Ubuntu 986-3: dpkg vulnerability

    Date20 Sep 2010
    CategoryUbuntu
    60
    Posted ByLinuxSecurity Advisories
    USN-986-1 fixed vulnerabilities in bzip2. dpkg statically links against libbz2 and needed to be rebuilt to use the updated libbz2.
    ===========================================================
    Ubuntu Security Notice USN-986-3         September 20, 2010
    dpkg vulnerability
    CVE-2010-0405
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 6.06 LTS
    Ubuntu 8.04 LTS
    Ubuntu 9.04
    Ubuntu 9.10
    Ubuntu 10.04 LTS
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 6.06 LTS:
      dpkg                            1.13.11ubuntu7.2
    
    Ubuntu 8.04 LTS:
      dpkg                            1.14.16.6ubuntu4.2
    
    Ubuntu 9.04:
      dpkg                            1.14.24ubuntu1.2
    
    Ubuntu 9.10:
      dpkg                            1.15.4ubuntu2.2
    
    Ubuntu 10.04 LTS:
      dpkg                            1.15.5.6ubuntu4.3
    
    In general, a standard system update will make all the necessary changes.
    
    Details follow:
    
    USN-986-1 fixed vulnerabilities in bzip2. dpkg statically links against libbz2
    and needed to be rebuilt to use the updated libbz2.
    
    Original advisory details:
    
     An integer overflow was discovered in bzip2. If a user or automated system
     were tricked into decompressing a crafted bz2 file, an attacker could cause
     bzip2 or any application linked against libbz2 to crash or possibly execute
     code as the user running the program.
    
    
    Updated packages for Ubuntu 6.06 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.13.11ubuntu7.2.dsc
          Size/MD5:      722 fb0e20f18de27b6144a8432b76dc04f3
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.13.11ubuntu7.2.tar.gz
          Size/MD5:  3604398 01b55aff8d93673dfc8dfe21fe138f6f
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.13.11ubuntu7.2_all.deb
          Size/MD5:   163228 96d953cce0d3130fac6ac4c1a0b2aba3
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.13.11ubuntu7.2_amd64.deb
          Size/MD5:  1912486 b874044d996a44ec4d9242f2d7d7f23d
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.13.11ubuntu7.2_amd64.deb
          Size/MD5:   126484 7a2f3cae2200953ce6fb55af06221fd1
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.13.11ubuntu7.2_i386.deb
          Size/MD5:  1866170 e284623dcd418fdc717cc8a4b15b0972
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.13.11ubuntu7.2_i386.deb
          Size/MD5:   117036 40f372070ef8e3e6ae5cca34d0bc1d51
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.13.11ubuntu7.2_powerpc.deb
          Size/MD5:  1898856 fbe5fc4e1a05df62ba07aac7b94d60c2
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.13.11ubuntu7.2_powerpc.deb
          Size/MD5:   127252 16745ca4dec98e1af231d3cbcb375ee5
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.13.11ubuntu7.2_sparc.deb
          Size/MD5:  1878926 923e340f670f5c45cc7e0b0c1450faca
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.13.11ubuntu7.2_sparc.deb
          Size/MD5:   118952 98c3f3d8efc3b534cf1c7a134ce9d4db
    
    Updated packages for Ubuntu 8.04 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.16.6ubuntu4.2.dsc
          Size/MD5:     1170 1b81259ee4e97be5b9020587c11e04a4
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.16.6ubuntu4.2.tar.gz
          Size/MD5:  6394028 6262a1b8b8644f0a910557f489c92569
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.14.16.6ubuntu4.2_all.deb
          Size/MD5:   557802 5aab70e2d8ef5613a7603774db64b380
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.16.6ubuntu4.2_amd64.deb
          Size/MD5:  2348814 d0176d8826839c5ede9a49a4553018a7
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.14.16.6ubuntu4.2_amd64.deb
          Size/MD5:   413888 8fb548c2d9ef03d563e0ad0fc8060e97
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.16.6ubuntu4.2_i386.deb
          Size/MD5:  2294364 0c74febdac1a0879cb7891efcbfc12e6
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.14.16.6ubuntu4.2_i386.deb
          Size/MD5:   405054 1933ab47ad7a95a1e7102936a3108e3e
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.16.6ubuntu4.2_lpia.deb
          Size/MD5:  2296626 6231443ab4d35ac62b120ea2f470473b
        http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.16.6ubuntu4.2_lpia.deb
          Size/MD5:   406282 3055f526a687eabca491544ae0322c8b
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.16.6ubuntu4.2_powerpc.deb
          Size/MD5:  2349486 00e9630284f31092f94d7d567a55b660
        http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.16.6ubuntu4.2_powerpc.deb
          Size/MD5:   417782 45f08c0f4ff18d07ff9a4c5c43e60564
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.16.6ubuntu4.2_sparc.deb
          Size/MD5:  2304974 87c375f23b091b591fd127d24df7ed81
        http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.16.6ubuntu4.2_sparc.deb
          Size/MD5:   406206 3cf9934bf792d8dad6f1772484bbc10d
    
    Updated packages for Ubuntu 9.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.24ubuntu1.2.dsc
          Size/MD5:     1336 55d025cf13d757ef8099f9132c49870b
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.24ubuntu1.2.tar.gz
          Size/MD5:  6858722 851ecd8f6cb26cf894ac900b0c7bae2f
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.14.24ubuntu1.2_all.deb
          Size/MD5:   643680 379b26c5a39dbe163998c52e00c49c5b
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.24ubuntu1.2_amd64.deb
          Size/MD5:  2403010 3656a5f5f0f08e7cee10b477582a1e53
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.14.24ubuntu1.2_amd64.deb
          Size/MD5:   418712 28467809efefc47aef449c6768610eb5
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.24ubuntu1.2_i386.deb
          Size/MD5:  2354630 3a394dc535cf3f3fcd41f8aa1de3a52d
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.14.24ubuntu1.2_i386.deb
          Size/MD5:   410548 44c78f9d7c9a26af283d3dd002502e43
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.24ubuntu1.2_lpia.deb
          Size/MD5:  2352378 008df2913de8e2d23e0ef19db669b4d8
        http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.24ubuntu1.2_lpia.deb
          Size/MD5:   410626 3a54f191621ad7e1c40d3d290c03f4ee
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.24ubuntu1.2_powerpc.deb
          Size/MD5:  2393358 c1dc702a7eb2fdc9f1d634010a8814d4
        http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.24ubuntu1.2_powerpc.deb
          Size/MD5:   420334 28c0cba39d86801d3bc9cb725d1eb955
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.24ubuntu1.2_sparc.deb
          Size/MD5:  2360158 656139c3d9cf9fd7b4d835632da5ee00
        http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.24ubuntu1.2_sparc.deb
          Size/MD5:   411234 21b9ec60fd9556f551297ebbe38505f1
    
    Updated packages for Ubuntu 9.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.15.4ubuntu2.2.dsc
          Size/MD5:     1331 0ea9ff421ceaf5759e81a6949a604413
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.15.4ubuntu2.2.tar.gz
          Size/MD5:  7047214 952d47685950aff33143140b367ec1e5
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.15.4ubuntu2.2_all.deb
          Size/MD5:   571946 c1caaef606e0c061d2c80ba8e09367bb
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.15.4ubuntu2.2_amd64.deb
          Size/MD5:  2170598 d51d5c6ed2c8f13ea33a7cd4711ad983
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.15.4ubuntu2.2_amd64.deb
          Size/MD5:   334158 c6bd3929e41441cd0a3f84d2200cc923
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.15.4ubuntu2.2_i386.deb
          Size/MD5:  2123840 cefd218a5c6f1c24803fb6eaefd415e6
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.15.4ubuntu2.2_i386.deb
          Size/MD5:   325840 7b713d4412187ae9e3f46b88acda5eb4
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.15.4ubuntu2.2_lpia.deb
          Size/MD5:  2109954 45b658e042d32801de11f5f030dd1e0b
        http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.15.4ubuntu2.2_lpia.deb
          Size/MD5:   327054 8c7c98b2597209f22fa671ed4e190306
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.15.4ubuntu2.2_powerpc.deb
          Size/MD5:  2170328 f71ccc4f808d78cbb673382dfb47e4f2
        http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.15.4ubuntu2.2_powerpc.deb
          Size/MD5:   333252 61abbb210d16976775b2c59a8b9949fe
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.15.4ubuntu2.2_sparc.deb
          Size/MD5:  2132612 8f6eeb14c010ba85a4b62c268dcc66dd
        http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.15.4ubuntu2.2_sparc.deb
          Size/MD5:   327090 8629d4dd7b381c93fb7ffba481bf736b
    
    Updated packages for Ubuntu 10.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.15.5.6ubuntu4.3.dsc
          Size/MD5:     1313 926b4f4944f277b568fbaf98598581a4
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.15.5.6ubuntu4.3.tar.bz2
          Size/MD5:  4678071 f58135e28b6eab3c665b7bb33a2adb10
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.15.5.6ubuntu4.3_all.deb
          Size/MD5:   651274 95a80d279357e32266be5c78a6d75d63
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.15.5.6ubuntu4.3_amd64.deb
          Size/MD5:  2252312 9d393ac2efb43f53ddedd9b21109b428
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.15.5.6ubuntu4.3_amd64.deb
          Size/MD5:   411004 1818c866f1252d2fea324a7e08cc230a
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.15.5.6ubuntu4.3_i386.deb
          Size/MD5:  2190342 631cb4981aa9ac24969b90b64b8243ec
        http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.15.5.6ubuntu4.3_i386.deb
          Size/MD5:   401018 009617407ad9845d945a3d74b07206cd
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.15.5.6ubuntu4.3_powerpc.deb
          Size/MD5:  2239340 3c81ee897651f5f8e3454acb0ee0774f
        http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.15.5.6ubuntu4.3_powerpc.deb
          Size/MD5:   409918 840641fe0830dd5a667f83dd3f89bb8e
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.15.5.6ubuntu4.3_sparc.deb
          Size/MD5:  2216930 ea0c8b97933d732859fda6e2b6c2b40f
        http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.15.5.6ubuntu4.3_sparc.deb
          Size/MD5:   405972 a116b739307edcc3655397fb8e701421
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.11,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":33.33,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.