News

Loading...

Thursday, March 05, 2009

ubuntu-security-announce Digest, Vol 54, Issue 4

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."


Today's Topics:

1. [USN-726-2] curl regression (Marc Deslauriers)
2. [USN-729-1] Python Crypto vulnerability (Kees Cook)
3. [USN-728-3] Firefox vulnerabilities (Jamie Strandboge)


----------------------------------------------------------------------

Message: 1
Date: Wed, 04 Mar 2009 10:09:19 -0500
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Subject: [USN-726-2] curl regression
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, "bugtraq@securityfocus.com"
<bugtraq@securityfocus.com>
Message-ID: <1236179359.6505.1.camel@mdlinux.technorage.com>
Content-Type: text/plain; charset="us-ascii"

===========================================================
Ubuntu Security Notice USN-726-2 March 04, 2009
curl regression
https://launchpad.net/bugs/337501
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
libcurl3 7.18.2-1ubuntu4.3
libcurl3-gnutls 7.18.2-1ubuntu4.3

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-726-1 fixed a vulnerability in curl. Due to an incomplete fix, a regression
was introduced in Ubuntu 8.10 that caused certain types of URLs to fail. This
update fixes the problem. We apologize for the inconvenience.

Original advisory details:

It was discovered that curl did not enforce any restrictions when following
URL redirects. If a user or automated system were tricked into opening a URL to
an untrusted server, an attacker could use redirects to gain access to abitrary
files. This update changes curl behavior to prevent following "file" URLs after
a redirect.


Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.2-1ubuntu4.3.diff.gz
Size/MD5: 22444 f03a34d199a3dfe6862d4f93b6704e10
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.2-1ubuntu4.3.dsc
Size/MD5: 1491 906af0232a5e1c0a02e921eb508eff57
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.2.orig.tar.gz
Size/MD5: 2273077 4fe99398a64a34613c9db7bd61bf6e3c

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.2-1ubuntu4.3_amd64.deb
Size/MD5: 210392 605f35f7ab21dc4ed16205f73f5ce335
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.18.2-1ubuntu4.3_amd64.deb
Size/MD5: 1124818 52b6531b8d0ba56e47844b90faaa7d88
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.18.2-1ubuntu4.3_amd64.deb
Size/MD5: 216220 700b648d0e4b4346da9dd4ba9421962f
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.18.2-1ubuntu4.3_amd64.deb
Size/MD5: 223312 58580fc77cdd1a93439ee92875aee1fc
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-gnutls-dev_7.18.2-1ubuntu4.3_amd64.deb
Size/MD5: 926208 16822154e80a941fd4305169d7979379
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-openssl-dev_7.18.2-1ubuntu4.3_amd64.deb
Size/MD5: 933192 ae5cc0e338e4f2d9f43ceac6c92303f0

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.2-1ubuntu4.3_i386.deb
Size/MD5: 209182 e34d8187746e820d6328fdc4540e7e73
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.18.2-1ubuntu4.3_i386.deb
Size/MD5: 1092044 3d9e9bf04f0dd77c09ff967ce0822011
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.18.2-1ubuntu4.3_i386.deb
Size/MD5: 212674 bdad3624169c184cdee7153dfdc61a16
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.18.2-1ubuntu4.3_i386.deb
Size/MD5: 219586 e9b3008f8cb5047b326b4d3f1f6e0323
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-gnutls-dev_7.18.2-1ubuntu4.3_i386.deb
Size/MD5: 899702 6dd63d112bdc8055636b2c8edfdd24a2
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-openssl-dev_7.18.2-1ubuntu4.3_i386.deb
Size/MD5: 905420 ff0b8f23fd90555ffe215698ac644cdf

