Linux Today - Advisories, November 1, 2006

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices

Technology Jobs

LinuxToday Newsletters

Server Daily
IT Management Daily
Subscribe News
Subscribe PR
Subscribe Security

internet.com

Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

Current Newswire:

Raspberry Pi benchmarked against Beagleboard, low price is long term

20 popular Ubuntu Linux apps you may want to try

A Selection of the Very Best Open Source Tutorials and Tools

Android Ice Cream Sandwich ported to x86 tablets, netbooks and notebooks

SECURITY: Google Chrome 17 Improves Security

How to read a CSV file in Perl?

Red Hat Brings Gluster to Amazon Cloud

New Linux kernel fixes power-saving issues

Using Wii remote with Android Device- Taking Gaming to the Next Level

Commercial Support now available for the open-source NGINX Web server

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Post A Job | Post A Resume

:Advisories, November 1, 2006

Advisories, November 1, 2006
Nov 2, 2006, 05 :30 UTC (0 Talkback[s]) (2423 reads)

Red Hat Lihux

Red Hat Security Advisory

Synopsis: Moderate: qt security update
Advisory ID: RHSA-2006:0725-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0725.html
Issue date: 2006-11-01
Updated on: 2006-11-01
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-4811

1. Summary:

Updated qt packages that correct an integer overflow flaw are now available.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System.

An integer overflow flaw was found in the way Qt handled certain pixmap images. If an application linked against Qt created a pixmap image in a certain way, it could lead to a denial of service or possibly allow the execution of arbitrary code. (CVE-2006-4811)

Users of Qt should upgrade to these updated packages, which contain a backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

211829 - CVE-2006-4811 qt integer overflow

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/qt-2.3.1-12.EL2.src.rpm
172de071af27b97a7f5288e7631bcbc4 qt-2.3.1-12.EL2.src.rpm

i386:
ead15c619bc32aa0f40b9dbe0cccd517 qt-2.3.1-12.EL2.i386.rpm
14d45496f6ea9a424813dbb5780142e2 qt-Xt-2.3.1-12.EL2.i386.rpm
1c2f25193663dc8f9688047a397f18e4 qt-designer-2.3.1-12.EL2.i386.rpm
9e6d8262422bd6c5e002d18260890bce qt-devel-2.3.1-12.EL2.i386.rpm
8f3dee00f4bfd421b9624d19d8749ad4 qt-static-2.3.1-12.EL2.i386.rpm

ia64:
840fe2321ffea68ab8794dd0b7e9c881 qt-2.3.1-12.EL2.ia64.rpm
b0c0f0a0529ba133a310a8f3e5acdc51 qt-Xt-2.3.1-12.EL2.ia64.rpm
93f70e2c50513ddf335525c42e5ee3c0 qt-designer-2.3.1-12.EL2.ia64.rpm
34e5c46f4d58bf350b3444e16ab3da9c qt-devel-2.3.1-12.EL2.ia64.rpm
8af03a401773e06a150b8e276f5a1efd qt-static-2.3.1-12.EL2.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/qt-2.3.1-12.EL2.src.rpm
172de071af27b97a7f5288e7631bcbc4 qt-2.3.1-12.EL2.src.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/qt-2.3.1-12.EL2.src.rpm
172de071af27b97a7f5288e7631bcbc4 qt-2.3.1-12.EL2.src.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/qt-2.3.1-12.EL2.src.rpm
172de071af27b97a7f5288e7631bcbc4 qt-2.3.1-12.EL2.src.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/qt-3.1.2-14.RHEL3.src.rpm
9bb9f9baad9df9a2e0f212ad2f805619 qt-3.1.2-14.RHEL3.src.rpm

i386:
cecdc062e2ed6378753b685860a6dfdb qt-3.1.2-14.RHEL3.i386.rpm
d2645cca7c6204b767681b5e3107434a qt-MySQL-3.1.2-14.RHEL3.i386.rpm
5836df16307118bc33dd9486deb51b3e qt-ODBC-3.1.2-14.RHEL3.i386.rpm
5869bccdc667a73d4e0cf3e85c18b7a1 qt-config-3.1.2-14.RHEL3.i386.rpm
5942e1d4f2792980fe7c8f9c7f2bdfcb qt-debuginfo-3.1.2-14.RHEL3.i386.rpm
f091d865dc63dccdfdf6bfc316691391 qt-designer-3.1.2-14.RHEL3.i386.rpm
20542bee5fa05e55954411192c65ab6e qt-devel-3.1.2-14.RHEL3.i386.rpm

ia64:
cecdc062e2ed6378753b685860a6dfdb qt-3.1.2-14.RHEL3.i386.rpm
7c6b66949a29a072bebe5043a9bfeda6 qt-3.1.2-14.RHEL3.ia64.rpm
00a5e47901973df234e421c889466a4f qt-MySQL-3.1.2-14.RHEL3.ia64.rpm
4450f80105e0b60623e850bdc63a730d qt-ODBC-3.1.2-14.RHEL3.ia64.rpm
48a733546f937c88fa0b0226ca8482d9 qt-config-3.1.2-14.RHEL3.ia64.rpm
5942e1d4f2792980fe7c8f9c7f2bdfcb qt-debuginfo-3.1.2-14.RHEL3.i386.rpm
b633daf5f0b95f9236298a6473564c4b qt-debuginfo-3.1.2-14.RHEL3.ia64.rpm
50ebab6f9c36eb87736d22befae3cfe6 qt-designer-3.1.2-14.RHEL3.ia64.rpm
9b2b8783f32e73b1cde16e9d8a2c7043 qt-devel-3.1.2-14.RHEL3.ia64.rpm

ppc:
eb123e8918e907fb4368c2b3e30dd56e qt-3.1.2-14.RHEL3.ppc.rpm
95794f8af28f1bd8f906fe55fa400aac qt-3.1.2-14.RHEL3.ppc64.rpm
3769ff3b301baf302ad29024bd1461ca qt-MySQL-3.1.2-14.RHEL3.ppc.rpm
fa3458602464e6dca6a709b48e2ed6ca qt-ODBC-3.1.2-14.RHEL3.ppc.rpm
bacbcea750dbecbae69b2418f02ec501 qt-config-3.1.2-14.RHEL3.ppc.rpm
c32d2f42a0ac7f1e9d233e0974f3ce32 qt-debuginfo-3.1.2-14.RHEL3.ppc.rpm
f518348ba5dfab0a735dd68f53e84fbc qt-debuginfo-3.1.2-14.RHEL3.ppc64.rpm
6044d028270bf11a524eaf07cda98fe7 qt-designer-3.1.2-14.RHEL3.ppc.rpm
965ba14dffddbe364c5afc3c5f78ece8 qt-devel-3.1.2-14.RHEL3.ppc.rpm

s390:
f8f8b9ffcd5a7d73cd92d47e9e167834 qt-3.1.2-14.RHEL3.s390.rpm
7771c040708f0792ccd29bfbfb5adf68 qt-MySQL-3.1.2-14.RHEL3.s390.rpm
5e12a9fa5b30595b286731b9209484be qt-ODBC-3.1.2-14.RHEL3.s390.rpm
8be36789eec024722427ea0741e1e5bd qt-config-3.1.2-14.RHEL3.s390.rpm
1bf62c720c8a01ee208164ca92ff1dd6 qt-debuginfo-3.1.2-14.RHEL3.s390.rpm
2ff0622cb94ec95b429aaf0998442f4a qt-designer-3.1.2-14.RHEL3.s390.rpm
e287eeff849c20d5240213a244fcf245 qt-devel-3.1.2-14.RHEL3.s390.rpm

s390x:
f8f8b9ffcd5a7d73cd92d47e9e167834 qt-3.1.2-14.RHEL3.s390.rpm
6709146e92c7e239478b2f1496ec2541 qt-3.1.2-14.RHEL3.s390x.rpm
5b9826ccd506ea05cceae2aa083e6876 qt-MySQL-3.1.2-14.RHEL3.s390x.rpm
d15232a89ff6692e9b54b1d3237138f6 qt-ODBC-3.1.2-14.RHEL3.s390x.rpm
c80c52d750d64acd1062c929bc91466c qt-config-3.1.2-14.RHEL3.s390x.rpm
1bf62c720c8a01ee208164ca92ff1dd6 qt-debuginfo-3.1.2-14.RHEL3.s390.rpm
975b58ab7abd77a1178aa1c868444de9 qt-debuginfo-3.1.2-14.RHEL3.s390x.rpm
83fde45cadb6bcad528531aca855263a qt-designer-3.1.2-14.RHEL3.s390x.rpm
b3eca10a171029b77c51ad45210b8391 qt-devel-3.1.2-14.RHEL3.s390x.rpm

x86_64:
cecdc062e2ed6378753b685860a6dfdb qt-3.1.2-14.RHEL3.i386.rpm
596a0b6a4111a20440e211d56ff34647 qt-3.1.2-14.RHEL3.x86_64.rpm
3ac0c1881b7b6d0a62164155fa7698b2 qt-MySQL-3.1.2-14.RHEL3.x86_64.rpm
0bdde3f71be2e18d5b86c7ead7fb2fd1 qt-ODBC-3.1.2-14.RHEL3.x86_64.rpm
37bb48b6dd98574f22615bb412e283ed qt-config-3.1.2-14.RHEL3.x86_64.rpm
5942e1d4f2792980fe7c8f9c7f2bdfcb qt-debuginfo-3.1.2-14.RHEL3.i386.rpm
5d239010deae684435a3cb2497070597 qt-debuginfo-3.1.2-14.RHEL3.x86_64.rpm
e56616aa922c8542e90d2fdf21ec0dc0 qt-designer-3.1.2-14.RHEL3.x86_64.rpm
30d29be398442022fc99cbd2009b52b7 qt-devel-3.1.2-14.RHEL3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/qt-3.1.2-14.RHEL3.src.rpm
9bb9f9baad9df9a2e0f212ad2f805619 qt-3.1.2-14.RHEL3.src.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/qt-3.1.2-14.RHEL3.src.rpm
9bb9f9baad9df9a2e0f212ad2f805619 qt-3.1.2-14.RHEL3.src.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/qt-3.1.2-14.RHEL3.src.rpm
9bb9f9baad9df9a2e0f212ad2f805619 qt-3.1.2-14.RHEL3.src.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/qt-3.3.3-10.RHEL4.src.rpm
e96c2079caaba15d4da427679c50b320 qt-3.3.3-10.RHEL4.src.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/qt-3.3.3-10.RHEL4.src.rpm
e96c2079caaba15d4da427679c50b320 qt-3.3.3-10.RHEL4.src.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/qt-3.3.3-10.RHEL4.src.rpm
e96c2079caaba15d4da427679c50b320 qt-3.3.3-10.RHEL4.src.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/qt-3.3.3-10.RHEL4.src.rpm
e96c2079caaba15d4da427679c50b320 qt-3.3.3-10.RHEL4.src.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4811 http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

rPath Linux

rPath Security Advisory: 2006-0202-1
Published: 2006-11-01
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification: Remote Deterministic Denial of Service
Updated Versions:
wireshark=/conary.rpath.com@rpl:devel//1/0.99.4-0.1-1
tshark=/conary.rpath.com@rpl:devel//1/0.99.4-0.1-1

References:

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4574

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4805

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5468

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5469

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5740

    https://issues.rpath.com/browse/RPL-746

Description:
In previous versions of the wireshark and tshark packages, and all versions of the ethereal and tethereal packages, are vulnerable to several remote Denial of Service attacks which can cause the application to crash. None of these vulnerabilities is currently believed to enable remote unauthorized access.

The fixes are available only as part of the wireshark package. Development of the ethereal program has ceased under the ethereal name and continued under the wireshark name, due to restrictions on the use of the "ethereal" trademark. The latest version of the ethereal and tethereal packages in rPath Linux 1 are now redirects to the wireshark and tshark packages. The command "conary update ethereal tethereal" will cause the ethereal and tethereal packages on the system to be replaced by wireshark and tshark, respectively. The "conary updateall" command will also appropriately migrate the system from ethereal to wireshark.

Ubuntu

Ubuntu Security Notice USN-370-1 October 31, 2006
screen vulnerability
CVE-2006-4573

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.04:
screen 4.0.2-4.1ubuntu2.5.04

Ubuntu 5.10:
screen 4.0.2-4.1ubuntu2.5.10

Ubuntu 6.06 LTS:
screen 4.0.2-4.1ubuntu5.6.06

Ubuntu 6.10:
screen 4.0.2-4.1ubuntu5.6.10

After a standard system upgrade you need to restart any running screen sessions to effect the necessary changes.

Details follow:

cstone and Rich Felker discovered a programming error in the UTF8 string handling code of "screen" leading to a denial of service. If a crafted string was displayed within a screen session, screen would crash or possibly execute arbitrary code.

Updated packages for Ubuntu 5.04:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.04.diff.gz
      Size/MD5: 34158 cba61559263bcc4370232cdadc6e582f
    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.04.dsc
      Size/MD5: 648 f6c73c29a88533bec08a0c7a596af8da
    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2.orig.tar.gz
      Size/MD5: 840519 ed68ea9b43d9fba0972cb017a24940a1

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.04_amd64.deb
Size/MD5: 600012 b2f316afe7637709a5da52356d0e05ec

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.04_i386.deb
Size/MD5: 577644 d8b407353de17ecda15979be0f42f892

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.04_powerpc.deb
Size/MD5: 593876 3fa2c203b8aa9f7178d9489bc547845a

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.10.diff.gz
      Size/MD5: 34163 6070d837711a9eb26aed7f6e253b8976
    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.10.dsc
      Size/MD5: 648 b10627fdfffa9eb56c883febe4e1d879
    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2.orig.tar.gz
      Size/MD5: 840519 ed68ea9b43d9fba0972cb017a24940a1

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.10_amd64.deb
Size/MD5: 608874 cafd5e3cebd014b2f91ad1abc9be6ea7

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.10_i386.deb
Size/MD5: 580646 a5e927874bef8d3989d728758bf37c4a

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.10_powerpc.deb
Size/MD5: 598392 8e667231c080709c1900d543cdc6575f

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.10_sparc.deb
Size/MD5: 596636 6bb3b98e8575d7c5bedf3c4306c37bd8

Updated packages for Ubuntu 6.06 LTS:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.06.diff.gz
      Size/MD5: 54523 ffd98c68cd22cec18f7017b0e26e0003
    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.06.dsc
      Size/MD5: 648 cc1098ba02b1f371e2d8afe72a06802c
    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2.orig.tar.gz
      Size/MD5: 840519 ed68ea9b43d9fba0972cb017a24940a1

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.06_amd64.deb
Size/MD5: 609606 2ed54b9ddd4626ea693d0c549c1ddefa

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.06_i386.deb
Size/MD5: 580748 38ef03be6459a041f92668b550b3efa7

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.06_powerpc.deb
Size/MD5: 598866 3213b3cef084f98fa010a719535aa72a

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.06_sparc.deb
Size/MD5: 594890 bd551cba69f370ed1ffc2aa3b9eb39ec

Updated packages for Ubuntu 6.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.10.diff.gz
      Size/MD5: 54524 eebf0a7b77625db94987d03d0171252f
    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.10.dsc
      Size/MD5: 648 e4cb0fca076db296eaf91f57b87e32f1
    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2.orig.tar.gz
      Size/MD5: 840519 ed68ea9b43d9fba0972cb017a24940a1

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.10_amd64.deb
Size/MD5: 606076 d302fc97f5890de4a22ef77580f04c00

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.10_i386.deb
Size/MD5: 584358 f01e1a4282ac189db902c252f92d6a7f

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.10_powerpc.deb
Size/MD5: 599994 ac26d1da763cdad66e9fa8b1846968e6

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.10_sparc.deb
Size/MD5: 597784 76c7fd9e1ed7b229fb5de57f60394db1

Ubuntu Security Notice USN-371-1 October 31, 2006
ruby1.8 vulnerability
CVE-2006-5467

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.04:
libruby1.8 1.8.1+1.8.2pre4-1ubuntu0.5

Ubuntu 5.10:
libruby1.8 1.8.2-9ubuntu1.3

Ubuntu 6.06 LTS:
libruby1.8 1.8.4-1ubuntu1.2

Ubuntu 6.10:
libruby1.8 1.8.4-5ubuntu1.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

An error was found in Ruby's CGI library that did not correctly check for the end of multipart MIME requests. Using a crafted HTTP request, a remote user could cause a denial of service, where Ruby CGI applications would end up in a loop, monopolizing a CPU.

Updated packages for Ubuntu 5.04:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.5.diff.gz
      Size/MD5: 36237 4cf0186e529c8572e63c3e5fa23b8490
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.5.dsc
      Size/MD5: 1408 6840b3026fe9ff9c2d1b3bfc9439537a
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/ruby1.8_1.8.1+1.8.2pre4.orig.tar.gz
      Size/MD5: 3598517 1bf195093ed5279412f1047f70fafded

Architecture independent packages:

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

i386 architecture (x86 compatible Intel/AMD)

powerpc architecture (Apple Macintosh G3/G4/G5)

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/ruby1.8_1.8.2-9ubuntu1.3.diff.gz
      Size/MD5: 894589 bc74dd6218ff68f2fadf884ee1aed4c8
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/ruby1.8_1.8.2-9ubuntu1.3.dsc
      Size/MD5: 1030 8ee6f558a861faefda5868fc8b55f84d
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/ruby1.8_1.8.2.orig.tar.gz
      Size/MD5: 3623780 4bc5254bec262d18cf1ceef03aae8bdf

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/irb1.8_1.8.2-9ubuntu1.3_all.deb
      Size/MD5: 178998 b01c858e2ad0dc149c5318541322d100
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/rdoc1.8_1.8.2-9ubuntu1.3_all.deb
      Size/MD5: 244044 06937668d2a3d95f69c519cd86f1878d
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/ri1.8_1.8.2-9ubuntu1.3_all.deb
      Size/MD5: 719238 2128b244e619c00659af6dc464554e93
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/ruby1.8-elisp_1.8.2-9ubuntu1.3_all.deb
      Size/MD5: 154368 e1dbb89906ef020c3268a090ed557139
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/ruby1.8-examples_1.8.2-9ubuntu1.3_all.deb
      Size/MD5: 189056 af6df07e5f517190cedd1b5cfc683f17

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

i386 architecture (x86 compatible Intel/AMD)

powerpc architecture (Apple Macintosh G3/G4/G5)

Updated packages for Ubuntu 6.06 LTS:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/ruby1.8_1.8.4-1ubuntu1.2.diff.gz
      Size/MD5: 35030 4a6318bfb6c2d5e64f0f353d8e7094ef
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/ruby1.8_1.8.4-1ubuntu1.2.dsc
      Size/MD5: 1029 8c9154d657d6ac0c085308a811006ea3
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/ruby1.8_1.8.4.orig.tar.gz
      Size/MD5: 4308915 2994203e0815ea978965de34287c5ea2

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/irb1.8_1.8.4-1ubuntu1.2_all.deb
      Size/MD5: 206682 2ee54a5fbadd3067bbb795a1503726dd
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/rdoc1.8_1.8.4-1ubuntu1.2_all.deb
      Size/MD5: 271544 256862d6d7c6eef5a64a4f9bcf18e65e
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/ri1.8_1.8.4-1ubuntu1.2_all.deb
      Size/MD5: 756812 c534f01495cce97c1571ca1d52f7ffc1
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/ruby1.8-elisp_1.8.4-1ubuntu1.2_all.deb
      Size/MD5: 181440 86a13e3a66b44a319e64921d4b5bdc1b
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/ruby1.8-examples_1.8.4-1ubuntu1.2_all.deb
      Size/MD5: 213688 cfe291f37e22173205494277fdbb5f1e

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

i386 architecture (x86 compatible Intel/AMD)

powerpc architecture (Apple Macintosh G3/G4/G5)

sparc architecture (Sun SPARC/UltraSPARC)

Updated packages for Ubuntu 6.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/ruby1.8_1.8.4-5ubuntu1.1.diff.gz
      Size/MD5: 77670 0694a30e3701b6639ddd8d475cf762a3
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/ruby1.8_1.8.4-5ubuntu1.1.dsc
      Size/MD5: 1056 92cc353b8bf288be8a5d557eed54e8f5
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/ruby1.8_1.8.4.orig.tar.gz
      Size/MD5: 4308915 2994203e0815ea978965de34287c5ea2

