LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: RPM vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu An error was found in the RPM library's handling of query reports. In some locales, certain RPM packages would cause the library to crash. If a user was tricked into querying a specially crafted RPM package, the flaw could be exploited to execute arbitrary code with the user's privileges.
=========================================================== 
Ubuntu Security Notice USN-378-1          November 04, 2006
rpm vulnerability
CVE-2006-5466
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  librpm4                                  4.4.1-5ubuntu2.1

Ubuntu 6.10:
  librpm4                                  4.4.1-9.1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

An error was found in the RPM library's handling of query reports.  In 
some locales, certain RPM packages would cause the library to crash.  If 
a user was tricked into querying a specially crafted RPM package, the 
flaw could be exploited to execute arbitrary code with the user's 
privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.4.1-5ubuntu2.1.diff.gz
      Size/MD5:   274437 77abf35a4c17b8ac8742700eb857e114
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.4.1-5ubuntu2.1.dsc
      Size/MD5:      924 d4e94116e759ba86b6bf73ac32d8fcfd
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.4.1.orig.tar.gz
      Size/MD5: 11497447 90ded9047b1b69d918c6c7c7b56fd7a9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.4.1-5ubuntu2.1_amd64.deb
      Size/MD5:  1384092 0ce64761ca1fc50b3b859cb2672f8889
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.4.1-5ubuntu2.1_amd64.deb
      Size/MD5:  1023236 f60a4b3c8616b84e12b8f4a44a394277
    http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.4.1-5ubuntu2.1_amd64.deb
      Size/MD5:  2635094 894af1cced29645e0386852c04735f63
    http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/python2.4-rpm_4.4.1-5ubuntu2.1_amd64.deb
      Size/MD5:   548476 258dd9aaa0df9187d21da57874c7b240
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.4.1-5ubuntu2.1_amd64.deb
      Size/MD5:   615958 3fb5b37fed9723346842f30e396fd709

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.4.1-5ubuntu2.1_i386.deb
      Size/MD5:  1261978 7598d7e093324228cdaee3f5e747a920
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.4.1-5ubuntu2.1_i386.deb
      Size/MD5:   933166 ceb5acbc6c28f730665bd7b1695ab3da
    http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.4.1-5ubuntu2.1_i386.deb
      Size/MD5:  2280872 5d7aaed850c18779385f93939e40d862
    http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/python2.4-rpm_4.4.1-5ubuntu2.1_i386.deb
      Size/MD5:   473910 321ac67b58315d42f90c1370717c5e52
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.4.1-5ubuntu2.1_i386.deb
      Size/MD5:   598080 457d374399fb2c7cd88adee523f0e7c8

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.4.1-5ubuntu2.1_powerpc.deb
      Size/MD5:  1311550 05d97ccbd989e72cc70f916529b10dbb
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.4.1-5ubuntu2.1_powerpc.deb
      Size/MD5:   999330 13272c1c6eae0299a04bcf44fee0e4d3
    http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.4.1-5ubuntu2.1_powerpc.deb
      Size/MD5:  2690476 3cf910dd613f35dd43ea58a1d37923a3
    http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/python2.4-rpm_4.4.1-5ubuntu2.1_powerpc.deb
      Size/MD5:   579040 96277e2026fba155782f6421726467cc
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.4.1-5ubuntu2.1_powerpc.deb
      Size/MD5:   624534 0d4f47296b07081cdc2de7673d96391e

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.4.1-5ubuntu2.1_sparc.deb
      Size/MD5:  1303352 1b38f39032ea0062b9734640eb9ee973
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.4.1-5ubuntu2.1_sparc.deb
      Size/MD5:   956194 b91a160d3d9a595c55a67060d2e81842
    http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.4.1-5ubuntu2.1_sparc.deb
      Size/MD5:  2517620 868655bab40c32a7f70e3576f9096b3d
    http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/python2.4-rpm_4.4.1-5ubuntu2.1_sparc.deb
      Size/MD5:   517742 0484154d20086493a7bf20af7023d8ee
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.4.1-5ubuntu2.1_sparc.deb
      Size/MD5:   601254 4fddde165735e43ed8ff2804fb71aec0

