===========================================================
Ubuntu Security Notice USN-664-1 November 06, 2008
tk8.0, tk8.3, tk8.4 vulnerability
CVE-2008-0553
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
tk8.0 8.0.5-11ubuntu0.1
tk8.3 8.3.5-4ubuntu1.2
tk8.4 8.4.12-0ubuntu1.2
Ubuntu 7.10:
tk8.3 8.3.5-6ubuntu3.1
tk8.4 8.4.15-1ubuntu1.1
Ubuntu 8.04 LTS:
tk8.4 8.4.16-2ubuntu1.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that Tk could be made to overrun a buffer when loading
certain images. If a user were tricked into opening a specially crafted
GIF image, remote attackers could cause a denial of service or execute
arbitrary code with user privileges.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.0/tk8.0_8.0.5-11ubuntu0.1.diff.gz
Size/MD5: 455767 624a4aaeda503706d929f7d8f203a3e3
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.0/tk8.0_8.0.5-11ubuntu0.1.dsc
Size/MD5: 1019 9f9fde8c98171c13cf504bb2c2bdde17
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.0/tk8.0_8.0.5.orig.tar.gz
Size/MD5: 2033223 3ae92b86c01ec99a1872697294839e64
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.2.diff.gz
Size/MD5: 28060 51b033f7ac63ec0dc35fb3ebcb50f418
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.2.dsc
Size/MD5: 1023 49db61772bb838f83df230b214161907
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5.orig.tar.gz
Size/MD5: 2598030 363a55d31d94e05159e9212074c68004
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.2.diff.gz
Size/MD5: 21534 2e49f47d0df578cddbfb9775469d168b
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.2.dsc
Size/MD5: 1083 a3ad94f647e37b3da2d3ea2274bb6f08
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12.orig.tar.gz
Size/MD5: 3245547 316491cb82d898b434842353aed1f0d6
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-doc_8.4.12-0ubuntu1.2_all.deb
Size/MD5: 788200 01dc19de0b3d36acea0541622129a442
http://security.ubuntu.com/ubuntu/pool/universe/t/tk8.0/tk8.0-doc_8.0.5-11ubuntu0.1_all.deb
Size/MD5: 555110 8da51243a21a0d0e03c4bb5c33389e42
http://security.ubuntu.com/ubuntu/pool/universe/t/tk8.3/tk8.3-doc_8.3.5-4ubuntu1.2_all.deb
Size/MD5: 656938 24d91aed7f2612ac56b56bbf16a6b3a8
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.0/tk8.0_8.0.5-11ubuntu0.1_amd64.deb
Size/MD5: 1242594 9c6cb511fc3ec39fc4f338f616597307
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-4ubuntu1.2_amd64.deb
Size/MD5: 697568 d47ef6fa6c4269899d84273a3c502318
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.2_amd64.deb
Size/MD5: 2919866 9851c5e98c5820edee0cb73134e4465f
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-0ubuntu1.2_amd64.deb
Size/MD5: 846932 7203e3548032f5e126c3e04adddcd9bb
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.2_amd64.deb
Size/MD5: 1012164 e8d1cc364274f2c92fff254bf0cf31ff
http://security.ubuntu.com/ubuntu/pool/universe/t/tk8.0/tk8.0-dev_8.0.5-11ubuntu0.1_amd64.deb
Size/MD5: 564798 d6aaa3faa675ae34f5517b9a800ec4e7
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.0/tk8.0_8.0.5-11ubuntu0.1_i386.deb
Size/MD5: 1112956 b27a3e79df915bff0aa557bdae8eac0d
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-4ubuntu1.2_i386.deb
Size/MD5: 648134 6747530f3380f84cbdc637e2c4ed3429
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.2_i386.deb
Size/MD5: 2732568 5f1bc057480c20a0e66414b58a34ff58
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-0ubuntu1.2_i386.deb
Size/MD5: 793148 229b89170088c480db48a32f92ff28ba
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.2_i386.deb
Size/MD5: 956516 0f531a37707a2e5db21c050fbaf752bd
http://security.ubuntu.com/ubuntu/pool/universe/t/tk8.0/tk8.0-dev_8.0.5-11ubuntu0.1_i386.deb
Size/MD5: 521652 6c10e6945c334c1506dacc9970367d03
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.0/tk8.0_8.0.5-11ubuntu0.1_powerpc.deb
Size/MD5: 1230088 02a5a6f0bc73b94fd4c16d31bc633109
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-4ubuntu1.2_powerpc.deb
Size/MD5: 660074 c89495d38a922de0f188199d47971dbc
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.2_powerpc.deb
Size/MD5: 2932018 5e9388afbb35c561aff87c1ae83a322e
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-0ubuntu1.2_powerpc.deb
Size/MD5: 806852 8d6a9dcacbf8725abf1f0beead19de65
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.2_powerpc.deb
Size/MD5: 999658 c483c85e3736eccf66f597f2e3deea13
http://security.ubuntu.com/ubuntu/pool/universe/t/tk8.0/tk8.0-dev_8.0.5-11ubuntu0.1_powerpc.deb
Size/MD5: 533942 2b539c0f193b96518588ea1ba35d0cf6
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.0/tk8.0_8.0.5-11ubuntu0.1_sparc.deb
Size/MD5: 1128404 dd01474892069952e4d23b7e46db81c8
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-4ubuntu1.2_sparc.deb
Size/MD5: 680266 2500c749b23b90a590d193f6687f4835
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.2_sparc.deb
Size/MD5: 2792458 c8c5259f432014f64d0a3f91de2d1125
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-0ubuntu1.2_sparc.deb
Size/MD5: 826916 ba6ab8fd313bd283accfc849e56b7d30
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.2_sparc.deb
Size/MD5: 979172 0dc20a66a68b6b09227fa607ad9e9864
http://security.ubuntu.com/ubuntu/pool/universe/t/tk8.0/tk8.0-dev_8.0.5-11ubuntu0.1_sparc.deb
Size/MD5: 538652 3d27539675cdf3fbf2a05546321ad736
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu3.1.diff.gz
Size/MD5: 28401 56ae8da9e13ba5c50b5383a87e518452
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu3.1.dsc
Size/MD5: 1162 9377043998c247fea3cb21cb2e93a49c
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5.orig.tar.gz
Size/MD5: 2598030 363a55d31d94e05159e9212074c68004
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.15-1ubuntu1.1.diff.gz
Size/MD5: 11022 fabe1a67b27e694f25b384746589bbb8
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.15-1ubuntu1.1.dsc
Size/MD5: 1277 09200463daf224b1f7ab29b95bb50a3a
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.15.orig.tar.gz
Size/MD5: 3340313 68777568d818e1980dda4b6b02b92f1a
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-doc_8.3.5-6ubuntu3.1_all.deb
Size/MD5: 657166 4713b2254c2467e6975c7a2fd2be4346
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-doc_8.4.15-1ubuntu1.1_all.deb
Size/MD5: 806328 4e47f9174acbf2dd54a90b52991ec806
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu3.1_amd64.deb
Size/MD5: 697782 8d9f3c14931017633eef838c86b866e8
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu3.1_amd64.deb
Size/MD5: 838492 2def3ba9f59eddd2c7a6dd4a4ed504b4
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.15-1ubuntu1.1_amd64.deb
Size/MD5: 865754 539d4df4c8f30b21d8d3be213b9e2613
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.15-1ubuntu1.1_amd64.deb
Size/MD5: 1036114 b7f8a3d7f278382d4208f69f22c292a1
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu3.1_i386.deb
Size/MD5: 672294 253fbc3e57601da574d4902318104e27
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu3.1_i386.deb
Size/MD5: 809568 d14ddfa099c9e1d86e51c33ca4297a6b
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.15-1ubuntu1.1_i386.deb
Size/MD5: 840150 45ae7d4de5e8307b43da6fed285e0f0f
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.15-1ubuntu1.1_i386.deb
Size/MD5: 1002570 0feb06f1239d4dc3a09cecebb818df80
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu3.1_lpia.deb