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/irb1.8_1.8.4-5ubuntu1.1_all.deb
      Size/MD5: 209266 9f1c22095c4e6aa81f4c5d34f64a467b
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/rdoc1.8_1.8.4-5ubuntu1.1_all.deb
      Size/MD5: 274176 0b437ce21327398e88d475fed1e3063c
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/ri1.8_1.8.4-5ubuntu1.1_all.deb
      Size/MD5: 776574 a322f493e771f3856d95535bec095113
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/ruby1.8-elisp_1.8.4-5ubuntu1.1_all.deb
      Size/MD5: 184032 11991d08dc9223aa76d62cc68fe4663a
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/ruby1.8-examples_1.8.4-5ubuntu1.1_all.deb
      Size/MD5: 216324 9a3b2d5675fb8c067065fee77b5f4aaa

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

i386 architecture (x86 compatible Intel/AMD)

powerpc architecture (Apple Macintosh G3/G4/G5)

sparc architecture (Sun SPARC/UltraSPARC)

Ubuntu Security Notice USN-373-1 November 01, 2006
mutt vulnerabilities
CVE-2006-5297, CVE-2006-5298

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.10:
mutt 1.5.9-2ubuntu1.2

Ubuntu 6.06 LTS:
mutt 1.5.11-3ubuntu2.2

Ubuntu 6.10:
mutt 1.5.12-1ubuntu1.1

After a standard system upgrade you need to restart mutt to effect the necessary changes.

Details follow:

Race conditions were discovered in mutt's handling of temporary files. Under certain conditions when using a shared temp directory (the default), other local users could overwrite arbitrary files owned by the user running mutt. This vulnerability is more likely when the temp directory is over NFS.

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9-2ubuntu1.2.diff.gz
      Size/MD5: 94051 44a298795bfed9dad61cb13ad6613373
    http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9-2ubuntu1.2.dsc
      Size/MD5: 781 5f99006e61b707b6b5e1766694a1fa02
    http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9.orig.tar.gz
      Size/MD5: 3033253 587dd1d8f44361b73b82ef64eb30c3a0

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9-2ubuntu1.2_amd64.deb
Size/MD5: 731908 70dcc1e0c188642e0e33f78d9042d413

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9-2ubuntu1.2_i386.deb
Size/MD5: 680158 b72fb699dd4960b85093fba91d7882bc

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9-2ubuntu1.2_powerpc.deb
Size/MD5: 725690 e6f151b9bd4053ea48ea29b4f474ddec

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9-2ubuntu1.2_sparc.deb
Size/MD5: 697634 8b8a6fadab315b826db56a77adb003b5

Updated packages for Ubuntu 6.06 LTS:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11-3ubuntu2.2.diff.gz
      Size/MD5: 417839 7fc3fbca7a2532c8299d9f5abf50063c
    http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11-3ubuntu2.2.dsc
      Size/MD5: 749 cf87540f9b41135b360a3a50427c7cbb
    http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11.orig.tar.gz
      Size/MD5: 3187076 30f165fdfaf474521a640f1f3886069a

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11-3ubuntu2.2_amd64.deb
Size/MD5: 961092 6c7028e9a210d3cfb19ae8233598f2a9

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11-3ubuntu2.2_i386.deb
Size/MD5: 907980 657ded1e8e7887f93f7e067ad2d62bae

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11-3ubuntu2.2_powerpc.deb
Size/MD5: 957334 08aad1d84d5ea91af31221a8f81d285c

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11-3ubuntu2.2_sparc.deb
Size/MD5: 925302 3e66e893cb497f918e35c64e32abaeda

Updated packages for Ubuntu 6.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.12-1ubuntu1.1.diff.gz
      Size/MD5: 136823 71bb1c771dc6c257ed6624a59b41bff7
    http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.12-1ubuntu1.1.dsc
      Size/MD5: 749 a49828c3436c2783fb40670fb167864a
    http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.12.orig.tar.gz
      Size/MD5: 3440835 57196c816211a72900fdc54341eb0132

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.12-1ubuntu1.1_amd64.deb
Size/MD5: 1832512 1f5479a1c3d11b5d91d01a979612fcd8

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.12-1ubuntu1.1_i386.deb
Size/MD5: 1014220 c07a5f19d5aa5a282bbae2964f3d3393

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.12-1ubuntu1.1_powerpc.deb
Size/MD5: 1049642 a9b3c0e14c3a01be49af7e05697d83a6

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.12-1ubuntu1.1_sparc.deb
Size/MD5: 1806914 3b36cf505556b256a60d6d9b090559fd

Ubuntu Security Notice USN-374-1 November 01, 2006
wv vulnerability
CVE-2006-4513

A security issue affects the following Ubuntu releases:

Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.10:
libwv-1.2-1 1.2.1-2ubuntu0.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

An integer overflow was discovered in the DOC file parser of the wv library. By tricking a user into opening a specially crafted MSWord (.DOC) file, remote attackers could execute arbitrary code with the user's privileges.

Updated packages for Ubuntu 6.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/w/wv/wv_1.2.1-2ubuntu0.1.diff.gz
      Size/MD5: 11929 1162b872e4e77345295a34e0c7fb731b
    http://security.ubuntu.com/ubuntu/pool/main/w/wv/wv_1.2.1-2ubuntu0.1.dsc
      Size/MD5: 716 4ec3816084073a77df966ff2fec1a40e
    http://security.ubuntu.com/ubuntu/pool/main/w/wv/wv_1.2.1.orig.tar.gz
      Size/MD5: 628027 d757080af4595839d5d82a1a573c692c

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-1.2-1_1.2.1-2ubuntu0.1_amd64.deb
      Size/MD5: 146278 3eb3817dfa782c6e3bcc22c6fb35b8ad
    http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-dev_1.2.1-2ubuntu0.1_amd64.deb
      Size/MD5: 202772 30ebeb74c64333e33d5604df48a0f8f0
    http://security.ubuntu.com/ubuntu/pool/universe/w/wv/wv_1.2.1-2ubuntu0.1_amd64.deb
      Size/MD5: 90506 a1835a5db7c038487567686e77a95f9a

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-1.2-1_1.2.1-2ubuntu0.1_i386.deb
      Size/MD5: 138724 918761ea08c2eb366821648adc571bc3
    http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-dev_1.2.1-2ubuntu0.1_i386.deb
      Size/MD5: 180656 f041845463774af932bdd8a848422481
    http://security.ubuntu.com/ubuntu/pool/universe/w/wv/wv_1.2.1-2ubuntu0.1_i386.deb
      Size/MD5: 88162 3940c61f26c24d2ac1f66d33a7f00166

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-1.2-1_1.2.1-2ubuntu0.1_powerpc.deb
      Size/MD5: 140532 6f76eefa75620e73bfe7738e67618bab
    http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-dev_1.2.1-2ubuntu0.1_powerpc.deb
      Size/MD5: 207102 d241cdb9f374c6f6b61c7ce9667f79b6
    http://security.ubuntu.com/ubuntu/pool/universe/w/wv/wv_1.2.1-2ubuntu0.1_powerpc.deb
      Size/MD5: 94366 682568966d755eb3e55ef210ff08dd05

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-1.2-1_1.2.1-2ubuntu0.1_sparc.deb
      Size/MD5: 136236 a8a17256755dfb88d996972dd76736d7
    http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-dev_1.2.1-2ubuntu0.1_sparc.deb
      Size/MD5: 189474 7e263e180bcf218dd6714ab813c9bf97
    http://security.ubuntu.com/ubuntu/pool/universe/w/wv/wv_1.2.1-2ubuntu0.1_sparc.deb
      Size/MD5: 88130 413b2fb70a223db99545e4e3ccbe2145

No talkbacks posted.

Home | Search Talkbacks | Customize View

Top of Page

Enter your comments below:

All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux, Apache and PHP

Terms of Service | Licensing & Permissions | Privacy Policy
About the Developer.com Network | Advertise

Terms of Service | Licensing & Permissions | Privacy Policy
About the IT Business Edge Network | Advertise

Acceptable Use Policy

Terms of Service | Licensing & Permissions | Privacy Policy
About the Developer.com Network | Advertise

Acceptable Use Policy

Terms of Service | Licensing & Permissions | Privacy Policy
About the IT Business Edge Network | Advertise