Articles / Ubuntu: New dpkg packages f…

Ubuntu: New dpkg packages fix various security issues

William Grant discovered that dpkg-source did not safely apply diffs when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system. Updated packages are available from security.ubuntu.com.

===========================================================
Ubuntu Security Notice USN-909-1             March 11, 2010
dpkg vulnerability
CVE-2010-0396
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
 dpkg-dev                        1.13.11ubuntu7.1

Ubuntu 8.04 LTS:
 dpkg-dev                        1.14.16.6ubuntu4.1

Ubuntu 8.10:
 dpkg-dev                        1.14.20ubuntu6.3

Ubuntu 9.04:
 dpkg-dev                        1.14.24ubuntu1.1

Ubuntu 9.10:
 dpkg-dev                        1.15.4ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

William Grant discovered that dpkg-source did not safely apply diffs
when unpacking source packages.  If a user or an automated system were
tricked into unpacking a specially crafted source package, a remote
attacker could modify files outside the target unpack directory, leading
to a denial of service or potentially gaining access to the system.


Updated packages for Ubuntu 6.06 LTS:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.13.11ubuntu7.1.dsc
     Size/MD5:      760 34441c52e805649411aefadcf436c498
   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.13.11ubuntu7.1.tar.gz
     Size/MD5:  3605915 fff28ddf0f4817c3ecbcc5444ce7a452

 Architecture independent packages:

   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.13.11ubuntu7.1_all.deb
     Size/MD5:   163246 0422c23c508b70a10351558490d74d56

 amd64 architecture (Athlon64, Opteron, EM64T Xeon):

   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.13.11ubuntu7.1_amd64.deb
     Size/MD5:  1910180 0f671a7f4397f7e644f049c475e931db
   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.13.11ubuntu7.1_amd64.deb
     Size/MD5:   126800 97ee0be20c06746e8896bc1ebce5ea4b

 i386 architecture (x86 compatible Intel/AMD):

   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.13.11ubuntu7.1_i386.deb
     Size/MD5:  1866112 544fd3d266045aebe103d70ab8b7509f
   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.13.11ubuntu7.1_i386.deb
     Size/MD5:   117076 4dba6966f8d12302ecb46c58e1969ff1

 powerpc architecture (Apple Macintosh G3/G4/G5):

   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.13.11ubuntu7.1_powerpc.deb
     Size/MD5:  1898810 c32bbc1af794165bb4a23c454d37ec26
   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.13.11ubuntu7.1_powerpc.deb
     Size/MD5:   127240 82fba117821acdc09b3662ca754052bf

 sparc architecture (Sun SPARC/UltraSPARC):

   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.13.11ubuntu7.1_sparc.deb
     Size/MD5:  1878838 3dfb5489e39febdd95abff4033f59d39
   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.13.11ubuntu7.1_sparc.deb
     Size/MD5:   118940 e508264b3c4b7cb997a4ed087d089703

Updated packages for Ubuntu 8.04 LTS:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.16.6ubuntu4.1.dsc
     Size/MD5:     1208 2a22d05fa34b6b04d5a17263bfe4f0d6
   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.16.6ubuntu4.1.tar.gz
     Size/MD5:  6390427 178b735e17fde21579df4ca26bfa6e67

 Architecture independent packages:

   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.14.16.6ubuntu4.1_all.deb
     Size/MD5:   559370 40325831979d41736a7d185cac8fbd00

 amd64 architecture (Athlon64, Opteron, EM64T Xeon):

   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.16.6ubuntu4.1_amd64.deb
     Size/MD5:  2348266 4593b864a8d6a60adf493f9a1e6b635b
   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.14.16.6ubuntu4.1_amd64.deb
     Size/MD5:   413652 f634c625575e29267e22ff8770d0590b

 i386 architecture (x86 compatible Intel/AMD):

   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.16.6ubuntu4.1_i386.deb
     Size/MD5:  2295972 d3054a2d2e7b382d01203f9020854c45
   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.14.16.6ubuntu4.1_i386.deb
     Size/MD5:   405256 407e3696ed9ceeecc64b7ba3c95a9340

 lpia architecture (Low Power Intel Architecture):

   http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.16.6ubuntu4.1_lpia.deb
     Size/MD5:  2296428 719d6602689db30cd1f7f7f1ae893c4f
   http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.16.6ubuntu4.1_lpia.deb
     Size/MD5:   406182 7067d8bb99e5b61d76b76bc9a6d9045b

 powerpc architecture (Apple Macintosh G3/G4/G5):

   http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.16.6ubuntu4.1_powerpc.deb
     Size/MD5:  2349398 7091950bd709fe1703068d65ab9e92fb
   http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.16.6ubuntu4.1_powerpc.deb
     Size/MD5:   417724 3f8f2ad7d3e5a4489c0273a2cbbc694b

 sparc architecture (Sun SPARC/UltraSPARC):

   http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.16.6ubuntu4.1_sparc.deb
     Size/MD5:  2304870 8154035a4d26b6ecb3244ad436fd6a06
   http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.16.6ubuntu4.1_sparc.deb
     Size/MD5:   406124 9369a5fe72e587105a85818cd1e01b95

Updated packages for Ubuntu 8.10:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.20ubuntu6.3.dsc
     Size/MD5:     1374 b31bf239dbb395dedb8b8913006f424b
   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.20ubuntu6.3.tar.gz
     Size/MD5:  6667294 5e976d2038d4f4e7c091ff0a5a9d6287

 Architecture independent packages:

   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.14.20ubuntu6.3_all.deb
     Size/MD5:   612902 a23c54c5bb99d9ce8f0f3d3b34515622

 amd64 architecture (Athlon64, Opteron, EM64T Xeon):

   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.20ubuntu6.3_amd64.deb
     Size/MD5:  2278804 90f46bebbae90673a1d4061f7d69eb9d
   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.14.20ubuntu6.3_amd64.deb
     Size/MD5:   414836 b27191cafff2143d90453efcc758b466

 i386 architecture (x86 compatible Intel/AMD):

   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.20ubuntu6.3_i386.deb
     Size/MD5:  2230408 7e8a9e7997148da06dc2175d2b3a0249
   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.14.20ubuntu6.3_i386.deb
     Size/MD5:   406610 a3e5a0a62c42671a5ccdd68fdf3ef186

 lpia architecture (Low Power Intel Architecture):

   http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.20ubuntu6.3_lpia.deb
     Size/MD5:  2229312 a50c5d32e2bbe16d4f75d987295bfcec
   http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.20ubuntu6.3_lpia.deb
     Size/MD5:   406868 5c5c03bee5447f51c7fe9c8acf48e072

 powerpc architecture (Apple Macintosh G3/G4/G5):

   http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.20ubuntu6.3_powerpc.deb
     Size/MD5:  2268434 20bcc6e0351ddc88ea0f0114ccd9fddc
   http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.20ubuntu6.3_powerpc.deb
     Size/MD5:   416446 63ab7115e4a551c4060db078b2e99c65

 sparc architecture (Sun SPARC/UltraSPARC):

   http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.20ubuntu6.3_sparc.deb
     Size/MD5:  2235650 ebf0beecfc3cf739cb45d4e02e432ea2
   http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.20ubuntu6.3_sparc.deb
     Size/MD5:   407274 eddb7ffd933d842d372ad5cca7f61ccc

Updated packages for Ubuntu 9.04:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.24ubuntu1.1.dsc
     Size/MD5:     1374 966f0d0737c4b468b297110b090c3ec8
   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.24ubuntu1.1.tar.gz
     Size/MD5:  6857872 af3f9838a9f61354f02f1376094dd387

 Architecture independent packages:

   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.14.24ubuntu1.1_all.deb
     Size/MD5:   643570 f8183801f8337e8f05d3f4f500839ee4

 amd64 architecture (Athlon64, Opteron, EM64T Xeon):

