"Ubuntu Security Notice USN-890-5 February 18, 2010
xmlrpc-c vulnerabilities
CVE-2009-3560, CVE-2009-3720
==========================
==========================
=========
A security issue affects the following Ubuntu releases:
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.10:
libxmlrpc-core-c3 1.06.27-1ubuntu6.1
After a standard system upgrade you need to restart any applications linked
against XML-RPC for C and C++ to effect the necessary changes.
Details follow:
USN-890-1 fixed vulnerabilities in Expat. This update provides the
corresponding updates for XML-RPC for C and C++.
Original advisory details:
Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did
not properly process malformed XML. If a user or application linked against
Expat were tricked into opening a crafted XML file, an attacker could cause
a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)
It was discovered that Expat did not properly process malformed UTF-8
sequences. If a user or application linked against Expat were tricked into
opening a crafted XML file, an attacker could cause a denial of service via
application crash. (CVE-2009-3560)
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xmlrpc-c/xmlrpc-c_1.06.27=
-1ubuntu6.1.diff.gz
Size/MD5: 8970 3c900d470791bc6f96fef9f62ff855a6
http://security.ubuntu.com/ubuntu/pool/main/x/xmlrpc-c/xmlrpc-c_1.06.27=
-1ubuntu6.1.dsc
Size/MD5: 1235 ff5185e7e4f8dd3e28ca8ad37a71bc91
http://security.ubuntu.com/ubuntu/pool/main/x/xmlrpc-c/xmlrpc-c_1.06.27=
.orig.tar.gz
Size/MD5: 699510 bd58eae4f4ff3a5c469702dfeea55ec6
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/x/xmlrpc-c/libxmlrpc-c3-dev=
_1.06.27-1ubuntu6.1_amd64.deb
Size/MD5: 191574 c2a2705611c5b231cc3bb3437c156f98
http://security.ubuntu.com/ubuntu/pool/main/x/xmlrpc-c/libxmlrpc-c3_1.0=
6.27-1ubuntu6.1_amd64.deb
Size/MD5: 138520 10302283794426be7ecb9f9da8826977
http://security.ubuntu.com/ubuntu/pool/main/x/xmlrpc-c/libxmlrpc-core-c=
3-dev_1.06.27-1ubuntu6.1_amd64.deb
Size/MD5: 150084 ae045bdb465eb913731eb9e5fd66f6a6
http://security.ubuntu.com/ubuntu/pool/main/x/xmlrpc-c/libxmlrpc-core-c=
3_1.06.27-1ubuntu6.1_amd64.deb
Size/MD5: 99832 b6fbfc2bf4410876efc9fe10d0d26be1
http://security.ubuntu.com/ubuntu/pool/universe/x/xmlrpc-c/xml-rpc-api2=
cpp_1.06.27-1ubuntu6.1_amd64.deb
Size/MD5: 33750 09898228a91d9b0b10f3c4aef67ec190
http://security.ubuntu.com/ubuntu/pool/universe/x/xmlrpc-c/xml-rpc-api2=
txt_1.06.27-1ubuntu6.1_amd64.deb
Size/MD5: 9380 b807c5c14b048de0e885211d8411e72e
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/x/xmlrpc-c/libxmlrpc-c3-dev=
_1.06.27-1ubuntu6.1_i386.deb
Size/MD5: 182138 7aa09d75854f07632eaa36fd9beb6843
http://security.ubuntu.com/ubuntu/pool/main/x/xmlrpc-c/libxmlrpc-c3_1.0=
6.27-1ubuntu6.1_i386.deb
Size/MD5: 131416 56f607d37920de0f41c27b69334111e6
http://security.ubuntu.com/ubuntu/pool/main/x/xmlrpc-c/libxmlrpc-core-c=
