=========================================================== Ubuntu Security Notice USN-831-1 September 14, 2009 openexr vulnerabilities CVE-2009-1720, CVE-2009-1721, CVE-2009-1722 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libopenexr2ldbl 1.2.2-4.4ubuntu1.1 Ubuntu 8.10: libopenexr6 1.6.1-3ubuntu1.8.10.1 Ubuntu 9.04: libopenexr6 1.6.1-3ubuntu1.9.04.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Drew Yao discovered several flaws in the way OpenEXR handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1720, CVE-2009-1721) It was discovered that OpenEXR did not properly handle certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2009-1722) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.2.2-4.4ubuntu1.1.diff.gz Size/MD5: 14554 bcb5ecaf21b59a7710683a68aba0bb2b http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.2.2-4.4ubuntu1.1.dsc Size/MD5: 854 79f78a28a14dc93802a157e8e07da8b2 http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.2.2.orig.tar.gz Size/MD5: 9324108 a2e56af78dc47c7294ff188c8f78394b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr-dev_1.2.2-4.4ubuntu1.1_amd64.deb Size/MD5: 520502 bc8ae0a36129711cf8d3fe76ce9ba08a http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr2ldbl_1.2.2-4.4ubuntu1.1_amd64.deb Size/MD5: 286262 9f04235664daaae9a7f7e7b73380c48c http://security.ubuntu.com/ubuntu/pool/universe/o/openexr/openexr_1.2.2-4.4ubuntu1.1_amd64.deb Size/MD5: 734166 1f69f5a3df60c97112ae6cd10703c57e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr-dev_1.2.2-4.4ubuntu1.1_i386.deb Size/MD5: 489298 bf984b8b16376d340a740e53604cfdac http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr2ldbl_1.2.2-4.4ubuntu1.1_i386.deb Size/MD5: 287666 f450d951805adacac919a4200e4079c8 http://security.ubuntu.com/ubuntu/pool/universe/o/openexr/openexr_1.2.2-4.4ubuntu1.1_i386.deb Size/MD5: 731418 50a185e5cbef2dde80897bd3b794bca5 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.2.2-4.4ubuntu1.1_lpia.deb Size/MD5: 489194 c3204af1c07b5e8d91c77e8afc7f493b http://ports.ubuntu.com/pool/main/o/openexr/libopenexr2ldbl_1.2.2-4.4ubuntu1.1_lpia.deb Size/MD5: 287298 7c2fc36791080636a0bbe7278ed42555 http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.2.2-4.4ubuntu1.1_lpia.deb Size/MD5: 731534 57578bfd60be8abf7fcda8d5bafef26f powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.2.2-4.4ubuntu1.1_powerpc.deb Size/MD5: 589576 90a3f35339b108824d79a0f0107a12cf http://ports.ubuntu.com/pool/main/o/openexr/libopenexr2ldbl_1.2.2-4.4ubuntu1.1_powerpc.deb Size/MD5: 364716 0887057dc3b0d4e0ffee844453729327 http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.2.2-4.4ubuntu1.1_powerpc.deb Size/MD5: 754718 f7392e608b57a36e331a6fd704fd0345 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.2.2-4.4ubuntu1.1_sparc.deb Size/MD5: 538130 448b7ce51d6dd79d945da1e3e79558f1 http://ports.ubuntu.com/pool/main/o/openexr/libopenexr2ldbl_1.2.2-4.4ubuntu1.1_sparc.deb Size/MD5: 348778 438f6f0bf164bfbfc5d6231ae9812d61 http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.2.2-4.4ubuntu1.1_sparc.deb Size/MD5: 732896 b3032617d77a87167a5b324df68cfebc Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.6.1-3ubuntu1.8.10.1.diff.gz Size/MD5: 10364 e9b92379d848ea8041bb24f373abce27 http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.6.1-3ubuntu1.8.10.1.dsc Size/MD5: 1435 447d6de5b9270ee023190c6f6d4c5fd4 http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.6.1.orig.tar.gz Size/MD5: 13632660 11951f164f9c872b183df75e66de145a amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.8.10.1_amd64.deb Size/MD5: 407912 2f3b7facf838d3128cf2c1f0c4e1c815 http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.8.10.1_amd64.deb Size/MD5: 241494 22b5cb24558e05f772bcacd72235036f http://security.ubuntu.com/ubuntu/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.8.10.1_amd64.deb Size/MD5: 2773456 45d601ad97839d69fc59608d9604fdf8 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.8.10.1_i386.deb Size/MD5: 381918 9bd3511e0753b8b6f93645fa4aa43f73 http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.8.10.1_i386.deb Size/MD5: 246430 57dd3cfeaa869d1e841f9464c8ec2902 http://security.ubuntu.com/ubuntu/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.8.10.1_i386.deb Size/MD5: 2771286 c183b01a23042f8850646fbae7e8ef85 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.8.10.1_lpia.deb Size/MD5: 388238 9b356f52196cf4095783f18e7a603e5e http://ports.ubuntu.com/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.8.10.1_lpia.deb Size/MD5: 247922 aeac742568e377354f55332ad8b78d06 http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.8.10.1_lpia.deb Size/MD5: 2772774 c586fcbaf277a38f1d5af05826254663 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.8.10.1_powerpc.deb Size/MD5: 424732 2368ddc9d9638ea099e9fc120d652a92 http://ports.ubuntu.com/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.8.10.1_powerpc.deb Size/MD5: 262556 90531ff5022483bd42440a63bcdcbe34 http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.8.10.1_powerpc.deb Size/MD5: 2785810 531d8286b0dbed5876de654d9c5a0e15 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.8.10.1_sparc.deb Size/MD5: 381484 d265eb57c9803ca3421bbb809151f60d http://ports.ubuntu.com/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.8.10.1_sparc.deb Size/MD5: 250576 0d76214dc4310f943241df4cb495abd0 http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.8.10.1_sparc.deb Size/MD5: 2772058 c5e289674d121ef825e54f9dc47b00ae Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.6.1-3ubuntu1.9.04.1.diff.gz Size/MD5: 10370 cac945dee35c0411a697b27a46f0e42f http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.6.1-3ubuntu1.9.04.1.dsc Size/MD5: 1435 24179d6fa85e4047aa3dc3c694f155bf http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.6.1.orig.tar.gz Size/MD5: 13632660 11951f164f9c872b183df75e66de145a amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.9.04.1_amd64.deb Size/MD5: 407908 fc55d45abf5c0c97e71515ecebd528c7 http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.9.04.1_amd64.deb Size/MD5: 240858 d7f9b1dd22ef238a9ac08f8f207965d9 http://security.ubuntu.com/ubuntu/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.9.04.1_amd64.deb Size/MD5: 2773408 616015ed9d2bb5ca69f5e41ea6f5efbf i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.9.04.1_i386.deb Size/MD5: 381850 e7362ba5c8c7623053e7ba2d64d261c7 http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.9.04.1_i386.deb Size/MD5: 246152 6b5da6b29cd500b56e400909c21b803a http://security.ubuntu.com/ubuntu/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.9.04.1_i386.deb Size/MD5: 2771250 266caa9d44e92ccdf8c74affca342a4d lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.9.04.1_lpia.deb Size/MD5: 388080 0d501381d79dcbd662a2f0dcde11baf4 http://ports.ubuntu.com/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.9.04.1_lpia.deb Size/MD5: 247390 829f6cd695b52589edcde2a64cf5e0f1 http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.9.04.1_lpia.deb Size/MD5: 2772724 f3988f7f58639e1e5cf49beaf08ccfdb powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.9.04.1_powerpc.deb Size/MD5: 424104 bfa85703ce1182fdc174811b9e90fc9c http://ports.ubuntu.com/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.9.04.1_powerpc.deb Size/MD5: 261896 4b4275c8576aa92bbd48cfe6223b8e3c http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.9.04.1_powerpc.deb Size/MD5: 2785844 91802584d1c61f988087a68e8706e72a sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.9.04.1_sparc.deb Size/MD5: 381044 9adf5c3aa866865b9a8b2273eb40e697 http://ports.ubuntu.com/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.9.04.1_sparc.deb Size/MD5: 249858 828d97de309d99c0f5a0999174df0e97 http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.9.04.1_sparc.deb Size/MD5: 2772008 60fd8f4cff249108a15d60c5b0ce119b
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/