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/c/curl/curl_7.18.2-1ubuntu4.3_lpia.deb
Size/MD5: 208850 1c452ad9122b12518bf1b5c8b3996c3b
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-dbg_7.18.2-1ubuntu4.3_lpia.deb
Size/MD5: 1099132 7735bb7e7c240be1a5f9ee749a67eb6e
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-gnutls_7.18.2-1ubuntu4.3_lpia.deb
Size/MD5: 210934 5f3eea9bf9eece8f91200332c6f41b6a
http://ports.ubuntu.com/pool/main/c/curl/libcurl3_7.18.2-1ubuntu4.3_lpia.deb
Size/MD5: 217456 eebef9ad6914c70cb38b0fa08875233c
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-gnutls-dev_7.18.2-1ubuntu4.3_lpia.deb
Size/MD5: 898570 21805c5b24e9477670aad07d167d56ab
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-openssl-dev_7.18.2-1ubuntu4.3_lpia.deb
Size/MD5: 903918 90628d272b4301c968ef5cf446c778fe

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/c/curl/curl_7.18.2-1ubuntu4.3_powerpc.deb
Size/MD5: 212598 4003e25fccb2f67b75f451e60d7e9362
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-dbg_7.18.2-1ubuntu4.3_powerpc.deb
Size/MD5: 1130394 f755328b6c0df8b6963ea39255594cfb
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-gnutls_7.18.2-1ubuntu4.3_powerpc.deb
Size/MD5: 223766 b72e7008472791b08bba97fc57857f1b
http://ports.ubuntu.com/pool/main/c/curl/libcurl3_7.18.2-1ubuntu4.3_powerpc.deb
Size/MD5: 229632 d891ef64864441ba7f2496c29b57d49a
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-gnutls-dev_7.18.2-1ubuntu4.3_powerpc.deb
Size/MD5: 925530 35c2284ab719cb773592ea4bc8679af6
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-openssl-dev_7.18.2-1ubuntu4.3_powerpc.deb
Size/MD5: 931828 f29cf3a604d660801e1b011fa409af90

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/c/curl/curl_7.18.2-1ubuntu4.3_sparc.deb
Size/MD5: 209654 b25b0908a500fb1c6ba5e9af876249ac
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-dbg_7.18.2-1ubuntu4.3_sparc.deb
Size/MD5: 1072608 7c3c67a9fcd09e1807a22d6ba110790e
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-gnutls_7.18.2-1ubuntu4.3_sparc.deb
Size/MD5: 209368 cb36362b891401548905671dee5057db
http://ports.ubuntu.com/pool/main/c/curl/libcurl3_7.18.2-1ubuntu4.3_sparc.deb
Size/MD5: 214076 49e05a9531109bcc7cbbce75adb29681
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-gnutls-dev_7.18.2-1ubuntu4.3_sparc.deb
Size/MD5: 904932 56300cb1c407a1b90d23b72a22df0b56
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-openssl-dev_7.18.2-1ubuntu4.3_sparc.deb
Size/MD5: 909964 92dc9ddcf638da3dcac80c7f90373b10


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20090304/1811f201/attachment-0001.pgp

------------------------------

Message: 2
Date: Thu, 5 Mar 2009 15:38:36 -0800
From: Kees Cook <kees@ubuntu.com>
Subject: [USN-729-1] Python Crypto vulnerability
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Message-ID: <20090305233836.GQ10132@outflux.net>
Content-Type: text/plain; charset="us-ascii"

===========================================================
Ubuntu Security Notice USN-729-1 March 05, 2009
python-crypto vulnerability
CVE-2009-0544
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
python2.4-crypto 2.0.1+dfsg1-1ubuntu1.1

Ubuntu 7.10:
python-crypto 2.0.1+dfsg1-2ubuntu1.1

Ubuntu 8.04 LTS:
python-crypto 2.0.1+dfsg1-2.1ubuntu1.1

Ubuntu 8.10:
python-crypto 2.0.1+dfsg1-2.3ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Mike Wiacek discovered that the ARC2 implementation in Python Crypto
did not correctly check the key length. If a user or automated system
were tricked into processing a malicious ARC2 stream, a remote attacker
could execute arbitrary code or crash the application using Python Crypto,
leading to a denial of service.


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-1ubuntu1.1.diff.gz
Size/MD5: 10150 d118d7b4c9cbb3aba916f869d8e5f1b3
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-1ubuntu1.1.dsc
Size/MD5: 770 29a123e73e9324901e415e4d2be2f323
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1.orig.tar.gz
Size/MD5: 158593 f81d94a506981c67188f08057d797420

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-1ubuntu1.1_amd64.deb
Size/MD5: 11154 e2465021dedb713c54f7d3e814167cf2
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python2.4-crypto_2.0.1+dfsg1-1ubuntu1.1_amd64.deb
Size/MD5: 171042 61b21abd565ef958e32a4297066ce701

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-1ubuntu1.1_i386.deb
Size/MD5: 11156 3f9ccecc35ad1d27b2818da0d1285b0c
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python2.4-crypto_2.0.1+dfsg1-1ubuntu1.1_i386.deb
Size/MD5: 164156 f09da47006c94472c6c5ae5a77abdcc5

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-1ubuntu1.1_powerpc.deb
Size/MD5: 11158 4f9a9214e15aa7d809a7871ec4e5cefe
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python2.4-crypto_2.0.1+dfsg1-1ubuntu1.1_powerpc.deb
Size/MD5: 182392 9eae34b2b8ace41afb35fabf3199bdd8

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-1ubuntu1.1_sparc.deb
Size/MD5: 11158 a6f18647cd0130a1e64f89c5042f5277
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python2.4-crypto_2.0.1+dfsg1-1ubuntu1.1_sparc.deb
Size/MD5: 163300 e115a1d73e987e02803e3c10d1f33c55

Updated packages for Ubuntu 7.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2ubuntu1.1.diff.gz
Size/MD5: 10952 4005a6b69726a90b63e96595f8d446ec
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2ubuntu1.1.dsc
Size/MD5: 960 6e166f36bff95826ad5739087a9dd9cd
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1.orig.tar.gz
Size/MD5: 158593 f81d94a506981c67188f08057d797420

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2ubuntu1.1_amd64.deb
Size/MD5: 486454 ce89d8db64a1a8dee10db8cf18bb30a1
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2ubuntu1.1_amd64.deb
Size/MD5: 235488 c068f30cbe72009209c43e84063b1835

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2ubuntu1.1_i386.deb
Size/MD5: 447440 605251d220c5e9952a9d4cc8e9c75060
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2ubuntu1.1_i386.deb
Size/MD5: 223402 7e3908d6888e172cf2154298f3f8c9f2

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2ubuntu1.1_lpia.deb
Size/MD5: 443796 65776fb514a612b9a6e4a4aaa192fc5b
http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2ubuntu1.1_lpia.deb
Size/MD5: 220388 8ae74844b825139bbd3e635c4488cb8b

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2ubuntu1.1_powerpc.deb
Size/MD5: 593560 33e015af10b7a351ee39f676e23653eb
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2ubuntu1.1_powerpc.deb
Size/MD5: 268382 ab1646b6dc87493c971dae32243bb242

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2ubuntu1.1_sparc.deb
Size/MD5: 461776 fc87dcebd27091b601e8ccf8e838e453
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2ubuntu1.1_sparc.deb
Size/MD5: 226284 da69ba865e86bc0447076f675d884cf5

Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.1ubuntu1.1.diff.gz
Size/MD5: 11223 6365ecad8f9d716b7c068ab51dd93869
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.1ubuntu1.1.dsc
Size/MD5: 946 f9a5983f25d35bedcc72a2a5fdd052e3
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1.orig.tar.gz
Size/MD5: 158593 f81d94a506981c67188f08057d797420

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.1ubuntu1.1_amd64.deb
Size/MD5: 568060 aa46cf0d6adc7b0299debc303df435d1
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.1ubuntu1.1_amd64.deb
Size/MD5: 228736 e5543d872c3562e602408cdb39b03f63

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.1ubuntu1.1_i386.deb
Size/MD5: 514430 759b824c6389630b91b2da9e21a86a01
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.1ubuntu1.1_i386.deb
Size/MD5: 216922 b4eae87002c9c0a7f18abd9884004a49

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.1ubuntu1.1_lpia.deb
Size/MD5: 514468 bbf6e3cfa3fdfa1b0e2f89a03dd54ab8
http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.1ubuntu1.1_lpia.deb
Size/MD5: 216380 1f5250946df65f9d44e9027d2b397152

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.1ubuntu1.1_powerpc.deb
Size/MD5: 676536 334c5ed43ad9cbf7a521045ddbeae7d8
http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.1ubuntu1.1_powerpc.deb
Size/MD5: 258370 c70b751e7ef892ecbf0f5567b16719a0

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.1ubuntu1.1_sparc.deb
Size/MD5: 511630 ebfb3ca90c327363f19ececcba509a1f
http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.1ubuntu1.1_sparc.deb
Size/MD5: 221378 d98e810a1204c8b83749f19f91210a7b

Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3ubuntu0.1.diff.gz
Size/MD5: 10354 37fb59b427446ceed5ed5a0800797e26
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3ubuntu0.1.dsc
Size/MD5: 1424 41f352a397b85569bc23d0b85f194ed0
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1.orig.tar.gz
Size/MD5: 158593 f81d94a506981c67188f08057d797420

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3ubuntu0.1_amd64.deb
Size/MD5: 552134 3857f8511956365a9c131c263d82b933
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3ubuntu0.1_amd64.deb
Size/MD5: 227784 9349f0d14face27e266dfd4494d9e903

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3ubuntu0.1_i386.deb
Size/MD5: 521518 0d33597259beac8b9b07cb5389b5bac3
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3ubuntu0.1_i386.deb
Size/MD5: 221226 44f0cbc17dfefef5e250fc547464dd8b

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3ubuntu0.1_lpia.deb
Size/MD5: 521772 3375c209c1628434943694b85496ab4f
http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3ubuntu0.1_lpia.deb
Size/MD5: 219324 612edcbece0f14f9903bc9e3b08790a3

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3ubuntu0.1_powerpc.deb
Size/MD5: 682374 b4f032ad1611e4980a1caef7214b68f5
http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3ubuntu0.1_powerpc.deb
Size/MD5: 269794 1dce6263c85c8cab3c03a104782f1b86

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3ubuntu0.1_sparc.deb
Size/MD5: 512496 000f4c1d74291b6db92668a7c845c9b4
http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3ubuntu0.1_sparc.deb
Size/MD5: 223042 0b52a4785c733bc85ff28640781f4b4a

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 235 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20090305/f4454241/attachment-0001.pgp

------------------------------

Message: 3
Date: Thu, 5 Mar 2009 18:37:17 -0600
From: Jamie Strandboge <jamie@canonical.com>
Subject: [USN-728-3] Firefox vulnerabilities
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Message-ID: <20090306003717.GC8444@severus.strandboge.com>
Content-Type: text/plain; charset="us-ascii"

===========================================================
Ubuntu Security Notice USN-728-3 March 06, 2009
firefox vulnerabilities
CVE-2009-0772, CVE-2009-0774, CVE-2009-0776
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
firefox 1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1

After a standard system upgrade you need to restart Firefox to effect the
necessary changes.

Details follow:

Jesse Ruderman and Gary Kwong discovered flaws in the browser engine.
If a user were tricked into viewing a malicious website, a remote
attacker could cause a denial of service or possibly execute arbitrary
code with the privileges of the user invoking the program.
(CVE-2009-0772, CVE-2009-0774)

Georgi Guninski discovered a flaw when Firefox performed a
cross-domain redirect. An attacker could bypass the same-origin policy
in Firefox by utilizing nsIRDFService and steal private data from
users authenticated to the redirected website. (CVE-2009-0776)


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1.diff.gz
Size/MD5: 184633 66352e9d64a82f556c3a6a80a19f3d29
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1.dsc
Size/MD5: 1800 11a304a0a12f5ffa5e8e6c89405f0ccf
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k.orig.tar.gz
Size/MD5: 48504132 171958941a2ca0562039add097278245

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_all.deb
Size/MD5: 53670 3123a4a1f9077b5a51c46eba587e68bf
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_all.deb
Size/MD5: 52784 d86f4a07d9dafcd213f89007315bc570

