[Backports] Fwd: [USN-220-1] w3c-libwww vulnerability

Alexey Borovskoy =?iso-8859-1?q?alexey=5Fborovskoy_=CE=C1_mail=2Eru?=
Пт Дек 2 14:39:46 MSK 2005


Добрый вечер.

До меня не доходит, откуда там патчи отковыривать?
У нас в М24 это w3c-libwww-5.4.0-alt1.1.

----------  Пересланное сообщение  ----------

Subject: [USN-220-1] w3c-libwww vulnerability
Date: Пятница 02 Декабрь 2005 00:37
From: Martin Pitt <martin.pitt на canonical.com>
To: ubuntu-security-announce на lists.ubuntu.com
Cc: full-disclosure на lists.grok.org.uk, bugtraq на securityfocus.com

===========================================================
Ubuntu Security Notice USN-220-1   December 01, 2005
w3c-libwww vulnerability
CVE-2005-3183
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libwww0

The problem can be corrected by upgrading the affected package
 to version 5.4.0-9ubuntu0.4.10 (for Ubuntu 4.10),
 5.4.0-9ubuntu0.5.04 (for Ubuntu 5.04), or 5.4.0-9ubuntu0.5.10
 (for Ubuntu 5.10).  In general, a standard system upgrade is
 sufficient to effect the necessary changes.

Details follow:

Sam Varshavchik discovered several buffer overflows in the
HTBoundary_put_block() function. By sending specially crafted
 HTTP multipart/byteranges MIME messages, a malicious HTTP
 server could trigger an out of bounds memory access in the
 libwww library, which causes the program that uses the library
 to crash.


Updated packages for Ubuntu 4.10:

  Source archives:

   
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/w3c-li
bwww_5.4.0-9ubuntu0.4.10.diff.gz Size/MD5:   510355
 15f9592db51864e0e060fe1f3a6f63f6
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/w3c-li
bwww_5.4.0-9ubuntu0.4.10.dsc Size/MD5:      714
 637bf331ecefe995ae2ef4b280e2bc2b
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/w3c-li
bwww_5.4.0.orig.tar.gz Size/MD5:  1127018
 a6073cda765b7f9fa0970eb92757f6bb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

   
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww
-dev_5.4.0-9ubuntu0.4.10_amd64.deb Size/MD5:   684660
 313c59ca507046ff8a2b66ac49d0ac7e
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww
-ssl-dev_5.4.0-9ubuntu0.4.10_amd64.deb Size/MD5:   692530
 d06eb91e03a400e23ae94d8466965bc5
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww
-ssl0_5.4.0-9ubuntu0.4.10_amd64.deb Size/MD5:   512118
 2646446086e15f870cc8930d39fa65ad
 http://security.ubuntu.com/ubuntu/pool/universe/w/w3c-libwww/li
bwww0_5.4.0-9ubuntu0.4.10_amd64.deb Size/MD5:   503738
 7dffb1bfe8e5215be6840aa9a8f2d2c9

  i386 architecture (x86 compatible Intel/AMD)

   
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww
-dev_5.4.0-9ubuntu0.4.10_i386.deb Size/MD5:   607840
 b16565a4a8dfaa8a5b10227f73d0ca5d
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww
-ssl-dev_5.4.0-9ubuntu0.4.10_i386.deb Size/MD5:   614156
 01705c593f044c6ef920c3799b8a7cb7
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww
-ssl0_5.4.0-9ubuntu0.4.10_i386.deb Size/MD5:   452774
 21fe2a50e533a6be012c07ca2e1bca33
 http://security.ubuntu.com/ubuntu/pool/universe/w/w3c-libwww/li
bwww0_5.4.0-9ubuntu0.4.10_i386.deb Size/MD5:   444552
 098a59839be744797f2c8f9df0fc70ba

  powerpc architecture (Apple Macintosh G3/G4/G5)

   
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww
-dev_5.4.0-9ubuntu0.4.10_powerpc.deb Size/MD5:   694934
 c4b38eaec0fbff44f0b92e6b8d4c646f
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww
-ssl-dev_5.4.0-9ubuntu0.4.10_powerpc.deb Size/MD5:   704214
 98db309dd1b252e6fe1fc7ec3f5e342c
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww
-ssl0_5.4.0-9ubuntu0.4.10_powerpc.deb Size/MD5:   507282
 96d5f4382a0df15df9a04b72f33350f5
 http://security.ubuntu.com/ubuntu/pool/universe/w/w3c-libwww/li
bwww0_5.4.0-9ubuntu0.4.10_powerpc.deb Size/MD5:   498518
 f77c5c60228ec7f769281ca4ba690ac1

Updated packages for Ubuntu 5.04:

  Source archives:

   
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/w3c-li
bwww_5.4.0-9ubuntu0.5.04.diff.gz Size/MD5:   510353
 dfacb49b7bc30b6829a064ed857bad36
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/w3c-li
bwww_5.4.0-9ubuntu0.5.04.dsc Size/MD5:      714
 6b2128a3be183cbb204645423fa4fb22
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/w3c-li
bwww_5.4.0.orig.tar.gz Size/MD5:  1127018
 a6073cda765b7f9fa0970eb92757f6bb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

   
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww
-dev_5.4.0-9ubuntu0.5.04_amd64.deb Size/MD5:   684646
 774b5e3bb24748468fb4417119648b1b
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww
-ssl-dev_5.4.0-9ubuntu0.5.04_amd64.deb Size/MD5:   692468
 bc282e4fc92517bea58d67f8682f4793
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww
-ssl0_5.4.0-9ubuntu0.5.04_amd64.deb Size/MD5:   512176
 17bce1afc105e18c7d0a87a2bd1c0e35
 http://security.ubuntu.com/ubuntu/pool/universe/w/w3c-libwww/li
bwww0_5.4.0-9ubuntu0.5.04_amd64.deb Size/MD5:   503836
 229e14f16890a3698b7a6c0f643c3a07

  i386 architecture (x86 compatible Intel/AMD)

   
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww
-dev_5.4.0-9ubuntu0.5.04_i386.deb Size/MD5:   607932
 f8d90cd4c1c414fd3be1445452b0f9dc
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww
-ssl-dev_5.4.0-9ubuntu0.5.04_i386.deb Size/MD5:   614278
 7c49d8fb328a1615fbf68df3e31e8874
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww
-ssl0_5.4.0-9ubuntu0.5.04_i386.deb Size/MD5:   452130
 8869e99df88b832629d392fb09bd4943
 http://security.ubuntu.com/ubuntu/pool/universe/w/w3c-libwww/li
bwww0_5.4.0-9ubuntu0.5.04_i386.deb Size/MD5:   443922
 8fe4ee3f786484817a18269ff5b1bb00

  powerpc architecture (Apple Macintosh G3/G4/G5)

   
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww
-dev_5.4.0-9ubuntu0.5.04_powerpc.deb Size/MD5:   694902
 9adb92ce0d06b187804ea4ef3b9b98e0
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww
-ssl-dev_5.4.0-9ubuntu0.5.04_powerpc.deb Size/MD5:   704190
 4ede635cd936116304be4938db47c206
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww
-ssl0_5.4.0-9ubuntu0.5.04_powerpc.deb Size/MD5:   507868
 cd6be292a8642f6ba829f20c0d477dcd
 http://security.ubuntu.com/ubuntu/pool/universe/w/w3c-libwww/li
bwww0_5.4.0-9ubuntu0.5.04_powerpc.deb Size/MD5:   498974
 d12c45e22e60c084bfe6245884a3c911

Updated packages for Ubuntu 5.10:

  Source archives:

   
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/w3c-li
bwww_5.4.0-9ubuntu0.5.10.diff.gz Size/MD5:   510354
 66df7306af726ce9ca9c09e02f773fab
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/w3c-li
bwww_5.4.0-9ubuntu0.5.10.dsc Size/MD5:      714
 e4c57b709f40d8ecb2d58ea37550b78e
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/w3c-li
bwww_5.4.0.orig.tar.gz Size/MD5:  1127018
 a6073cda765b7f9fa0970eb92757f6bb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

   
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww
-dev_5.4.0-9ubuntu0.5.10_amd64.deb Size/MD5:   692584
 1cdf973add1144853304890300a381de
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww
-ssl-dev_5.4.0-9ubuntu0.5.10_amd64.deb Size/MD5:   700096
 09ce0c2f9e3cf3f8b0a1a79d38379c18
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww
-ssl0_5.4.0-9ubuntu0.5.10_amd64.deb Size/MD5:   520120
 b16e4d23b9503b41468d9a8862347b2e
 http://security.ubuntu.com/ubuntu/pool/universe/w/w3c-libwww/li
bwww0_5.4.0-9ubuntu0.5.10_amd64.deb Size/MD5:   511492
 11b9667628eb7fcaaec93b53d50a1881

  i386 architecture (x86 compatible Intel/AMD)

   
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww
-dev_5.4.0-9ubuntu0.5.10_i386.deb Size/MD5:   608218
 6702f91d61eb03f7aa76ddecc68e0723
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww
-ssl-dev_5.4.0-9ubuntu0.5.10_i386.deb Size/MD5:   614374
 f057682a4109808438162afe09ca5376
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww
-ssl0_5.4.0-9ubuntu0.5.10_i386.deb Size/MD5:   448164
 4e09a8140ee0519a6b4512a442effff7
 http://security.ubuntu.com/ubuntu/pool/universe/w/w3c-libwww/li
bwww0_5.4.0-9ubuntu0.5.10_i386.deb Size/MD5:   441186
 33bafbd9b12a56ed2633f3e7a7619e2a

  powerpc architecture (Apple Macintosh G3/G4/G5)

   
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww
-dev_5.4.0-9ubuntu0.5.10_powerpc.deb Size/MD5:   698766
 8ecc3202704293dea4fc9555d7ffc0f1
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww
-ssl-dev_5.4.0-9ubuntu0.5.10_powerpc.deb Size/MD5:   707580
 469d6a312828982ce40a5aeb931f24fd
 http://security.ubuntu.com/ubuntu/pool/main/w/w3c-libwww/libwww
-ssl0_5.4.0-9ubuntu0.5.10_powerpc.deb Size/MD5:   510528
 b9fda83cd926e9d926ef5ff16b474487
 http://security.ubuntu.com/ubuntu/pool/universe/w/w3c-libwww/li
bwww0_5.4.0-9ubuntu0.5.10_powerpc.deb Size/MD5:   501542
 7e17ff5ee5861d8e7eb2d6fe7e780ec9

-------------------------------------------------------

-- 
Алексей.
GPG key fingerprint
949B BC0E 2C44 7528 4F63  2753 E37A 9E3F 11F3 BDE1
----------- следующая часть -----------
Было удалено вложение не в текстовом формате...
Имя     : =?iso-8859-1?q?=CF=D4=D3=D5=D4=D3=D4=D7=D5=C5=D4?=
Тип     : application/pgp-signature
Размер  : 189 байтов
Описание: signature
Url     : <http://lists.altlinux.org/pipermail/backports/attachments/20051202/59835551/attachment-0003.bin>


Подробная информация о списке рассылки backports