Ubuntu 887-1: LibThai vulnerability

    Date18 Jan 2010
    CategoryUbuntu
    79
    Posted ByLinuxSecurity Advisories
    Tim Starling discovered that LibThai did not correctly handle long strings. A remote attacker could use specially-formed strings to execute arbitrary code with the user's privileges.
    Previous advisory was sent out with the wrong USN number.
    Here is the corrected version.
    
    ===========================================================
    Ubuntu Security Notice USN-887-1           January 18, 2010
    libthai vulnerability
    CVE-2009-4012
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 8.04 LTS
    Ubuntu 8.10
    Ubuntu 9.04
    Ubuntu 9.10
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 8.04 LTS:
      libthai0                        0.1.9-1ubuntu0.2
    
    Ubuntu 8.10:
      libthai0                        0.1.9-4ubuntu0.8.10.2
    
    Ubuntu 9.04:
      libthai0                        0.1.9-4ubuntu0.9.04.2
    
    Ubuntu 9.10:
      libthai0                        0.1.12-1ubuntu0.2
    
    In general, a standard system upgrade is sufficient to effect the
    necessary changes.
    
    Details follow:
    
    Tim Starling discovered that LibThai did not correctly handle long strings.
    A remote attacker could use specially-formed strings to execute arbitrary
    code with the user's privileges.
    
    
    Updated packages for Ubuntu 8.04 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai_0.1.9-1ubuntu0.2.diff.gz
          Size/MD5:     6466 72bf0da23ed8a2f39189713dedbb965e
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai_0.1.9-1ubuntu0.2.dsc
          Size/MD5:      993 1b50bb00875aefa37e771fbb603789bf
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai_0.1.9.orig.tar.gz
          Size/MD5:   491038 7002d111b293f202d20b28aa2b4ed68f
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai-data_0.1.9-1ubuntu0.2_all.deb
          Size/MD5:   163912 acc8b2d4149acb7fdd6b0376ba038f15
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai-doc_0.1.9-1ubuntu0.2_all.deb
          Size/MD5:    54766 60214363e101bdc494368f0779c1aa0d
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai-dev_0.1.9-1ubuntu0.2_amd64.deb
          Size/MD5:    70452 4e6e3e3980100f824a8f66212f186bb4
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai0_0.1.9-1ubuntu0.2_amd64.deb
          Size/MD5:    33890 72c71da6bf9b028f917ec9765fb247ea
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai-dev_0.1.9-1ubuntu0.2_i386.deb
          Size/MD5:    70156 e5a9c659a114f85634adf3c589ea1453
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai0_0.1.9-1ubuntu0.2_i386.deb
          Size/MD5:    32774 2b5f8cbabe865478ac8d35c1476a78d6
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/libt/libthai/libthai-dev_0.1.9-1ubuntu0.2_lpia.deb
          Size/MD5:    69290 2d0cc19d49d5f91219b0e9b231ff518c
        http://ports.ubuntu.com/pool/main/libt/libthai/libthai0_0.1.9-1ubuntu0.2_lpia.deb
          Size/MD5:    32572 34f6475a43166ea01d8f2851c09aee9d
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/libt/libthai/libthai-dev_0.1.9-1ubuntu0.2_powerpc.deb
          Size/MD5:    70758 2e481ac1ceae95ffc2be55bcee76e2ed
        http://ports.ubuntu.com/pool/main/libt/libthai/libthai0_0.1.9-1ubuntu0.2_powerpc.deb
          Size/MD5:    34166 b9ce41ff78ce6f708674859b278b3dc8
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/libt/libthai/libthai-dev_0.1.9-1ubuntu0.2_sparc.deb
          Size/MD5:    69752 070148bd718a1bb762871cde174bddc8
        http://ports.ubuntu.com/pool/main/libt/libthai/libthai0_0.1.9-1ubuntu0.2_sparc.deb
          Size/MD5:    32482 fad061e2d6e01d98ab4403eabbd6b4fe
    
