Ubuntu 909-1: dpkg vulnerability

    Date11 Mar 2010
    CategoryUbuntu
    59
    Posted ByLinuxSecurity Advisories
    William Grant discovered that dpkg-source did not safely apply diffswhen unpacking source packages. If a user or an automated system weretricked into unpacking a specially crafted source package, a remoteattacker could modify files outside the target unpack directory, leadingto a denial of service or potentially gaining access to the system. [More...]
    ===========================================================
    Ubuntu Security Notice USN-909-1             March 11, 2010
    dpkg vulnerability
    CVE-2010-0396
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 6.06 LTS
    Ubuntu 8.04 LTS
    Ubuntu 8.10
    Ubuntu 9.04
    Ubuntu 9.10
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 6.06 LTS:
      dpkg-dev                        1.13.11ubuntu7.1
    
    Ubuntu 8.04 LTS:
      dpkg-dev                        1.14.16.6ubuntu4.1
    
    Ubuntu 8.10:
      dpkg-dev                        1.14.20ubuntu6.3
    
    Ubuntu 9.04:
      dpkg-dev                        1.14.24ubuntu1.1
    
    Ubuntu 9.10:
      dpkg-dev                        1.15.4ubuntu2.1
    
    In general, a standard system upgrade is sufficient to effect the
    necessary changes.
    
    Details follow:
    
    William Grant discovered that dpkg-source did not safely apply diffs
    when unpacking source packages.  If a user or an automated system were
    tricked into unpacking a specially crafted source package, a remote
    attacker could modify files outside the target unpack directory, leading
    to a denial of service or potentially gaining access to the system.
    
    
    Updated packages for Ubuntu 6.06 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.13.11ubuntu7.1.dsc
          Size/MD5:      760 34441c52e805649411aefadcf436c498
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.13.11ubuntu7.1.tar.gz
          Size/MD5:  3605915 fff28ddf0f4817c3ecbcc5444ce7a452
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.13.11ubuntu7.1_all.deb
          Size/MD5:   163246 0422c23c508b70a10351558490d74d56
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.13.11ubuntu7.1_amd64.deb
          Size/MD5:  1910180 0f671a7f4397f7e644f049c475e931db
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.13.11ubuntu7.1_amd64.deb
          Size/MD5:   126800 97ee0be20c06746e8896bc1ebce5ea4b
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.13.11ubuntu7.1_i386.deb
          Size/MD5:  1866112 544fd3d266045aebe103d70ab8b7509f
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.13.11ubuntu7.1_i386.deb
          Size/MD5:   117076 4dba6966f8d12302ecb46c58e1969ff1
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.13.11ubuntu7.1_powerpc.deb
          Size/MD5:  1898810 c32bbc1af794165bb4a23c454d37ec26
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.13.11ubuntu7.1_powerpc.deb
          Size/MD5:   127240 82fba117821acdc09b3662ca754052bf
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.13.11ubuntu7.1_sparc.deb
          Size/MD5:  1878838 3dfb5489e39febdd95abff4033f59d39
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.13.11ubuntu7.1_sparc.deb
          Size/MD5:   118940 e508264b3c4b7cb997a4ed087d089703
    
    Updated packages for Ubuntu 8.04 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.16.6ubuntu4.1.dsc
          Size/MD5:     1208 2a22d05fa34b6b04d5a17263bfe4f0d6
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.16.6ubuntu4.1.tar.gz
          Size/MD5:  6390427 178b735e17fde21579df4ca26bfa6e67
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.14.16.6ubuntu4.1_all.deb
          Size/MD5:   559370 40325831979d41736a7d185cac8fbd00
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.16.6ubuntu4.1_amd64.deb
          Size/MD5:  2348266 4593b864a8d6a60adf493f9a1e6b635b
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.14.16.6ubuntu4.1_amd64.deb
          Size/MD5:   413652 f634c625575e29267e22ff8770d0590b
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.16.6ubuntu4.1_i386.deb
          Size/MD5:  2295972 d3054a2d2e7b382d01203f9020854c45
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.14.16.6ubuntu4.1_i386.deb
          Size/MD5:   405256 407e3696ed9ceeecc64b7ba3c95a9340
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.16.6ubuntu4.1_lpia.deb
          Size/MD5:  2296428 719d6602689db30cd1f7f7f1ae893c4f
        http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.16.6ubuntu4.1_lpia.deb
          Size/MD5:   406182 7067d8bb99e5b61d76b76bc9a6d9045b
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.16.6ubuntu4.1_powerpc.deb
          Size/MD5:  2349398 7091950bd709fe1703068d65ab9e92fb
        http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.16.6ubuntu4.1_powerpc.deb
          Size/MD5:   417724 3f8f2ad7d3e5a4489c0273a2cbbc694b
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.16.6ubuntu4.1_sparc.deb
          Size/MD5:  2304870 8154035a4d26b6ecb3244ad436fd6a06
        http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.16.6ubuntu4.1_sparc.deb
          Size/MD5:   406124 9369a5fe72e587105a85818cd1e01b95
    
    Updated packages for Ubuntu 8.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.20ubuntu6.3.dsc
          Size/MD5:     1374 b31bf239dbb395dedb8b8913006f424b
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.20ubuntu6.3.tar.gz
          Size/MD5:  6667294 5e976d2038d4f4e7c091ff0a5a9d6287
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.14.20ubuntu6.3_all.deb
          Size/MD5:   612902 a23c54c5bb99d9ce8f0f3d3b34515622
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.20ubuntu6.3_amd64.deb
          Size/MD5:  2278804 90f46bebbae90673a1d4061f7d69eb9d
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.14.20ubuntu6.3_amd64.deb
          Size/MD5:   414836 b27191cafff2143d90453efcc758b466
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.20ubuntu6.3_i386.deb
          Size/MD5:  2230408 7e8a9e7997148da06dc2175d2b3a0249
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.14.20ubuntu6.3_i386.deb
          Size/MD5:   406610 a3e5a0a62c42671a5ccdd68fdf3ef186
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.20ubuntu6.3_lpia.deb
          Size/MD5:  2229312 a50c5d32e2bbe16d4f75d987295bfcec
        http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.20ubuntu6.3_lpia.deb
          Size/MD5:   406868 5c5c03bee5447f51c7fe9c8acf48e072
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.20ubuntu6.3_powerpc.deb
          Size/MD5:  2268434 20bcc6e0351ddc88ea0f0114ccd9fddc
        http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.20ubuntu6.3_powerpc.deb
          Size/MD5:   416446 63ab7115e4a551c4060db078b2e99c65
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.20ubuntu6.3_sparc.deb
          Size/MD5:  2235650 ebf0beecfc3cf739cb45d4e02e432ea2
        http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.20ubuntu6.3_sparc.deb
          Size/MD5:   407274 eddb7ffd933d842d372ad5cca7f61ccc
    
    Updated packages for Ubuntu 9.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.24ubuntu1.1.dsc
          Size/MD5:     1374 966f0d0737c4b468b297110b090c3ec8
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.24ubuntu1.1.tar.gz
          Size/MD5:  6857872 af3f9838a9f61354f02f1376094dd387
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.14.24ubuntu1.1_all.deb
          Size/MD5:   643570 f8183801f8337e8f05d3f4f500839ee4
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.24ubuntu1.1_amd64.deb
          Size/MD5:  2402910 7e11960c3370d46ff85f6fbfb74cbb9c
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.14.24ubuntu1.1_amd64.deb
          Size/MD5:   418624 5410f79d5e0f97d16ed6fecfde8b1878
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.24ubuntu1.1_i386.deb
          Size/MD5:  2354476 d02b003cba30d3bb8b7ad76c3d6dcd75
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.14.24ubuntu1.1_i386.deb
          Size/MD5:   410460 483f6e495f85b2bee9e28f3176798c1f
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.24ubuntu1.1_lpia.deb
          Size/MD5:  2352378 f9aae3bcecc6bf90a79430896b79c640
        http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.24ubuntu1.1_lpia.deb
          Size/MD5:   410520 81dd12b39aa98e98f41a29c1b9058036
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.24ubuntu1.1_powerpc.deb
          Size/MD5:  2393240 25dca2b3b4a883a08d16837e9a35b911
        http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.24ubuntu1.1_powerpc.deb
          Size/MD5:   420232 7467a2ea13d2e78b187f6bcefb55bf4b
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.24ubuntu1.1_sparc.deb
          Size/MD5:  2360038 e90d547b96a88831053304d18343a5ef
        http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.24ubuntu1.1_sparc.deb
          Size/MD5:   411142 ea1b073a035a0b14d90bd36e41f63533
    
    Updated packages for Ubuntu 9.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.15.4ubuntu2.1.dsc
          Size/MD5:     1369 f882af2befea5a4b083bd0b92e332df4
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.15.4ubuntu2.1.tar.gz
          Size/MD5:  7046069 8b5a0f7410f1a275cc696383afacf621
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.15.4ubuntu2.1_all.deb
          Size/MD5:   573258 63b13346961f9bf2d36f2661bcce1b18
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.15.4ubuntu2.1_amd64.deb
          Size/MD5:  2170832 456e1befb49374eb295c8f5c0e634adc
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.15.4ubuntu2.1_amd64.deb
          Size/MD5:   333910 865568f183c69e5f99ae6bfd3c701628
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.15.4ubuntu2.1_i386.deb
          Size/MD5:  2126260 df700c2e82786fb0ba11b1ba293af49e
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.15.4ubuntu2.1_i386.deb
          Size/MD5:   325634 c03e628356ca458881f95af0f74f28e9
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.15.4ubuntu2.1_lpia.deb
          Size/MD5:  2104834 d82b8607c7b2002c450536b92abc1024
        http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.15.4ubuntu2.1_lpia.deb
          Size/MD5:   326974 75b5575b0e1321d5f8c01f01724970b2
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.15.4ubuntu2.1_powerpc.deb
          Size/MD5:  2171106 408fc498138e077016de2b63892c9bb4
        http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.15.4ubuntu2.1_powerpc.deb
          Size/MD5:   333172 2efebdb20f9dc76f97b59340c1800995
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.15.4ubuntu2.1_sparc.deb
          Size/MD5:  2133260 a4dda0dea25fa3e484796a8e211c7dda
        http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.15.4ubuntu2.1_sparc.deb
          Size/MD5:   327004 09180d098f2c2dbed84a9f90097dd8fc
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.