gnewsense-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gNewSense-users] [Fwd: [Full-disclosure] [USN-446-1] NAS vulnerabilitie

From: rek2 GNU/Linux LO LO LO
Subject: [gNewSense-users] [Fwd: [Full-disclosure] [USN-446-1] NAS vulnerabilities]
Date: Wed, 28 Mar 2007 10:55:11 -0400
User-agent: Thunderbird 2.0b2 (X11/20070212) 
Since we pull from K/Ubuntu... FYI:

-------- Original Message --------
Subject:        [Full-disclosure] [USN-446-1] NAS vulnerabilities
Date:   Tue, 27 Mar 2007 22:55:29 -0700
From:   Kees Cook <address@hidden>
Organization:   Ubuntu
To:     address@hidden
CC:     address@hidden, address@hidden
=========================================================== Ubuntu Security Notice USN-446-1 March 28, 2007 
nas vulnerabilities
CVE-2007-1543, CVE-2007-1544, CVE-2007-1545, CVE-2007-1546, CVE-2007-1547
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
 nas                                      1.7-2ubuntu2.1

Ubuntu 6.06 LTS:
 nas                                      1.7-3ubuntu3.2

Ubuntu 6.10:
 nas                                      1.8-2ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:
Luigi Auriemma discovered multiple flaws in the Network Audio System server. Remote attackers could send specially crafted network requests that could lead to a denial of service or execution of arbitrary code. Note that default Ubuntu installs do not include the NAS server. 


Updated packages for Ubuntu 5.10:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.7-2ubuntu2.1.diff.gz
     Size/MD5:   124147 332f758365415875e2fad07237f9278c
   http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.7-2ubuntu2.1.dsc
     Size/MD5:      730 ee6f6df697aec1ec7a29d47f6c9a51e6
   http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.7.orig.tar.gz
     Size/MD5:  1288569 c9918e9c9c95d587a95b455bbabe3b49

 Architecture independent packages:

   
http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas-doc_1.7-2ubuntu2.1_all.deb
     Size/MD5:   150542 ae7b918f6a06202e697059870461e187

 amd64 architecture (Athlon64, Opteron, EM64T Xeon)

   
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-2ubuntu2.1_amd64.deb
     Size/MD5:   540818 c8fa856d7349f9e12534e3d709b6ba07
   
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-2ubuntu2.1_amd64.deb
     Size/MD5:    75436 a5e2e99650cae805190432b3c2114b0a
   
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-2ubuntu2.1_amd64.deb
     Size/MD5:   529074 4fc9011d47a586d02750bcd9ad84cdb8
   
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-2ubuntu2.1_amd64.deb
     Size/MD5:   103706 e17e40e6e65bccdc622b6d2be87fcc9b

 i386 architecture (x86 compatible Intel/AMD)

   
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-2ubuntu2.1_i386.deb
     Size/MD5:   486146 e1f56f4633c4add7c8e4b76cc2e81196
   
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-2ubuntu2.1_i386.deb
     Size/MD5:    70132 5664d1a64bdd73ffdeaa0127eec445c5
   
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-2ubuntu2.1_i386.deb
     Size/MD5:   464716 365ea3a2a6bd9a098c3c97d3150b28ca
   
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-2ubuntu2.1_i386.deb
     Size/MD5:    91842 c24df4f0fffa84da67e7c8a40031dc0d

 powerpc architecture (Apple Macintosh G3/G4/G5)

   
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-2ubuntu2.1_powerpc.deb
     Size/MD5:   553780 f5414461809394dafbb5ec087a49e1e6
   
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-2ubuntu2.1_powerpc.deb
     Size/MD5:    74904 f354c5adcaf9458f4407007b32374b0c
   
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-2ubuntu2.1_powerpc.deb
     Size/MD5:   531104 c60b5d7bf26c6783b9c666ee2c80fcaa
   
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-2ubuntu2.1_powerpc.deb
     Size/MD5:   101502 9414403556f37f361431706d25a53322

 sparc architecture (Sun SPARC/UltraSPARC)

   
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-2ubuntu2.1_sparc.deb
     Size/MD5:   500100 322f31a7d9f6ffd85256d79f9cfbdb73
   
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-2ubuntu2.1_sparc.deb
     Size/MD5:    70350 d21dc792aa7c05411bea50cc1ce11c17
   
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-2ubuntu2.1_sparc.deb
     Size/MD5:   473872 d6dfb963b07fecec31a46f6fa5013f79
   
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-2ubuntu2.1_sparc.deb
     Size/MD5:    95996 7e3c2aa190df5cfdb6cddc2d2ef88b8b

Updated packages for Ubuntu 6.06 LTS:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.7-3ubuntu3.2.diff.gz
     Size/MD5:   125275 e9316af5b0d46add5e549b33a4bcb1b8
   http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.7-3ubuntu3.2.dsc
     Size/MD5:      738 a4b4807d1594af28ff5e4a0abef06492
   http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.7.orig.tar.gz
     Size/MD5:  1288569 c9918e9c9c95d587a95b455bbabe3b49

 Architecture independent packages:

   
http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas-doc_1.7-3ubuntu3.2_all.deb
     Size/MD5:   150638 187aa7c18e5eb18767a407e70dbdd890

 amd64 architecture (Athlon64, Opteron, EM64T Xeon)

   
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-3ubuntu3.2_amd64.deb
     Size/MD5:   537496 cf840b32a05e2e222d7b10f90bda7334
   
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-3ubuntu3.2_amd64.deb
     Size/MD5:    75578 16b0706a472e0609e05dce510f7f981b
   
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-3ubuntu3.2_amd64.deb
     Size/MD5:   529432 48d7008046fa99f8b554e5ab3932ba3e
   
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-3ubuntu3.2_amd64.deb
     Size/MD5:   104656 34c02a1947fb76d1fbe9710dd6df5116

 i386 architecture (x86 compatible Intel/AMD)

   
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-3ubuntu3.2_i386.deb
     Size/MD5:   483858 4e614dce3393afa53f1fd4ebf38878a1
   
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-3ubuntu3.2_i386.deb
     Size/MD5:    70136 b66f4a7250047f1aee828a8b509fb3d3
   
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-3ubuntu3.2_i386.deb
     Size/MD5:   464304 d76701b80c524c9b1cf76e62665e416a
   
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-3ubuntu3.2_i386.deb
     Size/MD5:    92824 c238846647d5f2127a08c4c27bdca14f

 powerpc architecture (Apple Macintosh G3/G4/G5)

   
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-3ubuntu3.2_powerpc.deb
     Size/MD5:   553162 d55bcbb414e5232358542fe2feb00f1d
   
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-3ubuntu3.2_powerpc.deb
     Size/MD5:    74974 1dcef91879ff0d615273c8469c5820e8
   
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-3ubuntu3.2_powerpc.deb
     Size/MD5:   529856 6acae7ef312e28c23265bc75862f5510
   
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-3ubuntu3.2_powerpc.deb
     Size/MD5:   102642 5e19cf9fe84b8dec4c86b8dc14abc715

 sparc architecture (Sun SPARC/UltraSPARC)

   
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-3ubuntu3.2_sparc.deb
     Size/MD5:   495218 034c2f89030aaf0665595b77a238c621
   
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-3ubuntu3.2_sparc.deb
     Size/MD5:    70282 d486beda5c19b1fee14c34056771cdc3
   
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-3ubuntu3.2_sparc.deb
     Size/MD5:   470660 76d261ee5e688a40b8336c3564465064
   
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-3ubuntu3.2_sparc.deb
     Size/MD5:    96572 468b4ea95fbd35a756dd37209672c81a

Updated packages for Ubuntu 6.10:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.8-2ubuntu0.1.diff.gz
     Size/MD5:   486360 6f70fb0b12d28fc4047bafab1f05ad4e
   http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.8-2ubuntu0.1.dsc
     Size/MD5:      741 f6364e27c83d39993587fa6df5d33fcf
   http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.8.orig.tar.gz
     Size/MD5:  1290578 7e5ecab75a48c75b0c6305fcced34a97

 Architecture independent packages:

   
http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas-doc_1.8-2ubuntu0.1_all.deb
     Size/MD5:   151512 47a5b58301b632434c20f7e676e2b8b8

 amd64 architecture (Athlon64, Opteron, EM64T Xeon)

   
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.8-2ubuntu0.1_amd64.deb
     Size/MD5:   530554 95e890a585ccb1a5bf5f2f11c2a0f3f3
   
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.8-2ubuntu0.1_amd64.deb
     Size/MD5:    76418 b0cbe51548e3be240c8e28a79e3358e7
   
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.8-2ubuntu0.1_amd64.deb
     Size/MD5:   531858 6fb0694366e749673ef394cd6d8034fa
   
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.8-2ubuntu0.1_amd64.deb
     Size/MD5:   107686 86dcdb055ed7565066936ffe447c285f

 i386 architecture (x86 compatible Intel/AMD)

   
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.8-2ubuntu0.1_i386.deb
     Size/MD5:   500982 b7f07eda337d5ca9d6b7a0e7f045c795
   
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.8-2ubuntu0.1_i386.deb
     Size/MD5:    73154 f2479e362021178cd58f32ee1e047b58
   
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.8-2ubuntu0.1_i386.deb
     Size/MD5:   491312 f692b013ec19670122bb0d08a85c73d2
   
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.8-2ubuntu0.1_i386.deb
     Size/MD5:    98656 60ee6df2b99ff93aab4f6f291d00f260

 powerpc architecture (Apple Macintosh G3/G4/G5)

   
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.8-2ubuntu0.1_powerpc.deb
     Size/MD5:   554626 3f0e29a26c43ded0b67b08a326b377eb
   
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.8-2ubuntu0.1_powerpc.deb
     Size/MD5:    76554 9690b68e179d84688fd483983f8ad661
   
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.8-2ubuntu0.1_powerpc.deb
     Size/MD5:   540452 6e69ca01a4471838ee5dbdafd480e969
   
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.8-2ubuntu0.1_powerpc.deb
     Size/MD5:   107366 26369bf75e7292029a0fe138df14c251

 sparc architecture (Sun SPARC/UltraSPARC)

   
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.8-2ubuntu0.1_sparc.deb
     Size/MD5:   492578 3005b9b8efce6ce23d88affd0080e5ae
   
http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.8-2ubuntu0.1_sparc.deb
     Size/MD5:    71502 ff149d04c07b629e87826eeb5bc30750
   
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.8-2ubuntu0.1_sparc.deb
     Size/MD5:   477328 79742d8dfa73f401215bead40576e81c
   
http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.8-2ubuntu0.1_sparc.deb
     Size/MD5:   100758 137f01e00b44096dfb33e13dd2fe584f

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Attachment: rek2.vcf
Description: Vcard

reply via email to
[Prev in Thread] Current Thread [Next in Thread]