USN-92-1: LessTif vulnerabilities
Posted on: 03/07/2005 04:15 PM

A LessTif security update is available for Ubuntu Linux 4.10

==========================================================
Ubuntu Security Notice USN-92-1 March 07, 2005
lesstif1-1 vulnerabilities
CAN-2005-0605
==========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

lesstif1
lesstif2

The problem can be corrected by upgrading the affected package to version 1:0.93.94-4ubuntu1.3. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Several vulnerabilities have been found in the XPM image decoding functions of the LessTif library. If an attacker tricked a user into loading a malicious XPM image with an application that uses LessTif, he could exploit this to execute arbitrary code in the context of the user opening the image.

Ubuntu does not contain any server applications using LessTif, so there is no possibility of privilege escalation.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1-1_0.93.94-4ubuntu1.3.diff.gz
Size/MD5: 106559 10390280498a19d8bedcf41c3ad075b6
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1-1_0.93.94-4ubuntu1.3.dsc
Size/MD5: 864 ef7eb1b1a2351d703c9d472e147d6b45
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1-1_0.93.94.orig.tar.gz
Size/MD5: 4862623 9eb87b5470333ccb31425a47d24f5a96

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif-doc_0.93.94-4ubuntu1.3_all.deb
Size/MD5: 342218 50dba994fe17e5f253c3b44e3bdb493a

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/l/lesstif1-1/lesstif-bin_0.93.94-4ubuntu1.3_amd64.deb
Size/MD5: 176958 845526d2d517b5d43722d32f7b4f96d9
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif-dev_0.93.94-4ubuntu1.3_amd64.deb
Size/MD5: 917352 bc37061d1a23c0f9e50631e370c6e02a
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1_0.93.94-4ubuntu1.3_amd64.deb
Size/MD5: 660772 ab61d20f4cad00783adc89eb2e5ad05d
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2-dev_0.93.94-4ubuntu1.3_amd64.deb
Size/MD5: 1068764 22057fe13cf32c6824b80b1aca8582f8
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2_0.93.94-4ubuntu1.3_amd64.deb
Size/MD5: 743410 8307888562686c76a7584a437634455e

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/l/lesstif1-1/lesstif-bin_0.93.94-4ubuntu1.3_i386.deb
Size/MD5: 159596 215b85f45344b66cd9e621b651dae399
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif-dev_0.93.94-4ubuntu1.3_i386.deb
Size/MD5: 803756 43a39b02e359fc7eba44a2acc651d77f
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1_0.93.94-4ubuntu1.3_i386.deb
Size/MD5: 598112 fa697d9c1b794e6b5d4f98c3c445695d
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2-dev_0.93.94-4ubuntu1.3_i386.deb
Size/MD5: 934076 c3404cb03872cd7ad7ed71b734f74f0e
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2_0.93.94-4ubuntu1.3_i386.deb
Size/MD5: 674350 22c7ce01cf8ee09172d25d494470e6ae

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/l/lesstif1-1/lesstif-bin_0.93.94-4ubuntu1.3_powerpc.deb
Size/MD5: 171868 4c2102527ad30213dcb759caae0b42db
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif-dev_0.93.94-4ubuntu1.3_powerpc.deb
Size/MD5: 946186 97efaff3cb3f0c558a65ddff84441d48
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1_0.93.94-4ubuntu1.3_powerpc.deb
Size/MD5: 626094 7307c73f4fbc10560da35f87ba11ccf3
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2-dev_0.93.94-4ubuntu1.3_powerpc.deb
Size/MD5: 1094772 0fc4e231e5e9d032065c80b997bc5562
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2_0.93.94-4ubuntu1.3_powerpc.deb
Size/MD5: 706738 d2a53253e733c907eb48d3640024c47a


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_92_1_lesstif_vulnerabilities.html)