lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1SbqLt-0002IG-Gh@titan.mandriva.com>
Date: Tue, 05 Jun 2012 11:47:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2012:087 ] nut

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:087
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : nut
 Date    : June 5, 2012
 Affected: 2010.1, 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in nut:
 
 Buffer overflow in the addchar function in common/parseconf.c in upsd
 in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to
 execute arbitrary code or cause a denial of service (electric-power
 outage) via a long string containing non-printable characters
 (CVE-2012-2944).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2944
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 8cbd141752ce14533a5bc1d15864c9c5  2010.1/i586/libupsclient1-2.4.3-3.1mdv2010.2.i586.rpm
 5f13bd68571684bb782452e4a94918f7  2010.1/i586/nut-2.4.3-3.1mdv2010.2.i586.rpm
 96929f5e6c561ec3c889bab305e0678e  2010.1/i586/nut-cgi-2.4.3-3.1mdv2010.2.i586.rpm
 da4abba96a5ea4b4acd1cff90d24a847  2010.1/i586/nut-devel-2.4.3-3.1mdv2010.2.i586.rpm
 f3f01ce23d67b4ad9c73be0f72d45843  2010.1/i586/nut-drivers-hal-2.4.3-3.1mdv2010.2.i586.rpm
 8844d3e280f4d63da440a574380f0c4c  2010.1/i586/nut-server-2.4.3-3.1mdv2010.2.i586.rpm 
 cda44549f345e3144d53ff52275c9b95  2010.1/SRPMS/nut-2.4.3-3.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 1da8715f71ab61e4350ea6bc12b556ad  2010.1/x86_64/lib64upsclient1-2.4.3-3.1mdv2010.2.x86_64.rpm
 90a537da06e96771c41b29104fd18ba8  2010.1/x86_64/nut-2.4.3-3.1mdv2010.2.x86_64.rpm
 4f720efbaaccdf8fff50861bf4fb2f12  2010.1/x86_64/nut-cgi-2.4.3-3.1mdv2010.2.x86_64.rpm
 16e2dbedba405bc3d72348647c1593cd  2010.1/x86_64/nut-devel-2.4.3-3.1mdv2010.2.x86_64.rpm
 687c05b4549e0997525126021a35997c  2010.1/x86_64/nut-drivers-hal-2.4.3-3.1mdv2010.2.x86_64.rpm
 fbd32d6e4403bfc781b2efcfeb634038  2010.1/x86_64/nut-server-2.4.3-3.1mdv2010.2.x86_64.rpm 
 cda44549f345e3144d53ff52275c9b95  2010.1/SRPMS/nut-2.4.3-3.1mdv2010.2.src.rpm

 Mandriva Linux 2011:
 762144bcc4db108ee2c876dfb3accebb  2011/i586/libupsclient1-2.6.1-1.1-mdv2011.0.i586.rpm
 b7859b2b9a9d5acd548abb212e5c2406  2011/i586/nut-2.6.1-1.1-mdv2011.0.i586.rpm
 51e2ec4f45b3510fee4834f83b3b77b0  2011/i586/nut-cgi-2.6.1-1.1-mdv2011.0.i586.rpm
 b840cf511a37b306c070f990fb213127  2011/i586/nut-devel-2.6.1-1.1-mdv2011.0.i586.rpm
 57f9d8d1de442865464ad2cd17fd0df9  2011/i586/nut-drivers-hal-2.6.1-1.1-mdv2011.0.i586.rpm
 503f841ba7e64f30bf6101bbb7419ea3  2011/i586/nut-server-2.6.1-1.1-mdv2011.0.i586.rpm 
 e58899886557fd47a5e408dab9830fd9  2011/SRPMS/nut-2.6.1-1.1.src.rpm

 Mandriva Linux 2011/X86_64:
 ee6f90720c49111e6fa7a607b1145155  2011/x86_64/lib64upsclient1-2.6.1-1.1-mdv2011.0.x86_64.rpm
 f1857b0d0233eef29733fbc62774ecc5  2011/x86_64/nut-2.6.1-1.1-mdv2011.0.x86_64.rpm
 ebb6ae30d8143116b220e3feac15ef5f  2011/x86_64/nut-cgi-2.6.1-1.1-mdv2011.0.x86_64.rpm
 41ff265fd1e0c07eb99a0b26c2769054  2011/x86_64/nut-devel-2.6.1-1.1-mdv2011.0.x86_64.rpm
 571c5156b67adceae535366dbff546e3  2011/x86_64/nut-drivers-hal-2.6.1-1.1-mdv2011.0.x86_64.rpm
 a48526362c08d594c863fedaaeae7191  2011/x86_64/nut-server-2.6.1-1.1-mdv2011.0.x86_64.rpm 
 e58899886557fd47a5e408dab9830fd9  2011/SRPMS/nut-2.6.1-1.1.src.rpm

 Mandriva Enterprise Server 5:
 ef980671bc85dac89b46dad2a2e1b14a  mes5/i586/libupsclient1-2.2.2-5.1mdvmes5.2.i586.rpm
 d73eb5d8d367a8cec458ae8a1a61c96a  mes5/i586/nut-2.2.2-5.1mdvmes5.2.i586.rpm
 efa798b935af4bf96376e6106fb1f781  mes5/i586/nut-cgi-2.2.2-5.1mdvmes5.2.i586.rpm
 c25a2604afa95af813053a1815c5a646  mes5/i586/nut-devel-2.2.2-5.1mdvmes5.2.i586.rpm
 24863f77e389d32f840e6851eb36012a  mes5/i586/nut-drivers-hal-2.2.2-5.1mdvmes5.2.i586.rpm
 c1067cb506937f6dbecdb226fca2c81a  mes5/i586/nut-server-2.2.2-5.1mdvmes5.2.i586.rpm 
 672bc92d6c31a7213af82a886a4332b1  mes5/SRPMS/nut-2.2.2-5.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 b4952c0ffba50afb28e4b435d9deb8aa  mes5/x86_64/lib64upsclient1-2.2.2-5.1mdvmes5.2.x86_64.rpm
 55949a3a2b812b12f4a98ed6dc790b5f  mes5/x86_64/nut-2.2.2-5.1mdvmes5.2.x86_64.rpm
 15f24161ebdc01d3c4b219d61cf6b1a7  mes5/x86_64/nut-cgi-2.2.2-5.1mdvmes5.2.x86_64.rpm
 b28c19b992b16bb4c140e1ae1647822b  mes5/x86_64/nut-devel-2.2.2-5.1mdvmes5.2.x86_64.rpm
 b06cf19cc277f57d40ac7140b8382017  mes5/x86_64/nut-drivers-hal-2.2.2-5.1mdvmes5.2.x86_64.rpm
 a3457f27ee58238a82dfce9881dd89bd  mes5/x86_64/nut-server-2.2.2-5.1mdvmes5.2.x86_64.rpm 
 672bc92d6c31a7213af82a886a4332b1  mes5/SRPMS/nut-2.2.2-5.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPzae4mqjQ0CJFipgRAqc/AJ91ti3A6vfVjm50xS6N/0NOJWSLMACeMmZg
pMNxMiF1aJ1mZYJTtG5Cz/Q=
=D63j
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