"Ubuntu Security Notice USN-847-1 October 08, 2009
devscripts vulnerability
CVE-2009-2946
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
devscripts 2.10.11ubuntu5.8.04.4
Ubuntu 8.10:
devscripts 2.10.26ubuntu15.2
Ubuntu 9.04:
devscripts 2.10.39ubuntu7.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Raphael Geissert discovered that uscan, a part of devscripts, did not
properly sanitize its input when processing pathnames. If uscan processed a
crafted filename for a file on a remote server, an attacker could execute
arbitrary code with the privileges of the user invoking the program.
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/devscripts/devscripts_2.10.11ubuntu5.8.04.4.dsc
Size/MD5: 1255 e77cd75293868dce15bda87381699c60
http://security.ubuntu.com/ubuntu/pool/main/d/devscripts/devscripts_2.10.11ubuntu5.8.04.4.tar.gz
Size/MD5: 494661 b9836cd30eaab24a4ae677caa501a3c3
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/devscripts/devscripts_2.10.11ubuntu5.8.04.4_amd64.deb
Size/MD5: 415752 5e481014f7449d48747173827c6112f8
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/devscripts/devscripts_2.10.11ubuntu5.8.04.4_i386.deb
Size/MD5: 415498 c91b58be71303331b753843b3f65e238
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/d/devscripts/devscripts_2.10.11ubuntu5.8.04.4_lpia.deb
Size/MD5: 415424 a3ffe0b548091da9a06b6540e2e81931
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/d/devscripts/devscripts_2.10.11ubuntu5.8.04.4_powerpc.deb
Size/MD5: 418916 9b0821303a4e38f70de0bdc46e6defec
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/d/devscripts/devscripts_2.10.11ubuntu5.8.04.4_sparc.deb
Size/MD5: 415792 f1a09efc55c39effc8e6cd01f4d49758
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/devscripts/devscripts_2.10.26ubuntu15.2.dsc
Size/MD5: 1530 a2f1aebd332918e92060980ac76011fa
http://security.ubuntu.com/ubuntu/pool/main/d/devscripts/devscripts_2.10.26ubuntu15.2.tar.gz
Size/MD5: 561023 0c73fe1803a03333866299cf4909985c
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/devscripts/devscripts_2.10.26ubuntu15.2_amd64.deb
Size/MD5: 471866 f89e7cd144b853bc99baf4c966e0c3e3
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/devscripts/devscripts_2.10.26ubuntu15.2_i386.deb
Size/MD5: 471522 042a41e7c54ef83ed3b44d5191c15a07
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/d/devscripts/devscripts_2.10.26ubuntu15.2_lpia.deb
Size/MD5: 471450 2ece0a60ad5ab0b2c3404d450a36eb16
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/d/devscripts/devscripts_2.10.26ubuntu15.2_powerpc.deb
Size/MD5: 474890 c6efa6fb38fb77446566abd5cdb05d28
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/d/devscripts/devscripts_2.10.26ubuntu15.2_sparc.deb
Size/MD5: 472200 90da98a2ea045bf27c456f652b9f9b6b
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/devscripts/devscripts_2.10.39ubuntu7.1.dsc
Size/MD5: 1537 3f5d345bb069e0796433b96dae26d9d0
http://security.ubuntu.com/ubuntu/pool/main/d/devscripts/devscripts_2.10.39ubuntu7.1.tar.gz
Size/MD5: 624181 ecc8f7705c920f415f0db16ac5e1d5cb
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/devscripts/devscripts_2.10.39ubuntu7.1_amd64.deb
Size/MD5: 529182 2a19ee9baffa132f6c56268c893d9a1e
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/devscripts/devscripts_2.10.39ubuntu7.1_i386.deb
Size/MD5: 528806 2adb86a60d3e11a3ca2a076a0736148e
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/d/devscripts/devscripts_2.10.39ubuntu7.1_lpia.deb
Size/MD5: 528698 e519f930ed469db24073db51e3586bcb
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/d/devscripts/devscripts_2.10.39ubuntu7.1_powerpc.deb
Size/MD5: 532576 623f2380e8276dbc6facbff757f43554
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/d/devscripts/devscripts_2.10.39ubuntu7.1_sparc.deb
Size/MD5: 529380 5e32ebcc85a7bcadf98d27853d940b16
--dc+cDN39EJAMEtIO
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkrOXfIACgkQW0JvuRdL8BqSTQCfXhpan1SS13o6vDyeOLbHqC9m
7G8Anj5a8aHX7vQzrwoa9lGo/hK4yfca
=Awtu
-----END PGP SIGNATURE-----
"
Rihanna saved millions on new homeUSN-845-1: Pan vulnerability
This entry was posted
on 1:11 PM
.
Archives
-
▼
2009
(488)
-
▼
October
(44)
- DSA 1915-1: New Linux 2.6.26 packages fix several ...
- RHSA-2009:1529-01 Moderate: samba security update
- USN-850-2: poppler regression
- GLSA 200910-03 Adobe Reader: Multiple vulnerabili...
- DSA 1919-1: New smarty packages fix several vulner...
- DSA 1917-1: New mimetex packages fix several vulne...
- DSA 1912-2: New advi packages fix arbitrary code e...
- GLSA 200910-02 Pidgin: Multiple vulnerabilities
- USN-850-1: poppler vulnerabilities
- RHSA-2009:1522-01 Moderate: kernel security and bu...
- RHSA-2009:1512-01 Important: kdegraphics security ...
- DSA 1912-1: New camlimages fix arbitrary code exec...
- DSA 1913-1: New bugzilla packages fix SQL injection
- DSA 1911-1: New pygresql packages provide secure e...
- RHSA-2009:1499-01 Critical: acroread security update
- RHSA-2009:1501-01 Important: xpdf security update
- USN-848-1: Zope vulnerabilities
- RHSA-2009:1503-01 Important: gpdf security update
- RHSA-2009:1505-01 Moderate: java-1.4.2-ibm securit...
- RHSA-2009:1504-01 Important: poppler security and ...
- DSA 1910-1: New mysql-ocaml packages provide secur...
- USN-849-1: libsndfile vulnerabilities
- RHSA-2009:1502-01 Important: kdegraphics security ...
- RHSA-2009:1513-01 Moderate: cups security update
- USN-847-1: Devscripts vulnerability
- DSA 1895-2: New opensaml2 and shibboleth-sp2 packa...
- DSA 1906-1: End-of-life announcement for clamav in...
- USN-846-1: ICU vulnerability
- USN-845-1: Pan vulnerability
- RHSA-2009:1484-01 Moderate: postgresql security up...
- USN-843-1: BackupPC vulnerability
- USN-842-1: Wget vulnerability
- USN-841-1: GLib vulnerability
- DSA 1902-1: New elinks packages fix arbitrary code...
- DSA 1899-1: New strongswan packages fix denial of ...
- DSA 1901-1: New mediawiki1.7 packages fix several ...
- RHSA-2009:1471-01 Important: elinks security update
- USN-839-1: Samba vulnerabilities
- DSA 1898-1: New openswan packages fix denial of se...
- RHSA-2009:1470-01 Moderate: openssh security update
- USN-838-1: Dovecot vulnerabilities
- RHSA-2009:1472-01 Moderate: xen security and bug f...
- RHSA-2009:1469-01 Important: kernel security update
- RHSA-2009:1455-01 Moderate: kernel security and bu...
-
▼
October
(44)