Pufferüberlauf in Pan
ID: | USN-845-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 8.04 LTS |
Datum: | Do, 8. Oktober 2009, 16:04 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2363 |
Applikationen: | Pan Newsreader |
Originalnachricht |
|
--===============3069923526133942772== Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-RwCK8slAogCz+q3I3Xaj" --=-RwCK8slAogCz+q3I3Xaj Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Ubuntu Security Notice USN-845-1 October 08, 2009========================================================== pan vulnerability CVE-2008-2363 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: pan 0.132-2ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Pavel Polischouk discovered that Pan incorrectly handled certain data structures. If a user were tricked into viewing malicious nntp data, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/pan/pan_0.132-2ubuntu2.1.= diff.gz Size/MD5: 20545 6d36e3b972652c124c93eff41dc5695b http://security.ubuntu.com/ubuntu/pool/main/p/pan/pan_0.132-2ubuntu2.1.= dsc Size/MD5: 877 593b70e1321f89cc1d3d79aaa0fcd431 http://security.ubuntu.com/ubuntu/pool/main/p/pan/pan_0.132.orig.tar.gz Size/MD5: 2069718 0999ea52f8d4187ac7c8fd416067b0e7 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/pan/pan_0.132-2ubuntu2.1_= amd64.deb Size/MD5: 821136 10e791382ac078f206571407b9aca5b8 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/pan/pan_0.132-2ubuntu2.1_= i386.deb Size/MD5: 792564 5f4a69d8ce3dc342e20893020d1b2b2f lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/p/pan/pan_0.132-2ubuntu2.1_lpia.deb Size/MD5: 815322 dff1b50f04af376b9476f5f9150b0b97 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/pan/pan_0.132-2ubuntu2.1_powerpc.de= b Size/MD5: 864758 9c63e15bd64326b9483ba916c089a00d sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/p/pan/pan_0.132-2ubuntu2.1_sparc.deb Size/MD5: 885412 f0311151ff6ab621f97bbd6909253173 --=-RwCK8slAogCz+q3I3Xaj Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEABECAAYFAkrN8LkACgkQLMAs/0C4zNqi0gCfS8F854EcHUD42dgUmBMRgA6s xOMAnj3AoSJR+BGxUo+9jpSaNYOv41m3 =sQeB -----END PGP SIGNATURE----- --=-RwCK8slAogCz+q3I3Xaj-- --===============3069923526133942772== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --===============3069923526133942772==-- |