USN-83-2: LessTif 1 vulnerabilities
Posted on: 09/12/2005 11:42 AM

A new LessTif 1 vulnerabilities update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-83-2 September 12, 2005
lesstif1-1 vulnerabilities
CAN-2004-0914
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

lesstif1

The problem can be corrected by upgrading the affected package to
version 1:0.93.94-4ubuntu1.4. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

USN-83-1 fixed some vulnerabilities in the "lesstif2" library. The
older "lesstif1" library was also affected, however, a fix was not yet
available at that time. This USN fixes the flaws for lesstif1.

Please note that there are no supported applications that use this
library, so this only affects you if you use third-party applications
which use lesstif1.

For your convenience, here is the relevant part of the USN-83-1
description:

Several vulnerabilities have been found in the XPM image decoding
functions of the LessTif library. If an attacker tricked a user into
loading a malicious XPM image with an application that uses LessTif,
he could exploit this to execute arbitrary code in the context of
the user opening the image.

Ubuntu does not contain any server applications using LessTif, so
there is no possibility of privilege escalation.


Source archives:

http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1-1_0.93.94-4ubuntu1.4.diff.gz
Size/MD5: 120384 728cea45df73cfac025aab648667ba26
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1-1_0.93.94-4ubuntu1.4.dsc
Size/MD5: 864 f7a77c6d69d735c64e480407bc744b6b
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1-1_0.93.94.orig.tar.gz
Size/MD5: 4862623 9eb87b5470333ccb31425a47d24f5a96

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif-doc_0.93.94-4ubuntu1.4_all.deb
Size/MD5: 342270 0c35f7bdddb569d91eb28399e266ba79

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/l/lesstif1-1/lesstif-bin_0.93.94-4ubuntu1.4_amd64.deb
Size/MD5: 176996 d5ad4f18af977e3e6fda8aff1f8b5942
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif-dev_0.93.94-4ubuntu1.4_amd64.deb
Size/MD5: 919372 b15bc0f2b55e10ccf92cb0d3dd01f52d
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1_0.93.94-4ubuntu1.4_amd64.deb
Size/MD5: 662418 985665bdc0a646fa21538a2b64801271
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2-dev_0.93.94-4ubuntu1.4_amd64.deb
Size/MD5: 1068818 48621de47a78ad4561e216d0ee20fa56
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2_0.93.94-4ubuntu1.4_amd64.deb
Size/MD5: 743454 8ea85ba224c678b5052aa8fe8535bae9

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/l/lesstif1-1/lesstif-bin_0.93.94-4ubuntu1.4_i386.deb
Size/MD5: 159652 ca7bc02a28b971ad8c5aab26213bba88
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif-dev_0.93.94-4ubuntu1.4_i386.deb
Size/MD5: 805232 89e719ca3265064bc7bf4614766d7407
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1_0.93.94-4ubuntu1.4_i386.deb
Size/MD5: 599756 860536eae168c35c97ef6f5a880bf002
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2-dev_0.93.94-4ubuntu1.4_i386.deb
Size/MD5: 934130 0ac40da1c5dc9e774df200bf51eedbf7
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2_0.93.94-4ubuntu1.4_i386.deb
Size/MD5: 674398 44dd744e49359462acddb071c2dde808

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/l/lesstif1-1/lesstif-bin_0.93.94-4ubuntu1.4_powerpc.deb
Size/MD5: 171920 180a779c3eb2783dfc4b882af996b8e5
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif-dev_0.93.94-4ubuntu1.4_powerpc.deb
Size/MD5: 947886 e29147ec36b74014861eeb90a85f19c6
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1_0.93.94-4ubuntu1.4_powerpc.deb
Size/MD5: 627706 fa9045896ab981aaf4b71759978d9129
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2-dev_0.93.94-4ubuntu1.4_powerpc.deb
Size/MD5: 1094798 4112aa0f5cb26adc74430a8a6fe17343
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2_0.93.94-4ubuntu1.4_powerpc.deb
Size/MD5: 706780 2fa548597283134ba0f7dd400f6c298e

--gBBFr7Ir9EOA20Yy
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDJaCdDecnbV4Fd/IRAguHAJ9eWF/494AHZcNxZNNOBfnJlf6r1wCdEf5w
yrH1TyAwpXC2Tm9YGHEki4A=
=nWsW
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_83_2_lesstif_1_vulnerabilities.html)