Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[USN-955-2] libpam-opie vulnerability
From: Marc Deslauriers <marc.deslauriers () canonical com>
Date: Mon, 21 Jun 2010 14:50:03 -0400

===========================================================
Ubuntu Security Notice USN-955-2              June 21, 2010
libpam-opie vulnerability
CVE-2010-1938
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.04:
  libpam-opie                     0.21-8build1.9.04.1

Ubuntu 9.10:
  libpam-opie                     0.21-8build2.1

Ubuntu 10.04 LTS:
  libpam-opie                     0.21-8build3.1

In general, a standard system update will make all the necessary changes.

Details follow:

USN-955-1 fixed vulnerabilities in OPIE. This update provides rebuilt
libpam-opie packages against the updated libopie library.

Original advisory details:

 Maksymilian Arciemowicz and Adam Zabrocki discovered that OPIE incorrectly
 handled long usernames. A remote attacker could exploit this with a crafted
 username and make applications linked against libopie crash, leading to a
 denial of service.


Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libp/libpam-opie/libpam-opie_0.21-8build1.9.04.1.diff.gz
      Size/MD5:     5955 68d77e8427fd1e4e6fc542bdbdecdcb8
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpam-opie/libpam-opie_0.21-8build1.9.04.1.dsc
      Size/MD5:     1052 a6621de8231000b1cd722de1889442df
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpam-opie/libpam-opie_0.21.orig.tar.gz
      Size/MD5:    41624 8dffef43ddbd14512171cca5c4570207

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libp/libpam-opie/libpam-opie_0.21-8build1.9.04.1_amd64.deb
      Size/MD5:    24330 f7a795c4f3662f08d14110782384ea59

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libp/libpam-opie/libpam-opie_0.21-8build1.9.04.1_i386.deb
      Size/MD5:    23494 09dc94d2c3d571a4fbaa710aed7dbf1e

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libp/libpam-opie/libpam-opie_0.21-8build1.9.04.1_lpia.deb
      Size/MD5:    23220 c695dc2d85b0f93d6a1fc03afdc8b627

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libp/libpam-opie/libpam-opie_0.21-8build1.9.04.1_powerpc.deb
      Size/MD5:    27188 fca2d90bf1877341d4fe871292798005

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/libp/libpam-opie/libpam-opie_0.21-8build1.9.04.1_sparc.deb
      Size/MD5:    24280 dc93f7554de0791124cb9c853cb3bf32

Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libp/libpam-opie/libpam-opie_0.21-8build2.1.diff.gz
      Size/MD5:     5985 a9a21c66edf5da6f3efd983d9c6f8f14
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpam-opie/libpam-opie_0.21-8build2.1.dsc
      Size/MD5:     1032 20f0a833495a08445485b8513f6f1034
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpam-opie/libpam-opie_0.21.orig.tar.gz
      Size/MD5:    41624 8dffef43ddbd14512171cca5c4570207

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libp/libpam-opie/libpam-opie_0.21-8build2.1_amd64.deb
      Size/MD5:    25310 3bbc38e74436df6976f3c046713a1c4a

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libp/libpam-opie/libpam-opie_0.21-8build2.1_i386.deb
      Size/MD5:    24056 a8fed25799038ff959d22abab4c441bb

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libp/libpam-opie/libpam-opie_0.21-8build2.1_lpia.deb
      Size/MD5:    23894 c427d754c78b149a2177363e8913644e

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libp/libpam-opie/libpam-opie_0.21-8build2.1_powerpc.deb
      Size/MD5:    25358 38a5a2e4c10ceab01ac39422e58be4bc

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/libp/libpam-opie/libpam-opie_0.21-8build2.1_sparc.deb
      Size/MD5:    24646 fa87c02f217c29deb3c2d1022d0874ed

Updated packages for Ubuntu 10.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libp/libpam-opie/libpam-opie_0.21-8build3.1.diff.gz
      Size/MD5:     6083 23785c595192d3614e0336d24052288e
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpam-opie/libpam-opie_0.21-8build3.1.dsc
      Size/MD5:     1032 a19a8b3b2b4a9be41bd5cc05e720bd53
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpam-opie/libpam-opie_0.21.orig.tar.gz
      Size/MD5:    41624 8dffef43ddbd14512171cca5c4570207

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libp/libpam-opie/libpam-opie_0.21-8build3.1_amd64.deb
      Size/MD5:    25290 88dfc0489c3b39abb4fb4a76069abd55

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libp/libpam-opie/libpam-opie_0.21-8build3.1_i386.deb
      Size/MD5:    23974 ca0173f16362e88e1fdd35e49abe37f0

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libp/libpam-opie/libpam-opie_0.21-8build3.1_powerpc.deb
      Size/MD5:    25376 e601a2b8d8f106b5568b492698e0558e

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/libp/libpam-opie/libpam-opie_0.21-8build3.1_sparc.deb
      Size/MD5:    25710 31bb892e98f301cdf8e5bbfdf6c027fa



Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • [USN-955-2] libpam-opie vulnerability Marc Deslauriers (Jun 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]