=========================================================== Ubuntu Security Notice USN-692-1 December 17, 2008 ekg, libgadu vulnerability CVE-2008-4776 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libgadu3 1:1.6+20051103-1ubuntu1.1 Ubuntu 7.10: libgadu3 1:1.7~rc2-2ubuntu0.7.10.1 Ubuntu 8.04 LTS: libgadu3 1:1.7~rc2-2ubuntu0.8.04.1 Ubuntu 8.10: libgadu3 1:1.8.0+r592-1ubuntu0.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: It was discovered that the Gadu library, used by some Instant Messaging clients, did not correctly verify certain packet sizes from the server. If a user connected to a malicious server, clients using Gadu could be made to crash, leading to a denial of service. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/e/ekg/ekg_1.6+20051103-1ubuntu1.1.diff.gz Size/MD5: 35354 ecdf6037647d24e67e420299f8bf3c2f http://security.ubuntu.com/ubuntu/pool/main/e/ekg/ekg_1.6+20051103-1ubuntu1.1.dsc Size/MD5: 819 b6e90f714e487383e6d0bf67e98c8957 http://security.ubuntu.com/ubuntu/pool/main/e/ekg/ekg_1.6+20051103.orig.tar.gz Size/MD5: 503834 5bea3583499a8b9989016af9221b3a07 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu-dev_1.6+20051103-1ubuntu1.1_amd64.deb Size/MD5: 133146 85cfd1168568f5fd6edf848fc4f91d63 http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu3_1.6+20051103-1ubuntu1.1_amd64.deb Size/MD5: 67886 874ac814a70dfae5a61bdad164b78c76 http://security.ubuntu.com/ubuntu/pool/universe/e/ekg/ekg_1.6+20051103-1ubuntu1.1_amd64.deb Size/MD5: 293566 06f87355ed9349e215af731b968501ce i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu-dev_1.6+20051103-1ubuntu1.1_i386.deb Size/MD5: 127014 5fd41a5c0bce4258e6f4bb82f51eaf1c http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu3_1.6+20051103-1ubuntu1.1_i386.deb Size/MD5: 64248 168adb89a8a875ccf6eb4302cab920a4 http://security.ubuntu.com/ubuntu/pool/universe/e/ekg/ekg_1.6+20051103-1ubuntu1.1_i386.deb Size/MD5: 273378 71859a4928ec1ce2ab8117fdda02aeeb powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu-dev_1.6+20051103-1ubuntu1.1_powerpc.deb Size/MD5: 134160 7b90cbde1411221e822c1952641f1379 http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu3_1.6+20051103-1ubuntu1.1_powerpc.deb Size/MD5: 68306 a5485f32dc2d84340286d02a3161c713 http://security.ubuntu.com/ubuntu/pool/universe/e/ekg/ekg_1.6+20051103-1ubuntu1.1_powerpc.deb Size/MD5: 292000 f36a1f2c5ec9d0325532e86d0cc2150e sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu-dev_1.6+20051103-1ubuntu1.1_sparc.deb Size/MD5: 130728 58ffd885d139feb7b99fdffc5c59fb7b http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu3_1.6+20051103-1ubuntu1.1_sparc.deb Size/MD5: 66288 487246f4be79c8f597ebf7bc641e3a64 http://security.ubuntu.com/ubuntu/pool/universe/e/ekg/ekg_1.6+20051103-1ubuntu1.1_sparc.deb Size/MD5: 279900 0769cb58f813ac14c05ef99073b4e940 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/e/ekg/ekg_1.7~rc2-2ubuntu0.7.10.1.diff.gz Size/MD5: 37621 2630b60a3377c5041390339f0193e38e http://security.ubuntu.com/ubuntu/pool/main/e/ekg/ekg_1.7~rc2-2ubuntu0.7.10.1.dsc Size/MD5: 898 164b0b16597df5d35869ac22e725d371 http://security.ubuntu.com/ubuntu/pool/main/e/ekg/ekg_1.7~rc2.orig.tar.gz Size/MD5: 514073 b4ea482130e163af1456699e2e6983d9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu-dev_1.7~rc2-2ubuntu0.7.10.1_amd64.deb Size/MD5: 135710 0f0852a49e3b5d61ad106b50b66254b4 http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu3_1.7~rc2-2ubuntu0.7.10.1_amd64.deb Size/MD5: 70258 8e6f4f8c9311f66513c2b44c076080d6 http://security.ubuntu.com/ubuntu/pool/universe/e/ekg/ekg_1.7~rc2-2ubuntu0.7.10.1_amd64.deb Size/MD5: 303716 c0f68dbd421b0d8d1b6412258f0910ee i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu-dev_1.7~rc2-2ubuntu0.7.10.1_i386.deb Size/MD5: 131008 8ea62b04f2f1e792c73cfa3c970d4335 http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu3_1.7~rc2-2ubuntu0.7.10.1_i386.deb Size/MD5: 68534 01c43060568238fa64560e8034b230c9 http://security.ubuntu.com/ubuntu/pool/universe/e/ekg/ekg_1.7~rc2-2ubuntu0.7.10.1_i386.deb Size/MD5: 288280 f888d53d0be1b5c289af31ef0aac4c1d lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/e/ekg/libgadu-dev_1.7~rc2-2ubuntu0.7.10.1_lpia.deb Size/MD5: 131152 7585ad03f5102cf0d8a2474f7fe847f4 http://ports.ubuntu.com/pool/main/e/ekg/libgadu3_1.7~rc2-2ubuntu0.7.10.1_lpia.deb Size/MD5: 68268 3e70f68fdc63e4a5b74b507f27d85899 http://ports.ubuntu.com/pool/universe/e/ekg/ekg_1.7~rc2-2ubuntu0.7.10.1_lpia.deb Size/MD5: 289262 240454e1e2bd680f19d51fec789eaa7e powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu-dev_1.7~rc2-2ubuntu0.7.10.1_powerpc.deb Size/MD5: 136414 80d3b74dfc7830281299a0008ee698ef http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu3_1.7~rc2-2ubuntu0.7.10.1_powerpc.deb Size/MD5: 72814 8f2becd8d8bcf7b4121b2032f9e6b8b2 http://security.ubuntu.com/ubuntu/pool/universe/e/ekg/ekg_1.7~rc2-2ubuntu0.7.10.1_powerpc.deb Size/MD5: 309510 c4292bed634562a167f6ca6815b104a9 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu-dev_1.7~rc2-2ubuntu0.7.10.1_sparc.deb Size/MD5: 133568 6e1eda0c8cfafdf1c313d76dd55179a8 http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu3_1.7~rc2-2ubuntu0.7.10.1_sparc.deb Size/MD5: 69130 e9b5b481457a31a0088faf6f9e4fd5b8 http://security.ubuntu.com/ubuntu/pool/universe/e/ekg/ekg_1.7~rc2-2ubuntu0.7.10.1_sparc.deb Size/MD5: 293516 269e5f570f8e73ed05283e741fd5a7eb Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/e/ekg/ekg_1.7~rc2-2ubuntu0.8.04.1.diff.gz Size/MD5: 37621 4f8153beb288bbb17dd12b4899d52cc2 http://security.ubuntu.com/ubuntu/pool/main/e/ekg/ekg_1.7~rc2-2ubuntu0.8.04.1.dsc Size/MD5: 898 c823300aa9787825452741e7eaac4c06 http://security.ubuntu.com/ubuntu/pool/main/e/ekg/ekg_1.7~rc2.orig.tar.gz Size/MD5: 514073 b4ea482130e163af1456699e2e6983d9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu-dev_1.7~rc2-2ubuntu0.8.04.1_amd64.deb Size/MD5: 135846 a53426800c4b2fcd884ebaf4f644be42 http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu3_1.7~rc2-2ubuntu0.8.04.1_amd64.deb Size/MD5: 70412 72f947f4f475819467d1887a71e6e36f http://security.ubuntu.com/ubuntu/pool/universe/e/ekg/ekg_1.7~rc2-2ubuntu0.8.04.1_amd64.deb Size/MD5: 304942 4fc22bc0fc1b0cf290925c2ae05dea05 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu-dev_1.7~rc2-2ubuntu0.8.04.1_i386.deb Size/MD5: 131050 07d5a303a5453a2b0c939c7dddfbd5fa http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu3_1.7~rc2-2ubuntu0.8.04.1_i386.deb Size/MD5: 68542 63a28252c3ed0be329f51e999777fc4b http://security.ubuntu.com/ubuntu/pool/universe/e/ekg/ekg_1.7~rc2-2ubuntu0.8.04.1_i386.deb Size/MD5: 288754 ad4d3d5df8790d02362ea01dc0d08175 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/e/ekg/libgadu-dev_1.7~rc2-2ubuntu0.8.04.1_lpia.deb Size/MD5: 131106 faeeebb5cdf8ef53e028a8f40ff518bb http://ports.ubuntu.com/pool/main/e/ekg/libgadu3_1.7~rc2-2ubuntu0.8.04.1_lpia.deb Size/MD5: 68244 a772f8587f19bf6bf40633e228a1d893 http://ports.ubuntu.com/pool/universe/e/ekg/ekg_1.7~rc2-2ubuntu0.8.04.1_lpia.deb Size/MD5: 289866 86d46900275e4a594e79a8dfc3ee58fc powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/e/ekg/libgadu-dev_1.7~rc2-2ubuntu0.8.04.1_powerpc.deb Size/MD5: 136430 861f396868e2bcdaeb751b9fe99da39f http://ports.ubuntu.com/pool/main/e/ekg/libgadu3_1.7~rc2-2ubuntu0.8.04.1_powerpc.deb Size/MD5: 72790 2d4fb39156f56470948bdebad126e06f http://ports.ubuntu.com/pool/universe/e/ekg/ekg_1.7~rc2-2ubuntu0.8.04.1_powerpc.deb Size/MD5: 312890 9202b3fc1c7c609d43d020cd63da15a1 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/e/ekg/libgadu-dev_1.7~rc2-2ubuntu0.8.04.1_sparc.deb Size/MD5: 133302 d94ce7c558f7284ed112acad5598aca0 http://ports.ubuntu.com/pool/main/e/ekg/libgadu3_1.7~rc2-2ubuntu0.8.04.1_sparc.deb Size/MD5: 68874 b7f7d8f419c5d8d42d5d4d608af5386f http://ports.ubuntu.com/pool/universe/e/ekg/ekg_1.7~rc2-2ubuntu0.8.04.1_sparc.deb Size/MD5: 294728 69270b1e3e9ccdb4c01b5bf7414a5505 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libg/libgadu/libgadu_1.8.0+r592-1ubuntu0.1.diff.gz Size/MD5: 316123 78702148bc8d2265163cad5ebf6c6947 http://security.ubuntu.com/ubuntu/pool/main/libg/libgadu/libgadu_1.8.0+r592-1ubuntu0.1.dsc Size/MD5: 1177 3f33173b78724e7b42fe2d97c1ca9016 http://security.ubuntu.com/ubuntu/pool/main/libg/libgadu/libgadu_1.8.0+r592.orig.tar.gz Size/MD5: 135539 81ea4c95105f58844d69ba986a019f2a amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libg/libgadu/libgadu-dev_1.8.0+r592-1ubuntu0.1_amd64.deb Size/MD5: 300328 92d2738cbb32befaaa209f863ea76333 http://security.ubuntu.com/ubuntu/pool/main/libg/libgadu/libgadu3-dbg_1.8.0+r592-1ubuntu0.1_amd64.deb Size/MD5: 75114 187ccb00d87c68d12b9766dae9c76549 http://security.ubuntu.com/ubuntu/pool/main/libg/libgadu/libgadu3_1.8.0+r592-1ubuntu0.1_amd64.deb Size/MD5: 53210 1ec98de46df579cedf51b5d10456d7d6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libg/libgadu/libgadu-dev_1.8.0+r592-1ubuntu0.1_i386.deb Size/MD5: 296434 d769d7330e1f55ca7a818825c6eef405 http://security.ubuntu.com/ubuntu/pool/main/libg/libgadu/libgadu3-dbg_1.8.0+r592-1ubuntu0.1_i386.deb Size/MD5: 71528 3e996e51e3b54612bc2ec05b5555fa7e http://security.ubuntu.com/ubuntu/pool/main/libg/libgadu/libgadu3_1.8.0+r592-1ubuntu0.1_i386.deb Size/MD5: 52816 8b0027e18dde9b5314cf02571fdb3dcb lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libg/libgadu/libgadu-dev_1.8.0+r592-1ubuntu0.1_lpia.deb Size/MD5: 294800 3f396841910d09f1675eb6c4c6b3449a http://ports.ubuntu.com/pool/main/libg/libgadu/libgadu3-dbg_1.8.0+r592-1ubuntu0.1_lpia.deb Size/MD5: 73250 64d69daaecc16873b2cac921ca858034 http://ports.ubuntu.com/pool/main/libg/libgadu/libgadu3_1.8.0+r592-1ubuntu0.1_lpia.deb Size/MD5: 50864 c0b9544fd49c0754c0c84fe1c40f31e0 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libg/libgadu/libgadu-dev_1.8.0+r592-1ubuntu0.1_powerpc.deb Size/MD5: 302722 790b4db9965f837022f3b4a6d0958d7a http://ports.ubuntu.com/pool/main/libg/libgadu/libgadu3-dbg_1.8.0+r592-1ubuntu0.1_powerpc.deb Size/MD5: 74812 b269ca7d6f2c53b84a991f7b05e2ca43 http://ports.ubuntu.com/pool/main/libg/libgadu/libgadu3_1.8.0+r592-1ubuntu0.1_powerpc.deb Size/MD5: 56448 e09cfe6e5f2d9c5db301cd5254c9f411 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libg/libgadu/libgadu-dev_1.8.0+r592-1ubuntu0.1_sparc.deb Size/MD5: 298756 9a04817c427765ed2ae24a184dff95b4 http://ports.ubuntu.com/pool/main/libg/libgadu/libgadu3-dbg_1.8.0+r592-1ubuntu0.1_sparc.deb Size/MD5: 66332 f70f08fc07a3dc62b860073c4055035a http://ports.ubuntu.com/pool/main/libg/libgadu/libgadu3_1.8.0+r592-1ubuntu0.1_sparc.deb Size/MD5: 52114 b65ab637169c92b060858d28f3bc96f7
Attachment:
signature.asc
Description: Digital signature