[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20110211032735.GH1457@outflux.net>
Date: Thu, 10 Feb 2011 19:27:35 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-1061-1] iTALC vulnerability
===========================================================
Ubuntu Security Notice USN-1061-1 February 11, 2011
italc vulnerability
CVE-2011-0724
===========================================================
A security issue affects the following Edubuntu releases:
Edubuntu 9.10
Edubuntu 10.04 LTS
Edubuntu 10.10
This advisory does not apply to the corresponding versions of
Ubuntu, Kubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Edubuntu 9.10:
italc-client 1:1.0.9.1-0ubuntu16.1
Edubuntu 10.04 LTS:
italc-client 1:1.0.9.1-0ubuntu18.10.04.1
Edubuntu 10.10:
italc-client 1:1.0.9.1-0ubuntu18.10.10.1
After a standard system update, if you had originally installed from
the Edubuntu Live DVD and the bad keys were found, you will need to
redistribute the newly generated public keys to your iTALC clients and
restart each session. For more details, see:
https://wiki.ubuntu.com/iTalc/Keys
Details follow:
Stéphane Graber discovered that the iTALC private keys shipped with the
Edubuntu Live DVD were not correctly regenerated once Edubuntu was
installed. If an iTALC client was installed with the vulnerable keys, a
remote attacker could gain control of the system. Only systems using keys
from the Edubuntu Live DVD were affected.
Updated packages for Edubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/italc/italc_1.0.9.1-0ubuntu16.1.diff.gz
Size/MD5: 16671 1463aaba5c51b8cec0d60b95f748604e
http://security.ubuntu.com/ubuntu/pool/main/i/italc/italc_1.0.9.1-0ubuntu16.1.dsc
Size/MD5: 1920 08011f20c0f1ef67bc9585cb1e7b1afd
http://security.ubuntu.com/ubuntu/pool/main/i/italc/italc_1.0.9.1.orig.tar.gz
Size/MD5: 3294206 5acc6bd10139bc3e05e7106d27410e46
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/italc/italc-client_1.0.9.1-0ubuntu16.1_amd64.deb
Size/MD5: 542156 64fb51a7bc9f270430816c26d9975087
http://security.ubuntu.com/ubuntu/pool/main/i/italc/italc-master_1.0.9.1-0ubuntu16.1_amd64.deb
Size/MD5: 1104570 3ec712ffb519e2d435049fef207fd2c6
http://security.ubuntu.com/ubuntu/pool/main/i/italc/libitalc_1.0.9.1-0ubuntu16.1_amd64.deb
Size/MD5: 203938 2f304ef75066085440e3d212a8b369cb
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/italc/italc-client_1.0.9.1-0ubuntu16.1_i386.deb
Size/MD5: 511854 8a7275b9a5d0bd04c72f3eb9ca1b331d
http://security.ubuntu.com/ubuntu/pool/main/i/italc/italc-master_1.0.9.1-0ubuntu16.1_i386.deb
Size/MD5: 1107262 d7cfffe6dac606775375e924a30e26f3
http://security.ubuntu.com/ubuntu/pool/main/i/italc/libitalc_1.0.9.1-0ubuntu16.1_i386.deb
Size/MD5: 205602 2cf1ef5e65abe30128c079c3f1449384
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/i/italc/italc-client_1.0.9.1-0ubuntu16.1_armel.deb
Size/MD5: 538896 eb7379ae546c8536ca02c89e2bca4ef8
http://ports.ubuntu.com/pool/main/i/italc/italc-master_1.0.9.1-0ubuntu16.1_armel.deb
Size/MD5: 1091678 5b7b38132f58ecc7888c1c1f2be2ec69
http://ports.ubuntu.com/pool/main/i/italc/libitalc_1.0.9.1-0ubuntu16.1_armel.deb
Size/MD5: 193496 3c34296c12cf3196c4461c5fb466e26d
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/italc/italc-client_1.0.9.1-0ubuntu16.1_lpia.deb
Size/MD5: 517964 58315714b8f7ac8947d10c006e2338b7
http://ports.ubuntu.com/pool/main/i/italc/italc-master_1.0.9.1-0ubuntu16.1_lpia.deb
Size/MD5: 1112450 1e07a33fd32a2b39e2f98247fea1fd91
http://ports.ubuntu.com/pool/main/i/italc/libitalc_1.0.9.1-0ubuntu16.1_lpia.deb
Size/MD5: 207090 a8de2ff7e3a63d7941c907c6f7662327
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/i/italc/italc-client_1.0.9.1-0ubuntu16.1_powerpc.deb
Size/MD5: 509256 6d3ab8b223c052daf61505e3699c548c
http://ports.ubuntu.com/pool/main/i/italc/italc-master_1.0.9.1-0ubuntu16.1_powerpc.deb
Size/MD5: 1104256 a60f8f7864eaccd3925ed159f9922a52
http://ports.ubuntu.com/pool/main/i/italc/libitalc_1.0.9.1-0ubuntu16.1_powerpc.deb
Size/MD5: 207212 3f17a9133c795d574afbcaab646c0a6a
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/i/italc/italc-client_1.0.9.1-0ubuntu16.1_sparc.deb
Size/MD5: 535652 3b4d443d9c446be018420f8d24660ec7
http://ports.ubuntu.com/pool/main/i/italc/italc-master_1.0.9.1-0ubuntu16.1_sparc.deb
Size/MD5: 1113496 a69b5373083c72ae1f7fee5a8ec1ad2d
http://ports.ubuntu.com/pool/main/i/italc/libitalc_1.0.9.1-0ubuntu16.1_sparc.deb
Size/MD5: 199270 1d46750c6fdb042ebbc3fc8da0b87cc3
Updated packages for Edubuntu 10.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/universe/i/italc/italc_1.0.9.1-0ubuntu18.10.04.1.diff.gz
Size/MD5: 17359 01b5b5b9b20a3318de6eebff121bc060
http://security.ubuntu.com/ubuntu/pool/universe/i/italc/italc_1.0.9.1-0ubuntu18.10.04.1.dsc
Size/MD5: 1944 462055fb0ec328c3bc732189bb9b78ff
http://security.ubuntu.com/ubuntu/pool/universe/i/italc/italc_1.0.9.1.orig.tar.gz
Size/MD5: 3294206 5acc6bd10139bc3e05e7106d27410e46
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/universe/i/italc/italc-client_1.0.9.1-0ubuntu18.10.04.1_amd64.deb
Size/MD5: 540436 adf3a38bca52cfec45c0062451ae58e3
http://security.ubuntu.com/ubuntu/pool/universe/i/italc/italc-master_1.0.9.1-0ubuntu18.10.04.1_amd64.deb
Size/MD5: 1116274 8bf410d86837d1bd44afce17a7c3259b
http://security.ubuntu.com/ubuntu/pool/universe/i/italc/libitalc_1.0.9.1-0ubuntu18.10.04.1_amd64.deb
Size/MD5: 205174 4182e5ce1528aeb2892f9cc6dc551bec
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/universe/i/italc/italc-client_1.0.9.1-0ubuntu18.10.04.1_i386.deb
Size/MD5: 509254 fc058ac14090555b5b9a5b6258021506
http://security.ubuntu.com/ubuntu/pool/universe/i/italc/italc-master_1.0.9.1-0ubuntu18.10.04.1_i386.deb
Size/MD5: 1118644 4bb71f3d4d5b8ef2e77d5c9d37d340a2
http://security.ubuntu.com/ubuntu/pool/universe/i/italc/libitalc_1.0.9.1-0ubuntu18.10.04.1_i386.deb
Size/MD5: 206942 c875777d44d896765f38daea53b48449
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/universe/i/italc/italc-client_1.0.9.1-0ubuntu18.10.04.1_armel.deb
Size/MD5: 514320 fc6ee6aeda4a44b55170b1e12935548d
http://ports.ubuntu.com/pool/universe/i/italc/italc-master_1.0.9.1-0ubuntu18.10.04.1_armel.deb
Size/MD5: 1096032 eecadd401d07293479828fd46119184a
http://ports.ubuntu.com/pool/universe/i/italc/libitalc_1.0.9.1-0ubuntu18.10.04.1_armel.deb
Size/MD5: 190692 ddfcda169a7002e70271b28c4ef0a719
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/universe/i/italc/italc-client_1.0.9.1-0ubuntu18.10.04.1_powerpc.deb
Size/MD5: 506784 480566c62a80d3e1a031e663b82cd227
