[Full-disclosure] [USN-890-6] CMake vulnerabilities



===========================================================
Ubuntu Security Notice USN-890-6 April 15, 2010
cmake vulnerabilities
CVE-2009-3560, CVE-2009-3720
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
cmake 2.4.7-1ubuntu0.1

Ubuntu 8.10:
cmake 2.6.0-4ubuntu2.1

Ubuntu 9.04:
cmake 2.6.2-1ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-890-1 fixed vulnerabilities in Expat. This update provides the
corresponding updates for CMake.

Original advisory details:

Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did
not properly process malformed XML. If a user or application linked against
Expat were tricked into opening a crafted XML file, an attacker could cause
a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)

It was discovered that Expat did not properly process malformed UTF-8
sequences. If a user or application linked against Expat were tricked into
opening a crafted XML file, an attacker could cause a denial of service via
application crash. (CVE-2009-3560)


Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.4.7-1ubuntu0.1.diff.gz
Size/MD5: 19304 4847577a13e831bf4c9362c095c57469
http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.4.7-1ubuntu0.1.dsc
Size/MD5: 754 2c34c737d1e386a07a5c76a7dd13a944
http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.4.7.orig.tar.gz
Size/MD5: 2600960 4476c423b8f74266136964e42ea88028

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.4.7-1ubuntu0.1_amd64.deb
Size/MD5: 4898346 b9e4db27145fa5221400abf495d3a13e

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.4.7-1ubuntu0.1_i386.deb
Size/MD5: 4807750 f19cd2ee80eb82fb0ae8bf141052b412

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/c/cmake/cmake_2.4.7-1ubuntu0.1_lpia.deb
Size/MD5: 4932126 400097697c5d46f1495598be78ada933

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/c/cmake/cmake_2.4.7-1ubuntu0.1_powerpc.deb
Size/MD5: 5022506 447f8cda06dc9951cc16dbac30936bf9

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/c/cmake/cmake_2.4.7-1ubuntu0.1_sparc.deb
Size/MD5: 5218650 55ff806b82d2388df3cbbbe42aac6773

Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.6.0-4ubuntu2.1.diff.gz
Size/MD5: 154440 0ecd99b1f92f8074a00b35f724285c60
http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.6.0-4ubuntu2.1.dsc
Size/MD5: 1209 a588561c8c0c8b452502684165f10cb4
http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.6.0.orig.tar.gz
Size/MD5: 3460096 e95ae003672dfc6c8151a1ee49a0d4a6

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.6.0-4ubuntu2.1_amd64.deb
Size/MD5: 7620672 8f60ccfa287b26094722152989cbf68d
http://security.ubuntu.com/ubuntu/pool/universe/c/cmake/cmake-gui_2.6.0-4ubuntu2.1_amd64.deb
Size/MD5: 1772702 8e12e02b3614acc99bdb53feb1b746e1

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.6.0-4ubuntu2.1_i386.deb
Size/MD5: 7501566 dc6ea30046469b047921ac7c390fdaf5
http://security.ubuntu.com/ubuntu/pool/universe/c/cmake/cmake-gui_2.6.0-4ubuntu2.1_i386.deb
Size/MD5: 1742578 207d27cfebb112d24bdbf65437c11a34

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/c/cmake/cmake_2.6.0-4ubuntu2.1_lpia.deb
Size/MD5: 7620894 3c4841d74f829b790d68facb4289d124
http://ports.ubuntu.com/pool/universe/c/cmake/cmake-gui_2.6.0-4ubuntu2.1_lpia.deb
Size/MD5: 1770858 22a3eeef881a72ebb5e28463df324bc2

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/c/cmake/cmake_2.6.0-4ubuntu2.1_powerpc.deb
Size/MD5: 7694198 3f6a00a9deae3edda8c19c2c645be864
http://ports.ubuntu.com/pool/universe/c/cmake/cmake-gui_2.6.0-4ubuntu2.1_powerpc.deb
Size/MD5: 1792360 60da0c6cdc7fc11dfac10ef4b00aa588

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/c/cmake/cmake_2.6.0-4ubuntu2.1_sparc.deb
Size/MD5: 7696576 7725dd1c71b483b6d57b6ff9e2e16655
http://ports.ubuntu.com/pool/universe/c/cmake/cmake-gui_2.6.0-4ubuntu2.1_sparc.deb
Size/MD5: 1789250 7dace86e239c8e71290eca7e4c29126a

Updated packages for Ubuntu 9.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.6.2-1ubuntu1.1.diff.gz
Size/MD5: 28215 1aa2652fdd0711a9c58614fcf13b73c5
http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.6.2-1ubuntu1.1.dsc
Size/MD5: 1241 a001577d3d45df9bd41d6fb80307561f
http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.6.2.orig.tar.gz
Size/MD5: 3543548 9e82aa3beb991aa8e5797cf330618d42

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.6.2-1ubuntu1.1_amd64.deb
Size/MD5: 8007590 9c2ac087a4ac56485388575feb92fdf6
http://security.ubuntu.com/ubuntu/pool/universe/c/cmake/cmake-gui_2.6.2-1ubuntu1.1_amd64.deb
Size/MD5: 1822586 f70ed4aa0602d577d2715cbe0080fe30

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/c/cmake/cmake_2.6.2-1ubuntu1.1_i386.deb
Size/MD5: 7881542 cb66a414801daf0b4f470cdd1b086954
http://security.ubuntu.com/ubuntu/pool/universe/c/cmake/cmake-gui_2.6.2-1ubuntu1.1_i386.deb
Size/MD5: 1790112 50a29ca0d173992162b348b24ef45f5c

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/c/cmake/cmake_2.6.2-1ubuntu1.1_lpia.deb
Size/MD5: 8004730 246213701cf12b36577a6e9076e0d219
http://ports.ubuntu.com/pool/universe/c/cmake/cmake-gui_2.6.2-1ubuntu1.1_lpia.deb
Size/MD5: 1819698 1cf8173dbc8f14e17f2a63510a29f7da

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/c/cmake/cmake_2.6.2-1ubuntu1.1_powerpc.deb
Size/MD5: 8077794 e5bf93fad8f4335ba748a6f7244ffb70
http://ports.ubuntu.com/pool/universe/c/cmake/cmake-gui_2.6.2-1ubuntu1.1_powerpc.deb
Size/MD5: 1840362 ef93012a5d74ae00b323396db61e1d98

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/c/cmake/cmake_2.6.2-1ubuntu1.1_sparc.deb
Size/MD5: 8066556 61e07c3d66649dd2f56a81a1a9d5b4a2
http://ports.ubuntu.com/pool/universe/c/cmake/cmake-gui_2.6.2-1ubuntu1.1_sparc.deb
Size/MD5: 1834274 889b932bc20c732ffb887fc88eb1a215



Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages