Ausführen beliebiger Kommandos in redhat-cluster-suite
ID: | USN-476-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 7.04 |
Datum: | Fr, 22. Juni 2007, 20:33 |
Referenzen: | https://launchpad.net/bugs/121780 |
Applikationen: | redhat-cluster-suite |
Originalnachricht |
|
--===============7120808249126323628== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="lo/yIdJSCXpBJBdU" Content-Disposition: inline --lo/yIdJSCXpBJBdU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Ubuntu Security Notice USN-476-1 June 22, 2007==========20================================================= redhat-cluster-suite vulnerability https://launchpad.net/bugs/121780 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.04: cman 2.20070315-0ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Fabio Massimo Di Nitto discovered that cman did not correctly validate the size of client messages. A local user could send a specially crafted message and execute arbitrary code with cluster manager privileges or crash the manager, leading to a denial of service. Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/redh= at-cluster-suite_2.20070315-0ubuntu2.1.diff.gz Size/MD5: 45853 19f98d316de0c556527debd3c9debfce http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/redh= at-cluster-suite_2.20070315-0ubuntu2.1.dsc Size/MD5: 1801 d293aca82c5f0a594166c403ae91a822 http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/redh= at-cluster-suite_2.20070315.orig.tar.gz Size/MD5: 2223989 bcc1dc59d93dcd44b4761136966eafa3 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/redh= at-cluster-suite_2.20070315-0ubuntu2.1_all.deb Size/MD5: 10176 7bc5fe7dd3a6893f8583fbdac3c7a968 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/cman= _2.20070315-0ubuntu2.1_amd64.deb Size/MD5: 415208 4c551747a663596040d371bca4cd084e http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gfs-= tools_2.20070315-0ubuntu2.1_amd64.deb Size/MD5: 240568 b46c4de93e83e0254014daffebf07f5b http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gfs2= -tools_2.20070315-0ubuntu2.1_amd64.deb Size/MD5: 297918 8eab6723141282cee91a5d8721e63dcb http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gnbd= -client_2.20070315-0ubuntu2.1_amd64.deb Size/MD5: 76768 5178696fc64e2719c7e2e0086749650a http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gnbd= -server_2.20070315-0ubuntu2.1_amd64.deb Size/MD5: 73310 39e444ec8d0ca268635f27b9bb337ede http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libc= cs-dev_2.20070315-0ubuntu2.1_amd64.deb Size/MD5: 13902 af5554548568dc59720d8c51636bdd85 http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libc= man-dev_2.20070315-0ubuntu2.1_amd64.deb Size/MD5: 21024 c89711a3509d3f977de9142f5d1887cf http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libc= man2_2.20070315-0ubuntu2.1_amd64.deb Size/MD5: 16906 55e246480f5f311db7d571cc5a96a77c http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libd= lm-dev_2.20070315-0ubuntu2.1_amd64.deb Size/MD5: 22038 7690f350aca8dc420179f57063a20824 http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libd= lm2_2.20070315-0ubuntu2.1_amd64.deb Size/MD5: 21488 41ab17c0730714ce4734c790c1dd9e1d http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/rgma= nager_2.20070315-0ubuntu2.1_amd64.deb Size/MD5: 261920 f953801ff7497e87ba5f8907508f5ede i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/cman= _2.20070315-0ubuntu2.1_i386.deb Size/MD5: 377390 1625cc91013baf83251a987034905dcb http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gfs-= tools_2.20070315-0ubuntu2.1_i386.deb Size/MD5: 229178 bdb45bb72f9fb91ad1233fbe9cac73f1 http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gfs2= -tools_2.20070315-0ubuntu2.1_i386.deb Size/MD5: 279360 09e261043612e103dc82707b4e571c34 http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gnbd= -client_2.20070315-0ubuntu2.1_i386.deb Size/MD5: 67276 bb9c1d8f9d4a7a4d899ec99430457426 http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gnbd= -server_2.20070315-0ubuntu2.1_i386.deb Size/MD5: 64776 b6ce07ed92f408b9c5b682d29e179b46 http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libc= cs-dev_2.20070315-0ubuntu2.1_i386.deb Size/MD5: 13604 580dfab67fca3556ee1c02e46a10cd69 http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libc= man-dev_2.20070315-0ubuntu2.1_i386.deb Size/MD5: 20384 9cf0b995f21aa8cfe788a9ebea832716 http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libc= man2_2.20070315-0ubuntu2.1_i386.deb Size/MD5: 16174 62c1750799861eaf760cbfe7d923b1aa http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libd= lm-dev_2.20070315-0ubuntu2.1_i386.deb Size/MD5: 20166 0e35c8888d8e09e050afd3ce6e2defea http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libd= lm2_2.20070315-0ubuntu2.1_i386.deb Size/MD5: 20058 feed82660d7359bda71c91c2dbd387ca http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/rgma= nager_2.20070315-0ubuntu2.1_i386.deb Size/MD5: 239930 9d9adc1d748e972c4980692f5becacd3 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/cman= _2.20070315-0ubuntu2.1_powerpc.deb Size/MD5: 419560 4bdb68335d002b08139adca6d97ef153 http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gfs-= tools_2.20070315-0ubuntu2.1_powerpc.deb Size/MD5: 263978 120061076541d8e6ceebbad7a2c084f2 http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gfs2= -tools_2.20070315-0ubuntu2.1_powerpc.deb Size/MD5: 312540 833badec158c007784b16192d8a82dec http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gnbd= -client_2.20070315-0ubuntu2.1_powerpc.deb Size/MD5: 74210 5af82765c81da3995b728795ce607fda http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gnbd= -server_2.20070315-0ubuntu2.1_powerpc.deb Size/MD5: 72108 73c90d5ab4508c4e46733e74201b7aa6 http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libc= cs-dev_2.20070315-0ubuntu2.1_powerpc.deb Size/MD5: 13802 1d100e556f3fc8dc7fe118063b0457e4 http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libc= man-dev_2.20070315-0ubuntu2.1_powerpc.deb Size/MD5: 20728 c72f874de47bda7a5d81febf26d66be6 http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libc= man2_2.20070315-0ubuntu2.1_powerpc.deb Size/MD5: 18664 f89f8407f24f553f085bff6b80f26437 http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libd= lm-dev_2.20070315-0ubuntu2.1_powerpc.deb Size/MD5: 21698 0c81d4399a442f32034e1d3211805b37 http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libd= lm2_2.20070315-0ubuntu2.1_powerpc.deb Size/MD5: 24464 716fa192eea0673416df7b47c897f552 http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/rgma= nager_2.20070315-0ubuntu2.1_powerpc.deb Size/MD5: 256816 7e2822a5cfdb28e5449c2a0eb155f538 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/cman= _2.20070315-0ubuntu2.1_sparc.deb Size/MD5: 394606 715a39dc89e2db8da1e9ce39c85082d9 http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gfs-= tools_2.20070315-0ubuntu2.1_sparc.deb Size/MD5: 232972 a0b6368599d874faaeb3e65bcb1847ff http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gfs2= -tools_2.20070315-0ubuntu2.1_sparc.deb Size/MD5: 281594 a8f1e115be62cd85ab9dd87c49c81687 http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gnbd= -client_2.20070315-0ubuntu2.1_sparc.deb Size/MD5: 69246 9d73b0ba4b63ff4288fefe2cb998866a http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gnbd= -server_2.20070315-0ubuntu2.1_sparc.deb Size/MD5: 66522 40ce22fc135c618a1d7ac95e6d56cf4b http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libc= cs-dev_2.20070315-0ubuntu2.1_sparc.deb Size/MD5: 13630 93386544aa585af6766cac0a58b3763a http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libc= man-dev_2.20070315-0ubuntu2.1_sparc.deb Size/MD5: 20646 b98f6d46348288ef73fd1de7aa3e97ad http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libc= man2_2.20070315-0ubuntu2.1_sparc.deb Size/MD5: 16314 c937ad6996a1605838ded0563d964bc5 http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libd= lm-dev_2.20070315-0ubuntu2.1_sparc.deb Size/MD5: 20486 70b031a4b0f5d45069d9e48df87a08e7 http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libd= lm2_2.20070315-0ubuntu2.1_sparc.deb Size/MD5: 19344 aabbb34fd52960f5002a2094532b6fff http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/rgma= nager_2.20070315-0ubuntu2.1_sparc.deb Size/MD5: 251046 ed57b55016db3e6c6186aedce42deb3c --lo/yIdJSCXpBJBdU Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGfBN/H/9LqRcGPm0RAoy6AJ9v6rHMsZlEazdYw0yJSglpgkS2mACeJCZT YLeDuHoYZzMcD+Df+0QfP/o= =b4bj -----END PGP SIGNATURE----- --lo/yIdJSCXpBJBdU-- --===============7120808249126323628== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --===============7120808249126323628==-- |