Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[USN-891-1] lintian vulnerabilities
From: Kees Cook <kees () ubuntu com>
Date: Wed, 27 Jan 2010 23:58:07 -0800

===========================================================
Ubuntu Security Notice USN-891-1           January 28, 2010
lintian vulnerabilities
CVE-2009-4013, CVE-2009-4014, CVE-2009-4015
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  lintian                         1.23.16ubuntu2.1

Ubuntu 8.04 LTS:
  lintian                         1.23.46ubuntu0.1

Ubuntu 8.10:
  lintian                         1.24.3ubuntu0.1

Ubuntu 9.04:
  lintian                         2.2.5ubuntu1.1

Ubuntu 9.10:
  lintian                         2.2.17ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that lintian did not correctly validate certain
filenames when processing input.  If a user or an automated system
were tricked into running lintian on a specially crafted set of files,
a remote attacker could execute arbitrary code with user privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.16ubuntu2.1.dsc
      Size/MD5:      830 a47fe6f70e2eba48fb33d0564b9725e4
    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.16ubuntu2.1.tar.gz
      Size/MD5:   276511 50d6bfca45e5bed01983bdc83b00d19a

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.16ubuntu2.1_all.deb
      Size/MD5:   238462 db9ef682ad8968f5654e5cf61eefb758

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.46ubuntu0.1.dsc
      Size/MD5:     1015 f920dd072c6a0f3a468999c3bbbbe121
    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.46ubuntu0.1.tar.gz
      Size/MD5:   396901 7778649c0f4fb64428b9b4ff895e1a37

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.46ubuntu0.1_all.deb
      Size/MD5:   329624 9a624f6eb3664bb2c22be3d1af3206d6

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.24.3ubuntu0.1.dsc
      Size/MD5:     1244 0f8c73db743ead863a7d3488b476ee0d
    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.24.3ubuntu0.1.tar.gz
      Size/MD5:   485785 a7d56250c3cb465c4312aa40ad5beda0

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.24.3ubuntu0.1_all.deb
      Size/MD5:   359254 a6caa1f945de160e203f28bbfd842912

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.5ubuntu1.1.dsc
      Size/MD5:     1284 e4c08e6d5485857e84d5354cdf01e9f6
    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.5ubuntu1.1.tar.gz
      Size/MD5:   634606 d3fee56c7bedbe0088ce8749f44bcacf

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.5ubuntu1.1_all.deb
      Size/MD5:   437450 927b8d2bf0fde9a62267a44d7f1779d3

Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.17ubuntu1.1.dsc
      Size/MD5:     1283 2845994c571ce78a3be8b2121c950db9
    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.17ubuntu1.1.tar.gz
      Size/MD5:   747007 dab8b5b18c5f0904df90b07027223af0

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.17ubuntu1.1_all.deb
      Size/MD5:   475958 4b633e03d586b04674a9c8266b6d3273

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • [USN-891-1] lintian vulnerabilities Kees Cook (Jan 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]