[USN-151-4] rpm vulnerability

From: Martin Pitt (martin.pitt_at_canonical.com)
Date: 11/09/05

  • Next message: security-alert_at_hp.com: "[security bulletin] SSRT051041 Revised - HP-UX Mozilla Remote Unauthorized Execution of Privileged Code or Denial of Service (DoS)"
    Date: Wed, 9 Nov 2005 13:21:37 -0500
    To: ubuntu-security-announce@lists.ubuntu.com
    
    
    

    ===========================================================
    Ubuntu Security Notice USN-151-4 November 09, 2005
    rpm vulnerability
    CVE-2005-1849, CVE-2005-2096
    ===========================================================

    A security issue affects the following Ubuntu releases:

    Ubuntu 4.10 (Warty Warthog)
    Ubuntu 5.04 (Hoary Hedgehog)
    Ubuntu 5.10 (Breezy Badger)

    The following packages are affected:

    lsb-rpm

    The problem can be corrected by upgrading the affected package to
    version 4.0.4-28ubuntu2.1 (for Ubuntu 4.10), 4.0.4-29ubuntu1.1 (for
    Ubuntu 5.04), or 4.0.4-31ubuntu1.1 (for Ubuntu 5.10). In general, a
    standard system upgrade is sufficient to effect the necessary changes.

    Details follow:

    USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could
    be exploited to cause Denial of Service attacks or even arbitrary code
    execution with malicious data streams.

    Since lsb-rpm is statically linked against the zlib library, it is also
    affected by these issues. The updated packagages have been rebuilt
    against the fixed zlib.

    Please note that lsb-rpm is not officially supported (it is in the "universe"
    component of the archive).

    Updated packages for Ubuntu 4.10:

      Source archives:

        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-28ubuntu2.1.diff.gz
          Size/MD5: 104152 3512e5a5982e80eec9c47097c1abcab0
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-28ubuntu2.1.dsc
          Size/MD5: 743 75a216bf04376b2965fdc6f421da9117
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4.orig.tar.gz
          Size/MD5: 5865692 b0c3093d2f0d850760e59ac1db9bf152

      amd64 architecture (Athlon64, Opteron, EM64T Xeon)

        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-28ubuntu2.1_amd64.deb
          Size/MD5: 484306 8d65173dc64656d07670eb76ef50c48c
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-28ubuntu2.1_amd64.deb
          Size/MD5: 382618 ab876104c24d65d40a42f4464b2cc2a4
        http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-28ubuntu2.1_amd64.deb
          Size/MD5: 879240 1e904758215537cb71185114d2d2fdce
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-28ubuntu2.1_amd64.deb
          Size/MD5: 519706 be983d50f61cfd0260617aa1a5364686

      i386 architecture (x86 compatible Intel/AMD)

        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-28ubuntu2.1_i386.deb
          Size/MD5: 437176 6b366219315af863fbdaea691badc6e1
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-28ubuntu2.1_i386.deb
          Size/MD5: 359618 b395c5dc497897b59e64d389b0f06060
        http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-28ubuntu2.1_i386.deb
          Size/MD5: 815882 f4c442e7de8efd84c6f649debcd34200
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-28ubuntu2.1_i386.deb
          Size/MD5: 516424 a16cc0c0303275537df571a683b48c61

      powerpc architecture (Apple Macintosh G3/G4/G5)

        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-28ubuntu2.1_powerpc.deb
          Size/MD5: 509710 89a59a25b06bd82d9b279ce44bff12b5
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-28ubuntu2.1_powerpc.deb
          Size/MD5: 386056 3f02d5ed65df1a5924d0b58f61966e03
        http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-28ubuntu2.1_powerpc.deb
          Size/MD5: 906620 b81695bb99a459690415851b704016b8
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-28ubuntu2.1_powerpc.deb
          Size/MD5: 525366 8a6775242836a0ff0f031508a9b7f1f6

    Updated packages for Ubuntu 5.04:

      Source archives:

        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-29ubuntu1.1.diff.gz
          Size/MD5: 104605 ded8ebf7a2e2f17f3c73eb761b2e688d
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-29ubuntu1.1.dsc
          Size/MD5: 743 6cc9d90aa7fc16b8f4b4bc0943e0999c
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4.orig.tar.gz
          Size/MD5: 5865692 b0c3093d2f0d850760e59ac1db9bf152

      amd64 architecture (Athlon64, Opteron, EM64T Xeon)

        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-29ubuntu1.1_amd64.deb
          Size/MD5: 484510 031b93a22f11539c77bdde4c7a7fd942
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-29ubuntu1.1_amd64.deb
          Size/MD5: 382960 f3d2183092c18d4d955dc9f47b8bfd85
        http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-29ubuntu1.1_amd64.deb
          Size/MD5: 917666 fbed813e6386fb855bad364297231dcd
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-29ubuntu1.1_amd64.deb
          Size/MD5: 246620 0d4597422332fe23e596e6843399d5a2

      i386 architecture (x86 compatible Intel/AMD)

