The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[USN-762-1] APT vulnerabilities


<< Previous INDEX Search src / Print Next >>
Date: Mon, 20 Apr 2009 16:39:54 -0500
From: Jamie Strandboge <jamie@canonical.com.>
To: [email protected]
Subject: [USN-762-1] APT vulnerabilities
Message-ID: <20090420213953.GD1216@severus.strandboge.com.>
Reply-To: Ubuntu Security <security@ubuntu.com.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="UFHRwCdBEJvubb2X"
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
X-Virus-Scanned: antivirus-gw at tyumen.ru


--UFHRwCdBEJvubb2X
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline


Ubuntu Security Notice USN-762-1 April 20, 2009 apt vulnerabilities CVE-2009-1300, https://launchpad.net/bugs/356012
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: apt 0.6.43.3ubuntu3.1 Ubuntu 8.04 LTS: apt 0.7.9ubuntu17.2 Ubuntu 8.10: apt 0.7.14ubuntu6.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Alexandre Martani discovered that the APT daily cron script did not check the return code of the date command. If a machine is configured for automatic updates and is in a time zone where DST occurs at midnight, under certain circumstances automatic updates might not be applied and could become permanently disabled. (CVE-2009-1300) Michael Casadevall discovered that APT did not properly verify repositories signed with a revoked or expired key. If a repository were signed with only an expired or revoked key and the signature was otherwise valid, APT would consider the repository valid. (https://launchpad.net/bugs/356012) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_0.6.43.3ubuntu3.1.dsc Size/MD5: 815 7bd5e8e5e3ec2a595ac63b0deb39567d http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_0.6.43.3ubuntu3.1.tar.gz Size/MD5: 1635376 c112c3316f65f48161af677eca425b72 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-doc_0.6.43.3ubuntu3.1_all.deb Size/MD5: 88762 2d0f3301b4d8f7438ce1bab5211b7871 http://security.ubuntu.com/ubuntu/pool/main/a/apt/libapt-pkg-doc_0.6.43.3ubuntu3.1_all.deb Size/MD5: 112106 ff1935f0c2eda8f7e64ef76e8b40a334 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-utils_0.6.43.3ubuntu3.1_amd64.deb Size/MD5: 198046 222247db4056f04c24cf59d58dd07921 http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_0.6.43.3ubuntu3.1_amd64.deb Size/MD5: 1307286 847fea71df818d1e412f0fe4da4d97f4 http://security.ubuntu.com/ubuntu/pool/main/a/apt/libapt-pkg-dev_0.6.43.3ubuntu3.1_amd64.deb Size/MD5: 82346 32cc1d14f0a800a04ea972ee9cc09c35 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-utils_0.6.43.3ubuntu3.1_i386.deb Size/MD5: 191824 c989fc79d1c333d32593d0a1e09e6c9e http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_0.6.43.3ubuntu3.1_i386.deb Size/MD5: 1286556 33a08ac01b3ea5ec98915c7775cbae78 http://security.ubuntu.com/ubuntu/pool/main/a/apt/libapt-pkg-dev_0.6.43.3ubuntu3.1_i386.deb Size/MD5: 82354 58c6d1f177506db5f612766f86a39ae8 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-utils_0.6.43.3ubuntu3.1_powerpc.deb Size/MD5: 206120 05806cb94c0919cbabe7c36f568b95be http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_0.6.43.3ubuntu3.1_powerpc.deb Size/MD5: 1322236 a8a27eed2eaf45874ef60a94cd95338f http://security.ubuntu.com/ubuntu/pool/main/a/apt/libapt-pkg-dev_0.6.43.3ubuntu3.1_powerpc.deb Size/MD5: 82352 1242f8afa4f0ccd6ee1105c8eb2c8189 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-utils_0.6.43.3ubuntu3.1_sparc.deb Size/MD5: 185654 81fb8e314d9ce565b4701e2e70920e5d