[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 741/06 - Ubuntu Security Notice: USN-379-1 - texinfo vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

 UNIRAS (UK Government CERT) Briefing - 741/06 dated 10.11.06 time 14:00
 UNIRAS is part of NISCC (the UK National Infrastructure Security
 Co-ordination Centre)
______________________________________________________________________________

 UNIRAS material is available from the NISCC website at www.niscc.gov.uk
______________________________________________________________________________

Title
=====

Ubuntu Security Notice: USN-379-1 - texinfo vulnerability

Detail
======

Miloslav Trmac discovered a buffer overflow in texinfo's index 
processor.  If a user is tricked into processing a .texi file with 
texindex, this could lead to arbitrary code execution with user 
privileges.


=========================================================== 
Ubuntu Security Notice USN-379-1          November 09, 2006
texinfo vulnerability
CVE-2006-4810
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  texinfo                                  4.7-2.2ubuntu2.2

Ubuntu 6.06 LTS:
  texinfo                                  4.8-4ubuntu0.1

Ubuntu 6.10:
  texinfo                                  4.8.dfsg.1-1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Miloslav Trmac discovered a buffer overflow in texinfo's index 
processor.  If a user is tricked into processing a .texi file with 
texindex, this could lead to arbitrary code execution with user 
privileges.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.7-2.2ubuntu2.2.diff.gz
      Size/MD5:    11833 dbf91981a497afa47113442ce4ed0533
    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.7-2.2ubuntu2.2.dsc
      Size/MD5:      628 480efa82cf08b6963a177bb604e0371e
    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.7.orig.tar.gz
      Size/MD5:  1979183 72a57e378efb9898c9e41ca839554dae

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.7-2.2ubuntu2.2_amd64.deb
      Size/MD5:   192672 f51581a20b86f59af743f9547548c954
    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.7-2.2ubuntu2.2_amd64.deb
      Size/MD5:   493882 a0b44c7e6a7e480a83ed408bb6800534

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.7-2.2ubuntu2.2_i386.deb
      Size/MD5:   177692 2613c823cba8d7708ef57fe4077d5db8
    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.7-2.2ubuntu2.2_i386.deb
      Size/MD5:   473330 01b7874093bcff3bdaa7d21230436e09

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.7-2.2ubuntu2.2_powerpc.deb
      Size/MD5:   191208 5d82f615d46977241c4a3e6522198401
    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.7-2.2ubuntu2.2_powerpc.deb
      Size/MD5:   485964 04f7d4dc025281ca7bb7ff540cdf1a9c

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.7-2.2ubuntu2.2_sparc.deb
      Size/MD5:   181058 37f778e57466fb9877aa811e8cd94b5b
    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.7-2.2ubuntu2.2_sparc.deb
      Size/MD5:   481292 2d54253517e006ee699b8e16d6a1ea25

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8-4ubuntu0.1.diff.gz
      Size/MD5:    19252 ee6ac44a36a7ed2e8cc47e1c2c284da5
    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8-4ubuntu0.1.dsc
      Size/MD5:      633 0c2b881a99eb3ad4339fc50950972b61
    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8.orig.tar.gz
      Size/MD5:  2140626 4e9a1a591ed236003d0d4b008bf07eef

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.8-4ubuntu0.1_amd64.deb
      Size/MD5:   229240 86e76ba873bd62de9af444c19e57ad3a
    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8-4ubuntu0.1_amd64.deb
      Size/MD5:   852588 1d838a30c689d19a73ce03c317c4f70c

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.8-4ubuntu0.1_i386.deb
      Size/MD5:   214256 1cf7872794bde31aabb86c46fe391efd
    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8-4ubuntu0.1_i386.deb
      Size/MD5:   829570 aee0c9143502a4a5e4f9e609efcab148

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.8-4ubuntu0.1_powerpc.deb
      Size/MD5:   227110 15865da8beaed2861f16d6b2cc2256b2
    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8-4ubuntu0.1_powerpc.deb
      Size/MD5:   843556 48bf74169ae31bd35ca88d0ac848ca34

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.8-4ubuntu0.1_sparc.deb
      Size/MD5:   217200 47affbbec4b08430599eaeb4165ae655
    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8-4ubuntu0.1_sparc.deb
      Size/MD5:   836036 41e7f10f98c1c8b9785a9e1554cc5eee

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8.dfsg.1-1ubuntu0.1.diff.gz
      Size/MD5:   100133 b8aa5026ba781447623b5dca13c16adf
    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8.dfsg.1-1ubuntu0.1.dsc
      Size/MD5:      655 6186cfa19347067109a79dc335e45e67
    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8.dfsg.1.orig.tar.gz
      Size/MD5:  1926534 614273ac8568a25926aae374cd9a6683

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.8.dfsg.1-1ubuntu0.1_amd64.deb
      Size/MD5:   176152 129a8486cff04779d1ea839ca0246eb9
    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8.dfsg.1-1ubuntu0.1_amd64.deb
      Size/MD5:   318218 ec83d76fe3ed49d3941b7b2429e6aaf9

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.8.dfsg.1-1ubuntu0.1_i386.deb
      Size/MD5:   163446 1cb94cd6cd61a08fe57cbf760330fdda
    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8.dfsg.1-1ubuntu0.1_i386.deb
      Size/MD5:   298598 2df120b6e3cccbf5d4981bbccc438778

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.8.dfsg.1-1ubuntu0.1_powerpc.deb
      Size/MD5:   174196 01cf7f495443794e667b2039bdc3a0aa
    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8.dfsg.1-1ubuntu0.1_powerpc.deb
      Size/MD5:   310246 30b317a623898ecfdaf3e96b603816ba

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.8.dfsg.1-1ubuntu0.1_sparc.deb
      Size/MD5:   164286 a3c0ed9ca8d975f4780b891122b259ee
    http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8.dfsg.1-1ubuntu0.1_sparc.deb
      Size/MD5:   302436 d47dfb713bc7aa13d75c95e2dfe04073




______________________________________________________________________________

NISCC values your feedback.

1. Which of the following most reflects the value of the briefing to you?
(Place an 'X' next to your choice)

Very useful:__ Useful:__ Not useful:__ 

2. If you did not find it useful, why not?


3. Any other comments? How could we improve our briefings?


Thank you for your contribution.
______________________________________________________________________________

For additional information or assistance, please contact our help desk
by telephone.  You may send Not Protectively Marked information via
e-mail to uniras@xxxxxxxxxxxxx

Office hours:

Mon - Fri: 08:30 - 17:00 hours
Tel: +44 (0) 870 487 0748 and follow the voice prompts
Fax: +44 (0) 870 487 0749

On-call duty officer outside office hours:
Tel: +44 (0) 870 487 0748 and follow the voice prompts

______________________________________________________________________________

UNIRAS wishes to acknowledge the contributions of Ubuntu for the
information contained in this briefing.
______________________________________________________________________________

This notice contains information released by the original author.
Some of the information may have changed since it was released. If the
vulnerability affects you, it may be prudent to retrieve the advisory
from the site of the original source to ensure that you receive the most
current information concerning that problem.

Reference to any specific commercial product, process, or service by
trade name, trademark manufacturer, or otherwise, does not constitute or
imply its endorsement, recommendation, or favouring by UNIRAS or NISCC.
The views and opinions of authors expressed within this notice shall not
be used for advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors
or omissions contained within this briefing notice. In particular, they
shall not be liable for any loss or damage whatsoever, arising from or
in connection with the usage of information contained within this
notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams
(FIRST) and has contacts with other international Incident Response
Teams (IRTs) in order to foster cooperation and coordination in incident
prevention, to prompt rapid reaction to incidents, and to promote
information sharing amongst its members and the community at large.
______________________________________________________________________________

<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBRVSFrGl7oeQsXfKvEQLx3QCeOF0XByHI+Xr6PbB8Wx+UiklAFMUAn3L7
g6H2u5eetBn5vv4/4WsxRvqn
=8dju
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________