drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberläufe in w3c-libwww
Name: |
Pufferüberläufe in w3c-libwww |
|
ID: |
USN-220-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 4.10, Ubuntu 5.04, Ubuntu 5.10 |
|
Datum: |
Do, 1. Dezember 2005, 13:53 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3183 |
|
Applikationen: |
libwww |
|
Originalnachricht |
--===============1419313862== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="4Epv4kl9IRBfg3rk" Content-Disposition: inline
--4Epv4kl9IRBfg3rk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
=========================================================== Ubuntu Security Notice USN-220-1 December 01, 2005 w3c-libwww vulnerability CVE-2005-3183 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
libwww0
The problem can be corrected by upgrading the affected package to version 5.4.0-9ubuntu0.4.10 (for Ubuntu 4.10), 5.4.0-9ubuntu0.5.04 (for Ubuntu 5.04), or 5.4.0-9ubuntu0.5.10 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Sam Varshavchik discovered several buffer overflows in the HTBoundary_put_block() function. By sending specially crafted HTTP multipart/byteranges MIME messages, a malicious HTTP server could trigger an out of bounds memory access in the libwww library, which causes the program that uses the library to crash.
Updated packages for Ubuntu 4.10:
Source archives:
w3c-libwww_5.4.0-9ubuntu0.4.10.diff.gz Size/MD5: 510355 15f9592db51864e0e060fe1f3a6f63f6 w3c-libwww_5.4.0-9ubuntu0.4.10.dsc Size/MD5: 714 637bf331ecefe995ae2ef4b280e2bc2b w3c-libwww_5.4.0.orig.tar.gz Size/MD5: 1127018 a6073cda765b7f9fa0970eb92757f6bb
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
libwww-dev_5.4.0-9ubuntu0.4.10_amd64.deb Size/MD5: 684660 313c59ca507046ff8a2b66ac49d0ac7e libwww-ssl-dev_5.4.0-9ubuntu0.4.10_amd64.deb Size/MD5: 692530 d06eb91e03a400e23ae94d8466965bc5 libwww-ssl0_5.4.0-9ubuntu0.4.10_amd64.deb Size/MD5: 512118 2646446086e15f870cc8930d39fa65ad libwww0_5.4.0-9ubuntu0.4.10_amd64.deb Size/MD5: 503738 7dffb1bfe8e5215be6840aa9a8f2d2c9
i386 architecture (x86 compatible Intel/AMD)
libwww-dev_5.4.0-9ubuntu0.4.10_i386.deb Size/MD5: 607840 b16565a4a8dfaa8a5b10227f73d0ca5d libwww-ssl-dev_5.4.0-9ubuntu0.4.10_i386.deb Size/MD5: 614156 01705c593f044c6ef920c3799b8a7cb7 libwww-ssl0_5.4.0-9ubuntu0.4.10_i386.deb Size/MD5: 452774 21fe2a50e533a6be012c07ca2e1bca33 libwww0_5.4.0-9ubuntu0.4.10_i386.deb Size/MD5: 444552 098a59839be744797f2c8f9df0fc70ba
powerpc architecture (Apple Macintosh G3/G4/G5)
libwww-dev_5.4.0-9ubuntu0.4.10_powerpc.deb Size/MD5: 694934 c4b38eaec0fbff44f0b92e6b8d4c646f libwww-ssl-dev_5.4.0-9ubuntu0.4.10_powerpc.deb Size/MD5: 704214 98db309dd1b252e6fe1fc7ec3f5e342c libwww-ssl0_5.4.0-9ubuntu0.4.10_powerpc.deb Size/MD5: 507282 96d5f4382a0df15df9a04b72f33350f5 libwww0_5.4.0-9ubuntu0.4.10_powerpc.deb Size/MD5: 498518 f77c5c60228ec7f769281ca4ba690ac1
Updated packages for Ubuntu 5.04:
Source archives:
w3c-libwww_5.4.0-9ubuntu0.5.04.diff.gz Size/MD5: 510353 dfacb49b7bc30b6829a064ed857bad36 w3c-libwww_5.4.0-9ubuntu0.5.04.dsc Size/MD5: 714 6b2128a3be183cbb204645423fa4fb22 w3c-libwww_5.4.0.orig.tar.gz Size/MD5: 1127018 a6073cda765b7f9fa0970eb92757f6bb
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
libwww-dev_5.4.0-9ubuntu0.5.04_amd64.deb Size/MD5: 684646 774b5e3bb24748468fb4417119648b1b libwww-ssl-dev_5.4.0-9ubuntu0.5.04_amd64.deb Size/MD5: 692468 bc282e4fc92517bea58d67f8682f4793 libwww-ssl0_5.4.0-9ubuntu0.5.04_amd64.deb Size/MD5: 512176 17bce1afc105e18c7d0a87a2bd1c0e35 libwww0_5.4.0-9ubuntu0.5.04_amd64.deb Size/MD5: 503836 229e14f16890a3698b7a6c0f643c3a07
i386 architecture (x86 compatible Intel/AMD)
libwww-dev_5.4.0-9ubuntu0.5.04_i386.deb Size/MD5: 607932 f8d90cd4c1c414fd3be1445452b0f9dc libwww-ssl-dev_5.4.0-9ubuntu0.5.04_i386.deb Size/MD5: 614278 7c49d8fb328a1615fbf68df3e31e8874 libwww-ssl0_5.4.0-9ubuntu0.5.04_i386.deb Size/MD5: 452130 8869e99df88b832629d392fb09bd4943 libwww0_5.4.0-9ubuntu0.5.04_i386.deb Size/MD5: 443922 8fe4ee3f786484817a18269ff5b1bb00
powerpc architecture (Apple Macintosh G3/G4/G5)
libwww-dev_5.4.0-9ubuntu0.5.04_powerpc.deb Size/MD5: 694902 9adb92ce0d06b187804ea4ef3b9b98e0 libwww-ssl-dev_5.4.0-9ubuntu0.5.04_powerpc.deb Size/MD5: 704190 4ede635cd936116304be4938db47c206 libwww-ssl0_5.4.0-9ubuntu0.5.04_powerpc.deb Size/MD5: 507868 cd6be292a8642f6ba829f20c0d477dcd libwww0_5.4.0-9ubuntu0.5.04_powerpc.deb Size/MD5: 498974 d12c45e22e60c084bfe6245884a3c911
Updated packages for Ubuntu 5.10:
Source archives:
w3c-libwww_5.4.0-9ubuntu0.5.10.diff.gz Size/MD5: 510354 66df7306af726ce9ca9c09e02f773fab w3c-libwww_5.4.0-9ubuntu0.5.10.dsc Size/MD5: 714 e4c57b709f40d8ecb2d58ea37550b78e w3c-libwww_5.4.0.orig.tar.gz Size/MD5: 1127018 a6073cda765b7f9fa0970eb92757f6bb
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
libwww-dev_5.4.0-9ubuntu0.5.10_amd64.deb Size/MD5: 692584 1cdf973add1144853304890300a381de libwww-ssl-dev_5.4.0-9ubuntu0.5.10_amd64.deb Size/MD5: 700096 09ce0c2f9e3cf3f8b0a1a79d38379c18 libwww-ssl0_5.4.0-9ubuntu0.5.10_amd64.deb Size/MD5: 520120 b16e4d23b9503b41468d9a8862347b2e libwww0_5.4.0-9ubuntu0.5.10_amd64.deb Size/MD5: 511492 11b9667628eb7fcaaec93b53d50a1881
i386 architecture (x86 compatible Intel/AMD)
libwww-dev_5.4.0-9ubuntu0.5.10_i386.deb Size/MD5: 608218 6702f91d61eb03f7aa76ddecc68e0723 libwww-ssl-dev_5.4.0-9ubuntu0.5.10_i386.deb Size/MD5: 614374 f057682a4109808438162afe09ca5376 libwww-ssl0_5.4.0-9ubuntu0.5.10_i386.deb Size/MD5: 448164 4e09a8140ee0519a6b4512a442effff7 libwww0_5.4.0-9ubuntu0.5.10_i386.deb Size/MD5: 441186 33bafbd9b12a56ed2633f3e7a7619e2a
powerpc architecture (Apple Macintosh G3/G4/G5)
libwww-dev_5.4.0-9ubuntu0.5.10_powerpc.deb Size/MD5: 698766 8ecc3202704293dea4fc9555d7ffc0f1 libwww-ssl-dev_5.4.0-9ubuntu0.5.10_powerpc.deb Size/MD5: 707580 469d6a312828982ce40a5aeb931f24fd libwww-ssl0_5.4.0-9ubuntu0.5.10_powerpc.deb Size/MD5: 510528 b9fda83cd926e9d926ef5ff16b474487 libwww0_5.4.0-9ubuntu0.5.10_powerpc.deb Size/MD5: 501542 7e17ff5ee5861d8e7eb2d6fe7e780ec9
--4Epv4kl9IRBfg3rk Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDju6KDecnbV4Fd/IRAoAlAJ9JdsvU3CGnYZ5gnh+wyGuGEt+MoQCfWoJk B1NcFbzwFLSXiuq2U1CYRwk= =niN2 -----END PGP SIGNATURE-----
--4Epv4kl9IRBfg3rk--
--===============1419313862== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============1419313862==--
|
|
|
|