Size/MD5: 664762 6b2c167a411b5bc6b51e897dbfc72d44
http://ports.ubuntu.com/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu3.1_lpia.deb
Size/MD5: 809050 11fc7f117ba6f757a9cc3d4dabde6a61
http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4-dev_8.4.15-1ubuntu1.1_lpia.deb
Size/MD5: 832466 5aadc7ef038e680eeb50ff329578c7e7
http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4_8.4.15-1ubuntu1.1_lpia.deb
Size/MD5: 1002542 93e6840019c82592f4acdce31e7d8832
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu3.1_powerpc.deb
Size/MD5: 671038 7a7cc41b5cafa1a63d0e7c0c97a2e3e1
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu3.1_powerpc.deb
Size/MD5: 844566 0fb95d839a8b8ed6244818c6217738fb
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.15-1ubuntu1.1_powerpc.deb
Size/MD5: 841154 8405745783c484b3391101a6d238f2c4
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.15-1ubuntu1.1_powerpc.deb
Size/MD5: 1042582 27069ff173a63b8c6e5b7755666ca238
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu3.1_sparc.deb
Size/MD5: 686192 4b6bbb17d26c6f730457f847b6b086ca
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu3.1_sparc.deb
Size/MD5: 814140 c662b08e362151a5b6168383c2558e6f
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.15-1ubuntu1.1_sparc.deb
Size/MD5: 850358 6ef19660783562ad79980d834d22af7e
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.15-1ubuntu1.1_sparc.deb
Size/MD5: 1009164 9cf16927296e3566146cab438e5bcf0c
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.16-2ubuntu1.1.diff.gz
Size/MD5: 11255 fddfeb381414ae5ad3f1b666f0a3bbb3
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.16-2ubuntu1.1.dsc
Size/MD5: 1343 2239977514a8b8b5a55a152264f8567b
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.16.orig.tar.gz
Size/MD5: 3344618 24d18fbebe3bb8853e418431be01bf2c
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-doc_8.4.16-2ubuntu1.1_all.deb
Size/MD5: 810520 ef5e83ada9997a86ea6c81d53dcc069a
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.16-2ubuntu1.1_amd64.deb
Size/MD5: 875806 d01319038e80337d979c4f0c1a425cb8
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.16-2ubuntu1.1_amd64.deb
Size/MD5: 1041820 2c9caebfc0d4d920b34502f056aa928a
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.16-2ubuntu1.1_i386.deb
Size/MD5: 843216 d6efa05e7cb077b59c8e4b37dadedde9
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.16-2ubuntu1.1_i386.deb
Size/MD5: 1001132 c7d3727a22902bc4573fd7f685e1f381
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4-dev_8.4.16-2ubuntu1.1_lpia.deb
Size/MD5: 836000 f91f94686955b0b76362206336a96929
http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4_8.4.16-2ubuntu1.1_lpia.deb
Size/MD5: 999502 fdd407d2c354c3b61baffb84550af475
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4-dev_8.4.16-2ubuntu1.1_powerpc.deb
Size/MD5: 852414 119d5a95f72b3e21d7a49b5411be4cfa
http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4_8.4.16-2ubuntu1.1_powerpc.deb
Size/MD5: 1043522 d7c78251011f26489c28eb54bfabb699
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4-dev_8.4.16-2ubuntu1.1_sparc.deb
Size/MD5: 841910 d7123dbc22b32711a226e49c95db23dc
http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4_8.4.16-2ubuntu1.1_sparc.deb
Size/MD5: 1001600 fe343da05ac4e8e03e81ceb805e04dc2
--=-FGzzmWGYZbDv2QN4IswH
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAkkTO0MACgkQLMAs/0C4zNpx7ACgpDCzuVOpY503Z5vohzfptIqz
ufwAnRiXDcea5KmOM0BzOouY3R024QBg
=kayV
-----END PGP SIGNATURE-----
--=-FGzzmWGYZbDv2QN4IswH--
From - Thu Nov 6 16:30:38 2008
X-Account-Key: account7
X-UIDL: 4909bb8c0000452e
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
Return-Path: <bugtraq-return-38597-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 404C5EE684
for <lists@securityspace.com>; Thu, 6 Nov 2008 16:26:58 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id BAACC143889; Thu, 6 Nov 2008 13:03:36 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 4907 invoked from network); 6 Nov 2008 18:27:42 -0000
X-RZG-CLASS-ID: mo00
X-RZG-AUTH: :OGckYVKpa/RorD1n4vbkpyN1OrydUB3M3D078vRVBTvDAWjAyJeLq1fQHw=Message-ID: <491339BF.8000409@trapkit.de>
Date: Thu, 06 Nov 2008 19:38:55 +0100
From: Tobias Klein <tk@trapkit.de>
User-Agent: Thunderbird 2.0.0.17 (Windows/20080914)
MIME-Version: 1.0
To: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Subject: [TKADV2008-011] VLC media player RealText Processing Stack Overflow
Vulnerability
Content-Type: multipart/mixed;
boundary="------------040707000708090607030604"
Status:
This is a multi-part message in MIME format.
--------------040707000708090607030604
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
Please find attached a detailed advisory of the vulnerability.
Alternatively, the advisory can also be found at:
http://www.trapkit.de/advisories/TKADV2008-011.txt
--------------040707000708090607030604
Content-Type: text/plain;
name="TKADV2008-011.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="TKADV2008-011.txt"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Advisory: VLC media player RealText Processing Stack Overflow
Vulnerability
Advisory ID: TKADV2008-011
Revision: 1.0
Release Date: 2008/11/05
Last Modified: 2008/11/05
Date Reported: 2008/11/03
Author: Tobias Klein (tk at trapkit.de)
Affected Software: VLC media player < 0.9.6
Remotely Exploitable: Yes
Locally Exploitable: No
Vendor URL:
http://www.videolan.org/
Vendor Status: Vendor has released an updated version
Patch development time: 2 days
=====================Vulnerability details:
=====================
The VLC media player contains a stack overflow vulnerability while parsing
malformed RealText (rt) subtitle files. The vulnerability can be trivially
exploited by a (remote) attacker to execute arbitrary code in the context
of VLC media player.
VLC handles subtitles automatically. It just checks the presence of a
subtitle file with the same name of the loaded video. If such a subtitle
file is found, VLC loads and parses the file.
=================Technical Details:
=================
Source code file: modules\demux\subtitle.c
[...]
1843 static int ParseRealText( demux_t *p_demux, subtitle_t *p_subtitle,
int i_idx )
1844 {
1845 VLC_UNUSED( i_idx );
1846 demux_sys_t *p_sys = p_demux->p_sys;
1847 text_t *txt = &p_sys->txt;
1848 char *psz_text = NULL;
1849 [1] char psz_end[12]= "", psz_begin[12] = "";
1850
1851 for( ;; )
1852 {
1853 int h1 = 0, m1 = 0, s1 = 0, f1 = 0;
1854 int h2 = 0, m2 = 0, s2 = 0, f2 = 0;
1855 const char *s = TextGetLine( txt );
1856 free( psz_text );
1857
1858 if( !s )
1859 return VLC_EGENERIC;
1860
1861 psz_text = malloc( strlen( s ) + 1 );
1862 if( !psz_text )
1863 return VLC_ENOMEM;
1864
1865 /* Find the good begining. This removes extra spaces at the
1866 beginning of the line.*/
1867 char *psz_temp = strcasestr( s, "<time");
1868 if( psz_temp != NULL )
1869 {
1870 /* Line has begin and end */
1871 [2] if( ( sscanf( psz_temp,
1872 "<%*[t|T]ime %*[b|B]egin=\"%[^\"]\"
%*[e|E]nd=\"%[^\"]%*[^>]%[^\n\r]",
1873 psz_begin, psz_end, psz_text) != 3 ) &&
1874 /* Line has begin and no end */
1875 [3] ( sscanf( psz_temp,
1876 "<%*[t|T]ime
%*[b|B]egin=\"%[^\"]\"%*[^>]%[^\n\r]",
1877 psz_begin, psz_text ) != 2) )
1878 /* Line is not recognized */
1879 {
1880 continue;
1881 }
[...]
[1] The stack buffers "psz_end" and "psz_begin" can be overflowed
[2] The sscanf() function reads its input from a user controlled character
string pointed to by "psz_temp". The user controlled data gets stored
in the stack buffers "psz_end" and "psz_begin" without any bounds
checking. This leads to a straight stack overflow that can be trivially
exploited by a (remote) attacker to execute arbitrary code in the
context of VLC.
[3] see [2]
========Solution:
========
See "Workarounds" and "Solution" sections of the VideoLAN-SA-0810 [1].
=======History:
=======
2008/11/03 - Vendor notified
2008/11/04 - Patch developed by VideoLAN team
2008/11/05 - Public disclosure of vulnerability details by the vendor
2008/11/05 - Release date of this security advisory
=======Credits:
=======
Vulnerability found and advisory written by Tobias Klein.
==========References:
==========
[1]
http://www.videolan.org/security/sa0810.html
[2]
http://git.videolan.org/?p=vlc.git;a=commitdiff;h�cef65
1125701a2e33a8d75b815b3e39681a447
[3]
http://www.trapkit.de/advisories/TKADV2008-011.txt
=======Changes:
=======
Revision 0.1 - Initial draft release to the vendor
Revision 1.0 - Public release
==========Disclaimer:
==========
The information within this advisory may change without notice. Use
of this information constitutes acceptance for use in an AS IS
condition. There are no warranties, implied or express, with regard
to this information. In no event shall the author be liable for any
direct or indirect damages whatsoever arising out of or in connection
with the use or spread of this information. Any use of this
information is at the user's own risk.
=================PGP Signature Key:
=================
http://www.trapkit.de/advisories/tk-advisories-signature-key.asc
Copyright 2008 Tobias Klein. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG
iD8DBQFJEzPUkXxgcAIbhEERAiEZAKDMp1El8xynNxp74AirlK4H4ccgJACeIsWD
2LuZrwTOVHnr7WWfN6UvJYg=xufj
-----END PGP SIGNATURE-----
--------------040707000708090607030604--
From - Thu Nov 6 18:00:38 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004532
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38600-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id C7B58ED436
for <lists@securityspace.com>; Thu, 6 Nov 2008 17:53:40 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id CB8A31438F3; Thu, 6 Nov 2008 13:04:20 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 7072 invoked from network); 6 Nov 2008 18:54:24 -0000
To: bugtraq@securityfocus.com
From: security-alert@hp.com
Subject: [security bulletin] HPSBTU02383 SSRT080098 rev.1 - HP Tru64 UNIX running AdvFS "showfile" command, Local Gain Extended Privileges
Date: Thu, 06 Nov 2008 11:05:03 -0800
Sender: secure@hpchs.cup.hp.com
Message-Id: <20081106190504.A0FB9BB19@hpchs.cup.hp.com>
Status:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01599842
Version: 1
HPSBTU02383 SSRT080098 rev.1 - HP Tru64 UNIX running AdvFS "showfile" command, Local Gain Extended Privileges
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-11-05
Last Updated: 2008-11-05
Potential Security Impact: Local gain extended privileges.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified in the AdvFS "showfile" command running on HP Tru64 UNIX. The vulnerability could be exploited by a local user to gain extended privileges.
References: CVE-2008-4414
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
The following supported software versions are affected:
HP Tru64 UNIX v 5.1B-4
HP Tru64 UNIX v 5.1B-3
BACKGROUND
CVSS 2.0 Base Metrics
==============================================Reference Base Vector Base Score
CVE-2008-4414 (AV:L/AC:M/Au:S/C:C/I:C/A:C) 6.6
==============================================Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
The Hewlett-Packard Company thanks Ilja van Sprundel for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
HP is releasing the following Early Release Patch (ERP) kits publicly for use by any customer until updates are available in mainstream release patch kits.
The resolutions contained in the ERP kits are targeted for availability in the following mainstream kit:
HP Tru64 UNIX v 5.1B-5
The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERPs. Contact your service provider for assistance if the installation of the ERPs is blocked by any of your installed CSPs.
The ERP kit provides a patched version of "/usr/sbin/showfile".
HP Tru64 UNIX v 5.1B-4
PREREQUISITE: HP Tru64 UNIX v 5.1B-4 PK6 (BL27)
Name: T64KIT1001551-V51BB27-ES-20081015.tar
Location:
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001551-V51BB27-ES-20081015
HP Tru64 UNIX v 5.1B-3
PREREQUISITE: HP Tru64 UNIX v 5.1B-3 PK5 (BL26)
Name: T64KIT1001540-V51BB26-ES-20080916.tar
Location:
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001540-V51BB26-ES-20080916
MD5 checksums are available from the ITRC patch database main page. From the patch database main page, click Tru64 UNIX, then click verifying MD5 checksums under useful links.
PRODUCT SPECIFIC INFORMATION
HISTORY
Version:1 (rev.1) - 5 November 2008 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
- check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
- verify your operating system selections are checked and save.
To update an existing subscription:
http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit:
http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
�Copyright 2008 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBSRHtquAfOvwtKn1ZEQKZ1gCdH9rJSj58rC5JaUmHT3O3X0J9lxcAoL/S
nS1oE//aZTSEtl2mYs9QBaGp
=Iid1
-----END PGP SIGNATURE-----
From - Fri Nov 7 12:20:39 2008
X-Account-Key: account7
X-UIDL: 4909bb8c000045ab
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38601-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 5AA0FED45A
for <lists@securityspace.com>; Fri, 7 Nov 2008 12:16:32 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id B0BCB236F6F; Fri, 7 Nov 2008 10:04:37 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 26707 invoked from network); 6 Nov 2008 22:11:19 -0000
Subject: [USN-665-1] Netpbm vulnerability
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
X-Original-To: marc.deslauriers@cleanmail.canonical.com
X-Mailcontrol-Inbound:
uq3drnD2P+ps5SfEb0fvr78+NoP1DHBZwGqKpaXB2eTgNv8D6KLIxb8+NoP1DHBZ8VSaBg0k0xwX-Spam-Score: -7.7
X-Scanned-By: MailControl A-08-50-15 (www.mailcontrol.com) on 10.74.0.160
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-TPY612cMV4Z1vN55q2+m"
Date: Thu, 06 Nov 2008 17:22:27 -0500
Message-Id: <1226010147.9467.7.camel@mdlinux>
Mime-Version: 1.0
X-Mailer: Evolution 2.24.1
Status:
--=-TPY612cMV4Z1vN55q2+m
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
===========================================================
Ubuntu Security Notice USN-665-1 November 06, 2008
netpbm-free vulnerability
CVE-2008-0554
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
netpbm 2:10.0-10ubuntu1.1
Ubuntu 7.10:
netpbm 2:10.0-11ubuntu0.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that Netpbm could be made to overrun a buffer when loading
certain images. If a user were tricked into opening a specially crafted
GIF image, remote attackers could cause a denial of service or execute
arbitrary code with user privileges.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-10ubuntu1.1.diff.gz
Size/MD5: 47416 8c934de07a571397513476c437cabb2f
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-10ubuntu1.1.dsc
Size/MD5: 1177 8f3609a5895ebad9690b9775566598fe
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
Size/MD5: 1926538 985e9f6d531ac0b2004f5cbebdeea87d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-10ubuntu1.1_amd64.deb
Size/MD5: 117090 c98ea1eed4289c4c50a8506a059f1012
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-10ubuntu1.1_amd64.deb
Size/MD5: 67988 7c8c79e7157b4270e786689b70afebcc
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-10ubuntu1.1_amd64.deb
Size/MD5: 1240542 c83dcf0458f61476e3cbf8e3b973aae2
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-10ubuntu1.1_amd64.deb
Size/MD5: 117554 0ade156c94cbd5f0c902720a17a36b91
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-10ubuntu1.1_amd64.deb
Size/MD5: 76128 76f13c6a58ee22b753513baea9ee9b4c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-10ubuntu1.1_i386.deb
Size/MD5: 107600 61fac1e5c74250be84d52fd6725ab685
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-10ubuntu1.1_i386.deb
Size/MD5: 61830 da159f82fb4ee67a3a6c33d6e35042e9
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-10ubuntu1.1_i386.deb
Size/MD5: 1158566 6c9f3d48e61081bd08fdef781e66f3ef
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-10ubuntu1.1_i386.deb
Size/MD5: 107768 6c9a5ffa2597bb4c140098ba6aee52f8
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-10ubuntu1.1_i386.deb
Size/MD5: 68350 f294764496a8886ec136bb28d9d9fc14
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-10ubuntu1.1_powerpc.deb
Size/MD5: 118684 74b6e583202c40ff700c34a8526364cb
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-10ubuntu1.1_powerpc.deb
Size/MD5: 67920 1f5136910fa28a67c0f502da278e23c2
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-10ubuntu1.1_powerpc.deb
Size/MD5: 1433978 584ef3d723e3a1be63d493c2b9fd7799
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-10ubuntu1.1_powerpc.deb
Size/MD5: 119082 a0f1c6d1fcdcf0751232728d074488eb
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-10ubuntu1.1_powerpc.deb
Size/MD5: 78724 d5c49cdfb811c9f10dad44fb098a09b4
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-10ubuntu1.1_sparc.deb
Size/MD5: 111480 cc24c22f5ed7c2d993dff941ca1278d2
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-10ubuntu1.1_sparc.deb
Size/MD5: 62984 cd32c55c8d99a810046d1e852876db66
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-10ubuntu1.1_sparc.deb
Size/MD5: 1192324 ae062ef40a1cc92a5927b1d4aada29a7
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-10ubuntu1.1_sparc.deb
Size/MD5: 111684 c2141a22c826a11065214829f8391c68
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-10ubuntu1.1_sparc.deb
Size/MD5: 68932 35081c20279458fa43675fb68e2590b1
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-11ubuntu0.1.diff.gz
Size/MD5: 50599 0558b91bb50122e9b8d97db673547f1c
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-11ubuntu0.1.dsc
Size/MD5: 1261 885d22265365eda670af9b89253ae1df
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
Size/MD5: 1926538 985e9f6d531ac0b2004f5cbebdeea87d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11ubuntu0.1_amd64.deb
Size/MD5: 117796 949f0dd3e907cefed173791194f4569c
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-11ubuntu0.1_amd64.deb
Size/MD5: 69278 727407bf53689821cdc4f1a5d160687b
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-11ubuntu0.1_amd64.deb
Size/MD5: 1259144 42f2b5a581deaf809c831fd5142fc3df
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11ubuntu0.1_amd64.deb
Size/MD5: 118266 9ff4f5fa4973cbc142255afadbfc6642
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-11ubuntu0.1_amd64.deb
Size/MD5: 77262 d5666a23440e23e4cf8c2bb77adbfd64
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11ubuntu0.1_i386.deb
Size/MD5: 109480 d18aadd3ceed2454beb3358111799b24
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-11ubuntu0.1_i386.deb
Size/MD5: 65090 9c5cd559bf82a9d8cb3050f7641b5030
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-11ubuntu0.1_i386.deb
Size/MD5: 1193458 afa6c3e0a74b0c690625767b31cdf3b5
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11ubuntu0.1_i386.deb
Size/MD5: 109640 ccd27f32c25b529c51e751821a1adc14
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-11ubuntu0.1_i386.deb
Size/MD5: 71574 52e294370c9f5239bd4ea018f66132d3
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11ubuntu0.1_lpia.deb
Size/MD5: 109476 99c83cb6461416e9dcbf004defb67783
http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-11ubuntu0.1_lpia.deb
Size/MD5: 64636 b009900becf643ce5da0ebe0f7994bc4
http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-11ubuntu0.1_lpia.deb
Size/MD5: 1210064 1dbfa228b0a857bb517c068a1823b875
http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11ubuntu0.1_lpia.deb
Size/MD5: 109596 4356f5e395921e3d1ca1f9c916705d33
http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-11ubuntu0.1_lpia.deb
Size/MD5: 70978 c6ba0efc2b1cdc0d04de9c670db3ee88
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11ubuntu0.1_powerpc.deb
Size/MD5: 119718 f6c14468c7d34aad12aa44e20a34ee8c
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-11ubuntu0.1_powerpc.deb
Size/MD5: 72230 d717b745f707bfda7f266c3fb654b913
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-11ubuntu0.1_powerpc.deb
Size/MD5: 1570838 9456e2d126e50e7569a0c7f35ecefb72
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11ubuntu0.1_powerpc.deb
Size/MD5: 120036 3fd5889c1ccab9d5f2b8a9718fb810ca
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-11ubuntu0.1_powerpc.deb
Size/MD5: 85384 7575c0ac65d2d748cf4946ba1ccac931
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11ubuntu0.1_sparc.deb
Size/MD5: 112128 d073826b938434f12d3fea1b2c8de8f4
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-11ubuntu0.1_sparc.deb
Size/MD5: 64596 390b364d2efb37312a6470da82601417
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-11ubuntu0.1_sparc.deb
Size/MD5: 1239510 d8c259674b5241bd23702f36ed7572f9
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11ubuntu0.1_sparc.deb
Size/MD5: 112318 ce2e6033bca4f16fafaf608b22d87150
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-11ubuntu0.1_sparc.deb
Size/MD5: 70588 332d02f00dafb2f4ac5b72fb5a04de56
--=-TPY612cMV4Z1vN55q2+m
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAkkTbiAACgkQLMAs/0C4zNpfeACbBIFK+4OvZN9M4SmRVh3sPgC9
sWsAn2xRqD4/WD8Q1278D5zaCsuPG+0C
=6YrP
-----END PGP SIGNATURE-----
--=-TPY612cMV4Z1vN55q2+m--
From - Fri Nov 7 12:30:39 2008
X-Account-Key: account7
X-UIDL: 4909bb8c000045ac
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38602-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 8DB7FED4FB
for <lists@securityspace.com>; Fri, 7 Nov 2008 12:27:54 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id BB85923708F; Fri, 7 Nov 2008 10:05:09 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 28676 invoked from network); 6 Nov 2008 22:36:14 -0000
X-Cloudmark-SP-Filtered: true
X-Cloudmark-SP-Result: v=1.0 c=0 a=FLhA3KDuAAAA:8 a=sMBj6sIwAAAA:8 a=9PofNMx_K4a2iJuuFOkA:9 a=ZEhayBOZ-6DJ9pUThigA:7 a=QRzdlbXxAMFrLkUrwwK0BDyvD_AA:4 a=PRHNZNJDFyAA:10 a=R2VQutpenNgA:10 a=8UiCvUyRy1oA:10
To: bugtraq@securityfocus.com
Subject: [ MDVSA-2008:226 ] ruby
Date: Thu, 06 Nov 2008 15:52:00 -0700
From: security@mandriva.com
Reply-To: <xsecurity@mandriva.com>
Message-Id: <E1KyDhp-0000UQ-53@titan.mandriva.com>
Status:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:226
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ruby
Date : November 6, 2008
Affected: 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A denial of service condition was found in Ruby's regular expression
engine. If a Ruby script tried to process a large amount of data
via a regular expression, it could cause Ruby to enter an infinite
loop and crash (CVE-2008-3443).
