ubuntu-security-announce@lists.ubuntu.com
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com
You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."
Today's Topics:
1. [USN-853-2] Firefox and Xulrunner regression (Jamie Strandboge)
2. [USN-858-1] OpenLDAP vulnerability (Marc Deslauriers)
----------------------------------------------------------------------
Message: 1
Date: Wed, 11 Nov 2009 11:00:13 -0600
From: Jamie Strandboge <jamie@canonical.com>
Subject: [USN-853-2] Firefox and Xulrunner regression
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Message-ID: <20091111170013.GA3718@severus.strandboge.com>
Content-Type: text/plain; charset="us-ascii"
===========================================================
Ubuntu Security Notice USN-853-2 November 11, 2009
firefox-3.5, xulrunner-1.9.1 regression
https://launchpad.net/bugs/480740
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.10:
firefox-3.5 3.5.5+nobinonly-0ubuntu0.9.10.1
xulrunner-1.9.1 1.9.1.5+nobinonly-0ubuntu0.9.10.1
After a standard system upgrade you need to restart Firefox and any
applications that use xulrunner to effect the necessary changes.
Details follow:
USN-853-1 fixed vulnerabilities in Firefox and Xulrunner. The upstream
changes introduced regressions that could lead to crashes when processing
certain malformed GIF images, fonts and web pages. This update fixes the
problem.
We apologize for the inconvenience.
Original advisory details:
Alin Rad Pop discovered a heap-based buffer overflow in Firefox when it
converted strings to floating point numbers. If a user were tricked into
viewing a malicious website, a remote attacker could cause a denial of service
or possibly execute arbitrary code with the privileges of the user invoking the
program. (CVE-2009-1563)
Jeremy Brown discovered that the Firefox Download Manager was vulnerable to
symlink attacks. A local attacker could exploit this to create or overwrite
files with the privileges of the user invoking the program. (CVE-2009-3274)
Paul Stone discovered a flaw in the Firefox form history. If a user were
tricked into viewing a malicious website, a remote attacker could access this
data to steal confidential information. (CVE-2009-3370)
Orlando Berrera discovered that Firefox did not properly free memory when using
web-workers. If a user were tricked into viewing a malicious website, a remote
attacker could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. This issue only
affected Ubuntu 9.10. (CVE-2009-3371)
A flaw was discovered in the way Firefox processed Proxy Auto-configuration
(PAC) files. If a user configured the browser to use PAC files with certain
regular expressions, an attacker could cause a denial of service or possibly
execute arbitrary code with the privileges of the user invoking the program.
(CVE-2009-3372)
A heap-based buffer overflow was discovered in Mozilla's GIF image parser. If a
user were tricked into viewing a malicious website, a remote attacker could
cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2009-3373)
A flaw was discovered in the JavaScript engine of Firefox. An attacker could
exploit this to execute scripts from page content with chrome privileges.
(CVE-2009-3374)
Gregory Fleischer discovered that the same-origin check in Firefox could be
bypassed by utilizing the document.getSelection function. An attacker could
exploit this to read data from other domains. (CVE-2009-3375)
Jesse Ruderman and Sid Stamm discovered that Firefox did not properly display
filenames containing right-to-left (RTL) override characters. If a user were
tricked into downloading a malicious file with a crafted filename, an attacker
could exploit this to trick the user into opening a different file than the
user expected. (CVE-2009-3376)
Several flaws were discovered in third party media libraries. If a user were
tricked into opening a crafted media file, a remote attacker could cause a
denial of service or possibly execute arbitrary code with the privileges of the
user invoking the program. This issue only affected Ubuntu 9.10.
