Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[USN-212-1] libgda2 vulnerability
From: Martin Pitt <martin.pitt () canonical com>
Date: Fri, 28 Oct 2005 15:38:04 -0400

===========================================================
Ubuntu Security Notice USN-212-1           October 28, 2005
libgda2 vulnerability
CAN-2005-2958
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libgda2-1
libgda2-3

The problem can be corrected by upgrading the affected package to
version 1.0.4-1ubuntu0.1 (for Ubuntu 4.10), 1.1.99-1ubuntu0.1 (for
Ubuntu 5.04), or 1.2.1-2ubuntu3.1 (for Ubuntu 5.10).  In general, a
standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Steve Kemp discovered two format string vulnerabilities in the logging
handler of the Gnome database access library. Depending on the
application that uses the library, this could have been exploited to
execute arbitrary code with the permission of the user running the
application.


Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2_1.0.4-1ubuntu0.1.diff.gz
      Size/MD5:    14829 ba4ce8b304539a61ab575d932711070f
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2_1.0.4-1ubuntu0.1.dsc
      Size/MD5:     1961 c6eaf76b68cd4ea8f436a62f2dab101b
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2_1.0.4.orig.tar.gz
      Size/MD5:  1778950 345980ba52dcc1a4d24092e57869f92c

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-doc_1.0.4-1ubuntu0.1_all.deb
      Size/MD5:   212224 354ca028706f54fa53ad89b93fbad5ed

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-freetds_1.0.4-1ubuntu0.1_amd64.deb
      Size/MD5:    72040 2ce51b479b815b0fe71abe3e8bfccfd9
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-mysql_1.0.4-1ubuntu0.1_amd64.deb
      Size/MD5:    18266 345c90c113c27a1241fa9c88949c1a3e
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-odbc_1.0.4-1ubuntu0.1_amd64.deb
      Size/MD5:    13316 f6f3c62598bf67ce54b4c992ce1a2b39
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-postgres_1.0.4-1ubuntu0.1_amd64.deb
      Size/MD5:    24476 0c9eb106b5f1eb434f7aa0eaf8005814
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-sqlite_1.0.4-1ubuntu0.1_amd64.deb
      Size/MD5:    12396 d719341406907ed2816b3bbc71e84158
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-1_1.0.4-1ubuntu0.1_amd64.deb
      Size/MD5:   223580 aefc05d04856fc97187de0e8e5a85216
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-common_1.0.4-1ubuntu0.1_amd64.deb
      Size/MD5:   279102 e3513da5ad1d08a9e59627630587ac7f
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dbg_1.0.4-1ubuntu0.1_amd64.deb
      Size/MD5:  1734352 8048f322356530e36f10e63282bf9d7c
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dev_1.0.4-1ubuntu0.1_amd64.deb
      Size/MD5:   313830 a6cd2d0bf8971dcd5814d7cf4a47b122

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-freetds_1.0.4-1ubuntu0.1_i386.deb
      Size/MD5:    70584 ce56c16f4697028f3bf11250664ba125
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-mysql_1.0.4-1ubuntu0.1_i386.deb
      Size/MD5:    16470 f59e3521b70e11b2361451a29c8665ff
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-odbc_1.0.4-1ubuntu0.1_i386.deb
      Size/MD5:    12100 356c229d2e2f559333dc09db7656f20d
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-postgres_1.0.4-1ubuntu0.1_i386.deb
      Size/MD5:    22490 54f9c4ed879f81658df08404bdb30a57
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-sqlite_1.0.4-1ubuntu0.1_i386.deb
      Size/MD5:    11030 eab5962d136c45315a0b3f704a7134f9
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-1_1.0.4-1ubuntu0.1_i386.deb
      Size/MD5:   196738 130447269c9b143214c913b6a37b9c69
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-common_1.0.4-1ubuntu0.1_i386.deb
      Size/MD5:   274650 c593c6c45152608abca1f2a1c7509378
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dbg_1.0.4-1ubuntu0.1_i386.deb
      Size/MD5:  1698036 aaea8cad4c2d58fd3e4079c7a0c93999
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dev_1.0.4-1ubuntu0.1_i386.deb
      Size/MD5:   246530 f719503a52dcbb72c26937d83f42c3d2

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-freetds_1.0.4-1ubuntu0.1_powerpc.deb
      Size/MD5:    71976 3364891a091d4f334222c840bd2384fd
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-mysql_1.0.4-1ubuntu0.1_powerpc.deb
      Size/MD5:    18706 711acc62b5889f1296107789fd54c3e1
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-odbc_1.0.4-1ubuntu0.1_powerpc.deb
      Size/MD5:    13392 bcf4a6f17df3004302ce4ae5eb0f4b78
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-postgres_1.0.4-1ubuntu0.1_powerpc.deb
      Size/MD5:    25044 5c9a121f3e296eb3da8be5d5459f709e
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-sqlite_1.0.4-1ubuntu0.1_powerpc.deb
      Size/MD5:    12396 34b7b57515cec017f8f57adcd3ce0bc4
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-1_1.0.4-1ubuntu0.1_powerpc.deb
      Size/MD5:   205576 e396fbee9af57b5f2c12e0862c615be2
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-common_1.0.4-1ubuntu0.1_powerpc.deb
      Size/MD5:   279400 0954e2bf905d1ecce113787b38f5d242
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dbg_1.0.4-1ubuntu0.1_powerpc.deb
      Size/MD5:  1707936 cec04d93c7bf063e1f020f39cf24d5bd
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dev_1.0.4-1ubuntu0.1_powerpc.deb
      Size/MD5:   334026 4a23e94cc13a9c510a16c44c6f6c7d92

