ubuntu-security-announce@lists.ubuntu.com
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com
You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."
Today's Topics:
1. [USN-441-1] Squid vulnerability (Kees Cook)
2. [USN-442-1] Evolution vulnerability (Kees Cook)
----------------------------------------------------------------------
Message: 1
Date: Mon, 26 Mar 2007 12:27:57 -0700
From: Kees Cook <kees@ubuntu.com>
Subject: [USN-441-1] Squid vulnerability
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Message-ID: <20070326192757.GR22797@outflux.net>
Content-Type: text/plain; charset="us-ascii"
===========================================================
Ubuntu Security Notice USN-441-1 March 26, 2007
squid vulnerability
CVE-2007-1560
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.10:
squid-common 2.6.1-3ubuntu1.3
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
A flaw was discovered in Squid's handling of the TRACE request method
which could lead to a crash. Remote attackers with access to the Squid
server could send malicious TRACE requests, and cause a denial of
service.
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.3.diff.gz
Size/MD5: 250876 1cdb68f572905a658332626bf5c82e0d
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.3.dsc
Size/MD5: 675 68ea342ede9e0884bd9322f506d5e853
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1.orig.tar.gz
Size/MD5: 1593236 5035d9cc90e8033e4eac232ce19a665f
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.6.1-3ubuntu1.3_all.deb
Size/MD5: 415788 177a7816bf2c86a023f5c7430d347c51
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1-3ubuntu1.3_amd64.deb
Size/MD5: 109486 82e54a172321ef88adb4adbe9c5aa280
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.3_amd64.deb
Size/MD5: 678350 49dedf891d3278a315c883b77a772863
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.1-3ubuntu1.3_amd64.deb
Size/MD5: 82004 8531f4aace8da06140b083a3a45d222c
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1-3ubuntu1.3_i386.deb
Size/MD5: 108662 a0ecd2ae24f41f65d8140cd0ab5589c0
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.3_i386.deb
Size/MD5: 609310 132f8fdc740c9ef37240a3e52fb9eb2e
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.1-3ubuntu1.3_i386.deb
Size/MD5: 81248 33e11dee2c379ca822086590757b44b4
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1-3ubuntu1.3_powerpc.deb
Size/MD5: 109314 b01d5dae4d047d685eecf9d4a38fa444
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.3_powerpc.deb
Size/MD5: 683102 da2e3182544065eff0d5f1a2a2e5757f
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.1-3ubuntu1.3_powerpc.deb
Size/MD5: 81936 77d439db8784d924e45e55a95e1faf7f
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1-3ubuntu1.3_sparc.deb
Size/MD5: 108928 f0335d3acb4695bb7cef62ca6d49cfda
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.3_sparc.deb
Size/MD5: 635674 91801712e36e9acac7b1e749b8cfbb39
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.1-3ubuntu1.3_sparc.deb
Size/MD5: 82300 16d95a56a9e55d1b0b3ec8af5e01e43f
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20070326/f115eb34/attachment.pgp
------------------------------
Message: 2
Date: Mon, 26 Mar 2007 12:31:42 -0700
From: Kees Cook <kees@ubuntu.com>
Subject: [USN-442-1] Evolution vulnerability
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Message-ID: <20070326193142.GS22797@outflux.net>
Content-Type: text/plain; charset="us-ascii"
===========================================================
Ubuntu Security Notice USN-442-1 March 26, 2007
evolution vulnerability
CVE-2007-1002
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
evolution 2.6.1-0ubuntu7.1
Ubuntu 6.10:
evolution 2.8.1-0ubuntu4.1
After a standard system upgrade you need to restart Evolution or reboot
your computer to effect the necessary changes.
