Login
Newsletter
Werbung
Sicherheit: Denial of Service in Quassel
Aktuelle Meldungen Distributionen
Name: Denial of Service in Quassel
ID: USN-991-1
Distribution: Ubuntu
Plattformen: Ubuntu 9.04, Ubuntu 9.10, Ubuntu 10.04 LTS
Datum: Fr, 24. September 2010, 11:06
Referenzen: https://launchpad.net/bugs/629774
Applikationen: Quassel

Originalnachricht

 

--===============5805888475642347124==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature";
 boundary="oyUTqETQ0mS9luUI"
Content-Disposition: inline


--oyUTqETQ0mS9luUI
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

===========================================================
Ubuntu Security Notice USN-991-1         September 23, 2010
quassel vulnerability
https://launchpad.net/bugs/629774
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.04:
  quassel                         0.4.1-0ubuntu3.1
  quassel-core                    0.4.1-0ubuntu3.1

Ubuntu 9.10:
  quassel                         0.5.0-0ubuntu1.2
  quassel-core                    0.5.0-0ubuntu1.2

Ubuntu 10.04 LTS:
  quassel                         0.6.1-0ubuntu1.1
  quassel-core                    0.6.1-0ubuntu1.1

After a standard system update you need to restart quassel or
quasselcore to make all the necessary changes.

Details follow:

Jima discovered that quassel would respond to a single privmsg
containing multiple CTCP requests with multiple NOTICEs, possibly
resulting in a denial of service against the IRC connection.


Updated packages for Ubuntu 9.04:

  Source archives:

    quassel_0.4.1-0ubuntu3.1.diff.gz
      Size/MD5:    14652 af43ed7a72ffa090d37c2d0d00702078
    quassel_0.4.1-0ubuntu3.1.dsc
      Size/MD5:     1963 5ae8d0ff60b5b06b895bb9ae171d5245
    quassel_0.4.1.orig.tar.gz
      Size/MD5:  3387386 ad02d180d013e4e802405bc0d4fbc92f

  Architecture independent packages:

    quassel-data_0.4.1-0ubuntu3.1_all.deb
      Size/MD5:   473278 ed6d2d9ce47958e33c22d53eeb130eb1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    quassel_0.4.1-0ubuntu3.1_amd64.deb
      Size/MD5: 19585188 055a31fd179133cea112d8ade393af00
    quassel-client_0.4.1-0ubuntu3.1_amd64.deb
      Size/MD5: 16123196 4768b70faa56de99a58887eba390df0f
    quassel-core_0.4.1-0ubuntu3.1_amd64.deb
      Size/MD5:  5329522 59c6d37437fe451c63a57ac97e16a73e

  i386 architecture (x86 compatible Intel/AMD):

    quassel_0.4.1-0ubuntu3.1_i386.deb
      Size/MD5: 19364706 5accb85ff4b7650cef63ea278d68240c
    quassel-client_0.4.1-0ubuntu3.1_i386.deb
      Size/MD5: 15952248 61e3e2a169bd98c1ddb4e281f658588e
    quassel-core_0.4.1-0ubuntu3.1_i386.deb
      Size/MD5:  5235750 6312c44c3bf5bac1db19898f335a607e

  lpia architecture (Low Power Intel Architecture):

    quassel_0.4.1-0ubuntu3.1_lpia.deb
      Size/MD5: 19463224 baa50d79d8a62f81c6864a5db776e7eb
    quassel-client_0.4.1-0ubuntu3.1_lpia.deb
      Size/MD5: 16028358 88bc16020301f4bfc678737932d3b199
    quassel-core_0.4.1-0ubuntu3.1_lpia.deb
      Size/MD5:  5263036 aca976fd07ee5ff6dbb3ee73267781c1

  powerpc architecture (Apple Macintosh G3/G4/G5):