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.4.1-9.1ubuntu0.1.diff.gz
      Size/MD5:   242934 02f368554b37b62c0374caae5dda121d
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.4.1-9.1ubuntu0.1.dsc
      Size/MD5:     1012 23eb25fabf0a57cb9b36314d4b30500b
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.4.1.orig.tar.gz
      Size/MD5: 11497447 90ded9047b1b69d918c6c7c7b56fd7a9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.4.1-9.1ubuntu0.1_amd64.deb
      Size/MD5:  1382146 7175f800c20a9f075c5898b6c3deae25
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.4.1-9.1ubuntu0.1_amd64.deb
      Size/MD5:  1019772 9000c57678db6219b52fa321e953d98c
    http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.4.1-9.1ubuntu0.1_amd64.deb
      Size/MD5:  2652810 a2f8add8ba2e3bbd114d1d4ffa5097ca
    http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/python-rpm_4.4.1-9.1ubuntu0.1_amd64.deb
      Size/MD5:   621204 bc6a2dd2638b988af3b7b427bf7202f4
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.4.1-9.1ubuntu0.1_amd64.deb
      Size/MD5:   614232 aa80f556ac460cff24496671a8e228c6

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.4.1-9.1ubuntu0.1_i386.deb
      Size/MD5:  1304188 aa4728b03210130660c8e1e0b6e3f9b7
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.4.1-9.1ubuntu0.1_i386.deb
      Size/MD5:   972672 27231318ad285d94df3b53bdd7bd3304
    http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.4.1-9.1ubuntu0.1_i386.deb
      Size/MD5:  2396326 eaf7611282e5a71c528f4ae73e13eecd
    http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/python-rpm_4.4.1-9.1ubuntu0.1_i386.deb
      Size/MD5:   562296 7da71f2d1f6e395cc31c8a0cf62b8d7b
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.4.1-9.1ubuntu0.1_i386.deb
      Size/MD5:   600474 c4d90eb73da915b8a9794d3b306c3a82

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.4.1-9.1ubuntu0.1_powerpc.deb
      Size/MD5:  1317886 9d1001cdef76576eded57c664596dd69
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.4.1-9.1ubuntu0.1_powerpc.deb
      Size/MD5:  1006046 78ffab0bb25257065732eaea760bfb6c
    http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.4.1-9.1ubuntu0.1_powerpc.deb
      Size/MD5:  2689222 678c23972680321fb2226c1c57015a26
    http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/python-rpm_4.4.1-9.1ubuntu0.1_powerpc.deb
      Size/MD5:   655628 f5b6f0286b05c3860c36f524d14bc16d
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.4.1-9.1ubuntu0.1_powerpc.deb
      Size/MD5:   624374 900601d9f85479a0a1729bc0fbec97c5

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.4.1-9.1ubuntu0.1_sparc.deb
      Size/MD5:  1315202 666faaca96fda5b4eeb4500d06ca2f8b
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.4.1-9.1ubuntu0.1_sparc.deb
      Size/MD5:   964398 3ddc1cbc601b08a4504edbdbda46720c
    http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.4.1-9.1ubuntu0.1_sparc.deb
      Size/MD5:  2511934 44a14ac694c0694bd5edd4f541c38181
    http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/python-rpm_4.4.1-9.1ubuntu0.1_sparc.deb
      Size/MD5:   599148 99a398097159e7521fa170ebd7a60f78
    http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.4.1-9.1ubuntu0.1_sparc.deb
      Size/MD5:   600120 2304b7fd16c94ba7d72f23b3b06d54e9

--o+ZCuNqY+dEAKBWl
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFFTAUjH/9LqRcGPm0RAhb3AJ95iVD3reInrri8dO4eT03aA7tjNACfTsTT
jivC6Mq4Z+XCnvO0fuDUlwQ=XpKw
-----END PGP SIGNATURE-----

--o+ZCuNqY+dEAKBWl--


--==============88209401=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--==============88209401==--
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
'Snowden effect' has changed cloud data security assumption, survey claims
Galaxy S5 fingerprint scanner hacked with glue mould
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.