News

Wednesday, September 08, 2010

ubuntu-security-announce Digest, Vol 72, Issue 3

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."


Today's Topics:

1. [USN-983-1] Sudo vulnerability (Jamie Strandboge)
2. [USN-984-1] LFTP vulnerability (Marc Deslauriers)


----------------------------------------------------------------------

Message: 1
Date: Tue, 07 Sep 2010 08:46:35 -0500
From: Jamie Strandboge <jamie@canonical.com>
Subject: [USN-983-1] Sudo vulnerability
To: ubuntu-security-announce
<ubuntu-security-announce@lists.ubuntu.com>
Cc: full-disclosure <full-disclosure@lists.grok.org.uk>,
bugtraq@securityfocus.com
Message-ID: <1283867195.4490.2.camel@luna>
Content-Type: text/plain; charset="utf-8"

===========================================================
Ubuntu Security Notice USN-983-1 September 07, 2010
sudo vulnerability
CVE-2010-2956
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
sudo 1.7.0-1ubuntu2.5
sudo-ldap 1.7.0-1ubuntu2.5

Ubuntu 10.04 LTS:
sudo 1.7.2p1-1ubuntu5.2
sudo-ldap 1.7.2p1-1ubuntu5.2

In general, a standard system update will make all the necessary changes.

Details follow:

Markus Wuethrich discovered that sudo did not always verify the user when a
group was specified in the Runas_Spec. A local attacker could exploit this
to execute arbitrary code as root if sudo was configured to allow the
attacker to use a program as a group when the attacker was not a part of
that group.


Updated packages for Ubuntu 9.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.5.diff.gz
Size/MD5: 25514 9bfdb8f41c6a5dd5544e6d6b8ab4ac5c
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.5.dsc
Size/MD5: 1117 431ea989e3fa57b00f8fb13f3e54a025
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0.orig.tar.gz
Size/MD5: 744311 5fd96bba35fe29b464f7aa6ad255f0a6

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.5_amd64.deb
Size/MD5: 310700 e0e0a0dc1fb83f31f996679b9b13b01f
http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.5_amd64.deb
Size/MD5: 334376 9492e829a5b04057a804697e644b9644

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.5_i386.deb
Size/MD5: 298210 70b9f891286606ce2a4b1db2f3676bd4
http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.5_i386.deb
Size/MD5: 319766 c0df54d97c686bccea3a2b986833d44e

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.5_lpia.deb
Size/MD5: 298316 609d145034a593e5b637c0c5b9e176b8
http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.5_lpia.deb
Size/MD5: 320176 426ef7871e3c372491fbbd8790350857

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.5_powerpc.deb
Size/MD5: 306220 7b0b1b6e6ee37e4b33a638e7f2ac292e
http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.5_powerpc.deb
Size/MD5: 329152 1b0cb4498c03cc2883c00837bff8bb83

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.5_sparc.deb
Size/MD5: 301892 f46d44e1a8c46a575c5c4f0700910462
http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.5_sparc.deb
Size/MD5: 323970 7a10f46aa2c9388aa74a342d44c41ac4

Updated packages for Ubuntu 10.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.2p1-1ubuntu5.2.diff.gz
Size/MD5: 26583 f3077ddbefcc852cb66d71ec63e0013c
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.2p1-1ubuntu5.2.dsc
Size/MD5: 1131 456ecc22f3b88cb3e60dbfac679b110a
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.2p1.orig.tar.gz
Size/MD5: 771059 4449d466a774f5ce401c9c0e3866c026

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.2p1-1ubuntu5.2_amd64.deb
Size/MD5: 326768 29f77801c5304c74366abaecd451080b
http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.7.2p1-1ubuntu5.2_amd64.deb
Size/MD5: 350566 08c716ab408e519bb090e2a46715696c

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.2p1-1ubuntu5.2_i386.deb
Size/MD5: 312528 8bdaeb041859991919aade6a85c70cd1
http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.7.2p1-1ubuntu5.2_i386.deb
Size/MD5: 334432 bf7f83603498e26e4f7618eea82cb836