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2_1.1.99-1ubuntu0.1.diff.gz
      Size/MD5:     8586 1c333a3c2c26190125b252ca4f8c9d0a
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2_1.1.99-1ubuntu0.1.dsc
      Size/MD5:     2015 bdd8f14c7de66ca7f7e9b62f02403710
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2_1.1.99.orig.tar.gz
      Size/MD5:  2024240 50d115c5c363b3a5ffadcd8451952d40

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-doc_1.1.99-1ubuntu0.1_all.deb
      Size/MD5:   251970 3cac3fd6ad68e3083d64da50d1178c47

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-freetds_1.1.99-1ubuntu0.1_amd64.deb
      Size/MD5:    18578 da97e9f50e49e901febb32ece5fa5a62
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-mysql_1.1.99-1ubuntu0.1_amd64.deb
      Size/MD5:    19062 33da6da7a2b0cc58cec33f654f54d772
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-odbc_1.1.99-1ubuntu0.1_amd64.deb
      Size/MD5:    13490 11708d137647170d55d7601937d20ce7
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-postgres_1.1.99-1ubuntu0.1_amd64.deb
      Size/MD5:    27632 a05e6371bc7939503d28e10384a3cf7d
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-sqlite_1.1.99-1ubuntu0.1_amd64.deb
      Size/MD5:    12144 1c74d73717424367f691528603bbb257
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-1_1.1.99-1ubuntu0.1_amd64.deb
      Size/MD5:   224148 9197c55ce41c9042ee9fa21985b637a9
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-common_1.1.99-1ubuntu0.1_amd64.deb
      Size/MD5:   306548 f8bf9572fcc7f8952a20f1948387d6ba
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dbg_1.1.99-1ubuntu0.1_amd64.deb
      Size/MD5:  1801822 38e87b84f5c542efad9c7aa80d112561
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dev_1.1.99-1ubuntu0.1_amd64.deb
      Size/MD5:   307764 fdb18e04aeef6eff6c95bc797feef7cb

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-freetds_1.1.99-1ubuntu0.1_i386.deb
      Size/MD5:    17506 f527ff8ca670357feb93007e166ed4f1
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-mysql_1.1.99-1ubuntu0.1_i386.deb
      Size/MD5:    17368 7845367c1b81632880aa36aa429a7fa2
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-odbc_1.1.99-1ubuntu0.1_i386.deb
      Size/MD5:    12436 2f881650ffd1310f45c4f789d2596294
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-postgres_1.1.99-1ubuntu0.1_i386.deb
      Size/MD5:    26012 42dcb9bb5b0b21140360aa21e29497ac
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-sqlite_1.1.99-1ubuntu0.1_i386.deb
      Size/MD5:    11062 99c13906571f17675dc0d4951facdc92
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-1_1.1.99-1ubuntu0.1_i386.deb
      Size/MD5:   206700 1e4c48bf1a2863c574174787d8929996
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-common_1.1.99-1ubuntu0.1_i386.deb
      Size/MD5:   301632 53217aec9dde9b83a4f6fb9b6bc95161
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dbg_1.1.99-1ubuntu0.1_i386.deb
      Size/MD5:  1778954 15fdde243d26de9a60b77907624e8dd9
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dev_1.1.99-1ubuntu0.1_i386.deb
      Size/MD5:   248406 a798e54b5c89073d67798f154eb709cc

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-freetds_1.1.99-1ubuntu0.1_powerpc.deb
      Size/MD5:    18938 6c885e902438bc2082cfb6f81a9e1613
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-mysql_1.1.99-1ubuntu0.1_powerpc.deb
      Size/MD5:    19584 b1258f2da21064974a0dcf83bc1dd514
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-odbc_1.1.99-1ubuntu0.1_powerpc.deb
      Size/MD5:    13758 56a9537ccd9fa9f304095559f5dc4fb1
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-postgres_1.1.99-1ubuntu0.1_powerpc.deb
      Size/MD5:    28532 c292dd8b75613f320df5e6352540097b
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-sqlite_1.1.99-1ubuntu0.1_powerpc.deb
      Size/MD5:    12452 ed890b1dfe7198cc26eca83e61f6e8f0
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-1_1.1.99-1ubuntu0.1_powerpc.deb
      Size/MD5:   215548 1dd5a8a5d3c1c199fcbe5f549419f7e4
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-common_1.1.99-1ubuntu0.1_powerpc.deb
      Size/MD5:   307350 88f5f699b17fe80431b68ad8b2749476
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dbg_1.1.99-1ubuntu0.1_powerpc.deb
      Size/MD5:  2922290 47c9ad0c2370f639337794fbb350f69c
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dev_1.1.99-1ubuntu0.1_powerpc.deb
      Size/MD5:   311146 613cb5bf05953af61b485c9c6abc45f5

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2_1.2.1-2ubuntu3.1.diff.gz
      Size/MD5:    10175 a0581f32596cc721eeaa933f508d6e6f
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2_1.2.1-2ubuntu3.1.dsc
      Size/MD5:     1992 9158d234ff184030863d6a50afe6697b
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2_1.2.1.orig.tar.gz
      Size/MD5:  2038045 ca6103ad97d565c08a613b13b6b32f8d

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-doc_1.2.1-2ubuntu3.1_all.deb
      Size/MD5:   246388 7142c393d12e3146fae1a15de535b10f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-freetds_1.2.1-2ubuntu3.1_amd64.deb
      Size/MD5:    18546 15be35e689037fd226ad4f528aac4bfc
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-mysql_1.2.1-2ubuntu3.1_amd64.deb
      Size/MD5:    19578 da4f42e21631a4a644b1aff013ecc6c2
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-odbc_1.2.1-2ubuntu3.1_amd64.deb
      Size/MD5:    13698 2c344fa51462e375a155323e02f5fd55
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-postgres_1.2.1-2ubuntu3.1_amd64.deb
      Size/MD5:    28754 55b01eb7fc20f4d7862d53c11b2821c3
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-sqlite_1.2.1-2ubuntu3.1_amd64.deb
      Size/MD5:    12282 33d0f3be65110d072d664c06ed929298
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/libgda2-3-dbg_1.2.1-2ubuntu3.1_amd64.deb
      Size/MD5:   416856 675183d4545f2e3f0c229bfb1fe377c6
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-3_1.2.1-2ubuntu3.1_amd64.deb
      Size/MD5:   239950 604676f4cb12564db11adf6668882650
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-common_1.2.1-2ubuntu3.1_amd64.deb
      Size/MD5:   307488 2699efd00caadec2bd6885670f1a6475
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dev_1.2.1-2ubuntu3.1_amd64.deb
      Size/MD5:   332512 34c36816a9037ddbb7503286c52eceab

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-freetds_1.2.1-2ubuntu3.1_i386.deb
      Size/MD5:    16676 330563f77bf572f20ae414dd84ea78f1
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-mysql_1.2.1-2ubuntu3.1_i386.deb
      Size/MD5:    17244 36fec55d50978dfd0723f4d37f707c2a
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-odbc_1.2.1-2ubuntu3.1_i386.deb
      Size/MD5:    12344 55cd204876243d2d71e98c15c0e0806c
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-postgres_1.2.1-2ubuntu3.1_i386.deb
      Size/MD5:    26508 8ac8e0eb58bb5533b4f53ba56823cfc6
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-sqlite_1.2.1-2ubuntu3.1_i386.deb
      Size/MD5:    10960 728d197c4d4ab1066efcd8622e5b9749
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/libgda2-3-dbg_1.2.1-2ubuntu3.1_i386.deb
      Size/MD5:   337150 2616e6eb277bb65c09cbd01882e01e9e
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-3_1.2.1-2ubuntu3.1_i386.deb
      Size/MD5:   214874 4df22945859ddd132641d9ae8e774f44
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-common_1.2.1-2ubuntu3.1_i386.deb
      Size/MD5:   304172 f11c6831a48fa5f2a80737b62aff20b5
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dev_1.2.1-2ubuntu3.1_i386.deb
      Size/MD5:   264982 9ebcbc5d33d6a9bbb1a8b898950ce832

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-freetds_1.2.1-2ubuntu3.1_powerpc.deb
      Size/MD5:    18778 971fa11b5e31722f1b3d96694430d738
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-mysql_1.2.1-2ubuntu3.1_powerpc.deb
      Size/MD5:    19934 a60c238b1556e0a3889c21a20804b144
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-odbc_1.2.1-2ubuntu3.1_powerpc.deb
      Size/MD5:    14016 a04e7b90000ca4d9fd44e934163b2420
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-postgres_1.2.1-2ubuntu3.1_powerpc.deb
      Size/MD5:    29294 428c8acd0677a7028215cb97200a366b
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-sqlite_1.2.1-2ubuntu3.1_powerpc.deb
      Size/MD5:    12756 b6b74dbaffe3e0475b9bf88e9aa9e3d7
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/libgda2-3-dbg_1.2.1-2ubuntu3.1_powerpc.deb
      Size/MD5:   400498 b2cbd77cc9113f309425d88b316ae748
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-3_1.2.1-2ubuntu3.1_powerpc.deb
      Size/MD5:   232080 3ff7a24735140e8bed80f51508c69d78
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-common_1.2.1-2ubuntu3.1_powerpc.deb
      Size/MD5:   310282 4d614c824c5c3b3ffe0880c559c633e3
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dev_1.2.1-2ubuntu3.1_powerpc.deb
      Size/MD5:   336260 fdb3fc9d7a77b97f7515c2a778e98693

-- 
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • [USN-212-1] libgda2 vulnerability Martin Pitt (Oct 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault