USN-379-1: texinfo vulnerability
Posted on: 11/09/2006 08:35 PM

A new texinfo vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-379-1 November 09, 2006
texinfo vulnerability
CVE-2006-4810
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
texinfo 4.7-2.2ubuntu2.2

Ubuntu 6.06 LTS:
texinfo 4.8-4ubuntu0.1

Ubuntu 6.10:
texinfo 4.8.dfsg.1-1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Miloslav Trmac discovered a buffer overflow in texinfo's index=20
processor. If a user is tricked into processing a .texi file with=20
texindex, this could lead to arbitrary code execution with user=20
privileges.


Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.7-2.2ub=
untu2.2.diff.gz
Size/MD5: 11833 dbf91981a497afa47113442ce4ed0533
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.7-2.2ub=
untu2.2.dsc
Size/MD5: 628 480efa82cf08b6963a177bb604e0371e
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.7.orig.=
tar.gz
Size/MD5: 1979183 72a57e378efb9898c9e41ca839554dae

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.7-2.2ubunt=
u2.2_amd64.deb
Size/MD5: 192672 f51581a20b86f59af743f9547548c954
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.7-2.2ub=
untu2.2_amd64.deb
Size/MD5: 493882 a0b44c7e6a7e480a83ed408bb6800534

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.7-2.2ubunt=
u2.2_i386.deb
Size/MD5: 177692 2613c823cba8d7708ef57fe4077d5db8
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.7-2.2ub=
untu2.2_i386.deb
Size/MD5: 473330 01b7874093bcff3bdaa7d21230436e09

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.7-2.2ubunt=
u2.2_powerpc.deb
Size/MD5: 191208 5d82f615d46977241c4a3e6522198401
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.7-2.2ub=
untu2.2_powerpc.deb
Size/MD5: 485964 04f7d4dc025281ca7bb7ff540cdf1a9c

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.7-2.2ubunt=
u2.2_sparc.deb
Size/MD5: 181058 37f778e57466fb9877aa811e8cd94b5b
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.7-2.2ub=
untu2.2_sparc.deb
Size/MD5: 481292 2d54253517e006ee699b8e16d6a1ea25

Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8-4ubun=
tu0.1.diff.gz
Size/MD5: 19252 ee6ac44a36a7ed2e8cc47e1c2c284da5
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8-4ubun=
tu0.1.dsc
Size/MD5: 633 0c2b881a99eb3ad4339fc50950972b61
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8.orig.=
tar.gz
Size/MD5: 2140626 4e9a1a591ed236003d0d4b008bf07eef

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.8-4ubuntu0=
=2E1_amd64.deb
Size/MD5: 229240 86e76ba873bd62de9af444c19e57ad3a
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8-4ubun=
tu0.1_amd64.deb
Size/MD5: 852588 1d838a30c689d19a73ce03c317c4f70c

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.8-4ubuntu0=
=2E1_i386.deb
Size/MD5: 214256 1cf7872794bde31aabb86c46fe391efd
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8-4ubun=
tu0.1_i386.deb
Size/MD5: 829570 aee0c9143502a4a5e4f9e609efcab148

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.8-4ubuntu0=
=2E1_powerpc.deb
Size/MD5: 227110 15865da8beaed2861f16d6b2cc2256b2
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8-4ubun=
tu0.1_powerpc.deb
Size/MD5: 843556 48bf74169ae31bd35ca88d0ac848ca34

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.8-4ubuntu0=
=2E1_sparc.deb
Size/MD5: 217200 47affbbec4b08430599eaeb4165ae655
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8-4ubun=
tu0.1_sparc.deb
Size/MD5: 836036 41e7f10f98c1c8b9785a9e1554cc5eee

Updated packages for Ubuntu 6.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8.dfsg.=
1-1ubuntu0.1.diff.gz
Size/MD5: 100133 b8aa5026ba781447623b5dca13c16adf
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8.dfsg.=
1-1ubuntu0.1.dsc
Size/MD5: 655 6186cfa19347067109a79dc335e45e67
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8.dfsg.=
1.orig.tar.gz
Size/MD5: 1926534 614273ac8568a25926aae374cd9a6683

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.8.dfsg.1-1=
ubuntu0.1_amd64.deb
Size/MD5: 176152 129a8486cff04779d1ea839ca0246eb9
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8.dfsg.=
1-1ubuntu0.1_amd64.deb
Size/MD5: 318218 ec83d76fe3ed49d3941b7b2429e6aaf9

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.8.dfsg.1-1=
ubuntu0.1_i386.deb
Size/MD5: 163446 1cb94cd6cd61a08fe57cbf760330fdda
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8.dfsg.=
1-1ubuntu0.1_i386.deb
Size/MD5: 298598 2df120b6e3cccbf5d4981bbccc438778

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.8.dfsg.1-1=
ubuntu0.1_powerpc.deb
Size/MD5: 174196 01cf7f495443794e667b2039bdc3a0aa
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8.dfsg.=
1-1ubuntu0.1_powerpc.deb
Size/MD5: 310246 30b317a623898ecfdaf3e96b603816ba

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.8.dfsg.1-1=
ubuntu0.1_sparc.deb
Size/MD5: 164286 a3c0ed9ca8d975f4780b891122b259ee
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8.dfsg.=
1-1ubuntu0.1_sparc.deb
Size/MD5: 302436 d47dfb713bc7aa13d75c95e2dfe04073


--Q68bSM7Ycu6FN28Q
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFFU36/H/9LqRcGPm0RAisDAJ4+cSAUbf7y9D7tdzaLMusxNlf8NwCfSRRD
PyCWqDAGLxtKGIlLgvQX0KQ=
=wUol
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_379_1_texinfo_vulnerability.html)