LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: 994-1: libHX vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that libHX incorrectly handled certain parameters to theHX_split function. An attacker could use this flaw to cause a denial ofservice or possibly execute arbitrary code with the privileges of the user. [More...]
===========================================================
Ubuntu Security Notice USN-994-1         September 29, 2010
libhx vulnerability
CVE-2010-2947
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  libhx10                         1.10.2-2ubuntu0.1

Ubuntu 9.04:
  libhx14                         1.28-1ubuntu0.1

Ubuntu 9.10:
  libhx18                         2.9-3ubuntu0.1

Ubuntu 10.04 LTS:
  libhx22                         3.2-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that libHX incorrectly handled certain parameters to the
HX_split function. An attacker could use this flaw to cause a denial of
service or possibly execute arbitrary code with the privileges of the user.

The default compiler options for affected releases should reduce the
vulnerability to a denial of service.


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx_1.10.2-2ubuntu0.1.diff.gz
      Size/MD5:     1970 984fd63404b75d20fb9e4299d16b5385
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx_1.10.2-2ubuntu0.1.dsc
      Size/MD5:      687 8a7c3c329eed552f3081cafb08e26460
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx_1.10.2.orig.tar.gz
      Size/MD5:   378161 68278028d6f9ae72e8d532f8a2d9ea64

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx-dev_1.10.2-2ubuntu0.1_amd64.deb
      Size/MD5:    26544 0e938478bd65ef98381f926d279d45de
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx10_1.10.2-2ubuntu0.1_amd64.deb
      Size/MD5:    23412 89c0a5975b21dbbbfcb10c41fac86699

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx-dev_1.10.2-2ubuntu0.1_i386.deb
      Size/MD5:    23454 a968c17b44583b751f387c34f766ba88
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx10_1.10.2-2ubuntu0.1_i386.deb
      Size/MD5:    22124 00023761452b93b9458d7ce5f4896c05

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libh/libhx/libhx-dev_1.10.2-2ubuntu0.1_lpia.deb
      Size/MD5:    23442 d5851a03d2df84cf542b7cdba07111b6
    http://ports.ubuntu.com/pool/main/libh/libhx/libhx10_1.10.2-2ubuntu0.1_lpia.deb
      Size/MD5:    21888 4eb876684e0598fdf93a0d646547f02d

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libh/libhx/libhx-dev_1.10.2-2ubuntu0.1_powerpc.deb
      Size/MD5:    26448 9fd78d20527b37f230c1734a43a605a6
    http://ports.ubuntu.com/pool/main/libh/libhx/libhx10_1.10.2-2ubuntu0.1_powerpc.deb
      Size/MD5:    25634 2774760401d9c50af8215439eca57d78

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/libh/libhx/libhx-dev_1.10.2-2ubuntu0.1_sparc.deb
      Size/MD5:    23530 1d655d75408a7b2cc106193d8dde3c66
    http://ports.ubuntu.com/pool/main/libh/libhx/libhx10_1.10.2-2ubuntu0.1_sparc.deb
      Size/MD5:    20364 69ce9dea685f47cff72cbf5ceeb41064

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx_1.28-1ubuntu0.1.diff.gz
      Size/MD5:     2360 d6c13e7174afc6aea9f46a02dbf7d3e0
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx_1.28-1ubuntu0.1.dsc
      Size/MD5:     1151 20da0c4f5ad8529fb6cc05a0c1e67c39
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx_1.28.orig.tar.gz
      Size/MD5:   391656 aef8f8cbdf2be8b11e9e38765c12689e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx-dev_1.28-1ubuntu0.1_amd64.deb
      Size/MD5:    30154 59505ae716b45da83eacc2f1557bf8fb
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx14_1.28-1ubuntu0.1_amd64.deb
      Size/MD5:    25694 25a71005b67bc7c25c427d9cdfd74860

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx-dev_1.28-1ubuntu0.1_i386.deb
      Size/MD5:    26432 ca8d597103f44926ca2b46475cbdc74d
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx14_1.28-1ubuntu0.1_i386.deb
      Size/MD5:    24940 fac9f196ab1c35d3fc655e86f55a26a9

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libh/libhx/libhx-dev_1.28-1ubuntu0.1_lpia.deb
      Size/MD5:    26040 09e32936821ecb89293f6571fd498ec0
    http://ports.ubuntu.com/pool/main/libh/libhx/libhx14_1.28-1ubuntu0.1_lpia.deb
      Size/MD5:    24382 331d09d9ada4f8b95f212454a41d1742

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libh/libhx/libhx-dev_1.28-1ubuntu0.1_powerpc.deb
      Size/MD5:    30570 0e5d904dd738c637b8b6f91825d51da2
    http://ports.ubuntu.com/pool/main/libh/libhx/libhx14_1.28-1ubuntu0.1_powerpc.deb
      Size/MD5:    28686 8a372ce3a130e0b53cfc49f1e05822f6

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/libh/libhx/libhx-dev_1.28-1ubuntu0.1_sparc.deb
      Size/MD5:    26912 e7b51cec6fd0a1cc9483d2a5cd997680
    http://ports.ubuntu.com/pool/main/libh/libhx/libhx14_1.28-1ubuntu0.1_sparc.deb
      Size/MD5:    22684 1142e76455ee46a4afd3acd992455782

Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx_2.9-3ubuntu0.1.diff.gz
      Size/MD5:     2828 76863e225f67008e1ac69216a0d50d7c
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx_2.9-3ubuntu0.1.dsc
      Size/MD5:     1155 6e15a2b81e186686a72454b9eadd0cad
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx_2.9.orig.tar.gz
      Size/MD5:   896031 fedec77f29893d72b83fbc6b52b38be5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx-dev_2.9-3ubuntu0.1_amd64.deb
      Size/MD5:    34654 1b9f8e8698e36f20473e49f196c515b8
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx-doc_2.9-3ubuntu0.1_amd64.deb
      Size/MD5:   466786 e04de274fc75ac6910ce5d15f3b4d3f7
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx18_2.9-3ubuntu0.1_amd64.deb
      Size/MD5:    29782 cd7aecb6461cfbf49d50d8f772b2fc2b

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx-dev_2.9-3ubuntu0.1_i386.deb
      Size/MD5:    30374 0f277db7d89a5feaa48ff6d988dcd6a7
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx-doc_2.9-3ubuntu0.1_i386.deb
      Size/MD5:   467056 7b6899acf91b0f879437798cb8b39a5e
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx18_2.9-3ubuntu0.1_i386.deb
      Size/MD5:    28048 52259e602e4a7abd39b0918c9edccc0c

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libh/libhx/libhx-dev_2.9-3ubuntu0.1_lpia.deb
      Size/MD5:    30376 55e525ed83cb8046cf192390fbca44cb
    http://ports.ubuntu.com/pool/main/libh/libhx/libhx-doc_2.9-3ubuntu0.1_lpia.deb
      Size/MD5:   466654 07cbd11d93bf90e38a09caa296a2215a
    http://ports.ubuntu.com/pool/main/libh/libhx/libhx18_2.9-3ubuntu0.1_lpia.deb
      Size/MD5:    27364 f1a430abc47ae5b92b4048cd544aa5b5

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libh/libhx/libhx-dev_2.9-3ubuntu0.1_powerpc.deb
      Size/MD5:    35154 ed5e3e9505efd1cdf895f7ab9d224575
    http://ports.ubuntu.com/pool/main/libh/libhx/libhx-doc_2.9-3ubuntu0.1_powerpc.deb
      Size/MD5:   466662 f814dfaba9a65855561f2e69747de08c
    http://ports.ubuntu.com/pool/main/libh/libhx/libhx18_2.9-3ubuntu0.1_powerpc.deb
      Size/MD5:    30382 7515b2f828ba001875ea84949dfea975

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/libh/libhx/libhx-dev_2.9-3ubuntu0.1_sparc.deb
      Size/MD5:    31482 4c9696d7c0fc71d67acbf5403fd46046
    http://ports.ubuntu.com/pool/main/libh/libhx/libhx-doc_2.9-3ubuntu0.1_sparc.deb
      Size/MD5:   466662 77af6aad6eedea81080cc5a2dd31c0f1
    http://ports.ubuntu.com/pool/main/libh/libhx/libhx18_2.9-3ubuntu0.1_sparc.deb
      Size/MD5:    26626 088e384391062e8cef75e5737996ad7d

Updated packages for Ubuntu 10.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx_3.2-1ubuntu0.1.debian.tar.gz
      Size/MD5:     3719 04ce6e5c3769656bc26317c1d3816308
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx_3.2-1ubuntu0.1.dsc
      Size/MD5:     1189 7d3d331fdbdd7ee9c58be7c82ecc24b8
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx_3.2.orig.tar.bz2
      Size/MD5:   829439 e4628ab2c058fd38e741f2c0ebd58d7d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx-dev_3.2-1ubuntu0.1_amd64.deb
      Size/MD5:    38248 192be72b6ef57f9f29b8c251e0ba724b
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx-doc_3.2-1ubuntu0.1_amd64.deb
      Size/MD5:   475432 b092a13deb1e69d9f23509a01db72cab
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx22_3.2-1ubuntu0.1_amd64.deb
      Size/MD5:    32862 17ccd2de7e4e3ad4d84e01e5ba7a276c

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx-dev_3.2-1ubuntu0.1_i386.deb
      Size/MD5:    33282 af2e87b32aeeec874d0f28d4ed935d5c
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx-doc_3.2-1ubuntu0.1_i386.deb
      Size/MD5:   475434 6c7133936aa41c8541e36bf79d882ee0
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhx/libhx22_3.2-1ubuntu0.1_i386.deb
      Size/MD5:    30704 33f83db85d5e4f7dc6a7f70e1cde64ed

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libh/libhx/libhx-dev_3.2-1ubuntu0.1_powerpc.deb
      Size/MD5:    38838 85576bd442c04d8c2de92e4341ee4033
    http://ports.ubuntu.com/pool/main/libh/libhx/libhx-doc_3.2-1ubuntu0.1_powerpc.deb
      Size/MD5:   475434 b276f4b5acc919c1be8ba5ea6f9583ca
    http://ports.ubuntu.com/pool/main/libh/libhx/libhx22_3.2-1ubuntu0.1_powerpc.deb
      Size/MD5:    33640 3aa79a9a4a0451a0a6e78b68f7b36888

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/libh/libhx/libhx-dev_3.2-1ubuntu0.1_sparc.deb
      Size/MD5:    35190 ae2d0b206e92bbedd36c57fe7e80b450
    http://ports.ubuntu.com/pool/main/libh/libhx/libhx-doc_3.2-1ubuntu0.1_sparc.deb
      Size/MD5:   475438 1708e7d88cc0301b5c7b7c853af534e9
    http://ports.ubuntu.com/pool/main/libh/libhx/libhx22_3.2-1ubuntu0.1_sparc.deb
      Size/MD5:    30310 e906aa11d91b92cec0b01036b7fe3879




 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
USB is now UEC (use with extreme caution)
iPhone Encryption and the Return of the Crypto Wars
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.