A number of flaws were found in Ruby that could allow an attacker to
create a carefully crafted script that could allow for the bypass of
certain safe-level restrictions (CVE-2008-3655).
A denial of service vulnerability was found in Ruby's HTTP server
toolkit, WEBrick. A remote attacker could send a specially-crafted
HTTP request to a WEBrick server that would cause it to use an
excessive amount of CPU time (CVE-2008-3656).
An insufficient taintness check issue was found in Ruby's DL module,
a module that provides direct access to the C language functions.
This flaw could be used by an attacker to bypass intended safe-level
restrictions by calling external C functions with the arguments from
an untrusted tainted input (CVE-2008-3657).
A denial of service condition in Ruby's XML document parsing module
(REXML) could cause a Ruby application using the REXML module to use
an excessive amount of CPU and memory via XML documents with large
XML entitity definitions recursion (CVE-2008-3790).
The Ruby DNS resolver library used predictable transaction IDs and
a fixed source port when sending DNS requests. This could be used
by a remote attacker to spoof a malicious reply to a DNS query
(CVE-2008-3905).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3905
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
b0f0593d07a6631aaa701924c6beacff 2008.0/i586/ruby-1.8.6-5.3mdv2008.0.i586.rpm
7d914e909536c61b2ce0ad112229054c 2008.0/i586/ruby-devel-1.8.6-5.3mdv2008.0.i586.rpm
35ab076f8519d913074acb3f8add7365 2008.0/i586/ruby-doc-1.8.6-5.3mdv2008.0.i586.rpm
0e2b9e08dd9180b17391f0dc1d88bc64 2008.0/i586/ruby-tk-1.8.6-5.3mdv2008.0.i586.rpm
df8cd74ee6670f3f016c5e1b7912ba2a 2008.0/SRPMS/ruby-1.8.6-5.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
198e6e4c2ae919c066d900e1d44a8ea6 2008.0/x86_64/ruby-1.8.6-5.3mdv2008.0.x86_64.rpm
fc7e8c154348d0921f0d2002f3ee0fa9 2008.0/x86_64/ruby-devel-1.8.6-5.3mdv2008.0.x86_64.rpm
62027ed3409c5f56d7a07128246bdd7e 2008.0/x86_64/ruby-doc-1.8.6-5.3mdv2008.0.x86_64.rpm
e624bee3bc855bbd2068b3c850601926 2008.0/x86_64/ruby-tk-1.8.6-5.3mdv2008.0.x86_64.rpm
df8cd74ee6670f3f016c5e1b7912ba2a 2008.0/SRPMS/ruby-1.8.6-5.3mdv2008.0.src.rpm
Mandriva Linux 2008.1:
f88546be7edc6f3801915cedd95fb1e0 2008.1/i586/ruby-1.8.6-9p114.2mdv2008.1.i586.rpm
000b10c2fbb34006a7222b1af111a42a 2008.1/i586/ruby-devel-1.8.6-9p114.2mdv2008.1.i586.rpm
3f84b7b9a3b7d293ae52464336bf7dc5 2008.1/i586/ruby-doc-1.8.6-9p114.2mdv2008.1.i586.rpm
88d2ae0a40e5614cde80ba249ff6fef9 2008.1/i586/ruby-tk-1.8.6-9p114.2mdv2008.1.i586.rpm
eb601f21a3a04aaccd8fdd98f31c553e 2008.1/SRPMS/ruby-1.8.6-9p114.2mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
a372532439a737e65f2685855d3c9109 2008.1/x86_64/ruby-1.8.6-9p114.2mdv2008.1.x86_64.rpm
7eaa8e8b04ad12d690f8e56fb90ada6f 2008.1/x86_64/ruby-devel-1.8.6-9p114.2mdv2008.1.x86_64.rpm
2d81cd9c9f1998c0cc18a188740b022d 2008.1/x86_64/ruby-doc-1.8.6-9p114.2mdv2008.1.x86_64.rpm
37bb46235a75babe11c37caa3e80169e 2008.1/x86_64/ruby-tk-1.8.6-9p114.2mdv2008.1.x86_64.rpm
eb601f21a3a04aaccd8fdd98f31c553e 2008.1/SRPMS/ruby-1.8.6-9p114.2mdv2008.1.src.rpm
Corporate 3.0:
e218f9c5549d5524a70fdc648be21766 corporate/3.0/i586/ruby-1.8.1-1.11.C30mdk.i586.rpm
c414540664946e719205cc8ca4263564 corporate/3.0/i586/ruby-devel-1.8.1-1.11.C30mdk.i586.rpm
34885696510659a992227caaffc7dbe2 corporate/3.0/i586/ruby-doc-1.8.1-1.11.C30mdk.i586.rpm
f226fe7a6ed268c96cc7ebba82552288 corporate/3.0/i586/ruby-tk-1.8.1-1.11.C30mdk.i586.rpm
1dfa0afea4caf035cd5ada43178c2ca6 corporate/3.0/SRPMS/ruby-1.8.1-1.11.C30mdk.src.rpm
Corporate 3.0/X86_64:
c64d31b7335cd132cc55b5cc0e83b29e corporate/3.0/x86_64/ruby-1.8.1-1.11.C30mdk.x86_64.rpm
3cca31c2e518eb9500c6961ed3b63952 corporate/3.0/x86_64/ruby-devel-1.8.1-1.11.C30mdk.x86_64.rpm
5e700cfbd59a963514bae93fb8d40dd7 corporate/3.0/x86_64/ruby-doc-1.8.1-1.11.C30mdk.x86_64.rpm
9358cc3244596e812a85e5ccf4d46f7e corporate/3.0/x86_64/ruby-tk-1.8.1-1.11.C30mdk.x86_64.rpm
1dfa0afea4caf035cd5ada43178c2ca6 corporate/3.0/SRPMS/ruby-1.8.1-1.11.C30mdk.src.rpm
Corporate 4.0:
ea4101b61511cbd99ec83ee7f9c4e45b corporate/4.0/i586/ruby-1.8.2-7.8.20060mlcs4.i586.rpm
b2390656cf0a64924b2f2f8447201f07 corporate/4.0/i586/ruby-devel-1.8.2-7.8.20060mlcs4.i586.rpm
59ebdc2d52f835bbd0a30c06516e9188 corporate/4.0/i586/ruby-doc-1.8.2-7.8.20060mlcs4.i586.rpm
a5d04af4072f84a0fcd02e8367a6e895 corporate/4.0/i586/ruby-tk-1.8.2-7.8.20060mlcs4.i586.rpm
ba2d3c2e6e80eb1a75beef6974dc4ce8 corporate/4.0/SRPMS/ruby-1.8.2-7.8.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
a3f6881a877878c369b44ebb7f4b19b6 corporate/4.0/x86_64/ruby-1.8.2-7.8.20060mlcs4.x86_64.rpm
173d10379f418d0ff45250428f4afb0b corporate/4.0/x86_64/ruby-devel-1.8.2-7.8.20060mlcs4.x86_64.rpm
4ac867f94c8edb8f905d3cb5baa38a70 corporate/4.0/x86_64/ruby-doc-1.8.2-7.8.20060mlcs4.x86_64.rpm
378b79e48075344eb0f4078e8a6a2b6b corporate/4.0/x86_64/ruby-tk-1.8.2-7.8.20060mlcs4.x86_64.rpm
ba2d3c2e6e80eb1a75beef6974dc4ce8 corporate/4.0/SRPMS/ruby-1.8.2-7.8.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJE0cxmqjQ0CJFipgRApyNAJ4kNIoxQAwjj7P4+7Z59CADJSLfzACgpYct
0C/j0PQUiS/4p83mt2eyB7k�Tt
-----END PGP SIGNATURE-----
From - Fri Nov 7 12:40:39 2008
X-Account-Key: account7
X-UIDL: 4909bb8c000045ad
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38603-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 9167FED009
for <lists@securityspace.com>; Fri, 7 Nov 2008 12:40:34 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 5659D23708A; Fri, 7 Nov 2008 10:05:25 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 2792 invoked from network); 7 Nov 2008 00:35:54 -0000
Date: Thu, 6 Nov 2008 16:47:06 -0800
From: Kees Cook <kees@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Subject: [USN-662-2] Ubuntu kernel modules vulnerability
Message-ID: <20081107004706.GW9448@outflux.net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="ZOudaV4lSIjFTlHv"
Content-Disposition: inline
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.316 $
X-HELO: www.outflux.net
X-Scanned-By: MIMEDefang 2.63 on 10.2.0.1
Status:
--ZOudaV4lSIjFTlHv
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
==========================================================Ubuntu Security Notice USN-662-2 November 06, 2008
linux-ubuntu-modules-2.6.22/24 vulnerability
CVE-2008-4395
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 7.10
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 7.10:
linux-ubuntu-modules-2.6.22-15-386 2.6.22-15.40
linux-ubuntu-modules-2.6.22-15-generic 2.6.22-15.40
linux-ubuntu-modules-2.6.22-15-rt 2.6.22-15.40
linux-ubuntu-modules-2.6.22-15-server 2.6.22-15.40
Ubuntu 8.04 LTS:
linux-ubuntu-modules-2.6.24-21-386 2.6.24-21.33
linux-ubuntu-modules-2.6.24-21-generic 2.6.24-21.33
linux-ubuntu-modules-2.6.24-21-rt 2.6.24-21.33
linux-ubuntu-modules-2.6.24-21-server 2.6.24-21.33
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.
Details follow:
USN-662-1 fixed vulnerabilities in ndiswrapper in Ubuntu 8.10.
This update provides the corresponding updates for Ubuntu 8.04 and 7.10.
Original advisory details:
Anders Kaseorg discovered that ndiswrapper did not correctly handle long
ESSIDs. For a system using ndiswrapper, a physically near-by attacker
could generate specially crafted wireless network traffic and execute
arbitrary code with root privileges. (CVE-2008-4395)
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22_2.6.22-15.40.dsc
Size/MD5: 2270 ca989ecc485630b0a895915fe537be88
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22_2.6.22-15.40.tar.gz
Size/MD5: 6969594 5a4b04bf2a8a43600440ed4dbb82b07e
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22-15-generic_2.6.22-15.40_amd64.deb
Size/MD5: 3014174 126dec5097ec2f638c08f4ba00d6c5af
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22-15-server_2.6.22-15.40_amd64.deb
Size/MD5: 3013396 9f938ce9ebcad01a3d985515512f1b0c
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/nic-firmware-2.6.22-15-generic-di_2.6.22-15.40_amd64.udeb
Size/MD5: 1048442 5e2a729f7be9dd5a34890e920094d278
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/scsi-firmware-2.6.22-15-generic-di_2.6.22-15.40_amd64.udeb
Size/MD5: 322528 7a2a11b1d6ddcb43a901230004a1ce4e
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/ubuntu-modules-2.6.22-15-generic-di_2.6.22-15.40_amd64.udeb
Size/MD5: 477900 b84c2081e9a61c22661cc5cbe794ad94
http://security.ubuntu.com/ubuntu/pool/universe/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22-15-rt_2.6.22-15.40_amd64.deb
Size/MD5: 3021984 8b6a693cdeeea509dfff3475fdf20d0a
http://security.ubuntu.com/ubuntu/pool/universe/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22-15-xen_2.6.22-15.40_amd64.deb
Size/MD5: 3016172 1ef53683c2d11b791c459b0650a18738
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22-15-386_2.6.22-15.40_i386.deb
Size/MD5: 3050174 2136265513fa9af422a122cdbe350620
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22-15-generic_2.6.22-15.40_i386.deb
Size/MD5: 3059806 8bf405523841a1da181c7d1c8c58d1b0
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22-15-server_2.6.22-15.40_i386.deb
Size/MD5: 3061220 32d626aa8b3743e4bce4523e02f04110
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22-15-virtual_2.6.22-15.40_i386.deb
Size/MD5: 1551884 aa5f2e7305eeea56c70bde33c9364d87
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/nic-firmware-2.6.22-15-386-di_2.6.22-15.40_i386.udeb
Size/MD5: 1048322 e5662e79cf6e2592ed201662b3791d1f
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/nic-firmware-2.6.22-15-generic-di_2.6.22-15.40_i386.udeb
Size/MD5: 1048446 a464b4ab787a533a221da2a665953017
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/scsi-firmware-2.6.22-15-386-di_2.6.22-15.40_i386.udeb
Size/MD5: 322508 06f86fb69be20781c52bc86569148280
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/scsi-firmware-2.6.22-15-generic-di_2.6.22-15.40_i386.udeb
Size/MD5: 322530 4c7da751eeb3b4b7a3ab497c63a22cd1
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/ubuntu-modules-2.6.22-15-386-di_2.6.22-15.40_i386.udeb
Size/MD5: 453402 5b8ec2092189dfb41ba4af40198378ef
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/ubuntu-modules-2.6.22-15-generic-di_2.6.22-15.40_i386.udeb
Size/MD5: 452984 15b7497415676feb07ff84b241fba0cb
http://security.ubuntu.com/ubuntu/pool/universe/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22-15-rt_2.6.22-15.40_i386.deb
Size/MD5: 3071668 43644d4577826c4e364bee854db39d30
http://security.ubuntu.com/ubuntu/pool/universe/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22-15-ume_2.6.22-15.40_i386.deb
Size/MD5: 3058840 08f1c87aea061d622ed48ab9dee984ef
http://security.ubuntu.com/ubuntu/pool/universe/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22-15-xen_2.6.22-15.40_i386.deb
Size/MD5: 3063912 905f98a3427d0e3d818c1315c32c81d2
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22-15-cell_2.6.22-15.40_powerpc.deb
Size/MD5: 2620992 5dbfd308b6babddb5a1a9ecc402dbf08
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22-15-powerpc-smp_2.6.22-15.40_powerpc.deb
Size/MD5: 2576986 e888061406d7f470c528c57582f2826f
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22-15-powerpc64-smp_2.6.22-15.40_powerpc.deb
Size/MD5: 2621506 c547b4ef638e351e781aec8351b530e6
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22-15-powerpc_2.6.22-15.40_powerpc.deb
Size/MD5: 2562594 39c08d1196edadd08828bd45055f1d95
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/nic-firmware-2.6.22-15-cell-di_2.6.22-15.40_powerpc.udeb
Size/MD5: 1048386 bbd5646708970a80a88edbc759b7bf74
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/nic-firmware-2.6.22-15-powerpc-di_2.6.22-15.40_powerpc.udeb
Size/MD5: 1048390 695c01e5fdb64300073c64105dbbb29c
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/nic-firmware-2.6.22-15-powerpc64-smp-di_2.6.22-15.40_powerpc.udeb
Size/MD5: 1048572 f9dfd7ad7d30f127c30799da870cf1b1
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/scsi-firmware-2.6.22-15-cell-di_2.6.22-15.40_powerpc.udeb
Size/MD5: 322518 39d328ffb9d0f5e4b4dc0e10302d763d
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/scsi-firmware-2.6.22-15-powerpc-di_2.6.22-15.40_powerpc.udeb
Size/MD5: 322522 ee23d211952f4229d700c2cd3be0cdf0
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/scsi-firmware-2.6.22-15-powerpc64-smp-di_2.6.22-15.40_powerpc.udeb
Size/MD5: 322554 3799c4fd7f62931a267c8e0ffaa5e732
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/ubuntu-modules-2.6.22-15-cell-di_2.6.22-15.40_powerpc.udeb
Size/MD5: 267152 74d3981acb85811ff7309df8301fc3ad
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/ubuntu-modules-2.6.22-15-powerpc-di_2.6.22-15.40_powerpc.udeb
Size/MD5: 220184 a69251f423b3bfa6cefe6ea70affd671
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/ubuntu-modules-2.6.22-15-powerpc64-smp-di_2.6.22-15.40_powerpc.udeb
Size/MD5: 267208 c2375b4951b708ffe70ff62c893c0f72
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22-15-sparc64-smp_2.6.22-15.40_sparc.deb
Size/MD5: 2576774 e7385c88b1b30c755dbf9c9febbd4273
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22-15-sparc64_2.6.22-15.40_sparc.deb
Size/MD5: 2568952 1d71d1d5ffb24549125f1261451dbd4a
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/nic-firmware-2.6.22-15-sparc64-di_2.6.22-15.40_sparc.udeb
Size/MD5: 1048442 26b527ec6c97b04c274363deafef8b5a
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/scsi-firmware-2.6.22-15-sparc64-di_2.6.22-15.40_sparc.udeb
Size/MD5: 322534 55ee09372717328b9e9003f19eef5f65
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/ubuntu-modules-2.6.22-15-sparc64-di_2.6.22-15.40_sparc.udeb
Size/MD5: 227022 ccc428666eaf1dbec19894b48cabfe8c
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/linux-ubuntu-modules-2.6.24_2.6.24-21.33.dsc
Size/MD5: 2843 b065c768ca515bfdb2d914d36dba785e
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/linux-ubuntu-modules-2.6.24_2.6.24-21.33.tar.gz
Size/MD5: 12124613 2b188658339555b2f45d37fa8750c7e1
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/linux-headers-lum-2.6.24-21-generic_2.6.24-21.33_amd64.deb
Size/MD5: 189460 93940fa31b3392fa28f39103a185731f
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/linux-headers-lum-2.6.24-21-openvz_2.6.24-21.33_amd64.deb
Size/MD5: 189484 e80863d1642976bdf68ccb31d79db66f
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/linux-headers-lum-2.6.24-21-rt_2.6.24-21.33_amd64.deb
Size/MD5: 189468 dbee17ca2851f46fdaaadcaa909b8a17
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/linux-headers-lum-2.6.24-21-server_2.6.24-21.33_amd64.deb
Size/MD5: 189464 26f99955c5e3a471b0cc9a37f42cab70
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/linux-headers-lum-2.6.24-21-xen_2.6.24-21.33_amd64.deb
Size/MD5: 189388 6ce815aea590bd94506b09ef8398c02f
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/linux-ubuntu-modules-2.6.24-21-generic_2.6.24-21.33_amd64.deb
Size/MD5: 5195826 3b3ed601f931dda28a868fb05a3ee1b1
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/linux-ubuntu-modules-2.6.24-21-server_2.6.24-21.33_amd64.deb
Size/MD5: 5194812 46b2cad00d7e9ac5bef0404cddeefc32
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/nic-firmware-2.6.24-21-generic-di_2.6.24-21.33_amd64.udeb
Size/MD5: 1188332 fc1f8082c93e57f7a4a6a390beaf97a2
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/scsi-firmware-2.6.24-21-generic-di_2.6.24-21.33_amd64.udeb
Size/MD5: 322536 9799720c92b8ad015e910abe000e7948
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/ubuntu-modules-2.6.24-21-generic-di_2.6.24-21.33_amd64.udeb
Size/MD5: 437672 635716de5606b1e209e574b25d01067d
http://security.ubuntu.com/ubuntu/pool/universe/l/linux-ubuntu-modules-2.6.24/linux-ubuntu-modules-2.6.24-21-openvz_2.6.24-21.33_amd64.deb
Size/MD5: 5136260 dbc6d4b8cf4ffe442ce533efd21fcaee
http://security.ubuntu.com/ubuntu/pool/universe/l/linux-ubuntu-modules-2.6.24/linux-ubuntu-modules-2.6.24-21-rt_2.6.24-21.33_amd64.deb
Size/MD5: 5000060 dcd473835d5cfd2829fefc1479cf1525
http://security.ubuntu.com/ubuntu/pool/universe/l/linux-ubuntu-modules-2.6.24/linux-ubuntu-modules-2.6.24-21-xen_2.6.24-21.33_amd64.deb
Size/MD5: 3762436 1d9b8f41d34b6f273021bfdca1d67e52
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/linux-headers-lum-2.6.24-21-386_2.6.24-21.33_i386.deb
Size/MD5: 189454 a421774012dce569d0b2e5923a149f1a
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/linux-headers-lum-2.6.24-21-generic_2.6.24-21.33_i386.deb
Size/MD5: 189448 0e000def690f20984fc4c99054be6cb0
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/linux-headers-lum-2.6.24-21-openvz_2.6.24-21.33_i386.deb
Size/MD5: 189478 8d86f19beca647906b099030689261b8
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/linux-headers-lum-2.6.24-21-rt_2.6.24-21.33_i386.deb
Size/MD5: 189454 a30393797229804e673c9e1f121627dd
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/linux-headers-lum-2.6.24-21-server_2.6.24-21.33_i386.deb
Size/MD5: 189460 d2f568fa0e7b44684f8cf8e2342211ff
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/linux-headers-lum-2.6.24-21-virtual_2.6.24-21.33_i386.deb
Size/MD5: 189370 d85d8fc4f2e6f9570946ff8bfd970b2d
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/linux-headers-lum-2.6.24-21-xen_2.6.24-21.33_i386.deb
Size/MD5: 189378 794f36ae3ad07032701f9158c6fb6e5f
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/linux-ubuntu-modules-2.6.24-21-386_2.6.24-21.33_i386.deb
Size/MD5: 5410928 58a7c88e6c0cbbd8fbaaacd3ea7f1c52
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/linux-ubuntu-modules-2.6.24-21-generic_2.6.24-21.33_i386.deb
Size/MD5: 5432772 4edc21627f5a1d4d64d41600c1b77158
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/linux-ubuntu-modules-2.6.24-21-server_2.6.24-21.33_i386.deb