http://ports.ubuntu.com/pool/universe/i/italc/italc-master_1.0.9.1-0ubuntu18.10.04.1_powerpc.deb
Size/MD5: 1115134 f622aaae7105494eff7c18f6bc69aba4
http://ports.ubuntu.com/pool/universe/i/italc/libitalc_1.0.9.1-0ubuntu18.10.04.1_powerpc.deb
Size/MD5: 208300 a54eb8025c139551ed43c58560e3c90f
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/universe/i/italc/italc-client_1.0.9.1-0ubuntu18.10.04.1_sparc.deb
Size/MD5: 558922 bba1195414cc2683a0726c27bfd24916
http://ports.ubuntu.com/pool/universe/i/italc/italc-master_1.0.9.1-0ubuntu18.10.04.1_sparc.deb
Size/MD5: 1126202 bf3a680e3a0d2d51fc936490fb7a1e0f
http://ports.ubuntu.com/pool/universe/i/italc/libitalc_1.0.9.1-0ubuntu18.10.04.1_sparc.deb
Size/MD5: 200984 67e38faf389fa0b4aaad118d00dd99e6
Updated packages for Edubuntu 10.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/universe/i/italc/italc_1.0.9.1-0ubuntu18.10.10.1.diff.gz
Size/MD5: 18083 39a981929bf84da42a97a54864228949
http://security.ubuntu.com/ubuntu/pool/universe/i/italc/italc_1.0.9.1-0ubuntu18.10.10.1.dsc
Size/MD5: 1944 24f547e0d9d843a7840bad3a9175819c
http://security.ubuntu.com/ubuntu/pool/universe/i/italc/italc_1.0.9.1.orig.tar.gz
Size/MD5: 3294206 5acc6bd10139bc3e05e7106d27410e46
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/universe/i/italc/italc-client_1.0.9.1-0ubuntu18.10.10.1_amd64.deb
Size/MD5: 532426 8d13c2c03230c8122d7bf3a0f1d5dbfd
http://security.ubuntu.com/ubuntu/pool/universe/i/italc/italc-master_1.0.9.1-0ubuntu18.10.10.1_amd64.deb
Size/MD5: 1117386 9eaa534098d4c5493fff03517c7b9545
http://security.ubuntu.com/ubuntu/pool/universe/i/italc/libitalc_1.0.9.1-0ubuntu18.10.10.1_amd64.deb
Size/MD5: 203276 bf0bc8803ea8bf6b516ddaab9577a881
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/universe/i/italc/italc-client_1.0.9.1-0ubuntu18.10.10.1_i386.deb
Size/MD5: 501438 ff1bcd699abfcc7901238a393441eb10
http://security.ubuntu.com/ubuntu/pool/universe/i/italc/italc-master_1.0.9.1-0ubuntu18.10.10.1_i386.deb
Size/MD5: 1120146 384a7eec9820349758c14026b11ce4ad
http://security.ubuntu.com/ubuntu/pool/universe/i/italc/libitalc_1.0.9.1-0ubuntu18.10.10.1_i386.deb
Size/MD5: 205172 afce197eedd356c41c0363578247a815
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/universe/i/italc/italc-client_1.0.9.1-0ubuntu18.10.10.1_armel.deb
Size/MD5: 570806 87388b75705ac4b3215b03d7233159fa
http://ports.ubuntu.com/pool/universe/i/italc/italc-master_1.0.9.1-0ubuntu18.10.10.1_armel.deb
Size/MD5: 1105250 51a40f0a7e63051a169f1c8dfc36b89e
http://ports.ubuntu.com/pool/universe/i/italc/libitalc_1.0.9.1-0ubuntu18.10.10.1_armel.deb
Size/MD5: 194404 e654aee0c1608fdbd939e854e694134a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/universe/i/italc/italc-client_1.0.9.1-0ubuntu18.10.10.1_powerpc.deb
Size/MD5: 499942 1ff63b28c25c2127e45d3bedbd1bbbae
http://ports.ubuntu.com/pool/universe/i/italc/italc-master_1.0.9.1-0ubuntu18.10.10.1_powerpc.deb
Size/MD5: 1117620 a7ca6291800aeb99410b39056fd58982
http://ports.ubuntu.com/pool/universe/i/italc/libitalc_1.0.9.1-0ubuntu18.10.10.1_powerpc.deb
Size/MD5: 206704 669dbbfde3b0fe231bb05d4522d95165
Download attachment "signature.asc" of type "application/pgp-signature" (875 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists