Login
Newsletter
Werbung

Sicherheit: Pufferüberläufe in w3c-libwww
Aktuelle Meldungen Distributionen
Name: Pufferüberläufe in w3c-libwww
ID: USN-220-1
Distribution: Ubuntu
Plattformen: Ubuntu 4.10, Ubuntu 5.04, Ubuntu 5.10
Datum: Do, 1. Dezember 2005, 13:53
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3183
Applikationen: libwww

Originalnachricht


--===============1419313862==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="4Epv4kl9IRBfg3rk"
Content-Disposition: inline


--4Epv4kl9IRBfg3rk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

===========================================================
Ubuntu Security Notice USN-220-1 December 01, 2005
w3c-libwww vulnerability
CVE-2005-3183
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libwww0

The problem can be corrected by upgrading the affected package to
version 5.4.0-9ubuntu0.4.10 (for Ubuntu 4.10), 5.4.0-9ubuntu0.5.04
(for Ubuntu 5.04), or 5.4.0-9ubuntu0.5.10 (for Ubuntu 5.10). In
general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Sam Varshavchik discovered several buffer overflows in the
HTBoundary_put_block() function. By sending specially crafted HTTP
multipart/byteranges MIME messages, a malicious HTTP server could
trigger an out of bounds memory access in the libwww library, which
causes the program that uses the library to crash.


Updated packages for Ubuntu 4.10:

Source archives:

w3c-libwww_5.4.0-9ubuntu0.4.10.diff.gz
Size/MD5: 510355 15f9592db51864e0e060fe1f3a6f63f6
w3c-libwww_5.4.0-9ubuntu0.4.10.dsc
Size/MD5: 714 637bf331ecefe995ae2ef4b280e2bc2b
w3c-libwww_5.4.0.orig.tar.gz
Size/MD5: 1127018 a6073cda765b7f9fa0970eb92757f6bb

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

libwww-dev_5.4.0-9ubuntu0.4.10_amd64.deb
Size/MD5: 684660 313c59ca507046ff8a2b66ac49d0ac7e
libwww-ssl-dev_5.4.0-9ubuntu0.4.10_amd64.deb
Size/MD5: 692530 d06eb91e03a400e23ae94d8466965bc5
libwww-ssl0_5.4.0-9ubuntu0.4.10_amd64.deb
Size/MD5: 512118 2646446086e15f870cc8930d39fa65ad
libwww0_5.4.0-9ubuntu0.4.10_amd64.deb
Size/MD5: 503738 7dffb1bfe8e5215be6840aa9a8f2d2c9

i386 architecture (x86 compatible Intel/AMD)

libwww-dev_5.4.0-9ubuntu0.4.10_i386.deb
Size/MD5: 607840 b16565a4a8dfaa8a5b10227f73d0ca5d
libwww-ssl-dev_5.4.0-9ubuntu0.4.10_i386.deb
Size/MD5: 614156 01705c593f044c6ef920c3799b8a7cb7
libwww-ssl0_5.4.0-9ubuntu0.4.10_i386.deb
Size/MD5: 452774 21fe2a50e533a6be012c07ca2e1bca33
libwww0_5.4.0-9ubuntu0.4.10_i386.deb
Size/MD5: 444552 098a59839be744797f2c8f9df0fc70ba

powerpc architecture (Apple Macintosh G3/G4/G5)

libwww-dev_5.4.0-9ubuntu0.4.10_powerpc.deb
Size/MD5: 694934 c4b38eaec0fbff44f0b92e6b8d4c646f
libwww-ssl-dev_5.4.0-9ubuntu0.4.10_powerpc.deb
Size/MD5: 704214 98db309dd1b252e6fe1fc7ec3f5e342c
libwww-ssl0_5.4.0-9ubuntu0.4.10_powerpc.deb
Size/MD5: 507282 96d5f4382a0df15df9a04b72f33350f5
libwww0_5.4.0-9ubuntu0.4.10_powerpc.deb
Size/MD5: 498518 f77c5c60228ec7f769281ca4ba690ac1

Updated packages for Ubuntu 5.04:

Source archives:

w3c-libwww_5.4.0-9ubuntu0.5.04.diff.gz
Size/MD5: 510353 dfacb49b7bc30b6829a064ed857bad36
w3c-libwww_5.4.0-9ubuntu0.5.04.dsc
Size/MD5: 714 6b2128a3be183cbb204645423fa4fb22
w3c-libwww_5.4.0.orig.tar.gz
Size/MD5: 1127018 a6073cda765b7f9fa0970eb92757f6bb

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

libwww-dev_5.4.0-9ubuntu0.5.04_amd64.deb
Size/MD5: 684646 774b5e3bb24748468fb4417119648b1b
libwww-ssl-dev_5.4.0-9ubuntu0.5.04_amd64.deb
Size/MD5: 692468 bc282e4fc92517bea58d67f8682f4793
libwww-ssl0_5.4.0-9ubuntu0.5.04_amd64.deb
Size/MD5: 512176 17bce1afc105e18c7d0a87a2bd1c0e35
libwww0_5.4.0-9ubuntu0.5.04_amd64.deb
Size/MD5: 503836 229e14f16890a3698b7a6c0f643c3a07

i386 architecture (x86 compatible Intel/AMD)

libwww-dev_5.4.0-9ubuntu0.5.04_i386.deb
Size/MD5: 607932 f8d90cd4c1c414fd3be1445452b0f9dc
libwww-ssl-dev_5.4.0-9ubuntu0.5.04_i386.deb
Size/MD5: 614278 7c49d8fb328a1615fbf68df3e31e8874
libwww-ssl0_5.4.0-9ubuntu0.5.04_i386.deb
Size/MD5: 452130 8869e99df88b832629d392fb09bd4943
libwww0_5.4.0-9ubuntu0.5.04_i386.deb
Size/MD5: 443922 8fe4ee3f786484817a18269ff5b1bb00

powerpc architecture (Apple Macintosh G3/G4/G5)

libwww-dev_5.4.0-9ubuntu0.5.04_powerpc.deb
Size/MD5: 694902 9adb92ce0d06b187804ea4ef3b9b98e0
libwww-ssl-dev_5.4.0-9ubuntu0.5.04_powerpc.deb
Size/MD5: 704190 4ede635cd936116304be4938db47c206
libwww-ssl0_5.4.0-9ubuntu0.5.04_powerpc.deb
Size/MD5: 507868 cd6be292a8642f6ba829f20c0d477dcd
libwww0_5.4.0-9ubuntu0.5.04_powerpc.deb
Size/MD5: 498974 d12c45e22e60c084bfe6245884a3c911

Updated packages for Ubuntu 5.10:

Source archives:

w3c-libwww_5.4.0-9ubuntu0.5.10.diff.gz
Size/MD5: 510354 66df7306af726ce9ca9c09e02f773fab
w3c-libwww_5.4.0-9ubuntu0.5.10.dsc
Size/MD5: 714 e4c57b709f40d8ecb2d58ea37550b78e
w3c-libwww_5.4.0.orig.tar.gz
Size/MD5: 1127018 a6073cda765b7f9fa0970eb92757f6bb

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

libwww-dev_5.4.0-9ubuntu0.5.10_amd64.deb
Size/MD5: 692584 1cdf973add1144853304890300a381de
libwww-ssl-dev_5.4.0-9ubuntu0.5.10_amd64.deb
Size/MD5: 700096 09ce0c2f9e3cf3f8b0a1a79d38379c18
libwww-ssl0_5.4.0-9ubuntu0.5.10_amd64.deb
Size/MD5: 520120 b16e4d23b9503b41468d9a8862347b2e
libwww0_5.4.0-9ubuntu0.5.10_amd64.deb
Size/MD5: 511492 11b9667628eb7fcaaec93b53d50a1881

i386 architecture (x86 compatible Intel/AMD)

libwww-dev_5.4.0-9ubuntu0.5.10_i386.deb
Size/MD5: 608218 6702f91d61eb03f7aa76ddecc68e0723
libwww-ssl-dev_5.4.0-9ubuntu0.5.10_i386.deb
Size/MD5: 614374 f057682a4109808438162afe09ca5376
libwww-ssl0_5.4.0-9ubuntu0.5.10_i386.deb
Size/MD5: 448164 4e09a8140ee0519a6b4512a442effff7
libwww0_5.4.0-9ubuntu0.5.10_i386.deb
Size/MD5: 441186 33bafbd9b12a56ed2633f3e7a7619e2a

powerpc architecture (Apple Macintosh G3/G4/G5)

libwww-dev_5.4.0-9ubuntu0.5.10_powerpc.deb
Size/MD5: 698766 8ecc3202704293dea4fc9555d7ffc0f1
libwww-ssl-dev_5.4.0-9ubuntu0.5.10_powerpc.deb
Size/MD5: 707580 469d6a312828982ce40a5aeb931f24fd
libwww-ssl0_5.4.0-9ubuntu0.5.10_powerpc.deb
Size/MD5: 510528 b9fda83cd926e9d926ef5ff16b474487
libwww0_5.4.0-9ubuntu0.5.10_powerpc.deb
Size/MD5: 501542 7e17ff5ee5861d8e7eb2d6fe7e780ec9

--4Epv4kl9IRBfg3rk
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDju6KDecnbV4Fd/IRAoAlAJ9JdsvU3CGnYZ5gnh+wyGuGEt+MoQCfWoJk
B1NcFbzwFLSXiuq2U1CYRwk=
=niN2
-----END PGP SIGNATURE-----

--4Epv4kl9IRBfg3rk--


--===============1419313862==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============1419313862==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung