USN-721-1: fglrx-installer vulnerability
Posted on: 02/17/2009 11:15 PM

A new fglrx-installer vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-721-1 February 17, 2009
fglrx-installer vulnerability
https://launchpad.net/bugs/323327
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
xorg-driver-fglrx 2:8.543-0ubuntu4.1

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

Marko Lindqvist discovered that the fglrx installer created an unsafe
LD_LIBRARY_PATH on 64bit systems. If a user were tricked into downloading
specially crafted libraries and running commands in the same directory,
a remote attacker could execute arbitrary code with user privileges.


Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/fglrx-installer_8.543-0ubuntu4.1.diff.gz
Size/MD5: 26000 8fd05a4ab9e9f04c59ed5b731bcacd8b
http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/fglrx-installer_8.543-0ubuntu4.1.dsc
Size/MD5: 1443 e7dee56d6c645ff3bce0c3093af205e3
http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/fglrx-installer_8.543.orig.tar.gz
Size/MD5: 47046692 6abc8e86f1a00168ba8f43d58f71cb69

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/f/fglrx-installer/fglrx-modaliases_8.543-0ubuntu4.1_amd64.deb
Size/MD5: 10938 8f0014e73c06b1fd0e586359067641c7
http://security.ubuntu.com/ubuntu/pool/multiverse/f/fglrx-installer/libamdxvba1_8.543-0ubuntu4.1_amd64.deb
Size/MD5: 846038 8982e97324d57a3db0072123d2406a56
http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/fglrx-amdcccle_8.543-0ubuntu4.1_amd64.deb
Size/MD5: 6630112 72d48d2e40f3bb63b7ad9b66367d5dca
http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/fglrx-kernel-source_8.543-0ubuntu4.1_amd64.deb
Size/MD5: 1430276 cd88c1a040f050472b82406308e28ec5
http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/xorg-driver-fglrx-dev_8.543-0ubuntu4.1_amd64.deb
Size/MD5: 83402 8b2fc26c7f1e2417613e543428d5b21f
http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/xorg-driver-fglrx_8.543-0ubuntu4.1_amd64.deb
Size/MD5: 17264298 e26cff93ff7eb4cddede61ea41b81aee

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/f/fglrx-installer/fglrx-modaliases_8.543-0ubuntu4.1_i386.deb
Size/MD5: 10938 2fc0c5d1a8c799df60ee474b10e57e0a
http://security.ubuntu.com/ubuntu/pool/multiverse/f/fglrx-installer/libamdxvba1_8.543-0ubuntu4.1_i386.deb
Size/MD5: 412474 c23a19c9e238b0cc8986b98910c0da9d
http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/fglrx-amdcccle_8.543-0ubuntu4.1_i386.deb
Size/MD5: 6749062 80263acaf045f9a196d8a2486dc42969
http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/fglrx-kernel-source_8.543-0ubuntu4.1_i386.deb
Size/MD5: 1368946 18257688f659b91d95746e1b509edc5d
http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/xorg-driver-fglrx-dev_8.543-0ubuntu4.1_i386.deb
Size/MD5: 78658 537cc59d4b86274114f0eeb5febdf283
http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/xorg-driver-fglrx_8.543-0ubuntu4.1_i386.deb
Size/MD5: 11915472 d392662d6ecefae8992c12c0356b63fa


--Dxnq1zWXvFF0Q93v
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Kees Cook lt;kees@outflux.netgt;

iEYEARECAAYFAkmbJHcACgkQH/9LqRcGPm0HxQCfTprUQGiB3bsjQmGGTY81iFDx
nE0AoJTekE8kRMDT+213PeJzqp74KvVM
=eMsH
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_721_1_fglrx_installer_vulnerability.html)