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.2p1-1ubuntu5.2_powerpc.deb
Size/MD5: 321234 498592d623ad408c02dc9dc3794674ae
http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.2p1-1ubuntu5.2_powerpc.deb
Size/MD5: 345118 09a20cd3444df0ac4ac34b0829332fac

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.2p1-1ubuntu5.2_sparc.deb
Size/MD5: 318604 71c8f38d47ed96f07d53192ed729c4e9
http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.2p1-1ubuntu5.2_sparc.deb
Size/MD5: 341828 99b090b6d40959d6d349439e0e8934ba

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20100907/d4fa4449/attachment-0001.pgp

------------------------------

Message: 2
Date: Tue, 07 Sep 2010 14:40:33 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Subject: [USN-984-1] LFTP vulnerability
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Message-ID: <1283884833.2792.9.camel@mdlinux>
Content-Type: text/plain; charset="utf-8"

===========================================================
Ubuntu Security Notice USN-984-1 September 07, 2010
lftp vulnerability
CVE-2010-2251
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
lftp 3.6.1-1ubuntu0.1

Ubuntu 9.04:
lftp 3.7.8-1ubuntu0.1

Ubuntu 9.10:
lftp 3.7.15-1ubuntu2.1

Ubuntu 10.04 LTS:
lftp 4.0.2-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

ATTENTION: This update changes previous behaviour by ignoring the filename
supplied by servers in Content-Disposition headers. To re-enable previous
behaviour, use the new xfer:auto-rename setting.

Details follow:

It was discovered that LFTP incorrectly filtered filenames suggested
by Content-Disposition headers. If a user or automated system were tricked
into downloading a file from a malicious site, a remote attacker could
create the file with an arbitrary name, such as a dotfile, and possibly run
arbitrary code.


Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/l/lftp/lftp_3.6.1-1ubuntu0.1.diff.gz
Size/MD5: 13383 dfc4f52d9d2a2a0798d6b3fe9e53e9ca
http://security.ubuntu.com/ubuntu/pool/main/l/lftp/lftp_3.6.1-1ubuntu0.1.dsc
Size/MD5: 735 c437fe420a9ea04dae271f3bc5156f48
http://security.ubuntu.com/ubuntu/pool/main/l/lftp/lftp_3.6.1.orig.tar.gz
Size/MD5: 1806782 cb074387f2516efe6abe5664af5504f9

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/l/lftp/lftp_3.6.1-1ubuntu0.1_amd64.deb
Size/MD5: 433588 bf2ccb726c6f658caa3c5c6aa029257b

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/l/lftp/lftp_3.6.1-1ubuntu0.1_i386.deb
Size/MD5: 398738 d1ec62b4b33785c745e7d10ca30f90cb

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/l/lftp/lftp_3.6.1-1ubuntu0.1_lpia.deb
Size/MD5: 405662 a71e74893407cba0d9ef96c402ac60e3

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/l/lftp/lftp_3.6.1-1ubuntu0.1_powerpc.deb
Size/MD5: 428536 522aa38b50d4e5b01e92680a14dcb9d7

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/l/lftp/lftp_3.6.1-1ubuntu0.1_sparc.deb
Size/MD5: 392686 0004e5ca7e3fcaab3b1b10f431655670

Updated packages for Ubuntu 9.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/l/lftp/lftp_3.7.8-1ubuntu0.1.diff.gz
Size/MD5: 14075 b04d88a4d5afefd2cf2cc018da908082
http://security.ubuntu.com/ubuntu/pool/main/l/lftp/lftp_3.7.8-1ubuntu0.1.dsc
Size/MD5: 1151 4b8c86550b9d42c9d9b2677868e9e462
http://security.ubuntu.com/ubuntu/pool/main/l/lftp/lftp_3.7.8.orig.tar.gz
Size/MD5: 1920121 014a4ac6b9ea4016d5cd64afe0397b89

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/l/lftp/lftp_3.7.8-1ubuntu0.1_amd64.deb
Size/MD5: 470430 46a72bd567b2ee6c9dce31f1583daf4a

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/l/lftp/lftp_3.7.8-1ubuntu0.1_i386.deb
Size/MD5: 401102 1e0b78a5b2659c8e81cde7d6fed715ef

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/l/lftp/lftp_3.7.8-1ubuntu0.1_lpia.deb
Size/MD5: 404420 c6e1cec2e0fce91b5c7b3bd696b6a7ac

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/l/lftp/lftp_3.7.8-1ubuntu0.1_powerpc.deb
Size/MD5: 425506 02497ad03d03a35204e820f94b951624

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/l/lftp/lftp_3.7.8-1ubuntu0.1_sparc.deb
Size/MD5: 393988 90876d9d92e53ad028be5feedce5772e

Updated packages for Ubuntu 9.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/l/lftp/lftp_3.7.15-1ubuntu2.1.diff.gz
Size/MD5: 15248 10d56523f7ca48b4f7ca7b12b54acdc0
http://security.ubuntu.com/ubuntu/pool/main/l/lftp/lftp_3.7.15-1ubuntu2.1.dsc
Size/MD5: 1188 24cc77bbaaaf15083280ee374b74e952
http://security.ubuntu.com/ubuntu/pool/main/l/lftp/lftp_3.7.15.orig.tar.gz
Size/MD5: 2058252 6c43ffdb59234ff0533cfdda0c3c305c

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/l/lftp/lftp_3.7.15-1ubuntu2.1_amd64.deb
Size/MD5: 475460 a7ec4eec5d4c1b7ef1a2219859f30176

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/l/lftp/lftp_3.7.15-1ubuntu2.1_i386.deb
Size/MD5: 402688 54fa38a65903bd2c349d34632181a897

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/l/lftp/lftp_3.7.15-1ubuntu2.1_lpia.deb
Size/MD5: 409754 e1a502620c2f43098094c57d76701f0b

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/l/lftp/lftp_3.7.15-1ubuntu2.1_powerpc.deb
Size/MD5: 428098 085709c6757b7eab7b4a50e0a7042e3a

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/l/lftp/lftp_3.7.15-1ubuntu2.1_sparc.deb
Size/MD5: 399942 aca438001e1fd5e67aa4b24cb0e73339

Updated packages for Ubuntu 10.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/l/lftp/lftp_4.0.2-1ubuntu0.1.diff.gz
Size/MD5: 14333 b8eaaa8956251f2aef43d311e938d64f
http://security.ubuntu.com/ubuntu/pool/main/l/lftp/lftp_4.0.2-1ubuntu0.1.dsc
Size/MD5: 1162 a5f76a996c9e576d10bf7feeaf409950
http://security.ubuntu.com/ubuntu/pool/main/l/lftp/lftp_4.0.2.orig.tar.gz
Size/MD5: 2156591 664fd567bb49e1e4dea1ba37430a8449

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/l/lftp/lftp_4.0.2-1ubuntu0.1_amd64.deb
Size/MD5: 511634 d594a860b7d9d9be923b6e6fa9216ba0

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/l/lftp/lftp_4.0.2-1ubuntu0.1_i386.deb
Size/MD5: 432956 75e0e9565d5f891979ea8247628f2a92

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/l/lftp/lftp_4.0.2-1ubuntu0.1_powerpc.deb
Size/MD5: 460922 b64331d0f6056ab5803bf71a752f8a55

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/l/lftp/lftp_4.0.2-1ubuntu0.1_sparc.deb
Size/MD5: 439560 16849aeada278a342944dd87df4baed6

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20100907/89f94969/attachment-0001.pgp

------------------------------

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


End of ubuntu-security-announce Digest, Vol 72, Issue 3
*******************************************************

No comments:

Blog Archive