USN-610-1: LTSP vulnerability
Posted on: 05/07/2008 07:55 AM

A new LTSP vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-610-1 May 06, 2008
ltsp vulnerability
CVE-2008-1293
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
ldm 0.87.1

Ubuntu 7.04:
ldm 5.0.7.1

Ubuntu 7.10:
ldm 5.0.39.1

After a standard system upgrade you need to update your LTSP client chroots
to effect the necessary changes. For more details, please see:
http://doc.ubuntu.com/edubuntu/edubuntu/handbook/C/ltsp-updates.html#id5312=
24

Details follow:

Christian Herzog discovered that it was possible to connect to any
LTSP client's X session over the network. A remote attacker could
eavesdrop on X events, read window contents, and record keystrokes,
possibly gaining access to private information.


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp_0.87.1.dsc
Size/MD5: 574 aa98ca636c72ae5baeb34de1a586a200
http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp_0.87.1.tar.gz
Size/MD5: 199717 84d1b8c77a3bde8b30068c7365ff7b27

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ldm_0.87.1_all.deb
Size/MD5: 82966 442d19db7753c614b64d45ea270befd6
http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client-builder_=
0.87.1_all.udeb
Size/MD5: 1748 a2da20fc182480e35df03c2b0aa85598
http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-server-standalo=
ne_0.87.1_all.deb
Size/MD5: 13352 090bbcba5e3e66c1ffab0b0262cb895c
http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-server_0.87.1_a=
ll.deb
Size/MD5: 21894 63be6d1223a6f272cb9413fb64926f05

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client_0.87.1_a=
md64.deb
Size/MD5: 46442 dc8d11f8b2dd5a3a5a702512a221b4bc

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client_0.87.1_i=
386.deb
Size/MD5: 41822 9820547fb8a0ae363891bdb5a7f367e0

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client_0.87.1_p=
owerpc.deb
Size/MD5: 45826 80c458e417a2793035afe8a180ed332c

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client_0.87.1_s=
parc.deb
Size/MD5: 43758 62778df1410b59e9581ffa70aadf56f2

Updated packages for Ubuntu 7.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp_5.0.7.1.dsc
Size/MD5: 576 31c3f3a26492f640874c5c200ab9cef2
http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp_5.0.7.1.tar.gz
Size/MD5: 274699 07c4b25992551962e0a103be55096985

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ldm_5.0.7.1_all.deb
Size/MD5: 204270 f7adb6f9fc1ed6255222b7bccd6bb100
http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client-builder_=
5.0.7.1_all.udeb
Size/MD5: 2870 839f1f796627d40ad60df43057530d66
http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-server-standalo=
ne_5.0.7.1_all.deb
Size/MD5: 29224 552812e1820b5addc9b820de55b86080
http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-server_5.0.7.1_=
all.deb
Size/MD5: 55922 279d71b5ca502b98ed1a90a4a2662f4f

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client_5.0.7.1_=
amd64.deb
Size/MD5: 60542 c862547c633f9840168ff0aa975e0cb7

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client_5.0.7.1_=
i386.deb
Size/MD5: 59076 3134e2afab500926da10729bccc256dc

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client_5.0.7.1_=
powerpc.deb
Size/MD5: 61248 09d0dbbe3e791b4fc4be44f8bba6c707

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client_5.0.7.1_=
sparc.deb
Size/MD5: 58886 88bec4664e587726c77828a011e86859

Updated packages for Ubuntu 7.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp_5.0.39.1.dsc
Size/MD5: 691 f015b2c4aa06417afa91fdecd993c2f0
http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp_5.0.39.1.tar.gz
Size/MD5: 2464651 b1e8b62039d0927b4e42a328973021c0

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client-builder_=
5.0.39.1_all.udeb
Size/MD5: 3434 0d849820cefc4e98d7077919a92e5470
http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client_5.0.39.1=
_all.deb
Size/MD5: 34440 fb5d1bcbf603d6fe79b0afe2e6514423
http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-server-standalo=
ne_5.0.39.1_all.deb
Size/MD5: 35288 1a005530bb7c27a98ddfdc3234e337ec
http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-server_5.0.39.1=
_all.deb
Size/MD5: 68314 40014f048d44f85bec76eddc5f33f905

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ldm_5.0.39.1_amd64.d=
eb
Size/MD5: 1992710 f642050148c0787c0217e3571ce91234
http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client-core_5.0=
=2E39.1_amd64.deb
Size/MD5: 69598 9affbccbec07643dfa4270727a07875e

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ldm_5.0.39.1_i386.deb
Size/MD5: 1991780 da5e6870a0b72455a35bd0b5b1b8d3ed
http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client-core_5.0=
=2E39.1_i386.deb
Size/MD5: 68374 461de2c89dc19f62d39bbfa6cec55e67

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/l/ltsp/ldm_5.0.39.1_lpia.deb
Size/MD5: 1990848 9a2168237991d35d8d2074e98c407df0
http://ports.ubuntu.com/pool/main/l/ltsp/ltsp-client-core_5.0.39.1_lpia=
=2Edeb
Size/MD5: 66770 ec62db8d569b609bd0d49c2fbf214e89

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ldm_5.0.39.1_powerpc=
=2Edeb
Size/MD5: 1995930 f45e7b5154af874eb7f1a29be3a3204a
http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client-core_5.0=
=2E39.1_powerpc.deb
Size/MD5: 70242 8efd4b5f242777d854682c8969e568dd

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ldm_5.0.39.1_sparc.d=
eb
Size/MD5: 1991858 40cbb244e05286a6fdb62221686397ab
http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client-core_5.0=
=2E39.1_sparc.deb
Size/MD5: 67952 e7e226c3034036d5b16e837779750da3


--fKov5AqTsvseSZ0Z
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIITCdH/9LqRcGPm0RAuf6AJ9jhewC77OiwGMXx8ReX5HAkkUqHQCePytA
v0h/EYSPeUPAvy4y5j3xzTE=
=b+mg
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_610_1_ltsp_vulnerability.html)