   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.24ubuntu1.1_amd64.deb
     Size/MD5:  2402910 7e11960c3370d46ff85f6fbfb74cbb9c
   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.14.24ubuntu1.1_amd64.deb
     Size/MD5:   418624 5410f79d5e0f97d16ed6fecfde8b1878

 i386 architecture (x86 compatible Intel/AMD):

   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.24ubuntu1.1_i386.deb
     Size/MD5:  2354476 d02b003cba30d3bb8b7ad76c3d6dcd75
   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.14.24ubuntu1.1_i386.deb
     Size/MD5:   410460 483f6e495f85b2bee9e28f3176798c1f

 lpia architecture (Low Power Intel Architecture):

   http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.24ubuntu1.1_lpia.deb
     Size/MD5:  2352378 f9aae3bcecc6bf90a79430896b79c640
   http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.24ubuntu1.1_lpia.deb
     Size/MD5:   410520 81dd12b39aa98e98f41a29c1b9058036

 powerpc architecture (Apple Macintosh G3/G4/G5):

   http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.24ubuntu1.1_powerpc.deb
     Size/MD5:  2393240 25dca2b3b4a883a08d16837e9a35b911
   http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.24ubuntu1.1_powerpc.deb
     Size/MD5:   420232 7467a2ea13d2e78b187f6bcefb55bf4b

 sparc architecture (Sun SPARC/UltraSPARC):

   http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.24ubuntu1.1_sparc.deb
     Size/MD5:  2360038 e90d547b96a88831053304d18343a5ef
   http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.24ubuntu1.1_sparc.deb
     Size/MD5:   411142 ea1b073a035a0b14d90bd36e41f63533

Updated packages for Ubuntu 9.10:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.15.4ubuntu2.1.dsc
     Size/MD5:     1369 f882af2befea5a4b083bd0b92e332df4
   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.15.4ubuntu2.1.tar.gz
     Size/MD5:  7046069 8b5a0f7410f1a275cc696383afacf621

 Architecture independent packages:

   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.15.4ubuntu2.1_all.deb
     Size/MD5:   573258 63b13346961f9bf2d36f2661bcce1b18

 amd64 architecture (Athlon64, Opteron, EM64T Xeon):

   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.15.4ubuntu2.1_amd64.deb
     Size/MD5:  2170832 456e1befb49374eb295c8f5c0e634adc
   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.15.4ubuntu2.1_amd64.deb
     Size/MD5:   333910 865568f183c69e5f99ae6bfd3c701628

 i386 architecture (x86 compatible Intel/AMD):

   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.15.4ubuntu2.1_i386.deb
     Size/MD5:  2126260 df700c2e82786fb0ba11b1ba293af49e
   http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.15.4ubuntu2.1_i386.deb
     Size/MD5:   325634 c03e628356ca458881f95af0f74f28e9

 lpia architecture (Low Power Intel Architecture):

   http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.15.4ubuntu2.1_lpia.deb
     Size/MD5:  2104834 d82b8607c7b2002c450536b92abc1024
   http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.15.4ubuntu2.1_lpia.deb
     Size/MD5:   326974 75b5575b0e1321d5f8c01f01724970b2

 powerpc architecture (Apple Macintosh G3/G4/G5):

   http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.15.4ubuntu2.1_powerpc.deb
     Size/MD5:  2171106 408fc498138e077016de2b63892c9bb4
   http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.15.4ubuntu2.1_powerpc.deb
     Size/MD5:   333172 2efebdb20f9dc76f97b59340c1800995

 sparc architecture (Sun SPARC/UltraSPARC):

   http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.15.4ubuntu2.1_sparc.deb
     Size/MD5:  2133260 a4dda0dea25fa3e484796a8e211c7dda
   http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.15.4ubuntu2.1_sparc.deb
     Size/MD5:   327004 09180d098f2c2dbed84a9f90097dd8fc
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.