[USN-151-4] rpm vulnerability

From: Martin Pitt (martin.pitt_at_canonical.com)
Date: 11/09/05

  • Next message: security-alert_at_hp.com: "[security bulletin] SSRT051041 Revised - HP-UX Mozilla Remote Unauthorized Execution of Privileged Code or Denial of Service (DoS)"
    Date: Wed, 9 Nov 2005 13:21:37 -0500
    To: ubuntu-security-announce@lists.ubuntu.com
    
    
    

    ===========================================================
    Ubuntu Security Notice USN-151-4 November 09, 2005
    rpm vulnerability
    CVE-2005-1849, CVE-2005-2096
    ===========================================================

    A security issue affects the following Ubuntu releases:

    Ubuntu 4.10 (Warty Warthog)
    Ubuntu 5.04 (Hoary Hedgehog)
    Ubuntu 5.10 (Breezy Badger)

    The following packages are affected:

    lsb-rpm

    The problem can be corrected by upgrading the affected package to
    version 4.0.4-28ubuntu2.1 (for Ubuntu 4.10), 4.0.4-29ubuntu1.1 (for
    Ubuntu 5.04), or 4.0.4-31ubuntu1.1 (for Ubuntu 5.10). In general, a
    standard system upgrade is sufficient to effect the necessary changes.

    Details follow:

    USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could
    be exploited to cause Denial of Service attacks or even arbitrary code
    execution with malicious data streams.

    Since lsb-rpm is statically linked against the zlib library, it is also
    affected by these issues. The updated packagages have been rebuilt
    against the fixed zlib.

    Please note that lsb-rpm is not officially supported (it is in the "universe"
    component of the archive).

    Updated packages for Ubuntu 4.10:

      Source archives:

        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-28ubuntu2.1.diff.gz
          Size/MD5: 104152 3512e5a5982e80eec9c47097c1abcab0
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-28ubuntu2.1.dsc
          Size/MD5: 743 75a216bf04376b2965fdc6f421da9117
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4.orig.tar.gz
          Size/MD5: 5865692 b0c3093d2f0d850760e59ac1db9bf152

      amd64 architecture (Athlon64, Opteron, EM64T Xeon)

        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-28ubuntu2.1_amd64.deb
          Size/MD5: 484306 8d65173dc64656d07670eb76ef50c48c
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-28ubuntu2.1_amd64.deb
          Size/MD5: 382618 ab876104c24d65d40a42f4464b2cc2a4
        http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-28ubuntu2.1_amd64.deb
          Size/MD5: 879240 1e904758215537cb71185114d2d2fdce
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-28ubuntu2.1_amd64.deb
          Size/MD5: 519706 be983d50f61cfd0260617aa1a5364686

      i386 architecture (x86 compatible Intel/AMD)

        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-28ubuntu2.1_i386.deb
          Size/MD5: 437176 6b366219315af863fbdaea691badc6e1
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-28ubuntu2.1_i386.deb
          Size/MD5: 359618 b395c5dc497897b59e64d389b0f06060
        http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-28ubuntu2.1_i386.deb
          Size/MD5: 815882 f4c442e7de8efd84c6f649debcd34200
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-28ubuntu2.1_i386.deb
          Size/MD5: 516424 a16cc0c0303275537df571a683b48c61

      powerpc architecture (Apple Macintosh G3/G4/G5)

        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-28ubuntu2.1_powerpc.deb
          Size/MD5: 509710 89a59a25b06bd82d9b279ce44bff12b5
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-28ubuntu2.1_powerpc.deb
          Size/MD5: 386056 3f02d5ed65df1a5924d0b58f61966e03
        http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-28ubuntu2.1_powerpc.deb
          Size/MD5: 906620 b81695bb99a459690415851b704016b8
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-28ubuntu2.1_powerpc.deb
          Size/MD5: 525366 8a6775242836a0ff0f031508a9b7f1f6

    Updated packages for Ubuntu 5.04:

      Source archives:

        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-29ubuntu1.1.diff.gz
          Size/MD5: 104605 ded8ebf7a2e2f17f3c73eb761b2e688d
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-29ubuntu1.1.dsc
          Size/MD5: 743 6cc9d90aa7fc16b8f4b4bc0943e0999c
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4.orig.tar.gz
          Size/MD5: 5865692 b0c3093d2f0d850760e59ac1db9bf152

      amd64 architecture (Athlon64, Opteron, EM64T Xeon)

        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-29ubuntu1.1_amd64.deb
          Size/MD5: 484510 031b93a22f11539c77bdde4c7a7fd942
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-29ubuntu1.1_amd64.deb
          Size/MD5: 382960 f3d2183092c18d4d955dc9f47b8bfd85
        http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-29ubuntu1.1_amd64.deb
          Size/MD5: 917666 fbed813e6386fb855bad364297231dcd
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-29ubuntu1.1_amd64.deb
          Size/MD5: 246620 0d4597422332fe23e596e6843399d5a2

      i386 architecture (x86 compatible Intel/AMD)

        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-29ubuntu1.1_i386.deb
          Size/MD5: 437506 c9d45c2c612849165cb24c4a696b2d99
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-29ubuntu1.1_i386.deb
          Size/MD5: 360084 62ff35425b9a1282faf601a8b6a42a46
        http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-29ubuntu1.1_i386.deb
          Size/MD5: 817326 f02954eba6d51835d4687ab8f201a94a
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-29ubuntu1.1_i386.deb
          Size/MD5: 242144 3aa62cae004a512e77e5400b4dcdad58

      powerpc architecture (Apple Macintosh G3/G4/G5)

        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-29ubuntu1.1_powerpc.deb
          Size/MD5: 510066 f1e4b85c2a191683779cc924713c6089
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-29ubuntu1.1_powerpc.deb
          Size/MD5: 386662 9ffd067e2f4909b51252fb821e18f918
        http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-29ubuntu1.1_powerpc.deb
          Size/MD5: 892954 d7aede34a0ed6bcc492bbfe264f23d08
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-29ubuntu1.1_powerpc.deb
          Size/MD5: 249702 0aa79e831af41fdf66149a03524ea95f

    Updated packages for Ubuntu 5.10:

      Source archives:

        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-31ubuntu1.1.diff.gz
          Size/MD5: 105623 8e2337bba9b6c8c027bdb68eb75aafc0
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-31ubuntu1.1.dsc
          Size/MD5: 794 d33a163ca10c82c64617b746fb477317
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4.orig.tar.gz
          Size/MD5: 5865692 b0c3093d2f0d850760e59ac1db9bf152

      amd64 architecture (Athlon64, Opteron, EM64T Xeon)

        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-31ubuntu1.1_amd64.deb
          Size/MD5: 495044 c31549b7e13a14e0893188bf6cb2f6c9
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-31ubuntu1.1_amd64.deb
          Size/MD5: 394174 c7c3a20b9e7fbb06a289db6f364fd6a6
        http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-31ubuntu1.1_amd64.deb
          Size/MD5: 983332 f33776b4ce3d03ef05df2ce3c0506189
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-31ubuntu1.1_amd64.deb
          Size/MD5: 246344 218b855da8afb60b9cb0b8c080593820

      i386 architecture (x86 compatible Intel/AMD)

        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-31ubuntu1.1_i386.deb
          Size/MD5: 437468 303a7fcf82954da89bd2cee396ce6ba6
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-31ubuntu1.1_i386.deb
          Size/MD5: 362410 35532ce8b4cdcdce6ae2408bda1384fa
        http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-31ubuntu1.1_i386.deb
          Size/MD5: 841566 88c9fa9c782451462f2d2b94d8b73431
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-31ubuntu1.1_i386.deb
          Size/MD5: 242302 a6fc5dd5819b6f76431e32e095d9e971

      powerpc architecture (Apple Macintosh G3/G4/G5)

        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-31ubuntu1.1_powerpc.deb
          Size/MD5: 505094 82125d87ee950a5445d123cc487513df
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-31ubuntu1.1_powerpc.deb
          Size/MD5: 385584 6871ddddccc683c0e2c37aec8426850b
        http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-31ubuntu1.1_powerpc.deb
          Size/MD5: 1015290 c34ad68589b0eebaba5b99c6f1ee95f5
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-31ubuntu1.1_powerpc.deb
          Size/MD5: 250512 dcea419a1d0640e65d4889d392b8353e

    
    



  • Next message: security-alert_at_hp.com: "[security bulletin] SSRT051041 Revised - HP-UX Mozilla Remote Unauthorized Execution of Privileged Code or Denial of Service (DoS)"

    Relevant Pages