USN-891-1: lintian vulnerabilities
Posted on: 01/28/2010 10:05 AM

A new lintian vulnerabilities update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-891-1 January 28, 2010
lintian vulnerabilities
CVE-2009-4013, CVE-2009-4014, CVE-2009-4015
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
lintian 1.23.16ubuntu2.1

Ubuntu 8.04 LTS:
lintian 1.23.46ubuntu0.1

Ubuntu 8.10:
lintian 1.24.3ubuntu0.1

Ubuntu 9.04:
lintian 2.2.5ubuntu1.1

Ubuntu 9.10:
lintian 2.2.17ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that lintian did not correctly validate certain
filenames when processing input. If a user or an automated system
were tricked into running lintian on a specially crafted set of files,
a remote attacker could execute arbitrary code with user privileges.


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.16ubuntu2.1.dsc
Size/MD5: 830 a47fe6f70e2eba48fb33d0564b9725e4
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.16ubuntu2.1.tar.gz
Size/MD5: 276511 50d6bfca45e5bed01983bdc83b00d19a

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.16ubuntu2.1_all.deb
Size/MD5: 238462 db9ef682ad8968f5654e5cf61eefb758

Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.46ubuntu0.1.dsc
Size/MD5: 1015 f920dd072c6a0f3a468999c3bbbbe121
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.46ubuntu0.1.tar.gz
Size/MD5: 396901 7778649c0f4fb64428b9b4ff895e1a37

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.46ubuntu0.1_all.deb
Size/MD5: 329624 9a624f6eb3664bb2c22be3d1af3206d6

Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.24.3ubuntu0.1.dsc
Size/MD5: 1244 0f8c73db743ead863a7d3488b476ee0d
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.24.3ubuntu0.1.tar.gz
Size/MD5: 485785 a7d56250c3cb465c4312aa40ad5beda0

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.24.3ubuntu0.1_all.deb
Size/MD5: 359254 a6caa1f945de160e203f28bbfd842912

Updated packages for Ubuntu 9.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.5ubuntu1.1.dsc
Size/MD5: 1284 e4c08e6d5485857e84d5354cdf01e9f6
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.5ubuntu1.1.tar.gz
Size/MD5: 634606 d3fee56c7bedbe0088ce8749f44bcacf

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.5ubuntu1.1_all.deb
Size/MD5: 437450 927b8d2bf0fde9a62267a44d7f1779d3

Updated packages for Ubuntu 9.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.17ubuntu1.1.dsc
Size/MD5: 1283 2845994c571ce78a3be8b2121c950db9
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.17ubuntu1.1.tar.gz
Size/MD5: 747007 dab8b5b18c5f0904df90b07027223af0

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.17ubuntu1.1_all.deb
Size/MD5: 475958 4b633e03d586b04674a9c8266b6d3273


--qMm9M+Fa2AknHoGS
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Kees Cook lt;kees@outflux.netgt;

iEYEARECAAYFAkthQ48ACgkQH/9LqRcGPm0zwgCePjvrRXFM5QQb3DtUklC4vWyJ
0jIAn2ugHr6tAIQ7OuP5JenGFj3+xI7n
=TM/E
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_891_1_lintian_vulnerabilities.html)