eed93684d
    http://ports.ubuntu.com/pool/main/q/quassel/quassel_0.6.1-0ubuntu1.1_sparc.deb
      Size/MD5:   695148 1b45d6d593296d3166bad999541f7b72
    http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client-qt4_0.6.1-0ubuntu1.1_sparc.deb
      Size/MD5:  7314170 c8dcff3fce69ecc8fce569ea1b254ef6
    http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client_0.6.1-0ubuntu1.1_sparc.deb
      Size/MD5:   567846 c39e338a570d34aa267c7a4739a2d52c
    http://ports.ubuntu.com/pool/universe/q/quassel/quassel-core_0.6.1-0ubuntu1.1_sparc.deb
      Size/MD5:   232296 d7ed93144b074fc6947ef7a0125d9c6e
    http://ports.ubuntu.com/pool/universe/q/quassel/quassel-qt4_0.6.1-0ubuntu1.1_sparc.deb
      Size/MD5:  8626464 13cfeaa7f4c722cffd6042e481ae731f


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