WINDOWS CENTER: ubuntu-security-announce Digest, Vol 52, Issue 1

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."

Today's Topics:

1. [USN-702-1] Samba vulnerability (Marc Deslauriers)
2. [USN-703-1] xterm vulnerability (Kees Cook)

----------------------------------------------------------------------

Message: 1
Date: Mon, 05 Jan 2009 15:16:46 -0500
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Subject: [USN-702-1] Samba vulnerability
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Message-ID: <1231186606.11166.4.camel@mdlinux.technorage.com>
Content-Type: text/plain; charset="utf-8"

===========================================================
Ubuntu Security Notice USN-702-1 January 05, 2009
samba vulnerability
CVE-2009-0022
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
samba 2:3.2.3-1ubuntu3.4

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Gunter H?ckel discovered that Samba with registry shares enabled did not
properly validate share names. An authenticated user could gain access to the
root filesystem by using an older version of smbclient and specifying an
empty string as a share name. This is only an issue if registry shares are
enabled on the server by setting "registry shares = yes", "include = registry",
or "config backend = registry", which is not the default.

Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu3.4.diff.gz
Size/MD5: 228722 0f792a410505a9918479562ef16ccef4
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu3.4.dsc
Size/MD5: 1902 0bda9c946d4f940383ca31bb7ad3e3e8
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3.orig.tar.gz
Size/MD5: 23704996 c1630a57ac0ec24bc364c6d11c93ec35

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc-pdf_3.2.3-1ubuntu3.4_all.deb
Size/MD5: 6261402 cdfa982dd0b9c04511734aba9cb98f43
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc_3.2.3-1ubuntu3.4_all.deb
Size/MD5: 7954776 d12c0694fa65e5f7162d5322f6765822

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

i386 architecture (x86 compatible Intel/AMD):

lpia architecture (Low Power Intel Architecture):

powerpc architecture (Apple Macintosh G3/G4/G5):

sparc architecture (Sun SPARC/UltraSPARC):

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20090105/86d9bb6b/attachment-0001.pgp

------------------------------

Message: 2
Date: Mon, 5 Jan 2009 17:23:08 -0800
From: Kees Cook <kees@ubuntu.com>
Subject: [USN-703-1] xterm vulnerability
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Message-ID: <20090106012308.GC7027@outflux.net>
Content-Type: text/plain; charset="us-ascii"

===========================================================
Ubuntu Security Notice USN-703-1 January 06, 2009
xterm vulnerability
CVE-2006-7236, CVE-2008-2383
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
xterm 208-3.1ubuntu3.1

Ubuntu 7.10:
xterm 229-1ubuntu0.1

Ubuntu 8.04 LTS:
xterm 229-1ubuntu1.1

Ubuntu 8.10:
xterm 235-1ubuntu1.1

After a standard system upgrade you need to restart any running xterms to
effect the necessary changes.

Details follow:

Paul Szabo discovered that the DECRQSS escape sequences were not handled
correctly by xterm. Additionally, window title operations were also not
safely handled. If a user were tricked into viewing a specially crafted
series of characters while in xterm, a remote attacker could execute
arbitrary commands with user privileges. (CVE-2006-7236, CVE-2008-2382)

Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1.diff.gz
Size/MD5: 62958 2178b13411ef6c0c84c455e7848c3b5a
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1.dsc
Size/MD5: 800 6ff1855e882930be579eceb46223db59
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208.orig.tar.gz
Size/MD5: 749755 a062d0b398918015d07c31ecdcc5111a

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1_amd64.deb
Size/MD5: 416612 21f755ffe914eb143fb35f6be7d02ff7

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1_i386.deb
Size/MD5: 396128 55b3a16962774230c48fb98ab90b6977

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1_powerpc.deb
Size/MD5: 408068 f7dab234c7df117de7e401cd966017a0

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1_sparc.deb
Size/MD5: 403704 33cf8ee56acd8dd86540e72c26a5d54a

Updated packages for Ubuntu 7.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1.diff.gz
Size/MD5: 64026 93836a39864144c4f590202c85fb57c7
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1.dsc
Size/MD5: 953 9b24ce999d1ca82a60f437f4c00ec847
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229.orig.tar.gz
Size/MD5: 841542 f7b04a66dc401dc22f5ddb7f345be229

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1_amd64.deb
Size/MD5: 471288 599f1bfda25b6f178a37f94f775f155c

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1_i386.deb
Size/MD5: 454306 6898963b2f11ecd8e950b68afe1d3c20

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/x/xterm/xterm_229-1ubuntu0.1_lpia.deb
Size/MD5: 454086 5bddec1c5e539884545e735fee6543f1

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1_powerpc.deb
Size/MD5: 470124 9c002fb71ddfd4d603b3789d234a1ae3

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1_sparc.deb
Size/MD5: 465888 2df2203939f22f1ea2cfe8aef5f17f3c

Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu1.1.diff.gz
Size/MD5: 64381 4b78020812d35038e91ab80718d76be4
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu1.1.dsc
Size/MD5: 953 46cf3fcc74956b9fe99ba89faab5ec7c
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229.orig.tar.gz
Size/MD5: 841542 f7b04a66dc401dc22f5ddb7f345be229

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu1.1_amd64.deb
Size/MD5: 469724 70acad02e39d60d79eb8fd80a55da27a

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu1.1_i386.deb
Size/MD5: 453344 2a5d12cc01fa456f4bd205da497a1589

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/x/xterm/xterm_229-1ubuntu1.1_lpia.deb
Size/MD5: 454232 8db8034c6e77acaa900675e948b28a52

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/x/xterm/xterm_229-1ubuntu1.1_powerpc.deb
Size/MD5: 467854 9cde83be48898ed57edd5222300b82c7

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/x/xterm/xterm_229-1ubuntu1.1_sparc.deb
Size/MD5: 463836 af8e50a43f685499861d80a269db29f0

Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_235-1ubuntu1.1.diff.gz
Size/MD5: 64123 4ded8fda6ea425540c351325ea456ee7
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_235-1ubuntu1.1.dsc
Size/MD5: 1502 3119b97098961157134b965cd67e72df
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_235.orig.tar.gz
Size/MD5: 857714 5060cab9cef0ea09a24928f3c7fbde2b

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_235-1ubuntu1.1_amd64.deb
Size/MD5: 486760 8fccb232d9da5308a6439eff39d01b23

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_235-1ubuntu1.1_i386.deb
Size/MD5: 470726 39fbdb1ec355002760cfe3348b53eec9

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/x/xterm/xterm_235-1ubuntu1.1_lpia.deb
Size/MD5: 471960 47e2adb407b0d99c6dc6fea4af228cf7

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/x/xterm/xterm_235-1ubuntu1.1_powerpc.deb
Size/MD5: 484530 a6d968aa8aa52625d0b8cdb30fbc94ea

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/x/xterm/xterm_235-1ubuntu1.1_sparc.deb
Size/MD5: 481590 9121f8d82c0e7a334d796c1dff96aa74

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 235 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20090105/9e742456/attachment-0001.pgp

------------------------------

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

End of ubuntu-security-announce Digest, Vol 52, Issue 1
*******************************************************

News

Tuesday, January 06, 2009

ubuntu-security-announce Digest, Vol 52, Issue 1

No comments:

WINDOWS CENTER

Blog Archive