3-dev_1.06.27-1ubuntu6.1_i386.deb
Size/MD5: 140394 5da6f9cd96c63509ca9784a7042eba65
http://security.ubuntu.com/ubuntu/pool/main/x/xmlrpc-c/libxmlrpc-core-c=
3_1.06.27-1ubuntu6.1_i386.deb
Size/MD5: 89646 cd2d07e62047f070662d10f060df0cfe
http://security.ubuntu.com/ubuntu/pool/universe/x/xmlrpc-c/xml-rpc-api2=
cpp_1.06.27-1ubuntu6.1_i386.deb
Size/MD5: 32702 6b1a84ec6820543c9dc7b953a5f123e5
http://security.ubuntu.com/ubuntu/pool/universe/x/xmlrpc-c/xml-rpc-api2=
txt_1.06.27-1ubuntu6.1_i386.deb
Size/MD5: 9384 4819490cbfacdd94a8cf0db7f4f17e79
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/x/xmlrpc-c/libxmlrpc-c3-dev_1.06.27-1=
ubuntu6.1_lpia.deb
Size/MD5: 180186 39862ee6fb6e16f4dd1003ef8b686028
http://ports.ubuntu.com/pool/main/x/xmlrpc-c/libxmlrpc-c3_1.06.27-1ubun=
tu6.1_lpia.deb
Size/MD5: 130832 56c7b4f046f1f8f873306080bf4cede2
http://ports.ubuntu.com/pool/main/x/xmlrpc-c/libxmlrpc-core-c3-dev_1.06=
.27-1ubuntu6.1_lpia.deb
Size/MD5: 138558 86254ef314197d91bf950920877dd57a
http://ports.ubuntu.com/pool/main/x/xmlrpc-c/libxmlrpc-core-c3_1.06.27-=
1ubuntu6.1_lpia.deb
Size/MD5: 88648 8cc8e2985938247771e282fb2ec74ed2
http://ports.ubuntu.com/pool/universe/x/xmlrpc-c/xml-rpc-api2cpp_1.06.2=
7-1ubuntu6.1_lpia.deb
Size/MD5: 33176 83324c4b95b606fb340f0befff3d31e1
http://ports.ubuntu.com/pool/universe/x/xmlrpc-c/xml-rpc-api2txt_1.06.2=
7-1ubuntu6.1_lpia.deb
Size/MD5: 9384 c7b935f896abac2f9bd56b5b28445310
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/x/xmlrpc-c/libxmlrpc-c3-dev_1.06.27-1=
ubuntu6.1_powerpc.deb
Size/MD5: 187912 486758dc40e04cf06ad1fdce6ae16e6d
http://ports.ubuntu.com/pool/main/x/xmlrpc-c/libxmlrpc-c3_1.06.27-1ubun=
tu6.1_powerpc.deb
Size/MD5: 137040 67220384287d2e5b2794a17262445556
http://ports.ubuntu.com/pool/main/x/xmlrpc-c/libxmlrpc-core-c3-dev_1.06=
.27-1ubuntu6.1_powerpc.deb
Size/MD5: 156454 675c23ccc310f179ec1f7997645aac1f
http://ports.ubuntu.com/pool/main/x/xmlrpc-c/libxmlrpc-core-c3_1.06.27-=
1ubuntu6.1_powerpc.deb
Size/MD5: 94152 d2f177d93c783799c63991b64d6ceeb0
http://ports.ubuntu.com/pool/universe/x/xmlrpc-c/xml-rpc-api2cpp_1.06.2=
7-1ubuntu6.1_powerpc.deb
Size/MD5: 33250 98efefe38967441c5c15d3d06e1f4051
http://ports.ubuntu.com/pool/universe/x/xmlrpc-c/xml-rpc-api2txt_1.06.2=
7-1ubuntu6.1_powerpc.deb
Size/MD5: 9386 5b79da5cbaf25ed20b9f11a9c06697e5
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/x/xmlrpc-c/libxmlrpc-c3-dev_1.06.27-1=
ubuntu6.1_sparc.deb
Size/MD5: 183118 3b3bef9a36389a1ba4f92ecd11c95977
http://ports.ubuntu.com/pool/main/x/xmlrpc-c/libxmlrpc-c3_1.06.27-1ubun=
tu6.1_sparc.deb
Size/MD5: 125894 26ea9b2e3c93e1969a4b57a2237d5f6b
http://ports.ubuntu.com/pool/main/x/xmlrpc-c/libxmlrpc-core-c3-dev_1.06=
.27-1ubuntu6.1_sparc.deb
Size/MD5: 119290 4a15dcbdb3429aed9263f3940f04fcd2
http://ports.ubuntu.com/pool/main/x/xmlrpc-c/libxmlrpc-core-c3_1.06.27-=
1ubuntu6.1_sparc.deb
Size/MD5: 83000 2caba2114e0745fffa7bd71c52373cc5