    Updated packages for Ubuntu 8.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai_0.1.9-4ubuntu0.8.10.2.diff.gz
          Size/MD5:     7678 2d5d5cc3c4ca03d55d262ec8af15d8ee
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai_0.1.9-4ubuntu0.8.10.2.dsc
          Size/MD5:     1496 fae0a4b9061f1f679092b4a404345a39
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai_0.1.9.orig.tar.gz
          Size/MD5:   491038 7002d111b293f202d20b28aa2b4ed68f
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai-data_0.1.9-4ubuntu0.8.10.2_all.deb
          Size/MD5:   162144 0bb8f60e2839cceadc3ebea007e9f784
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai-doc_0.1.9-4ubuntu0.8.10.2_all.deb
          Size/MD5:    56976 66aa32016d03a69ec1bf263a40acbbc7
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai-dev_0.1.9-4ubuntu0.8.10.2_amd64.deb
          Size/MD5:    52186 a8a1c19db11a11cc177901a7394833dd
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai0_0.1.9-4ubuntu0.8.10.2_amd64.deb
          Size/MD5:    33158 95ef669908130c31e56a9bf868da33e8
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai-dev_0.1.9-4ubuntu0.8.10.2_i386.deb
          Size/MD5:    51690 0f1178f6f6c7f5ce77d689730375d0b6
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai0_0.1.9-4ubuntu0.8.10.2_i386.deb
          Size/MD5:    31976 0930ac31fc148c2352e8c388d703ae57
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/libt/libthai/libthai-dev_0.1.9-4ubuntu0.8.10.2_lpia.deb
          Size/MD5:    50880 c672333fcdc6507f8900a35db87085c3
        http://ports.ubuntu.com/pool/main/libt/libthai/libthai0_0.1.9-4ubuntu0.8.10.2_lpia.deb
          Size/MD5:    31798 6a0625ece56a49b51cf76212b6cfde79
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/libt/libthai/libthai-dev_0.1.9-4ubuntu0.8.10.2_powerpc.deb
          Size/MD5:    52276 a589a899ba44011b4a5e9da13dd16c01
        http://ports.ubuntu.com/pool/main/libt/libthai/libthai0_0.1.9-4ubuntu0.8.10.2_powerpc.deb
          Size/MD5:    33178 aad35bfd80d9140fa6f1eec5e023c5cc
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/libt/libthai/libthai-dev_0.1.9-4ubuntu0.8.10.2_sparc.deb
          Size/MD5:    51118 b31a7dcc0b7bfc1e31a4e1d225075154
        http://ports.ubuntu.com/pool/main/libt/libthai/libthai0_0.1.9-4ubuntu0.8.10.2_sparc.deb
          Size/MD5:    31662 9ba04f9331592c2eaffd0cc8537c979f
    
    Updated packages for Ubuntu 9.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai_0.1.9-4ubuntu0.9.04.2.diff.gz
          Size/MD5:     7681 78df620549a4369821a06526e77eea3d
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai_0.1.9-4ubuntu0.9.04.2.dsc
          Size/MD5:     1496 5d57d234fc11cf4df09773a23e674068
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai_0.1.9.orig.tar.gz
          Size/MD5:   491038 7002d111b293f202d20b28aa2b4ed68f
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai-data_0.1.9-4ubuntu0.9.04.2_all.deb
          Size/MD5:   162132 fe80b6c0e4fe83cea3d86c0bb2ea64be
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai-doc_0.1.9-4ubuntu0.9.04.2_all.deb
          Size/MD5:    57040 41394d51d9eeb4212a187b92db230647
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai-dev_0.1.9-4ubuntu0.9.04.2_amd64.deb
          Size/MD5:    52170 a5615a6428f8302bdb9b94e54c1c66da
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai0_0.1.9-4ubuntu0.9.04.2_amd64.deb
          Size/MD5:    33142 c0c19f872d39511428b8f7f41eb737bb
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai-dev_0.1.9-4ubuntu0.9.04.2_i386.deb
          Size/MD5:    51732 c41b1400801c0615eac9ec89952ee969
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai0_0.1.9-4ubuntu0.9.04.2_i386.deb
          Size/MD5:    32000 900055d2058386767ffee8adfd62e41f
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/libt/libthai/libthai-dev_0.1.9-4ubuntu0.9.04.2_lpia.deb
          Size/MD5:    50910 e3f85c2620b6ff46a51af55d13486029
        http://ports.ubuntu.com/pool/main/libt/libthai/libthai0_0.1.9-4ubuntu0.9.04.2_lpia.deb
          Size/MD5:    31814 806aa31a935ccd494dcf7fd1136b4c39
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/libt/libthai/libthai-dev_0.1.9-4ubuntu0.9.04.2_powerpc.deb
          Size/MD5:    52288 ab07a5332e338c9c97327815dedcc04e
        http://ports.ubuntu.com/pool/main/libt/libthai/libthai0_0.1.9-4ubuntu0.9.04.2_powerpc.deb
          Size/MD5:    33180 8f67ca7349ea484dfce710affb1dd3bf
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/libt/libthai/libthai-dev_0.1.9-4ubuntu0.9.04.2_sparc.deb
          Size/MD5:    51134 d0e593b775f9403c4d1ef4d226725f8f
        http://ports.ubuntu.com/pool/main/libt/libthai/libthai0_0.1.9-4ubuntu0.9.04.2_sparc.deb
          Size/MD5:    31632 48060eb78a8c6d979c2a8e96eedca519
    