Details follow:
Ulf Harnhammar of Secunia Research discovered that Evolution did not
correctly handle format strings when displaying shared memos. If a
remote attacker tricked a user into viewing a specially crafted shared
memo, they could execute arbitrary code with user privileges.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.1.diff.gz
Size/MD5: 203008 2ae07aca07876171488a3742fcf6cd7d
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.1.dsc
Size/MD5: 1402 70ff6cd8aba5ce24c06b89322023992f
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1.orig.tar.gz
Size/MD5: 17037346 e2ba35f5eaa324d0eb552c1c87405042
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.6.1-0ubuntu7.1_amd64.deb
Size/MD5: 6577972 498a48802494560e62697f9d1fc7f9ce
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.6.1-0ubuntu7.1_amd64.deb
Size/MD5: 216282 e62eb68d84fc250692bbb2f306543f5e
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.6.1-0ubuntu7.1_amd64.deb
Size/MD5: 332896 dae270dbfc6e066649d6582b47026a03
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.1_amd64.deb
Size/MD5: 4955414 23d03c1b299f17cc35deeff387072b2c
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.6.1-0ubuntu7.1_i386.deb
Size/MD5: 5741630 0f8ff4369f8532fda8ddf0e51cd520d0
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.6.1-0ubuntu7.1_i386.deb
Size/MD5: 216300 1dea6eedc89ab62b30d305bae64cf280
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.6.1-0ubuntu7.1_i386.deb
Size/MD5: 304794 537374fa643646397e4f190cf04c9a4f
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.1_i386.deb
Size/MD5: 4696350 9a02afe119a2780003a153244fbfa6d8
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.6.1-0ubuntu7.1_powerpc.deb
Size/MD5: 6512980 e13fc8bbc5d316072bdfc29dec731356
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.6.1-0ubuntu7.1_powerpc.deb
Size/MD5: 216290 7a5b51f4d6242034010f228307f20cb1
Size/MD5: 348122 bfa4413a04e17d2253f151707650848f
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.1_powerpc.deb
Size/MD5: 4838568 24d0aa33e501a30354785c1fdc60a91b
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.6.1-0ubuntu7.1_sparc.deb
Size/MD5: 5824986 77f688641c4d4391196aae225c101ddf
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.6.1-0ubuntu7.1_sparc.deb
Size/MD5: 216314 7b7aa826df864586fd3081afe8e34dd3
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.6.1-0ubuntu7.1_sparc.deb
Size/MD5: 304758 1ea9ddcd94a5d2e096105832801e382a
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.1_sparc.deb
Size/MD5: 4781704 8b845a4b4cdc0c9bb98e6036698d4d18
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1-0ubuntu4.1.diff.gz
Size/MD5: 362367 369d47c1902a4eded5b638c786ab222c
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1-0ubuntu4.1.dsc
Size/MD5: 1373 da428269e616e6f21d63266a0447424f
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1.orig.tar.gz
Size/MD5: 17782443 0ce38f1ae7992e00eec3414e62cb3a59
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.8.1-0ubuntu4.1_amd64.deb
Size/MD5: 6569246 4cd8e2a6ee3c2b00253804d65ce2417e
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.8.1-0ubuntu4.1_amd64.deb
Size/MD5: 212314 43d020bb87ec8f9d00952d9f17f76cd3
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.8.1-0ubuntu4.1_amd64.deb
Size/MD5: 124000 95d482c09e7140b76afa9c8ae788fe39
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1-0ubuntu4.1_amd64.deb
Size/MD5: 5341080 53a444b95c4275bf8e338251033aea4c
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.8.1-0ubuntu4.1_i386.deb
Size/MD5: 6183514 debcc0562af15abf0049619b231a3851
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.8.1-0ubuntu4.1_i386.deb
Size/MD5: 212326 833c45b1ac595d8b9c1fe0133f775f6f
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.8.1-0ubuntu4.1_i386.deb
Size/MD5: 119026 f53322b9df228674cc5b5d5ec3b581a8
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1-0ubuntu4.1_i386.deb
Size/MD5: 5143056 3ad68c9a9a546379e4d37da97ea737e1
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.8.1-0ubuntu4.1_powerpc.deb
Size/MD5: 6567094 0de2ecf5ac22debc34e62d4318bc1860
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.8.1-0ubuntu4.1_powerpc.deb
Size/MD5: 212318 f2dcdcfcc4b2f157d258213a1ca6328e
Size/MD5: 132218 cba1dff0546242060d83b58d03311d3e
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1-0ubuntu4.1_powerpc.deb
Size/MD5: 5242672 00e64b862a130607586770ee2329619f
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.8.1-0ubuntu4.1_sparc.deb
Size/MD5: 6084110 51e9855eb0669f30bf0d8c197901659f
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.8.1-0ubuntu4.1_sparc.deb
Size/MD5: 212320 68b6ce59b82753e10b4f481552970b77
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.8.1-0ubuntu4.1_sparc.deb
Size/MD5: 117242 cc20e0c7057bd6ef2ec2d84ef31b6c7e
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1-0ubuntu4.1_sparc.deb
Size/MD5: 5151890 494d1c41a154f4ceb2830dd6fcfbc721
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20070326/f4b5ea3c/attachment.pgp
------------------------------
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
End of ubuntu-security-announce Digest, Vol 30, Issue 13
********************************************************
No comments:
Post a Comment