http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_0.6.43.3ubuntu3.1_sparc.deb Size/MD5: 1278136 78ed071c9ff6a1ef9c3b25f413cf09d8 http://security.ubuntu.com/ubuntu/pool/main/a/apt/libapt-pkg-dev_0.6.43.3ubuntu3.1_sparc.deb Size/MD5: 82350 1ace0d5bc3069dd09b7482b9ee1224d4 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_0.7.9ubuntu17.2.dsc Size/MD5: 1077 734b2b18ef88ab07d2cbefc96d2ec7c6 http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_0.7.9ubuntu17.2.tar.gz Size/MD5: 2059249 28110553cb73a97610fd4f594d05f825 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-doc_0.7.9ubuntu17.2_all.deb Size/MD5: 102388 4c24b3d50e788a6877a19b5351931724 http://security.ubuntu.com/ubuntu/pool/main/a/apt/libapt-pkg-doc_0.7.9ubuntu17.2_all.deb Size/MD5: 126022 1536598ae1840d4a472b716ddac58675 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-transport-https_0.7.9ubuntu17.2_amd64.deb Size/MD5: 60922 334b1b59ccd8a30d7c4ffff2aaa11d2a http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-utils_0.7.9ubuntu17.2_amd64.deb Size/MD5: 201156 ffcdeb611993bb2e42b8882a3c8dd128 http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_0.7.9ubuntu17.2_amd64.deb Size/MD5: 1661542 20ceb152039cfe106e9bd07883bb95ca http://security.ubuntu.com/ubuntu/pool/main/a/apt/libapt-pkg-dev_0.7.9ubuntu17.2_amd64.deb Size/MD5: 110742 15379525cd60139ff77a8ff3d73173c2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-transport-https_0.7.9ubuntu17.2_i386.deb Size/MD5: 60572 a797ccfbb3cb6db64747279a81e97f5e http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-utils_0.7.9ubuntu17.2_i386.deb Size/MD5: 200662 d0684c82b7899bc8f0845882d4ec7ec5 http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_0.7.9ubuntu17.2_i386.deb Size/MD5: 1651326 00509300a4d21a7363eeb18b088fe649 http://security.ubuntu.com/ubuntu/pool/main/a/apt/libapt-pkg-dev_0.7.9ubuntu17.2_i386.deb Size/MD5: 110732 7002373bd97a2e7b7814c64e547a3dd7 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apt/apt-transport-https_0.7.9ubuntu17.2_lpia.deb Size/MD5: 60604 efab6116797ebfcdd67e8e00e772ed2b http://ports.ubuntu.com/pool/main/a/apt/apt-utils_0.7.9ubuntu17.2_lpia.deb Size/MD5: 204976 63c8bdeff7bedcd35817715529f04763 http://ports.ubuntu.com/pool/main/a/apt/apt_0.7.9ubuntu17.2_lpia.deb Size/MD5: 1661196 3c6e11a2b565ba9c61c952865ebd4d05 http://ports.ubuntu.com/pool/main/a/apt/libapt-pkg-dev_0.7.9ubuntu17.2_lpia.deb Size/MD5: 110742 4f4fcb6a7ad98596d15103304036482b powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apt/apt-transport-https_0.7.9ubuntu17.2_powerpc.deb Size/MD5: 63598 4eebb5cccf06f12ecd6c63752c0c1578 http://ports.ubuntu.com/pool/main/a/apt/apt-utils_0.7.9ubuntu17.2_powerpc.deb Size/MD5: 223800 b92e7adf7c4778eb655074d758d81d7a http://ports.ubuntu.com/pool/main/a/apt/apt_0.7.9ubuntu17.2_powerpc.deb Size/MD5: 1741416 b0d2d4ac271d2a1dfff65620d69c5011 http://ports.ubuntu.com/pool/main/a/apt/libapt-pkg-dev_0.7.9ubuntu17.2_powerpc.deb Size/MD5: 110738 985d6c3a5e2d428c23b20ad87e22fa98 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apt/apt-transport-https_0.7.9ubuntu17.2_sparc.deb Size/MD5: 62628 939635e33e5114378f248fb905d699d4 http://ports.ubuntu.com/pool/main/a/apt/apt-utils_0.7.9ubuntu17.2_sparc.deb Size/MD5: 210734 cb19c4960897279ca8070f8433f6c430 http://ports.ubuntu.com/pool/main/a/apt/apt_0.7.9ubuntu17.2_sparc.deb Size/MD5: 1697440 3c338bbf986e77fe26aad92d418177f5 http://ports.ubuntu.com/pool/main/a/apt/libapt-pkg-dev_0.7.9ubuntu17.2_sparc.deb Size/MD5: 110734 7a7e661a0893991b66129756a8e7ac62 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_0.7.14ubuntu6.1.dsc Size/MD5: 1301 a199f18a4c6d8f81e681d8b4717aca83 http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_0.7.14ubuntu6.1.tar.gz Size/MD5: 2087028 d1a8a1a947b8ed32ae67ff2b1766972b Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-doc_0.7.14ubuntu6.1_all.deb Size/MD5: 105912 1156d043e305781cccfffabd350944a4 http://security.ubuntu.com/ubuntu/pool/main/a/apt/libapt-pkg-doc_0.7.14ubuntu6.1_all.deb Size/MD5: 129694 6e37092150f9e78e08d87eed898b7fd3 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-transport-https_0.7.14ubuntu6.1_amd64.deb Size/MD5: 65050 ee5f86eb8d9491694e56e37af35ef795 http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-utils_0.7.14ubuntu6.1_amd64.deb Size/MD5: 199386 6f7c5d095116ddcc7ecca423eeef6d36 http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_0.7.14ubuntu6.1_amd64.deb Size/MD5: 1679816 1d94ef488c90eadd4b670f5018d55efa http://security.ubuntu.com/ubuntu/pool/main/a/apt/libapt-pkg-dev_0.7.14ubuntu6.1_amd64.deb Size/MD5: 113212 1b00bde13cd452887ad1a1c8b2dc194f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-transport-https_0.7.14ubuntu6.1_i386.deb Size/MD5: 64352 fae78e897308809945047e35f0ae1fde http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-utils_0.7.14ubuntu6.1_i386.deb Size/MD5: 194720 f5d62c304ff4b311c0d728baf520dfcf http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_0.7.14ubuntu6.1_i386.deb Size/MD5: 1671518 6d69e2e48da97da8bc8cfd44571e2dc7 http://security.ubuntu.com/ubuntu/pool/main/a/apt/libapt-pkg-dev_0.7.14ubuntu6.1_i386.deb Size/MD5: 113224 418e77bde363f964972459af1f1901ef lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apt/apt-transport-https_0.7.14ubuntu6.1_lpia.deb Size/MD5: 64506 8571fec494be7c33105aae9d61dfd278 http://ports.ubuntu.com/pool/main/a/apt/apt-utils_0.7.14ubuntu6.1_lpia.deb Size/MD5: 198090 e0046bc9a04b33ebf4873b7820c9e4f6 http://ports.ubuntu.com/pool/main/a/apt/apt_0.7.14ubuntu6.1_lpia.deb Size/MD5: 1683654 d73988711f6c3004ea6798a43212c5d4 http://ports.ubuntu.com/pool/main/a/apt/libapt-pkg-dev_0.7.14ubuntu6.1_lpia.deb Size/MD5: 113218 37846a44f405cebdd8b397a0a0df83b7 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apt/apt-transport-https_0.7.14ubuntu6.1_powerpc.deb Size/MD5: 66804 22d1c770a9797eb078be75cfb739bcb3 http://ports.ubuntu.com/pool/main/a/apt/apt-utils_0.7.14ubuntu6.1_powerpc.deb Size/MD5: 214368 4bfba90ea5b562181159a0ecc017d89c http://ports.ubuntu.com/pool/main/a/apt/apt_0.7.14ubuntu6.1_powerpc.deb Size/MD5: 1750934 679a4b4f110d764313cb1b0e9eb6b3cb http://ports.ubuntu.com/pool/main/a/apt/libapt-pkg-dev_0.7.14ubuntu6.1_powerpc.deb Size/MD5: 113232 f8a9901e860cf56639af7caebca9c94c sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apt/apt-transport-https_0.7.14ubuntu6.1_sparc.deb Size/MD5: 66208 7924ea4b95710fd51e637a159cb9de11 http://ports.ubuntu.com/pool/main/a/apt/apt-utils_0.7.14ubuntu6.1_sparc.deb Size/MD5: 198350 85c7421f00b5aef8475ea79a9149212f http://ports.ubuntu.com/pool/main/a/apt/apt_0.7.14ubuntu6.1_sparc.deb Size/MD5: 1689062 2bb88bdd6d0a4531331796f89308d59b http://ports.ubuntu.com/pool/main/a/apt/libapt-pkg-dev_0.7.14ubuntu6.1_sparc.deb Size/MD5: 113214 e568d25da02b2af9378eb95106ca0272 --UFHRwCdBEJvubb2X Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkns66kACgkQW0JvuRdL8Bo96QCgnE5t9wJtxK6JB+xak8JSSceI utkAoIZ/3NU98cYt9JPo/+PfM5VvDoM2 =WV4P -----END PGP SIGNATURE----- --UFHRwCdBEJvubb2X--

<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру