Ubuntu: opal vulnerability

    Date08 Jan 2008
    CategoryUbuntu
    2968
    Posted ByLinuxSecurity Advisories
    Jose Miguel Esparza discovered that certain SIP headers were not correctly validated. A remote attacker could send a specially crafted packet to an application linked against opal (e.g. Ekiga) causing it to crash, leading to a denial of service.
    =========================================================== 
    Ubuntu Security Notice USN-562-1           January 08, 2008
    opal vulnerability
    CVE-2007-4924
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 6.06 LTS
    Ubuntu 6.10
    Ubuntu 7.04
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 6.06 LTS:
      libopal-2.2.0                   2.2.1-1ubuntu1.1
    
    Ubuntu 6.10:
      libopal-2.2.0                   2.2.3.dfsg-0ubuntu2.1
    
    Ubuntu 7.04:
      libopal-2.2.0                   2.2.3.dfsg-2ubuntu2.1
    
    After a standard system upgrade you need to restart your session to effect
    the necessary changes.
    
    Details follow:
    
    Jose Miguel Esparza discovered that certain SIP headers were not correctly
    validated.  A remote attacker could send a specially crafted packet to
    an application linked against opal (e.g. Ekiga) causing it to crash, leading
    to a denial of service.
    
    
    Updated packages for Ubuntu 6.06 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.1-1ubuntu1.1.diff.gz
          Size/MD5:    11096 b4b07166b50466354a8924d710b025f3
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.1-1ubuntu1.1.dsc
          Size/MD5:     1070 5e38c929e92b70f9ef5adb379e6929f8
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.1.orig.tar.gz
          Size/MD5:  4144566 01b73a88d2d6419401ce456079da9015
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-doc_2.2.1-1ubuntu1.1_all.deb
          Size/MD5:  8056090 5a0e5d81828f8e686dcd3d4ed71f4e6e
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.1-1ubuntu1.1_amd64.deb
          Size/MD5:  3268152 6894adea417cca1c9a183eb09e03e1d9
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.1-1ubuntu1.1_amd64.deb
          Size/MD5:   688128 30e8332cee33b8a28a538a353afa0c48
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.1-1ubuntu1.1_amd64.deb
          Size/MD5:   488962 bdea241ba2c40bc55340c7ac56679669
        http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.1-1ubuntu1.1_amd64.deb
          Size/MD5:   107400 d1b07a8b04ee2a58dfda81ec77e27729
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.1-1ubuntu1.1_i386.deb
          Size/MD5:  3012214 0767dbdce48daae6bd7eeb91d662ab1b
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.1-1ubuntu1.1_i386.deb
          Size/MD5:   673982 052b5fb240d8c38636cf7192dca7cfac
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.1-1ubuntu1.1_i386.deb
          Size/MD5:   488946 6753474950ff2f1b8755a9ae379ac9df
        http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.1-1ubuntu1.1_i386.deb
          Size/MD5:   105936 3745ad80eddc40fe702b7ecfe5cb1470
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.1-1ubuntu1.1_powerpc.deb
          Size/MD5:  3088304 e6adec0b8b464760b544295425b7b494
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.1-1ubuntu1.1_powerpc.deb
          Size/MD5:   686320 4c043e01d3f0fa42ee8f8f4796866436
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.1-1ubuntu1.1_powerpc.deb
          Size/MD5:   488940 7eccb3f391205c28ed4b4f1523fbe367
        http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.1-1ubuntu1.1_powerpc.deb
          Size/MD5:   106844 55329249f59278b465226d6fc904a895
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.1-1ubuntu1.1_sparc.deb
          Size/MD5:  3152776 c4470f1fedd707bddfabfebd9251c8ff
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.1-1ubuntu1.1_sparc.deb
          Size/MD5:   690974 75f438123d1dbc1726967d02a1692be4
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.1-1ubuntu1.1_sparc.deb
          Size/MD5:   488962 c23a127d94a671e685b6a07b78691e2f
        http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.1-1ubuntu1.1_sparc.deb
          Size/MD5:   104420 5278e79c1ecc8fd177699f12baec69bb
    