http://ports.ubuntu.com/pool/universe/x/xmlrpc-c/xml-rpc-api2cpp_1.06.2=
7-1ubuntu6.1_sparc.deb
Size/MD5: 33024 952e863564659fc1c9e73be847ff5756
http://ports.ubuntu.com/pool/universe/x/xmlrpc-c/xml-rpc-api2txt_1.06.2=
7-1ubuntu6.1_sparc.deb
Size/MD5: 9384 ea9363a086d7bcbf10b7ab15e6c8adeb
--6c2NcOVqGQ03X4Wi
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkt9uGUACgkQW0JvuRdL8Bp0ewCeJev16YBoCg8q+2R5SlddIloS
3+AAnR7+W3A4ve7KnpIY481mEv4UR6RC
=z5sT
-----END PGP SIGNATURE-----
"
USN-898-1: gnome-screensaver vulnerabilityDepeche Mode get The Horrors to support Teenage Cancer Trust gig
This entry was posted
on 12:31 PM
.
Archives
-
▼
2010
(391)
-
▼
February
(42)
- USN-905-1: sudo vulnerabilities
- RHSA-2010:0115-01 Moderate: pidgin security update
- RHSA-2010:0122-01 Important: sudo security update
- USN-904-1: Squid vulnerability
- DSA 2003-1: New Linux 2.6.18 packages fix several ...
- DSA-2002-1: New polipo packages fix denial of service
- RHSA-2010:0114-01 Critical: acroread security and ...
- USN-902-1: Pidgin vulnerabilities
- DSA 1999-1: New xulrunner packages fix several vul...
- USN-895-1: Firefox 3.0 and Xulrunner 1.9 vulnerabi...
- USN-890-5: XML-RPC for C and C++ vulnerabilities
- DSA 2000-1: New ffmpeg packages fix several vulner...
- RHSA-2010:0110-01 Moderate: mysql security update
- RHSA-2010:0115-01 Moderate: pidgin security update
- USN-896-1: Firefox 3.5 and Xulrunner 1.9.1 vulnera...
- RHSA-2010:0112-01 Critical: firefox security update
- RHSA-2010:0113-01 Critical: seamonkey security update
- DSA 1998-1: New kdelibs packages fix arbitrary cod...
- RHSA-2010:0108-01 Moderate: NetworkManager securit...
- USN-900-1: Ruby vulnerabilities
- USN-898-1: gnome-screensaver vulnerability
- RHSA-2010:0103-01 Important: flash-plugin security...
- DSA-1997-1: New mysql-dfsg-5.0 packages fix severa...
- DSA 1994-1: New ajaxterm packages fix session hija...
- RHSA-2010:0102-01 Important: flash-plugin security...
- USN-897-1: MySQL vulnerabilities
- USN-899-1: Tomcat vulnerabilities
- DSA 1992-1: New chrony packages fix denial of service
- DSA 1993-1: New otrs2 packages fix SQL injection
- RHSA-2010:0094-02 Critical: HelixPlayer security u...
- RHSA-2010:0079-01 Important: kernel security and b...
- DSA 1986-1: New moodle packages fix several vulner...
- DSA 1991-1: New squid/squid3 packages fix denial o...
- RHSA-2010:0088-02 Important: kvm security and bug ...
- DSA-1989-1: New fuse packages fix denial of service
- DSA 1841-2: New git-core packages fix build failure
- DSA 1987-1: New lighttpd packages fix denial of se...
- DSA 1983-1: New Wireshark packages fix several vul...
- DSA-1990-2: New trac-git package fixes regression
- DSA-1990-1: New trac-git packages fix code execution
- DSA 1982-1: New hybserv packages fix denial of ser...
- DSA 1968-2: New pdns-recursor packages fix cache p...
-
▼
February
(42)