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_amd64.deb
Size/MD5: 47681086 1633516de506b657356e114a60219054
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_amd64.deb
Size/MD5: 2858988 de3255d758b85b8ddff5aeb096639a65
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_amd64.deb
Size/MD5: 86052 aa737609f9bbba04c98024122cb820ca
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_amd64.deb
Size/MD5: 9494082 c5a3121fc6207e09fd5e41bd550cfe31
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_amd64.deb
Size/MD5: 222334 cd9c95a7e5e4ed6038fdd6addc76666b
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_amd64.deb
Size/MD5: 165902 228268688e54e1420b854532eb507b31
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_amd64.deb
Size/MD5: 247854 db510520fff220c5a7b8049200e64a46
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_amd64.deb
Size/MD5: 825532 0a4a8bf7843dac56766187dbc824e854
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_amd64.deb
Size/MD5: 218628 9f60d07857b5951e345e1b26112e30f6

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_i386.deb
Size/MD5: 44228382 552dd51d28d9fbe3f09860a4e1e46c83
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_i386.deb
Size/MD5: 2858976 6f4aa57f6e13fb6df9ab28caa4128c9f
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_i386.deb
Size/MD5: 78378 73827d529c5fef68e7dd77006a5de59c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_i386.deb
Size/MD5: 7997494 60a773cb9447589bf8a8cb0bae44b64f
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_i386.deb
Size/MD5: 222336 813478fefd90c157b58db95d747f6b61
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_i386.deb
Size/MD5: 150394 4be85ac8f7dc29177c0e5998abc534a7
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_i386.deb
Size/MD5: 247884 df483e827d91307f3ce25ba630eee366
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_i386.deb
Size/MD5: 717138 e7aec7b6ed703344d404c5cbacfa7061
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_i386.deb
Size/MD5: 211836 c39831e2e88a3379cba800116173b7b1

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_powerpc.deb
Size/MD5: 49085396 1cd175f124e1223ed8b00c2b9cec2683
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_powerpc.deb
Size/MD5: 2859126 4fd279c45ce2a8493662058afee82d36
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_powerpc.deb
Size/MD5: 81462 d288410a9e2b0d6c7fe879fc3a7dbb54
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_powerpc.deb
Size/MD5: 9112954 513caae5fa2f96373730bc467d946621
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_powerpc.deb
Size/MD5: 222342 b89115f5fc0255acf65d228fa675caf4
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_powerpc.deb
Size/MD5: 163076 bf1936fcc3e612331dac28f2e778f58f
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_powerpc.deb
Size/MD5: 247878 230f2215ef1b8b2eb8a46edd22f6cc79
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_powerpc.deb
Size/MD5: 816126 10bb313b2d07cad5ddef2f49b6ea057d
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_powerpc.deb
Size/MD5: 215324 24e246ef9cdbb451098a2145e6498633

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_sparc.deb
Size/MD5: 45628614 29b319471a235125e5e335d81f0beada
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_sparc.deb
Size/MD5: 2859040 4268ef900d93a54dd1b7bfc307e77fa5
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_sparc.deb
Size/MD5: 79956 ebce0c213cd4fc28f958be5fa490edd6
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_sparc.deb
Size/MD5: 8498912 ba2f4c60cdf7090101c7f12a3443cf08
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_sparc.deb
Size/MD5: 222336 e4f87a7552f75ccf6549efc5c6dbb4e8
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_sparc.deb
Size/MD5: 152982 bd0911e0ce85f59b842f6a62cb30d119
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_sparc.deb
Size/MD5: 247868 06186f468e542265409e1f2c4cd7ff58
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_sparc.deb
Size/MD5: 727584 647c6022288f854b9bde5f521f354ec3
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1_sparc.deb
Size/MD5: 212788 4e83aae87efce872666cf3c2ff664af7


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20090305/de5ea40a/attachment.pgp

------------------------------

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


End of ubuntu-security-announce Digest, Vol 54, Issue 4
*******************************************************

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Blog Archive