Size/MD5: 5436006 4214f38956c517f22e6c3b93d5a58c93
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/linux-ubuntu-modules-2.6.24-21-virtual_2.6.24-21.33_i386.deb
Size/MD5: 2330378 d2b45b229874e96c991b0f6efd96dd10
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/nic-firmware-2.6.24-21-386-di_2.6.24-21.33_i386.udeb
Size/MD5: 1188218 2ca8e01af3a10b057daa58883f369437
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/nic-firmware-2.6.24-21-generic-di_2.6.24-21.33_i386.udeb
Size/MD5: 1188340 08577229d57dc03599ab572d94c46d10
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/scsi-firmware-2.6.24-21-386-di_2.6.24-21.33_i386.udeb
Size/MD5: 322508 56e320c57c477fed8334c551c815654e
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/scsi-firmware-2.6.24-21-generic-di_2.6.24-21.33_i386.udeb
Size/MD5: 322530 1befde4ad9771b07c84a1cd06ef92d87
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/ubuntu-modules-2.6.24-21-386-di_2.6.24-21.33_i386.udeb
Size/MD5: 431114 52610fb889bff54b3bb9742d788fc8ea
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/ubuntu-modules-2.6.24-21-generic-di_2.6.24-21.33_i386.udeb
Size/MD5: 432372 afcb9123331f18b4925ef2f3dc429d7c
http://security.ubuntu.com/ubuntu/pool/universe/l/linux-ubuntu-modules-2.6.24/linux-ubuntu-modules-2.6.24-21-openvz_2.6.24-21.33_i386.deb
Size/MD5: 5369676 30ff5548028d72b98deb01fc635130d8
http://security.ubuntu.com/ubuntu/pool/universe/l/linux-ubuntu-modules-2.6.24/linux-ubuntu-modules-2.6.24-21-rt_2.6.24-21.33_i386.deb
Size/MD5: 5246852 9c3d18bb457a3e6eeae6d6f402c02019
http://security.ubuntu.com/ubuntu/pool/universe/l/linux-ubuntu-modules-2.6.24/linux-ubuntu-modules-2.6.24-21-xen_2.6.24-21.33_i386.deb
Size/MD5: 3807492 4331c23fddd120ec6f99b3de6a689032
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/l/linux-ubuntu-modules-2.6.24/linux-headers-lum-2.6.24-21-lpia_2.6.24-21.33_lpia.deb
Size/MD5: 189376 bd60338461a627ff950828ea23777970
http://ports.ubuntu.com/pool/main/l/linux-ubuntu-modules-2.6.24/linux-headers-lum-2.6.24-21-lpiacompat_2.6.24-21.33_lpia.deb
Size/MD5: 189376 f0762d38b9e4e6f14c8de4ac5f857440
http://ports.ubuntu.com/pool/main/l/linux-ubuntu-modules-2.6.24/linux-ubuntu-modules-2.6.24-21-lpia_2.6.24-21.33_lpia.deb
Size/MD5: 3651028 22d5934897c79104bedd989927cb6247
http://ports.ubuntu.com/pool/universe/l/linux-ubuntu-modules-2.6.24/linux-ubuntu-modules-2.6.24-21-lpiacompat_2.6.24-21.33_lpia.deb
Size/MD5: 3509066 59698feb1097012e947ec98129e2f577
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/l/linux-ubuntu-modules-2.6.24/linux-headers-lum-2.6.24-21-powerpc-smp_2.6.24-21.33_powerpc.deb
Size/MD5: 189390 0614f04aae4d3c3466869878114b2c6d
http://ports.ubuntu.com/pool/main/l/linux-ubuntu-modules-2.6.24/linux-headers-lum-2.6.24-21-powerpc64-smp_2.6.24-21.33_powerpc.deb
Size/MD5: 189410 65614ba5e3fd7944a0c77e46bdea244c
http://ports.ubuntu.com/pool/main/l/linux-ubuntu-modules-2.6.24/linux-headers-lum-2.6.24-21-powerpc_2.6.24-21.33_powerpc.deb
Size/MD5: 189384 b64b1d0ed48bc32e8f48ded17215a28a
http://ports.ubuntu.com/pool/main/l/linux-ubuntu-modules-2.6.24/linux-ubuntu-modules-2.6.24-21-powerpc-smp_2.6.24-21.33_powerpc.deb
Size/MD5: 3351040 bc219c46833a0170c800cf1a88eaa09e
http://ports.ubuntu.com/pool/main/l/linux-ubuntu-modules-2.6.24/linux-ubuntu-modules-2.6.24-21-powerpc64-smp_2.6.24-21.33_powerpc.deb
Size/MD5: 3300432 5a5bc4ec616c04ceb4303025273f4dd8
http://ports.ubuntu.com/pool/main/l/linux-ubuntu-modules-2.6.24/linux-ubuntu-modules-2.6.24-21-powerpc_2.6.24-21.33_powerpc.deb
Size/MD5: 3335126 56e670bf8ee3869e27b9a56e9fa4e4be
http://ports.ubuntu.com/pool/main/l/linux-ubuntu-modules-2.6.24/nic-firmware-2.6.24-21-powerpc-di_2.6.24-21.33_powerpc.udeb
Size/MD5: 1188302 dc16d94232f4183e26f5820f9a657747
http://ports.ubuntu.com/pool/main/l/linux-ubuntu-modules-2.6.24/nic-firmware-2.6.24-21-powerpc64-smp-di_2.6.24-21.33_powerpc.udeb
Size/MD5: 1188484 705b76a5a7d1fe3007d8754f1c158ab9
http://ports.ubuntu.com/pool/main/l/linux-ubuntu-modules-2.6.24/scsi-firmware-2.6.24-21-powerpc-di_2.6.24-21.33_powerpc.udeb
Size/MD5: 322522 4a5f2dfff53d6e59dbb0074680417eb6
http://ports.ubuntu.com/pool/main/l/linux-ubuntu-modules-2.6.24/scsi-firmware-2.6.24-21-powerpc64-smp-di_2.6.24-21.33_powerpc.udeb
Size/MD5: 322550 6b0f7b384b09e144c9d7297e839f1860
http://ports.ubuntu.com/pool/main/l/linux-ubuntu-modules-2.6.24/ubuntu-modules-2.6.24-21-powerpc-di_2.6.24-21.33_powerpc.udeb
Size/MD5: 329500 b3c6943dc8eb7642f47ad63635f95aea
http://ports.ubuntu.com/pool/main/l/linux-ubuntu-modules-2.6.24/ubuntu-modules-2.6.24-21-powerpc64-smp-di_2.6.24-21.33_powerpc.udeb
Size/MD5: 391698 fed5f67b33378a75f0a8cde2db8899b6
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/l/linux-ubuntu-modules-2.6.24/linux-headers-lum-2.6.24-21-sparc64-smp_2.6.24-21.33_sparc.deb
Size/MD5: 189392 e029872f1d715c863908a38408906183
http://ports.ubuntu.com/pool/main/l/linux-ubuntu-modules-2.6.24/linux-headers-lum-2.6.24-21-sparc64_2.6.24-21.33_sparc.deb
Size/MD5: 189380 3ba0efa186950fc60a1dc3de2e362397
http://ports.ubuntu.com/pool/main/l/linux-ubuntu-modules-2.6.24/linux-ubuntu-modules-2.6.24-21-sparc64-smp_2.6.24-21.33_sparc.deb
Size/MD5: 3185356 02fb1e9baddc9c792ef3e5fd656f44f4
http://ports.ubuntu.com/pool/main/l/linux-ubuntu-modules-2.6.24/linux-ubuntu-modules-2.6.24-21-sparc64_2.6.24-21.33_sparc.deb
Size/MD5: 3177534 08388b20245303eb8bfbbde476afa963
http://ports.ubuntu.com/pool/main/l/linux-ubuntu-modules-2.6.24/nic-firmware-2.6.24-21-sparc64-di_2.6.24-21.33_sparc.udeb
Size/MD5: 1188332 1379b3944196d181d959d61ad4cb39be
http://ports.ubuntu.com/pool/main/l/linux-ubuntu-modules-2.6.24/scsi-firmware-2.6.24-21-sparc64-di_2.6.24-21.33_sparc.udeb
Size/MD5: 322528 b559b12e3cbded7d88a0745e3811e8de
http://ports.ubuntu.com/pool/main/l/linux-ubuntu-modules-2.6.24/ubuntu-modules-2.6.24-21-sparc64-di_2.6.24-21.33_sparc.udeb
Size/MD5: 362988 e350d0a226b6e1c74f34bf5d59c98b94