    Updated packages for Ubuntu 9.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai_0.1.12-1ubuntu0.2.diff.gz
          Size/MD5:     8487 442572cdbc102b6a44da41bb9f7660c8
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai_0.1.12-1ubuntu0.2.dsc
          Size/MD5:     1447 85725672b69124bc28aff42834adf3b9
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai_0.1.12.orig.tar.gz
          Size/MD5:   491699 e206313d5a60ce98bc3be83d60373554
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai-data_0.1.12-1ubuntu0.2_all.deb
          Size/MD5:   194398 17df9ac8ba8448d0876677dd30965eec
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai-doc_0.1.12-1ubuntu0.2_all.deb
          Size/MD5:    62208 ce3f3ab866cdbaa7bb1cd5a3a3dd2a59
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai-dev_0.1.12-1ubuntu0.2_amd64.deb
          Size/MD5:    58170 df29ea97a370327b6c3a750344d17936
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai0_0.1.12-1ubuntu0.2_amd64.deb
          Size/MD5:    39996 65a9016641f8b2ad898eca9325a36113
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai-dev_0.1.12-1ubuntu0.2_i386.deb
          Size/MD5:    57656 05556be2ba038e9544065f26e9cebb3a
        http://security.ubuntu.com/ubuntu/pool/main/libt/libthai/libthai0_0.1.12-1ubuntu0.2_i386.deb
          Size/MD5:    38878 277f05648d5210c023fc7f4a33e6f542
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/libt/libthai/libthai-dev_0.1.12-1ubuntu0.2_lpia.deb
          Size/MD5:    56882 ad9fe5c494ebed68d508523869ba19fa
        http://ports.ubuntu.com/pool/main/libt/libthai/libthai0_0.1.12-1ubuntu0.2_lpia.deb
          Size/MD5:    38610 1a82eb496e18c8b4a2d1f71bbbc560c9
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/libt/libthai/libthai-dev_0.1.12-1ubuntu0.2_powerpc.deb
          Size/MD5:    58012 60003f8d9faeb146960c6dbefbaa5dc7
        http://ports.ubuntu.com/pool/main/libt/libthai/libthai0_0.1.12-1ubuntu0.2_powerpc.deb
          Size/MD5:    39584 952c286bc421b4f2243d8c1d2f9b4be8
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/libt/libthai/libthai-dev_0.1.12-1ubuntu0.2_sparc.deb
          Size/MD5:    56802 becba71ae0770c7a40865b7a641bdf3f
        http://ports.ubuntu.com/pool/main/libt/libthai/libthai0_0.1.12-1ubuntu0.2_sparc.deb
          Size/MD5:    38190 cd4dde8ea072d746724ca1150a0eb418
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.11,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":33.33,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.