(CVE-2009-3377)
Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel Banchero, David
Keeler, Boris Zbarsky, Thomas Frederiksen, Marcia Knous, Carsten Book, Kevin
Brosnan, David Anderson and Jeff Walden discovered various flaws in the browser
and JavaScript engines of Firefox. If a user were tricked into viewing a
malicious website, a remote attacker could cause a denial of service or
possibly execute arbitrary code with the privileges of the user invoking the
program. (CVE-2009-3380, CVE-2009-3381, CVE-2009-3382, CVE-2009-3383)
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5_3.5.5+nobinonly-0ubuntu0.9.10.1.diff.gz
Size/MD5: 128517 cfbe278dd79f8b469525bd6ce72947a5
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5_3.5.5+nobinonly-0ubuntu0.9.10.1.dsc
Size/MD5: 2940 de2b4954011bc7f3e75f67cef2da3251
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5_3.5.5+nobinonly.orig.tar.gz
Size/MD5: 44924176 c2cb33f3f6330cb7ec844d2c9f55640d
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1_1.9.1.5+nobinonly-0ubuntu0.9.10.1.diff.gz
Size/MD5: 64123 899bc767278d6baa6342832beebe5514
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1_1.9.1.5+nobinonly-0ubuntu0.9.10.1.dsc
Size/MD5: 2910 92e04905a7f495dfdcb5960fdd2f5d04
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1_1.9.1.5+nobinonly.orig.tar.gz
Size/MD5: 44061677 e86f3dcf09bb514e6cb33d69057d0e01
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/abrowser_3.5.5+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 73246 04204ea7d83eff219f66209abac264cb
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.0-dev_3.5.5+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 73108 63c8ace0669ee16354d47360da94aa0e
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.1-dbg_3.5.5+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 73102 54f75a67fb3e7c6d868b696fb861d4ff
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.1-dev_3.5.5+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 73102 f2d5e21458c758c7184efeaf87a2039a
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-gnome-support_3.5.5+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 73164 3784be4e8f17f558c2d27833fa8defe1
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox_3.5.5+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 73262 0ff39670bdc7e7969feea8b5ab68e6de
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/abrowser-3.0-branding_3.5.5+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 73124 032d22e39128dcd32808642e83146fb6
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/abrowser-3.0_3.5.5+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 8936 7acacba74d082cf91affabb6c5e56705
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/abrowser-3.1-branding_3.5.5+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 73126 414938051da31c8d64a9a0f5c941ac81
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/abrowser-3.1_3.5.5+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 8936 13a0d8d613db29fba5d331b6b69db3ea
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/abrowser-3.5_3.5.5+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 73306 bd5e71816e30f5b5c27904c858f18c47
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.0-branding_3.5.5+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 73110 3c58ae77aa2dd04590b2cb229f336677
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.0-dom-inspector_3.5.5+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 73124 b54865237207b824ef848f6ce29e99a7
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.0-gnome-support_3.5.5+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 73128 1712b3f61ed77429577144ec60764238
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.0-venkman_3.5.5+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 73114 145469609bda2ae83c9f5f3e447f0c33
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.0_3.5.5+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 73094 e42cd2101c5e8c41c046605b2f0f71a1
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.1-branding_3.5.5+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 73112 0de735a9a9146b3d2a24783442c94e29
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.1-gnome-support_3.5.5+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 73126 25a291ea7275a21c51fe5cfe6f732918
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.1_3.5.5+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 73094 438da7953d0fd921e190044d3f6afdec
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-dom-inspector_3.5.5+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 73112 0870b38d43a6aa3a4d14cba6580f82ae
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/abrowser-3.5-branding_3.5.5+nobinonly-0ubuntu0.9.10.1_amd64.deb
Size/MD5: 207660 2fb339dba8c0513e7617d2c60248d335
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5-branding_3.5.5+nobinonly-0ubuntu0.9.10.1_amd64.deb
Size/MD5: 206270 3a63335221e46f76de46cf9987704aa1
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5-dbg_3.5.5+nobinonly-0ubuntu0.9.10.1_amd64.deb
Size/MD5: 469754 a062abe2fe3de7ae7223c18d6f9fa1a0
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5-dev_3.5.5+nobinonly-0ubuntu0.9.10.1_amd64.deb
Size/MD5: 73188 a3afe59564521e3f3d761689b5b2e012
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5-gnome-support_3.5.5+nobinonly-0ubuntu0.9.10.1_amd64.deb
Size/MD5: 93426 0975af1fabbd7f135b729bc1c51cac58
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5_3.5.5+nobinonly-0ubuntu0.9.10.1_amd64.deb
Size/MD5: 960022 400bd441a9d82d0303b96780863c2dee
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-dbg_1.9.1.5+nobinonly-0ubuntu0.9.10.1_amd64.deb
Size/MD5: 59824624 59f2ec17839fc193af740220f2d4e414
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-dev_1.9.1.5+nobinonly-0ubuntu0.9.10.1_amd64.deb
Size/MD5: 4786132 4305f8af3d999b5abd2b4a5176f30a02
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-gnome-support_1.9.1.5+nobinonly-0ubuntu0.9.10.1_amd64.deb
Size/MD5: 47776 32f3a98ac52ae547352bb909de7d4adb
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1_1.9.1.5+nobinonly-0ubuntu0.9.10.1_amd64.deb
Size/MD5: 9097846 c48db11495cf0050a33eabdfcd692e18
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.1/xulrunner-dev_1.9.1.5+nobinonly-0ubuntu0.9.10.1_amd64.deb
Size/MD5: 26624 5d1b1e1b2e223549c402b4f9b118cfa9
http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9.1/xulrunner-1.9.1-testsuite-dev_1.9.1.5+nobinonly-0ubuntu0.9.10.1_amd64.deb
Size/MD5: 70402 1d111cb605b327300d101715e04b7127
http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9.1/xulrunner-1.9.1-testsuite_1.9.1.5+nobinonly-0ubuntu0.9.10.1_amd64.deb
Size/MD5: 5586656 908b8ddb02de65532d483b85b00ea80b
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/abrowser-3.5-branding_3.5.5+nobinonly-0ubuntu0.9.10.1_i386.deb
Size/MD5: 207664 7304aac2f1cf0176c5ae403496b31373
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5-branding_3.5.5+nobinonly-0ubuntu0.9.10.1_i386.deb
Size/MD5: 206272 1ce71c6c364abe78db2e4fa05b2153a7
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5-dbg_3.5.5+nobinonly-0ubuntu0.9.10.1_i386.deb
Size/MD5: 465302 4471d70505f6bab5d5d612f9f8e681e7
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5-dev_3.5.5+nobinonly-0ubuntu0.9.10.1_i386.deb
Size/MD5: 73190 61e0cec532cd6a7bd9545f4a543faa7b
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5-gnome-support_3.5.5+nobinonly-0ubuntu0.9.10.1_i386.deb
Size/MD5: 89870 cef0b1e9129d089164dfbccd5978983b
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5_3.5.5+nobinonly-0ubuntu0.9.10.1_i386.deb
Size/MD5: 942118 dfe1864884bd7f9f6239544c7b38901f
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-dbg_1.9.1.5+nobinonly-0ubuntu0.9.10.1_i386.deb
Size/MD5: 60229380 95ba41a67ba4958a18781fdf542e52e9
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-dev_1.9.1.5+nobinonly-0ubuntu0.9.10.1_i386.deb
Size/MD5: 4806344 c412fd3b4b9d741c1c199bcfd98c2804
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-gnome-support_1.9.1.5+nobinonly-0ubuntu0.9.10.1_i386.deb
Size/MD5: 40552 ee3b0be8c2c29fe748f687e010a752b2
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1_1.9.1.5+nobinonly-0ubuntu0.9.10.1_i386.deb
Size/MD5: 7992750 063fe69be7dd7237938b0dcdc9c75ce3
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.1/xulrunner-dev_1.9.1.5+nobinonly-0ubuntu0.9.10.1_i386.deb
Size/MD5: 26624 5f7a7be53a64f55d82412e271e85879c
http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9.1/xulrunner-1.9.1-testsuite-dev_1.9.1.5+nobinonly-0ubuntu0.9.10.1_i386.deb
Size/MD5: 70408 c0c27c191c26453c92015dcb015d58f7
http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9.1/xulrunner-1.9.1-testsuite_1.9.1.5+nobinonly-0ubuntu0.9.10.1_i386.deb
Size/MD5: 5417960 e9021e868d5f499fb0b42e7d92345b09
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/f/firefox-3.5/abrowser-3.5-branding_3.5.5+nobinonly-0ubuntu0.9.10.1_lpia.deb
Size/MD5: 207664 4a93c35c1e12e5934a8f296208bc014c
http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox-3.5-branding_3.5.5+nobinonly-0ubuntu0.9.10.1_lpia.deb
Size/MD5: 206274 38321b3bf7b13f477a973e96ec0446f2
http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox-3.5-dbg_3.5.5+nobinonly-0ubuntu0.9.10.1_lpia.deb
Size/MD5: 464878 9b84cd5fa9ea80f45257aae82073fca9
http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox-3.5-dev_3.5.5+nobinonly-0ubuntu0.9.10.1_lpia.deb
Size/MD5: 73192 587879d36cba4974a20d30c8840be11a
http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox-3.5-gnome-support_3.5.5+nobinonly-0ubuntu0.9.10.1_lpia.deb
Size/MD5: 89322 f0b4447e4d64dd592d425c61d207e270
http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox-3.5_3.5.5+nobinonly-0ubuntu0.9.10.1_lpia.deb
Size/MD5: 939956 87d63ed470d0d9023bc95be4b78361b3
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-dbg_1.9.1.5+nobinonly-0ubuntu0.9.10.1_lpia.deb
Size/MD5: 60255522 060626cb4e0c4134fb8ab9ffc5600d81
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-dev_1.9.1.5+nobinonly-0ubuntu0.9.10.1_lpia.deb
Size/MD5: 4802146 41c30cd9106f237647379783c00fa080
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-gnome-support_1.9.1.5+nobinonly-0ubuntu0.9.10.1_lpia.deb
Size/MD5: 39714 455716772735e66cfe8fe243fb85eb98
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1_1.9.1.5+nobinonly-0ubuntu0.9.10.1_lpia.deb
Size/MD5: 7882788 6cf4298a3f47c648f99eb417ebf061f3
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.1/xulrunner-dev_1.9.1.5+nobinonly-0ubuntu0.9.10.1_lpia.deb
Size/MD5: 26624 35f4c2e34bc3d9a24a6e259e2e1edf98
http://ports.ubuntu.com/pool/universe/x/xulrunner-1.9.1/xulrunner-1.9.1-testsuite-dev_1.9.1.5+nobinonly-0ubuntu0.9.10.1_lpia.deb
Size/MD5: 70404 bde61f8e16379f0d88ca3df046a2f097
http://ports.ubuntu.com/pool/universe/x/xulrunner-1.9.1/xulrunner-1.9.1-testsuite_1.9.1.5+nobinonly-0ubuntu0.9.10.1_lpia.deb
Size/MD5: 5411074 0df4e299e9c141cd6206573933edb92e
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/f/firefox-3.5/abrowser-3.5-branding_3.5.5+nobinonly-0ubuntu0.9.10.1_powerpc.deb
Size/MD5: 207672 d3002efb2c61c46ba49b60eb21eba5bf
http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox-3.5-branding_3.5.5+nobinonly-0ubuntu0.9.10.1_powerpc.deb
Size/MD5: 206284 45e390fe739118cb8caacfd9a22abb43
http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox-3.5-dbg_3.5.5+nobinonly-0ubuntu0.9.10.1_powerpc.deb
Size/MD5: 483774 5d0e1a7b8aa69ea3a4b2d71988315b85
http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox-3.5-dev_3.5.5+nobinonly-0ubuntu0.9.10.1_powerpc.deb
Size/MD5: 73188 b585077e54709653761c66c4b42c848b
http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox-3.5-gnome-support_3.5.5+nobinonly-0ubuntu0.9.10.1_powerpc.deb
Size/MD5: 92854 9ed029b5073344115e42a93bea638e0e
http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox-3.5_3.5.5+nobinonly-0ubuntu0.9.10.1_powerpc.deb
Size/MD5: 963006 3667e7811295d899be4a1c7e3c2bd15e
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-dbg_1.9.1.5+nobinonly-0ubuntu0.9.10.1_powerpc.deb
Size/MD5: 64975388 6f2e015a1453fd26656593bfa8dbfe30
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-dev_1.9.1.5+nobinonly-0ubuntu0.9.10.1_powerpc.deb
Size/MD5: 4791476 b7dd0c21256d617235f35abc4dff822b
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-gnome-support_1.9.1.5+nobinonly-0ubuntu0.9.10.1_powerpc.deb
Size/MD5: 47232 3c4be3cdcfb7aacf24e5ed3e47703c8c
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1_1.9.1.5+nobinonly-0ubuntu0.9.10.1_powerpc.deb
Size/MD5: 9731746 659f13bf32c9b4b81379a7e80ec90f16
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.1/xulrunner-dev_1.9.1.5+nobinonly-0ubuntu0.9.10.1_powerpc.deb
Size/MD5: 26628 1dca5dba41604987557a14698d79e5a8
http://ports.ubuntu.com/pool/universe/x/xulrunner-1.9.1/xulrunner-1.9.1-testsuite-dev_1.9.1.5+nobinonly-0ubuntu0.9.10.1_powerpc.deb
Size/MD5: 70406 4c61f60ae161511e7b843fdc61848882
http://ports.ubuntu.com/pool/universe/x/xulrunner-1.9.1/xulrunner-1.9.1-testsuite_1.9.1.5+nobinonly-0ubuntu0.9.10.1_powerpc.deb
Size/MD5: 5679200 740745d5e80f0e17c898387d668bf3d8
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/f/firefox-3.5/abrowser-3.5-branding_3.5.5+nobinonly-0ubuntu0.9.10.1_sparc.deb
Size/MD5: 207662 71e7ade8bab944c2045dc515007452f0
http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox-3.5-branding_3.5.5+nobinonly-0ubuntu0.9.10.1_sparc.deb
Size/MD5: 206284 44f3ceefd0128a9b5b9301d02934389e
http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox-3.5-dbg_3.5.5+nobinonly-0ubuntu0.9.10.1_sparc.deb
Size/MD5: 458470 47e4bff05505cd2a00ad07294c2bd281
http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox-3.5-dev_3.5.5+nobinonly-0ubuntu0.9.10.1_sparc.deb
Size/MD5: 73190 db21b4ec6db977d19cf189c646997bc5
http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox-3.5-gnome-support_3.5.5+nobinonly-0ubuntu0.9.10.1_sparc.deb
Size/MD5: 88532 9c3f0224b8191240cc289945ca62b4fb
http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox-3.5_3.5.5+nobinonly-0ubuntu0.9.10.1_sparc.deb
Size/MD5: 940862 41189e2a817b041c5e18f8a5b2ef9985
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-dbg_1.9.1.5+nobinonly-0ubuntu0.9.10.1_sparc.deb
Size/MD5: 59333894 c72cc9c4e33ce2d6e726b4d1362c30c9
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-dev_1.9.1.5+nobinonly-0ubuntu0.9.10.1_sparc.deb
Size/MD5: 4769098 82982c6de5a7064d356310f67a0ec702
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-gnome-support_1.9.1.5+nobinonly-0ubuntu0.9.10.1_sparc.deb
Size/MD5: 39116 9bbd1eb52b5ca83b18c1e7e871820bd1
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1_1.9.1.5+nobinonly-0ubuntu0.9.10.1_sparc.deb
Size/MD5: 8487294 47933489b68e49f8f4db90cd8f597797
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.1/xulrunner-dev_1.9.1.5+nobinonly-0ubuntu0.9.10.1_sparc.deb
Size/MD5: 26624 a8e8d1378605b0719a6ae2a58ad88750
http://ports.ubuntu.com/pool/universe/x/xulrunner-1.9.1/xulrunner-1.9.1-testsuite-dev_1.9.1.5+nobinonly-0ubuntu0.9.10.1_sparc.deb
Size/MD5: 70410 68fbf0a3c2019dbfc38a6434250f81d4
http://ports.ubuntu.com/pool/universe/x/xulrunner-1.9.1/xulrunner-1.9.1-testsuite_1.9.1.5+nobinonly-0ubuntu0.9.10.1_sparc.deb
Size/MD5: 5400414 4f7036e8efce1bcc2f29b35d10970042
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20091111/581b3466/attachment-0001.pgp
------------------------------
Message: 2
Date: Thu, 12 Nov 2009 09:29:21 -0500
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Subject: [USN-858-1] OpenLDAP vulnerability
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Message-ID: <1258036161.3657.1.camel@mdlinux.technorage.com>
Content-Type: text/plain; charset="utf-8"
===========================================================
Ubuntu Security Notice USN-858-1 November 12, 2009
openldap2.2 vulnerability
CVE-2009-3767
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libldap-2.2-7 2.2.26-5ubuntu2.9
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that OpenLDAP did not correctly handle SSL certificates
with zero bytes in the Common Name. A remote attacker could exploit this to
perform a man in the middle attack to view sensitive information or alter
encrypted communications.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.9.diff.gz
Size/MD5: 516098 098a03b4f7d511ce730e9647deca2072
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.9.dsc
Size/MD5: 1028 5a95dae94a1016fbcf41c1c1992ea8e6
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26.orig.tar.gz
Size/MD5: 2626629 afc8700b5738da863b30208e1d3e9de8
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_amd64.deb
Size/MD5: 130854 1f1b40b12adcb557a810194d0c4f7993
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_amd64.deb
Size/MD5: 166444 500528d10502361c075a08578c1586f5
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_amd64.deb
Size/MD5: 961974 f56eef919306d6ca7f4a7a090d2ae6ba
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_i386.deb
Size/MD5: 118638 0558a833fb6eadf4d87bd9fd6e687838
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_i386.deb
Size/MD5: 146444 fc85d5259c97622324047bbda153937d
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_i386.deb
Size/MD5: 873424 358c78f76ee16010c1fb81e89adfe849
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_powerpc.deb
Size/MD5: 133012 92d9de435a795261e6bf4143f2bf59c7
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_powerpc.deb
Size/MD5: 157480 099b1ee5e158f77be109a7972587f596
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_powerpc.deb
Size/MD5: 960052 850fb56995224edd6ae329af1b8236ef
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_sparc.deb
Size/MD5: 120932 4fa0f7accd968ba71dff1f7c5b2ef811
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_sparc.deb
Size/MD5: 148546 2d1af209a8b53a8315fbd4bd86573d70
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_sparc.deb
Size/MD5: 903928 4aa6b0478821e803c80a020b031aafed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20091112/9caed4d4/attachment.pgp
------------------------------
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
End of ubuntu-security-announce Digest, Vol 62, Issue 4
*******************************************************
No comments:
Post a Comment