lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20110211032735.GH1457@outflux.net>
Date: Thu, 10 Feb 2011 19:27:35 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-1061-1] iTALC vulnerability

===========================================================
Ubuntu Security Notice USN-1061-1         February 11, 2011
italc vulnerability
CVE-2011-0724
===========================================================

A security issue affects the following Edubuntu releases:

Edubuntu 9.10
Edubuntu 10.04 LTS
Edubuntu 10.10

This advisory does not apply to the corresponding versions of
Ubuntu, Kubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Edubuntu 9.10:
  italc-client                    1:1.0.9.1-0ubuntu16.1

Edubuntu 10.04 LTS:
  italc-client                    1:1.0.9.1-0ubuntu18.10.04.1

Edubuntu 10.10:
  italc-client                    1:1.0.9.1-0ubuntu18.10.10.1

After a standard system update, if you had originally installed from
the Edubuntu Live DVD and the bad keys were found, you will need to
redistribute the newly generated public keys to your iTALC clients and
restart each session. For more details, see:
https://wiki.ubuntu.com/iTalc/Keys

Details follow:

Stéphane Graber discovered that the iTALC private keys shipped with the
Edubuntu Live DVD were not correctly regenerated once Edubuntu was
installed. If an iTALC client was installed with the vulnerable keys, a
remote attacker could gain control of the system. Only systems using keys
from the Edubuntu Live DVD were affected.


Updated packages for Edubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/italc/italc_1.0.9.1-0ubuntu16.1.diff.gz
      Size/MD5:    16671 1463aaba5c51b8cec0d60b95f748604e
    http://security.ubuntu.com/ubuntu/pool/main/i/italc/italc_1.0.9.1-0ubuntu16.1.dsc
      Size/MD5:     1920 08011f20c0f1ef67bc9585cb1e7b1afd
    http://security.ubuntu.com/ubuntu/pool/main/i/italc/italc_1.0.9.1.orig.tar.gz
      Size/MD5:  3294206 5acc6bd10139bc3e05e7106d27410e46

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/italc/italc-client_1.0.9.1-0ubuntu16.1_amd64.deb
      Size/MD5:   542156 64fb51a7bc9f270430816c26d9975087
    http://security.ubuntu.com/ubuntu/pool/main/i/italc/italc-master_1.0.9.1-0ubuntu16.1_amd64.deb
      Size/MD5:  1104570 3ec712ffb519e2d435049fef207fd2c6
    http://security.ubuntu.com/ubuntu/pool/main/i/italc/libitalc_1.0.9.1-0ubuntu16.1_amd64.deb
      Size/MD5:   203938 2f304ef75066085440e3d212a8b369cb

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/italc/italc-client_1.0.9.1-0ubuntu16.1_i386.deb
      Size/MD5:   511854 8a7275b9a5d0bd04c72f3eb9ca1b331d
    http://security.ubuntu.com/ubuntu/pool/main/i/italc/italc-master_1.0.9.1-0ubuntu16.1_i386.deb
      Size/MD5:  1107262 d7cfffe6dac606775375e924a30e26f3
    http://security.ubuntu.com/ubuntu/pool/main/i/italc/libitalc_1.0.9.1-0ubuntu16.1_i386.deb
      Size/MD5:   205602 2cf1ef5e65abe30128c079c3f1449384

  armel architecture (ARM Architecture):

    http://ports.ubuntu.com/pool/main/i/italc/italc-client_1.0.9.1-0ubuntu16.1_armel.deb
      Size/MD5:   538896 eb7379ae546c8536ca02c89e2bca4ef8
    http://ports.ubuntu.com/pool/main/i/italc/italc-master_1.0.9.1-0ubuntu16.1_armel.deb
      Size/MD5:  1091678 5b7b38132f58ecc7888c1c1f2be2ec69
    http://ports.ubuntu.com/pool/main/i/italc/libitalc_1.0.9.1-0ubuntu16.1_armel.deb
      Size/MD5:   193496 3c34296c12cf3196c4461c5fb466e26d

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/italc/italc-client_1.0.9.1-0ubuntu16.1_lpia.deb
      Size/MD5:   517964 58315714b8f7ac8947d10c006e2338b7
    http://ports.ubuntu.com/pool/main/i/italc/italc-master_1.0.9.1-0ubuntu16.1_lpia.deb
      Size/MD5:  1112450 1e07a33fd32a2b39e2f98247fea1fd91
    http://ports.ubuntu.com/pool/main/i/italc/libitalc_1.0.9.1-0ubuntu16.1_lpia.deb
      Size/MD5:   207090 a8de2ff7e3a63d7941c907c6f7662327

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/i/italc/italc-client_1.0.9.1-0ubuntu16.1_powerpc.deb
      Size/MD5:   509256 6d3ab8b223c052daf61505e3699c548c
    http://ports.ubuntu.com/pool/main/i/italc/italc-master_1.0.9.1-0ubuntu16.1_powerpc.deb
      Size/MD5:  1104256 a60f8f7864eaccd3925ed159f9922a52
    http://ports.ubuntu.com/pool/main/i/italc/libitalc_1.0.9.1-0ubuntu16.1_powerpc.deb
      Size/MD5:   207212 3f17a9133c795d574afbcaab646c0a6a

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/i/italc/italc-client_1.0.9.1-0ubuntu16.1_sparc.deb
      Size/MD5:   535652 3b4d443d9c446be018420f8d24660ec7
    http://ports.ubuntu.com/pool/main/i/italc/italc-master_1.0.9.1-0ubuntu16.1_sparc.deb
      Size/MD5:  1113496 a69b5373083c72ae1f7fee5a8ec1ad2d
    http://ports.ubuntu.com/pool/main/i/italc/libitalc_1.0.9.1-0ubuntu16.1_sparc.deb
      Size/MD5:   199270 1d46750c6fdb042ebbc3fc8da0b87cc3

Updated packages for Edubuntu 10.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/universe/i/italc/italc_1.0.9.1-0ubuntu18.10.04.1.diff.gz
      Size/MD5:    17359 01b5b5b9b20a3318de6eebff121bc060
    http://security.ubuntu.com/ubuntu/pool/universe/i/italc/italc_1.0.9.1-0ubuntu18.10.04.1.dsc
      Size/MD5:     1944 462055fb0ec328c3bc732189bb9b78ff
    http://security.ubuntu.com/ubuntu/pool/universe/i/italc/italc_1.0.9.1.orig.tar.gz
      Size/MD5:  3294206 5acc6bd10139bc3e05e7106d27410e46

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/universe/i/italc/italc-client_1.0.9.1-0ubuntu18.10.04.1_amd64.deb
      Size/MD5:   540436 adf3a38bca52cfec45c0062451ae58e3
    http://security.ubuntu.com/ubuntu/pool/universe/i/italc/italc-master_1.0.9.1-0ubuntu18.10.04.1_amd64.deb
      Size/MD5:  1116274 8bf410d86837d1bd44afce17a7c3259b
    http://security.ubuntu.com/ubuntu/pool/universe/i/italc/libitalc_1.0.9.1-0ubuntu18.10.04.1_amd64.deb
      Size/MD5:   205174 4182e5ce1528aeb2892f9cc6dc551bec

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/universe/i/italc/italc-client_1.0.9.1-0ubuntu18.10.04.1_i386.deb
      Size/MD5:   509254 fc058ac14090555b5b9a5b6258021506
    http://security.ubuntu.com/ubuntu/pool/universe/i/italc/italc-master_1.0.9.1-0ubuntu18.10.04.1_i386.deb
      Size/MD5:  1118644 4bb71f3d4d5b8ef2e77d5c9d37d340a2
    http://security.ubuntu.com/ubuntu/pool/universe/i/italc/libitalc_1.0.9.1-0ubuntu18.10.04.1_i386.deb
      Size/MD5:   206942 c875777d44d896765f38daea53b48449

  armel architecture (ARM Architecture):

    http://ports.ubuntu.com/pool/universe/i/italc/italc-client_1.0.9.1-0ubuntu18.10.04.1_armel.deb
      Size/MD5:   514320 fc6ee6aeda4a44b55170b1e12935548d
    http://ports.ubuntu.com/pool/universe/i/italc/italc-master_1.0.9.1-0ubuntu18.10.04.1_armel.deb
      Size/MD5:  1096032 eecadd401d07293479828fd46119184a
    http://ports.ubuntu.com/pool/universe/i/italc/libitalc_1.0.9.1-0ubuntu18.10.04.1_armel.deb
      Size/MD5:   190692 ddfcda169a7002e70271b28c4ef0a719

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/universe/i/italc/italc-client_1.0.9.1-0ubuntu18.10.04.1_powerpc.deb
      Size/MD5:   506784 480566c62a80d3e1a031e663b82cd227
    http://ports.ubuntu.com/pool/universe/i/italc/italc-master_1.0.9.1-0ubuntu18.10.04.1_powerpc.deb
      Size/MD5:  1115134 f622aaae7105494eff7c18f6bc69aba4
    http://ports.ubuntu.com/pool/universe/i/italc/libitalc_1.0.9.1-0ubuntu18.10.04.1_powerpc.deb
      Size/MD5:   208300 a54eb8025c139551ed43c58560e3c90f

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/universe/i/italc/italc-client_1.0.9.1-0ubuntu18.10.04.1_sparc.deb
      Size/MD5:   558922 bba1195414cc2683a0726c27bfd24916
    http://ports.ubuntu.com/pool/universe/i/italc/italc-master_1.0.9.1-0ubuntu18.10.04.1_sparc.deb
      Size/MD5:  1126202 bf3a680e3a0d2d51fc936490fb7a1e0f
    http://ports.ubuntu.com/pool/universe/i/italc/libitalc_1.0.9.1-0ubuntu18.10.04.1_sparc.deb
      Size/MD5:   200984 67e38faf389fa0b4aaad118d00dd99e6

Updated packages for Edubuntu 10.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/universe/i/italc/italc_1.0.9.1-0ubuntu18.10.10.1.diff.gz
      Size/MD5:    18083 39a981929bf84da42a97a54864228949
    http://security.ubuntu.com/ubuntu/pool/universe/i/italc/italc_1.0.9.1-0ubuntu18.10.10.1.dsc
      Size/MD5:     1944 24f547e0d9d843a7840bad3a9175819c
    http://security.ubuntu.com/ubuntu/pool/universe/i/italc/italc_1.0.9.1.orig.tar.gz
      Size/MD5:  3294206 5acc6bd10139bc3e05e7106d27410e46

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/universe/i/italc/italc-client_1.0.9.1-0ubuntu18.10.10.1_amd64.deb
      Size/MD5:   532426 8d13c2c03230c8122d7bf3a0f1d5dbfd
    http://security.ubuntu.com/ubuntu/pool/universe/i/italc/italc-master_1.0.9.1-0ubuntu18.10.10.1_amd64.deb
      Size/MD5:  1117386 9eaa534098d4c5493fff03517c7b9545
    http://security.ubuntu.com/ubuntu/pool/universe/i/italc/libitalc_1.0.9.1-0ubuntu18.10.10.1_amd64.deb
      Size/MD5:   203276 bf0bc8803ea8bf6b516ddaab9577a881

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/universe/i/italc/italc-client_1.0.9.1-0ubuntu18.10.10.1_i386.deb
      Size/MD5:   501438 ff1bcd699abfcc7901238a393441eb10
    http://security.ubuntu.com/ubuntu/pool/universe/i/italc/italc-master_1.0.9.1-0ubuntu18.10.10.1_i386.deb
      Size/MD5:  1120146 384a7eec9820349758c14026b11ce4ad
    http://security.ubuntu.com/ubuntu/pool/universe/i/italc/libitalc_1.0.9.1-0ubuntu18.10.10.1_i386.deb
      Size/MD5:   205172 afce197eedd356c41c0363578247a815

  armel architecture (ARM Architecture):

    http://ports.ubuntu.com/pool/universe/i/italc/italc-client_1.0.9.1-0ubuntu18.10.10.1_armel.deb
      Size/MD5:   570806 87388b75705ac4b3215b03d7233159fa
    http://ports.ubuntu.com/pool/universe/i/italc/italc-master_1.0.9.1-0ubuntu18.10.10.1_armel.deb
      Size/MD5:  1105250 51a40f0a7e63051a169f1c8dfc36b89e
    http://ports.ubuntu.com/pool/universe/i/italc/libitalc_1.0.9.1-0ubuntu18.10.10.1_armel.deb
      Size/MD5:   194404 e654aee0c1608fdbd939e854e694134a

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/universe/i/italc/italc-client_1.0.9.1-0ubuntu18.10.10.1_powerpc.deb
      Size/MD5:   499942 1ff63b28c25c2127e45d3bedbd1bbbae
    http://ports.ubuntu.com/pool/universe/i/italc/italc-master_1.0.9.1-0ubuntu18.10.10.1_powerpc.deb
      Size/MD5:  1117620 a7ca6291800aeb99410b39056fd58982
    http://ports.ubuntu.com/pool/universe/i/italc/libitalc_1.0.9.1-0ubuntu18.10.10.1_powerpc.deb
      Size/MD5:   206704 669dbbfde3b0fe231bb05d4522d95165


Download attachment "signature.asc" of type "application/pgp-signature" (875 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