        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-29ubuntu1.1_i386.deb
          Size/MD5: 437506 c9d45c2c612849165cb24c4a696b2d99
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-29ubuntu1.1_i386.deb
          Size/MD5: 360084 62ff35425b9a1282faf601a8b6a42a46
        http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-29ubuntu1.1_i386.deb
          Size/MD5: 817326 f02954eba6d51835d4687ab8f201a94a
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-29ubuntu1.1_i386.deb
          Size/MD5: 242144 3aa62cae004a512e77e5400b4dcdad58

      powerpc architecture (Apple Macintosh G3/G4/G5)

        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-29ubuntu1.1_powerpc.deb
          Size/MD5: 510066 f1e4b85c2a191683779cc924713c6089
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-29ubuntu1.1_powerpc.deb
          Size/MD5: 386662 9ffd067e2f4909b51252fb821e18f918
        http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-29ubuntu1.1_powerpc.deb
          Size/MD5: 892954 d7aede34a0ed6bcc492bbfe264f23d08
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-29ubuntu1.1_powerpc.deb
          Size/MD5: 249702 0aa79e831af41fdf66149a03524ea95f

    Updated packages for Ubuntu 5.10:

      Source archives:

        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-31ubuntu1.1.diff.gz
          Size/MD5: 105623 8e2337bba9b6c8c027bdb68eb75aafc0
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-31ubuntu1.1.dsc
          Size/MD5: 794 d33a163ca10c82c64617b746fb477317
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4.orig.tar.gz
          Size/MD5: 5865692 b0c3093d2f0d850760e59ac1db9bf152

      amd64 architecture (Athlon64, Opteron, EM64T Xeon)

        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-31ubuntu1.1_amd64.deb
          Size/MD5: 495044 c31549b7e13a14e0893188bf6cb2f6c9
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-31ubuntu1.1_amd64.deb
          Size/MD5: 394174 c7c3a20b9e7fbb06a289db6f364fd6a6
        http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-31ubuntu1.1_amd64.deb
          Size/MD5: 983332 f33776b4ce3d03ef05df2ce3c0506189
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-31ubuntu1.1_amd64.deb
          Size/MD5: 246344 218b855da8afb60b9cb0b8c080593820

      i386 architecture (x86 compatible Intel/AMD)

        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-31ubuntu1.1_i386.deb
          Size/MD5: 437468 303a7fcf82954da89bd2cee396ce6ba6
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-31ubuntu1.1_i386.deb
          Size/MD5: 362410 35532ce8b4cdcdce6ae2408bda1384fa
        http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-31ubuntu1.1_i386.deb
          Size/MD5: 841566 88c9fa9c782451462f2d2b94d8b73431
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-31ubuntu1.1_i386.deb
          Size/MD5: 242302 a6fc5dd5819b6f76431e32e095d9e971

      powerpc architecture (Apple Macintosh G3/G4/G5)

        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.0.4-31ubuntu1.1_powerpc.deb
          Size/MD5: 505094 82125d87ee950a5445d123cc487513df
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.0.4-31ubuntu1.1_powerpc.deb
          Size/MD5: 385584 6871ddddccc683c0e2c37aec8426850b
        http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.0.4-31ubuntu1.1_powerpc.deb
          Size/MD5: 1015290 c34ad68589b0eebaba5b99c6f1ee95f5
        http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.0.4-31ubuntu1.1_powerpc.deb
          Size/MD5: 250512 dcea419a1d0640e65d4889d392b8353e

    
    



  • Next message: security-alert_at_hp.com: "[security bulletin] SSRT051041 Revised - HP-UX Mozilla Remote Unauthorized Execution of Privileged Code or Denial of Service (DoS)"

    Relevant Pages

    • [Full-disclosure] [USN-151-4] rpm vulnerability
      ... Ubuntu 4.10 ... The following packages are affected: ... Source archives: ... amd64 architecture ...
      (Full-Disclosure)
    • [Full-disclosure] [USN-151-3] zlib vulnerabilities
      ... aide vulnerabilities ... Ubuntu 4.10 ... The following packages are affected: ... amd64 architecture ...
      (Full-Disclosure)
    • Re: Mint vs. Ubuntu
      ... I meant as ubuntu, I've not tried debian yet, I don't know why when I tried so many others, which are not anywhere near as usfeul. ... confuse -- you can have an Ubuntu system and add Mint wallpapers, ... Yes, the choice is there to install everything and the kitchen sink if you want, but out of the box experience is what counts with new users, if they have never used mint, and install ubuntu, they will have no idea what mint is like never mind wanting to install the themes from it. ... I had a lot of problems when upgrading packages for older ...
      (alt.os.linux)
    • [USN-151-3] zlib vulnerabilities
      ... aide vulnerabilities ... Ubuntu 4.10 ... The following packages are affected: ... amd64 architecture ...
      (Bugtraq)
    • [Full-disclosure] [USN-204-1] SSL library vulnerability
      ... Ubuntu 4.10 ... The following packages are affected: ... Yutaka Oiwa discovered a possible cryptographic weakness in OpenSSL ... amd64 architecture ...
      (Full-Disclosure)