    quassel_0.4.1-0ubuntu3.1_powerpc.deb
      Size/MD5: 20086318 f5e0299a1d9419a08955f4706768f15d
    quassel-client_0.4.1-0ubuntu3.1_powerpc.deb
      Size/MD5: 16547258 91262f19d6d83196f7124b90e5d331a7
    quassel-core_0.4.1-0ubuntu3.1_powerpc.deb
      Size/MD5:  5444286 7628daecf48ef865fc46fee187b89815

  sparc architecture (Sun SPARC/UltraSPARC):

    quassel_0.4.1-0ubuntu3.1_sparc.deb
      Size/MD5:   901540 b050e39630f12db8759a6d0071501b6a
    quassel-client_0.4.1-0ubuntu3.1_sparc.deb
      Size/MD5:   748492 5d3f95e15324a98ffe371154c7846681
    quassel-core_0.4.1-0ubuntu3.1_sparc.deb
      Size/MD5:   286256 1451beeb70db724cab56ccc61b188600

Updated packages for Ubuntu 9.10:

  Source archives:

    quassel_0.5.0-0ubuntu1.2.diff.gz
      Size/MD5:    17877 a7e04cda3cc45e3409eb57a4ea20148c
    quassel_0.5.0-0ubuntu1.2.dsc
      Size/MD5:     1991 6ff013a9b19d1d76b87817da84d37687
    quassel_0.5.0.orig.tar.gz
      Size/MD5:  3708203 24e2733475557ba9641d83a74442a329

  Architecture independent packages:

    quassel-data_0.5.0-0ubuntu1.2_all.deb
      Size/MD5:  1118114 daef742c8ed0581b36866a6230f57279

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    quassel-dbg_0.5.0-0ubuntu1.2_amd64.deb
      Size/MD5: 13617108 94c8dc2426de0bad88137cfdd10157f3
    quassel_0.5.0-0ubuntu1.2_amd64.deb
      Size/MD5:   798800 84c29f58597f26952cd99af53fd20044
    quassel-client_0.5.0-0ubuntu1.2_amd64.deb
      Size/MD5:   643210 e9284ca8bd9338440f66f9ec9df5c144
    quassel-core_0.5.0-0ubuntu1.2_amd64.deb
      Size/MD5:   289588 ec455d993f45fee6fb369a428bb2d1b9

  i386 architecture (x86 compatible Intel/AMD):

    quassel-dbg_0.5.0-0ubuntu1.2_i386.deb
      Size/MD5: 13398662 8a4946ca41efeb8e5da0d4a1de40f94c
    quassel_0.5.0-0ubuntu1.2_i386.deb
      Size/MD5:   718874 88985af3b8b3c0ec86475603d0bd911c
    quassel-client_0.5.0-0ubuntu1.2_i386.deb
      Size/MD5:   573058 24ba9f3e8c54a2184d21a8070798528a
    quassel-core_0.5.0-0ubuntu1.2_i386.deb
      Size/MD5:   258348 faf03e06b48194cae6b7397e9b31d7bf

  lpia architecture (Low Power Intel Architecture):

    quassel-dbg_0.5.0-0ubuntu1.2_lpia.deb
      Size/MD5: 13484634 ea119b79c6f10c5f468f42a1261a21fe
    quassel_0.5.0-0ubuntu1.2_lpia.deb
      Size/MD5:   750220 c93f8350459ab54a67d4ed15674c161e
    quassel-client_0.5.0-0ubuntu1.2_lpia.deb
      Size/MD5:   598854 eecdc6c1fe079d1f91fb1ae9e75fe888
    quassel-core_0.5.0-0ubuntu1.2_lpia.deb
      Size/MD5:   266918 35caabd03e6e96765abf21fb3e96ba25

  powerpc architecture (Apple Macintosh G3/G4/G5):

    quassel-dbg_0.5.0-0ubuntu1.2_powerpc.deb
      Size/MD5: 13362254 455876ecad334f3d47cc961f9d542882
    quassel_0.5.0-0ubuntu1.2_powerpc.deb
      Size/MD5:   683910 428a6c2c5ac213f37f4be7d07d24421e
    quassel-client_0.5.0-0ubuntu1.2_powerpc.deb
      Size/MD5:   550606 98c59f305f95b778a427eda949870e18
    quassel-core_0.5.0-0ubuntu1.2_powerpc.deb
      Size/MD5:   240866 00f3f5d56de26f7c198f4d5b1c42a83f

  sparc architecture (Sun SPARC/UltraSPARC):

    quassel-dbg_0.5.0-0ubuntu1.2_sparc.deb
      Size/MD5: 12870536 0c26033e159f8fa8e0515d231ed8b5dc
    quassel_0.5.0-0ubuntu1.2_sparc.deb
      Size/MD5:   697712 5db7fc580d0a5668f57eea842e6d6d96
    quassel-client_0.5.0-0ubuntu1.2_sparc.deb
      Size/MD5:   562214 8017a2a7aaa61766db7669bb25610f67
    quassel-core_0.5.0-0ubuntu1.2_sparc.deb
      Size/MD5:   238760 e5684b9ee3244cbacf89d39efc64a864

Updated packages for Ubuntu 10.04:

  Source archives:

    quassel_0.6.1-0ubuntu1.1.diff.gz
      Size/MD5:    17335 6ef325c343740527c723a98f2610b4b0
    quassel_0.6.1-0ubuntu1.1.dsc
      Size/MD5:     2103 29587f5b391aa00a8383a0fc86aa48fb
    quassel_0.6.1.orig.tar.gz
      Size/MD5:  2955756 6bda53416187ce4d80c498ec7742a3ff

  Architecture independent packages:

    quassel-data_0.6.1-0ubuntu1.1_all.deb
      Size/MD5:   411078 142d15c7c197a5678440c8bc1663cfbc

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    quassel-dbg_0.6.1-0ubuntu1.1_amd64.deb
      Size/MD5: 13762064 ac4fa17c3f153b31e48710836cd04118
    quassel_0.6.1-0ubuntu1.1_amd64.deb
      Size/MD5:   848954 3dfe977c0e08d67f0e768e7ff21cbeaa
    quassel-client-qt4_0.6.1-0ubuntu1.1_amd64.deb
      Size/MD5:  7738614 cc022c8cb8a20d98b264d5b9071dbb2c
    quassel-client_0.6.1-0ubuntu1.1_amd64.deb
      Size/MD5:   689906 8620ad03d7d1b6292d8f73e38d8521e7
    quassel-core_0.6.1-0ubuntu1.1_amd64.deb
      Size/MD5:   300578 095fe9ebe92dcbccd68c2caae9eaddd6
    quassel-qt4_0.6.1-0ubuntu1.1_amd64.deb
      Size/MD5:  9180230 b2361610cb686f6b0fec9c12ec3b3105

  i386 architecture (x86 compatible Intel/AMD):

    quassel-dbg_0.6.1-0ubuntu1.1_i386.deb
      Size/MD5: 13850914 f3d28f9ad948bd49511f921afd8b8c76
    quassel_0.6.1-0ubuntu1.1_i386.deb
      Size/MD5:   775228 afe558076285e911a1d4a4f03b36d7ee
    quassel-client-qt4_0.6.1-0ubuntu1.1_i386.deb
      Size/MD5:  7643656 f5545c998ff3da6a4813ad8c05379007
    quassel-client_0.6.1-0ubuntu1.1_i386.deb
      Size/MD5:   624750 5b85e0ad310fbdff8f6b46cbcf1f0269
    quassel-core_0.6.1-0ubuntu1.1_i386.deb
      Size/MD5:   267622 be3e9ddff363ccfbf84b026012c65716
    quassel-qt4_0.6.1-0ubuntu1.1_i386.deb
      Size/MD5:  9092034 c141744e896c1883cf3fd16b56301e3a

  powerpc architecture (Apple Macintosh G3/G4/G5):

    quassel-dbg_0.6.1-0ubuntu1.1_powerpc.deb
      Size/MD5: 13629256 b1c44c71d90612b77ac6620d31c28682
    quassel_0.6.1-0ubuntu1.1_powerpc.deb
      Size/MD5:   726084 2e80db84854a26657dc2dd780b2823bc
    quassel-client-qt4_0.6.1-0ubuntu1.1_powerpc.deb
      Size/MD5:  7503830 514e0af5679a3d50a93f520e2d6a7ae5
    quassel-client_0.6.1-0ubuntu1.1_powerpc.deb
      Size/MD5:   591360 dbb809d80a8172cc2d4c66092c016751
    quassel-core_0.6.1-0ubuntu1.1_powerpc.deb
      Size/MD5:   249718 6f01517af6d40a9df03c561588969219
    quassel-qt4_0.6.1-0ubuntu1.1_powerpc.deb
      Size/MD5:  8903884 6f639491914209752e14b6e2e145e1fe

  sparc architecture (Sun SPARC/UltraSPARC):

    quassel-dbg_0.6.1-0ubuntu1.1_sparc.deb
      Size/MD5: 13122498 84562bf0f6cf99ad0b6a1f2eed93684d
    quassel_0.6.1-0ubuntu1.1_sparc.deb
      Size/MD5:   695148 1b45d6d593296d3166bad999541f7b72
    quassel-client-qt4_0.6.1-0ubuntu1.1_sparc.deb
      Size/MD5:  7314170 c8dcff3fce69ecc8fce569ea1b254ef6
    quassel-client_0.6.1-0ubuntu1.1_sparc.deb
      Size/MD5:   567846 c39e338a570d34aa267c7a4739a2d52c
    quassel-core_0.6.1-0ubuntu1.1_sparc.deb
      Size/MD5:   232296 d7ed93144b074fc6947ef7a0125d9c6e
    quassel-qt4_0.6.1-0ubuntu1.1_sparc.deb
      Size/MD5:  8626464 13cfeaa7f4c722cffd6042e481ae731f



--oyUTqETQ0mS9luUI
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCgAGBQJMm89eAAoJEC8Jno0AXoH0hykP/A9nJG7FWqY+vGOEPTs94WEH
cmRF7pStf0S+5viDh1IgWAmZbe9+P2vzEFomKWXxzVXdPLCTXB922aQp6QIPL0y/
GGko3kJfhuW9EhJxXgoCUfOKRPYwFb/cWEiVPzMhIStlytVxMt2l+RCjrly4F7XF
n7NsVBu3tmPIh7cQ9vYik+MzWocqft3bQZ+4pOhlXQ+25nZfDtL0reAO86DZhbd1
X1xj/gG0AfYtEzv3zxzyROdLmfe/aDcQRaICUi7L8WZErv7VxIczosD5jsGAqozO
bqeVNzeWc7zf6T+v2jJV4aIG4ICAK/J0w2qM1WS3iSOUGvSD1IrXF0SF4yH3akMV
llc0XPn7GL9781ue6t0tIZx4+3JLDTJ4ZYZnqZRBmR+G0Y6IvS1WYcw3+Ik9lBQ8
EaH8/HddzFTXJ0fAVRR3gLMetEEeeA3LZDU4nxbiZajN1qzG+q7RdtB80Iukq4Za
PQdgS9KSTQDUf63GcKiYWc96P0rhE8Puw+/QGIx97mrOoibCdSE6Eqozk1/X7AZ4
ycxEn/vzvnGW9KeJaOwUr6xx8fFPp7XC8bxoi+w3pQcE//+HiSFDrwNq+kZqon8n
jNxL4DOAhXdk9bfoO4gGYYIR3R3IJQAfZL4wwQrgeITdsv4Q0erZOR3zIw5trdXU
RvkwBwWvd+/Uj2jvJ+1p
=wgGu
-----END PGP SIGNATURE-----

--oyUTqETQ0mS9luUI--


--===============5805888475642347124==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============5805888475642347124==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung