USN-721-1: fglrx-installer vulnerability
Posted on: 02/17/2009 11:15 PM

A new fglrx-installer vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-721-1 February 17, 2009
fglrx-installer vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
xorg-driver-fglrx 2:8.543-0ubuntu4.1

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

Marko Lindqvist discovered that the fglrx installer created an unsafe
LD_LIBRARY_PATH on 64bit systems. If a user were tricked into downloading
specially crafted libraries and running commands in the same directory,
a remote attacker could execute arbitrary code with user privileges.

Updated packages for Ubuntu 8.10:

Source archives:
Size/MD5: 26000 8fd05a4ab9e9f04c59ed5b731bcacd8b
Size/MD5: 1443 e7dee56d6c645ff3bce0c3093af205e3
Size/MD5: 47046692 6abc8e86f1a00168ba8f43d58f71cb69

amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 10938 8f0014e73c06b1fd0e586359067641c7
Size/MD5: 846038 8982e97324d57a3db0072123d2406a56
Size/MD5: 6630112 72d48d2e40f3bb63b7ad9b66367d5dca
Size/MD5: 1430276 cd88c1a040f050472b82406308e28ec5
Size/MD5: 83402 8b2fc26c7f1e2417613e543428d5b21f
Size/MD5: 17264298 e26cff93ff7eb4cddede61ea41b81aee

i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 10938 2fc0c5d1a8c799df60ee474b10e57e0a
Size/MD5: 412474 c23a19c9e238b0cc8986b98910c0da9d
Size/MD5: 6749062 80263acaf045f9a196d8a2486dc42969
Size/MD5: 1368946 18257688f659b91d95746e1b509edc5d
Size/MD5: 78658 537cc59d4b86274114f0eeb5febdf283
Size/MD5: 11915472 d392662d6ecefae8992c12c0356b63fa

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Kees Cook lt;kees@outflux.netgt;


Printed from Linux Compatible (