ubuntu-security-announce@lists.ubuntu.com
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com
You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."
Today's Topics:
1. [USN-443-1] Firefox vulnerability (Kees Cook)
2. [USN-445-1] XMMS vulnerabilities (Kees Cook)
----------------------------------------------------------------------
Message: 1
Date: Tue, 27 Mar 2007 12:51:06 -0700
From: Kees Cook <kees@ubuntu.com>
Subject: [USN-443-1] Firefox vulnerability
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Message-ID: <20070327195106.GT22797@outflux.net>
Content-Type: text/plain; charset="us-ascii"
===========================================================
Ubuntu Security Notice USN-443-1 March 27, 2007
firefox vulnerability
CVE-2007-1562
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.10:
firefox 1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1
Ubuntu 6.06 LTS:
firefox 1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1
Ubuntu 6.10:
firefox 2.0.0.3+0dfsg-0ubuntu0.6.10
After a standard system upgrade you need to restart Firefox or reboot
your computer to effect the necessary changes.
Details follow:
A flaw was discovered in how Firefox handled PASV FTP responses. If a
user were tricked into visiting a malicious FTP server, a remote
attacker could perform a port-scan of machines within the user's
network, leading to private information disclosure.
Updated packages for Ubuntu 5.10:
Source archives:
Size/MD5: 176889 72d60d5a1027301d824e6020c55a104a
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1.dsc
Size/MD5: 1063 1eefb3f0a345080a012aa96badaed129
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.11.orig.tar.gz
Size/MD5: 44677296 d5ef5751a6cb6e51e466d840ededd4c4
Architecture independent packages:
Size/MD5: 50374 0d4e19451574dc4faedf5a3e173a6b40
Size/MD5: 51264 7eb218d325a32cac4d807d3ae80522cb
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
Size/MD5: 3167372 9508e9abec851f792bee0cfa5b23172f
Size/MD5: 217300 8eea6eadf05e26e69b7d3b7948729716
Size/MD5: 83588 04d4a8f21e3220562217ee9581d37495
Size/MD5: 10311050 fc1ef8fd7b32bf938ab7c73697819cb7
i386 architecture (x86 compatible Intel/AMD)
Size/MD5: 3167340 422c441c76bb8c9a46e425b3a11d1a87
Size/MD5: 210798 ebd9d2a1fb5ecf6adf0ed6369bd48fe8
Size/MD5: 75998 8fad03f4e146c7d9187fee7d2cc1406d
Size/MD5: 8711902 695fe9dae833c2f0021b2dbdf26ad230
powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 3167598 5ef0ee22488c5b3d87adf01c82f65124
Size/MD5: 214234 93fb5a0a8010debced8ef8027be263b7
Size/MD5: 79212 8250339c56f9ff1dc049781706c9351c
Size/MD5: 9899248 e5eed4329035a8258bd2e01dc48b0f6a
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5: 3167468 523aaebac611a65fd3e382cf6f96fd0d
Size/MD5: 211772 1ada46f2d4bedac21d271dcc7f7cdfb4
Size/MD5: 77594 a90037cd18c8912e690c881663a1aa52
Size/MD5: 9227330 8198be95c5df5db4e3ef5e55e9a33bed
Updated packages for Ubuntu 6.06 LTS:
Source archives:
Size/MD5: 177744 3b70f2f256c71efe27b4a83ea5ecedb6
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1.dsc
Size/MD5: 1120 8265893c889ce17fa711d7e1c2f6223e
Architecture independent packages:
Size/MD5: 50538 020afda11a2477d608ee4a5fec2b6822
Size/MD5: 51420 81a2525e7560e76f031ddf0499b45607
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
Size/MD5: 47443852 93afee39d4c4cd7b34421a3fed027209
Size/MD5: 2804686 ebb34dd322a4078fad2e0359f7216b9f
Size/MD5: 217484 462b86f16676b16d58e5fca6d573bc03
Size/MD5: 83732 3322a0e6c76fad22ebc254dc987f2262
Size/MD5: 9440176 694398cb2993e0fb7ad1afe303935577
Size/MD5: 220298 93badd1400cf77845ecab5e67323f3ef
Size/MD5: 163634 31b1019d77dd7de9c216448a736e45fa
Size/MD5: 245624 cd05a606f3ec473558665c6a747a975e
Size/MD5: 823278 896d101fb4e24292bf7ea9deeb6a5247
i386 architecture (x86 compatible Intel/AMD)
Size/MD5: 44005796 8198abefa10d27340e1a81791120ed5f
Size/MD5: 2804552 b95a31f1f8d4cb5fbae2c7896b2a54cc
Size/MD5: 210908 5c94c7be5c6088f2c077cfffa212d5fc
Size/MD5: 76110 62a17e8f0095d852f24c59babd02bce9
Size/MD5: 7948462 a396a983bb19d36ad768194529a9987d
Size/MD5: 220290 bde7a363904c8c7b8a06e19bb06e9537
Size/MD5: 148204 548de4e5ce997ee4b1a706df8736991b
Size/MD5: 245614 99138cba4337337fd0bf1f2231294dc1
Size/MD5: 714848 8c634d93aac9a86beb08061022854a27
powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 48837482 f14ad7d09dddedc5120f849ff1134410
Size/MD5: 2804732 42fd9e56e42a70605a38ae309ca554a4
Size/MD5: 214346 b561b534b66f27ca56771d504bad9f1c
Size/MD5: 79240 f147812fd957caddc518aa0ede10a7ee
Size/MD5: 9056820 1fc9971eadae73f0b9fc54c49a06a2c0
Size/MD5: 220306 623da595ade1f23895008f5359a7be1a
Size/MD5: 160828 1b8a731c8630f534b6ec439f2c7fc606
Size/MD5: 245614 805bd9406ef39adc2bafbc4bfb7ced61
Size/MD5: 813902 55700f3c03d5e8efd40a5ad1eb663962
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5: 45406162 cbe15142828fe2bec4a228d8c3c537e9
Size/MD5: 2804686 e64e4c6b0c91bdc4f5bbc00acf01d6e5
Size/MD5: 211854 7c2db798f071acf2643ff45ad718ae6c
Size/MD5: 77688 f204df0680fd3a56d48382de5735532c
Size/MD5: 8445636 c9751a0e896c7b45a7ad7258952cecae
Size/MD5: 220310 e1f9dfbe6074d5f9483927be8b5c5ce6
Size/MD5: 150692 7ae10ef9b2f192eab351680f98abb2eb
Size/MD5: 245638 690530564faa589fb43fed79f30a1350
Size/MD5: 725354 bd0cc4685f44a2046a6955356f0e3097
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.3+0dfsg-0ubuntu0.6.10.diff.gz
Size/MD5: 322340 74da4c34fab241be5ad42a8b4daa3ae4
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.3+0dfsg-0ubuntu0.6.10.dsc
Size/MD5: 1218 ae07fb936400286e6662cef05fd7058f
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.3+0dfsg.orig.tar.gz
Size/MD5: 46464803 ccdc95cc74a2905dbf40a8758433d909
Architecture independent packages:
Size/MD5: 236950 5cdba897a20726d1416dd65ac084bcd2
Size/MD5: 55742 fe7d1941240b43ad1ee7da979ffb98c4
Size/MD5: 55840 db09063d1cb897d68484afa55bca9650
Size/MD5: 55854 cdf7896d2d9161a276b0ffeabdd6e72a
Size/MD5: 56654 bbe2d6417253ad7091bbfd8610ab10d3
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
Size/MD5: 50346602 831719008385f06e9c7a715dd1412145
Size/MD5: 3120850 72f7d0cd2a32a945aafd77137088a3df
Size/MD5: 90104 7f268ac9265ffd1493899588627273c7
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.3+0dfsg-0ubuntu0.6.10_amd64.deb
Size/MD5: 10399628 e0f2afa6997f004f4d296b85019a18ed
Size/MD5: 225500 92dabe4964f3cf387912a61042787312
Size/MD5: 168228 ba3c9e6928c9b0d02e2b09dd04a83d4d
Size/MD5: 250880 4d2c7f3c2cf0e4c170f781b80800dd30
Size/MD5: 862148 1e98e895435a692f3d08b8b601dbd6f4
i386 architecture (x86 compatible Intel/AMD)
Size/MD5: 49502780 178d4ce5d56dce165555800495016877
Size/MD5: 3111460 4577defa14d9721a1f97e0984922a035
Size/MD5: 83850 609cfcc44abaec3ccb8cf1376f7096dc
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.3+0dfsg-0ubuntu0.6.10_i386.deb
Size/MD5: 9225150 e5bbc22a4cc2479690d8fc508ce6e6ce
Size/MD5: 225502 d8b007beb0cef7a932edc23b00529977
Size/MD5: 157818 2bf0796b3f1a60e79c6724624ac80f92
Size/MD5: 250856 9206c9e7b523ec63bab133d58a976772
Size/MD5: 786026 441032e3a6122fc27b8b002695ad23e7
powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 52032648 419f56efbf06658608388f3ea9bc474a
Size/MD5: 3117568 eb68d8e6518694ce8273e9fe8be6f510
Size/MD5: 85734 f682c2d4b507c05d4a55d8927807c49e
Size/MD5: 10067950 24430a6c3397abc802653b7377151967
Size/MD5: 225492 028b4b8fb0ab0d27d38300994b5e95b0
Size/MD5: 166878 5233ee2a0b534641516c5a5f5a60c11e
Size/MD5: 250850 eb29cf030e2f794a8c4dd6843d3acb4b
Size/MD5: 860860 406c26891fac235488edf44a6f9b2355
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5: 49548238 c8bf1889c2e2d05a279b98dff329836d
Size/MD5: 3108152 35811bbf5f68d0f831b99b529234adeb
Size/MD5: 83546 6f9a9b6277efc328068bb601d4ca43e5
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.3+0dfsg-0ubuntu0.6.10_sparc.deb
Size/MD5: 9493904 b401971e8244e077d18f58e347325e5c
Size/MD5: 225496 1dd52b9ddc36f9905665c228239a1b02
Size/MD5: 155754 2ee80a46a751f465e10e2b97f26200bf
Size/MD5: 250862 4ae9ab63db7caab6214fa31f72a2d580
Size/MD5: 766668 af4ed7a69cd54462d0e712d04d0c6949
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20070327/528edf72/attachment.pgp
------------------------------
Message: 2
Date: Tue, 27 Mar 2007 16:07:32 -0700
From: Kees Cook <kees@ubuntu.com>
Subject: [USN-445-1] XMMS vulnerabilities
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Message-ID: <20070327230732.GB27744@outflux.net>
Content-Type: text/plain; charset="us-ascii"
===========================================================
Ubuntu Security Notice USN-445-1 March 27, 2007
xmms vulnerabilities
CVE-2007-0653, CVE-2007-0654
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.10:
xmms 1.2.10+cvs20050209-2ubuntu2.1
Ubuntu 6.06 LTS:
xmms 1.2.10+cvs20050809-4ubuntu5.1
Ubuntu 6.10:
xmms 1.2.10+cvs20060429-1ubuntu2.1
After a standard system upgrade you need to restart XMMS or reboot your
computer to effect the necessary changes.
Details follow:
Sven Krewitt of Secunia Research discovered that XMMS did not correctly
handle BMP images when loading GUI skins. If a user were tricked into
loading a specially crafted skin, a remote attacker could execute
arbitrary code with user privileges.
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050209-2ubuntu2.1.diff.gz
Size/MD5: 333129 72ef83d4f52b41558ed91841ddb3b981
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050209-2ubuntu2.1.dsc
Size/MD5: 1045 8b3d745ea4c9fc0e1db52d015c5613c3
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050209.orig.tar.gz
Size/MD5: 2796215 ec03ce185b2fd255d58ef5d2267024eb
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2ubuntu2.1_amd64.deb
Size/MD5: 38878 02123da5ed2da81adcaf8b3dd1380506
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050209-2ubuntu2.1_amd64.deb
Size/MD5: 1095122 5dd89b588b95cc209fb044390efe5289
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2ubuntu2.1_i386.deb
Size/MD5: 32860 b49614977d707df3753028dbac5e7d27
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050209-2ubuntu2.1_i386.deb
Size/MD5: 1001796 d8a97ce8caae0d71701a4b884e5970bb
powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 38072 0db4136bbeaa8a3ff7f387a2f6320c07
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050209-2ubuntu2.1_powerpc.deb
Size/MD5: 1133132 93cf5da1ff18a848d854029ad9ec2696
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2ubuntu2.1_sparc.deb
Size/MD5: 34968 140189e295996eee72023777d137066f
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050209-2ubuntu2.1_sparc.deb
Size/MD5: 1062062 d1775f3f095dc03a37ab9ded4b768c6f
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050809-4ubuntu5.1.diff.gz
Size/MD5: 191006 337e790c81d113b8385da0d649123f0e
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050809-4ubuntu5.1.dsc
Size/MD5: 980 a3934c8b60f5810560c2073026f2172e
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050809.orig.tar.gz
Size/MD5: 2798937 f60b948a5394a69b04195c22c9c75a89
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs20050809-4ubuntu5.1_amd64.deb
Size/MD5: 38904 de7338cb9e157756a1475f16d1de3d3f
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050809-4ubuntu5.1_amd64.deb
Size/MD5: 1158938 4f0d080b8aa8732f674a2cfe6c97b1d2
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs20050809-4ubuntu5.1_i386.deb
Size/MD5: 32946 16d93ac5daa9da11d4f7dc80dcaea4e9
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050809-4ubuntu5.1_i386.deb
Size/MD5: 1052896 aad130a721051fc69c8a9a6643832019
powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 38012 99027515643537182a3e8910945b960b
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050809-4ubuntu5.1_powerpc.deb
Size/MD5: 1193394 521f3148224f6f96643faf5ab7d96506
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs20050809-4ubuntu5.1_sparc.deb
Size/MD5: 35108 8cc7b915ee91b2020d144e3358052d50
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050809-4ubuntu5.1_sparc.deb
Size/MD5: 1127786 3ec068038288108506ee3767cd41cd59
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20060429-1ubuntu2.1.diff.gz
Size/MD5: 194003 36a8a27753ac35ce35d76697a272855b
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20060429-1ubuntu2.1.dsc
Size/MD5: 992 d97a5a09fc238c29c59b8b233644df99
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20060429.orig.tar.gz
Size/MD5: 6124267 15710911fae50a8a986b10be07c1951f
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs20060429-1ubuntu2.1_amd64.deb
Size/MD5: 39202 848a0574bed3305350e4d71f4f11857d
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20060429-1ubuntu2.1_amd64.deb
Size/MD5: 1219410 50ab3c73a23647f57a3b6748c4c2c1b0
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs20060429-1ubuntu2.1_i386.deb
Size/MD5: 33784 1e15c6b47b7287153bd7dd729c165613
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20060429-1ubuntu2.1_i386.deb
Size/MD5: 1110970 321668eae4d53449f1269116540bc7ca
powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 38034 9a1bbb7aaa9b23337d0bc093ae461ef6
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20060429-1ubuntu2.1_powerpc.deb
Size/MD5: 1322454 e124ffd6707b35afb141573b638aaaa4
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs20060429-1ubuntu2.1_sparc.deb
Size/MD5: 35460 72bef6d6e03c9009043badb9db627101
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20060429-1ubuntu2.1_sparc.deb
Size/MD5: 1191882 491d7e1c78a200d57e7d51cc2b51a0ed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20070327/61f0c6da/attachment.pgp
------------------------------
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
End of ubuntu-security-announce Digest, Vol 30, Issue 14
********************************************************
No comments:
Post a Comment