    Updated packages for Ubuntu 6.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.3.dfsg-0ubuntu2.1.diff.gz
          Size/MD5:    14292 0db1d447c8665685f515e6cba72ab2ea
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.3.dfsg-0ubuntu2.1.dsc
          Size/MD5:     1090 13fb03b67ef3c7c60091f244032e3dac
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.3.dfsg.orig.tar.gz
          Size/MD5:  3997608 29066ddbe461be125e4e60b37f103239
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-doc_2.2.3.dfsg-0ubuntu2.1_all.deb
          Size/MD5:  7903920 7b56b39dc1107ae12d9afd4976c7150b
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-0ubuntu2.1_amd64.deb
          Size/MD5:  2944672 fb35c70fed70c3b2d59ef3468f24108c
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-0ubuntu2.1_amd64.deb
          Size/MD5:     9538 66baa146670cfb77c70f235a0085b36d
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-0ubuntu2.1_amd64.deb
          Size/MD5:   435490 8c99d8893d796ea9763e03419ed0de27
        http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-0ubuntu2.1_amd64.deb
          Size/MD5:    49536 95caa2f7ee0f2307efcd6f2e1284fc3a
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-0ubuntu2.1_i386.deb
          Size/MD5:  2810080 97086a0cc8b9fdb5705c34d4d93c191f
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-0ubuntu2.1_i386.deb
          Size/MD5:     9544 8923ac17f69f308cef14521ad7536817
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-0ubuntu2.1_i386.deb
          Size/MD5:   435502 0fcc9b5d9b2b761a5faadc9cbd6ab631
        http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-0ubuntu2.1_i386.deb
          Size/MD5:    48984 c3c128ce190efaa9896541b45c2b55b6
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-0ubuntu2.1_powerpc.deb
          Size/MD5:  2888534 b0d62b6cbc72c5a3afe47ce5663f7aa2
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-0ubuntu2.1_powerpc.deb
          Size/MD5:     9540 70aee7d211494010d6764152c3ecf1b8
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-0ubuntu2.1_powerpc.deb
          Size/MD5:   435504 46734f0e2e2f5b9126da85f8e3f7e743
        http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-0ubuntu2.1_powerpc.deb
          Size/MD5:    48896 9720814dc4d6015b8ad804e30696318d
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-0ubuntu2.1_sparc.deb
          Size/MD5:  3124518 651bf36123395f9d124826ca7c1a050f
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-0ubuntu2.1_sparc.deb
          Size/MD5:     9540 35a158ac5a170a005041c0381b3bb73c
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-0ubuntu2.1_sparc.deb
          Size/MD5:   435484 7a4e45e296282d54f4723ea0c654495e
        http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-0ubuntu2.1_sparc.deb
          Size/MD5:    46740 e32b2e4ad3a919a68478700fe3d10a23
    
    Updated packages for Ubuntu 7.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.3.dfsg-2ubuntu2.1.diff.gz
          Size/MD5:    25132 1fa21438372c7651ba02392c9aad1b4d
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.3.dfsg-2ubuntu2.1.dsc
          Size/MD5:     1178 36fc039c14064756fba29c0c8b01abc9
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.3.dfsg.orig.tar.gz
          Size/MD5:  3997608 29066ddbe461be125e4e60b37f103239
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-doc_2.2.3.dfsg-2ubuntu2.1_all.deb
          Size/MD5:  7890546 37012a53b21133c92eb20194f2455541
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-2ubuntu2.1_amd64.deb
          Size/MD5:  3113332 e29de0ddb690dd360389c0e2a40bddb8
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-2ubuntu2.1_amd64.deb
          Size/MD5:   643418 23b86253db671b09a49169c14b640239
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-2ubuntu2.1_amd64.deb
          Size/MD5:   448872 bf6977e923e71f2292352cec151524e3
        http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-2ubuntu2.1_amd64.deb
          Size/MD5:    64062 3c7fb4443a6722a1cea15a0f376e0f28
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-2ubuntu2.1_i386.deb
          Size/MD5:  2985634 b436430981821e5509c918b81f761c50
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-2ubuntu2.1_i386.deb
          Size/MD5:   628264 1ff7e87ba5ed04549d0fd6fe557f788c
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-2ubuntu2.1_i386.deb
          Size/MD5:   448884 18a4c843fb9cee713bcc7a85392bad74
        http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-2ubuntu2.1_i386.deb
          Size/MD5:    63484 db2f76f304bae69df2107e94245759b9
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-2ubuntu2.1_powerpc.deb
          Size/MD5:  3173122 b069bc945ffa6559491f327fc1e0e2ca
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-2ubuntu2.1_powerpc.deb
          Size/MD5:   642632 fb77c05cc314f5adc6b059312b046b8f
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-2ubuntu2.1_powerpc.deb
          Size/MD5:   448874 98405d8a3437dccf87dbd8fe380adcbd
        http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-2ubuntu2.1_powerpc.deb
          Size/MD5:    67956 0fef40743c604f29731766225ef1fbdc
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-2ubuntu2.1_sparc.deb
          Size/MD5:  3317222 e57aaeda796c21177d158e2d1e1933a3
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-2ubuntu2.1_sparc.deb
          Size/MD5:   646432 65757c6fae3a0c94b2b550a2ab2bf6ea
        http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-2ubuntu2.1_sparc.deb
          Size/MD5:   448874 eedc3b551d2a02fc32aede484d77a516
        http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-2ubuntu2.1_sparc.deb
          Size/MD5:    61864 a9d758067dff32251256b4c159ea173e
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.11,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":33.33,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.