=========================================================== Ubuntu Security Notice USN-841-1 October 05, 2009 glib2.0 vulnerability CVE-2009-3289 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libglib2.0-0 2.16.6-0ubuntu1.2 Ubuntu 8.10: libglib2.0-0 2.18.2-0ubuntu2.2 Ubuntu 9.04: libglib2.0-0 2.20.1-0ubuntu2.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: Arand Nash discovered that applications linked to GLib (e.g. Nautilus) did not correctly copy symlinks. If a user copied symlinks with GLib, the symlink target files would become world-writable, allowing local attackers to gain access to potentially sensitive information. Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.16.6-0ubuntu1.2.diff.gz Size/MD5: 36482 5a747f19839228824de8b801306697b1 http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.16.6-0ubuntu1.2.dsc Size/MD5: 1168 b073d48a3ef03f58d58a647ba6bc5152 http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.16.6.orig.tar.gz Size/MD5: 6491460 65c594a471406a377bee8171a2ea43d4 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-doc_2.16.6-0ubuntu1.2_all.deb Size/MD5: 1131446 3554e3c1d7ff9e967b2a70118ed269d0 http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-data_2.16.6-0ubuntu1.2_all.deb Size/MD5: 968 8b2ba86fa2ce1c1ce6f87449a29ba398 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-0ubuntu1.2_amd64.deb Size/MD5: 1177628 74b9bb38332276d8f27e84a2a989923c http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.16.6-0ubuntu1.2_amd64.deb Size/MD5: 824766 5d60a5bbee4bb5f5a503cf17b6b968d8 http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.16.6-0ubuntu1.2_amd64.deb Size/MD5: 985446 30a551102c0dc05911b28d18f09094e2 http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libgio-fam_2.16.6-0ubuntu1.2_amd64.deb Size/MD5: 48396 5fbd8935fc8cdfbc87ddee9dd5ea906e http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-udeb_2.16.6-0ubuntu1.2_amd64.udeb Size/MD5: 1307488 0e797f76924ae31a0a54f596207c1c18 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-0ubuntu1.2_i386.deb Size/MD5: 1102278 322adce90ad9052eb05e97acb2bb3aed http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.16.6-0ubuntu1.2_i386.deb Size/MD5: 758442 d60d1a00d850acc2bf29301d2e708c94 http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.16.6-0ubuntu1.2_i386.deb Size/MD5: 872458 21872fd8706eccc3260906e9e18b81f6 http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libgio-fam_2.16.6-0ubuntu1.2_i386.deb Size/MD5: 46706 5e4456b1527efd940e01c7aca7c65072 http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-udeb_2.16.6-0ubuntu1.2_i386.udeb Size/MD5: 1241052 ca6659a5062d06e9f95a794d25aa0bec lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-0ubuntu1.2_lpia.deb Size/MD5: 1126498 a8cf538453e395b610fd43a0e1d3995c http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.16.6-0ubuntu1.2_lpia.deb Size/MD5: 749728 b8ab5b52627b33a02dc628518f6e8cc1 http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.16.6-0ubuntu1.2_lpia.deb Size/MD5: 866292 d24055f7c9b3c22743b23b1db647f8c8 http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.16.6-0ubuntu1.2_lpia.deb Size/MD5: 46612 7b5d6df79a5cc8a2a776b0c67b30a889 http://ports.ubuntu.com/pool/universe/g/glib2.0/libglib2.0-udeb_2.16.6-0ubuntu1.2_lpia.udeb Size/MD5: 1232302 fafbeb120762dfb6b82d401106729d21 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-0ubuntu1.2_powerpc.deb Size/MD5: 1166088 050d4dd8978470c1093993d6c90e596a http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.16.6-0ubuntu1.2_powerpc.deb Size/MD5: 825162 ecffe44dd39ccfd545503ca4a71fa7e0 http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.16.6-0ubuntu1.2_powerpc.deb Size/MD5: 1033488 700541c029701259dd63002d839e6b58 http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.16.6-0ubuntu1.2_powerpc.deb Size/MD5: 48212 365fa4ae6a0d78604327e3512fffb461 http://ports.ubuntu.com/pool/universe/g/glib2.0/libglib2.0-udeb_2.16.6-0ubuntu1.2_powerpc.udeb Size/MD5: 1307814 dd8adeb8031b2bf15835c3c6ab294867 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-0ubuntu1.2_sparc.deb Size/MD5: 1031494 f32564a7f6e9690edacbf0f780cef5eb http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.16.6-0ubuntu1.2_sparc.deb Size/MD5: 781614 be1710dc92c6743fa361e5e3e09b1ef9 http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.16.6-0ubuntu1.2_sparc.deb Size/MD5: 954028 d0096984a450e243d3000477eb57fc68 http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.16.6-0ubuntu1.2_sparc.deb Size/MD5: 47426 adb02e18065700850fc14681a73ad940 http://ports.ubuntu.com/pool/universe/g/glib2.0/libglib2.0-udeb_2.16.6-0ubuntu1.2_sparc.udeb Size/MD5: 1264164 2721162b1d7cb0a32ab3ba614d1be5c9 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.18.2-0ubuntu2.2.diff.gz Size/MD5: 35443 73649aa00b9d205898ae59e370fd9e9d http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.18.2-0ubuntu2.2.dsc Size/MD5: 1590 a926c661d9c479a13a4411142bbf3c72 http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.18.2.orig.tar.gz Size/MD5: 6792476 0f2bf241fc93d95a0bd599a9c2a352ca Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-data_2.18.2-0ubuntu2.2_all.deb Size/MD5: 958 99a3c187fb42b5474cbd9084bd0030d0 http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-doc_2.18.2-0ubuntu2.2_all.deb Size/MD5: 1152092 f2fe37185e9baeb1053d679532b8b065 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.18.2-0ubuntu2.2_amd64.deb Size/MD5: 1248558 0e994c01e40a02dca07eb3e97dbc18bb http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.18.2-0ubuntu2.2_amd64.deb Size/MD5: 842792 4b0ac82667ecef56cc860beccdee293e http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.18.2-0ubuntu2.2_amd64.deb Size/MD5: 1027690 ab9170d2e4e7a59cbacda17f4cd26a83 http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libgio-fam_2.18.2-0ubuntu2.2_amd64.deb Size/MD5: 44238 f554baa4009cb2f94d3a772b61588a66 http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-udeb_2.18.2-0ubuntu2.2_amd64.udeb Size/MD5: 1401396 b03b104e47ef33b7dc39dcdeaf19be90 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.18.2-0ubuntu2.2_i386.deb Size/MD5: 1173950 6fca09b423847cd228c54bfb2cae0b8f http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.18.2-0ubuntu2.2_i386.deb Size/MD5: 771386 59fc2f39bf44711d3f71e931fac145d9 http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.18.2-0ubuntu2.2_i386.deb Size/MD5: 910734 5b6b4f5f29cfdd0bc10feea8568fdc99 http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libgio-fam_2.18.2-0ubuntu2.2_i386.deb Size/MD5: 42770 2fc72afdfb182c5d98a6025c9781d50c http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-udeb_2.18.2-0ubuntu2.2_i386.udeb Size/MD5: 1330248 b35f040211be097dde97b42cfb670434 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.18.2-0ubuntu2.2_lpia.deb Size/MD5: 1195246 1e0c8d42046bb26ca77faf7f33e273c3 http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.18.2-0ubuntu2.2_lpia.deb Size/MD5: 760718 e2715639702d39739133dc050359afe3 http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.18.2-0ubuntu2.2_lpia.deb Size/MD5: 901700 0ef039e50122f10423ef12cf0983541c http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.18.2-0ubuntu2.2_lpia.deb Size/MD5: 42636 b958b2a50e892a45c950ad2b85a935b0 http://ports.ubuntu.com/pool/universe/g/glib2.0/libglib2.0-udeb_2.18.2-0ubuntu2.2_lpia.udeb Size/MD5: 1319542 25ac302084e325749e0b9fc1b4c7f0b3 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.18.2-0ubuntu2.2_powerpc.deb Size/MD5: 1237952 1e714a4b235f51b8d36a458878fbe093 http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.18.2-0ubuntu2.2_powerpc.deb Size/MD5: 845898 458dd666f452eb766156fbf3c6dad720 http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.18.2-0ubuntu2.2_powerpc.deb Size/MD5: 1079876 8e0767a4ab92de24c1616ed8f4d528d3 http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.18.2-0ubuntu2.2_powerpc.deb Size/MD5: 44050 45fe62276a6a3b92281969762601f78f http://ports.ubuntu.com/pool/universe/g/glib2.0/libglib2.0-udeb_2.18.2-0ubuntu2.2_powerpc.udeb Size/MD5: 1404280 9cb23943f8aa9e63e80fe489caecca64 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.18.2-0ubuntu2.2_sparc.deb Size/MD5: 1077380 058daceb636ddcd10164358265cb24ff http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.18.2-0ubuntu2.2_sparc.deb Size/MD5: 791034 83ee279d3e7824d6d39a2adfed996787 http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.18.2-0ubuntu2.2_sparc.deb Size/MD5: 985278 cef0af3b99bf2da441e416e0b14e8352 http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.18.2-0ubuntu2.2_sparc.deb Size/MD5: 43316 928da79d94b2fe648ae0eb8b88e0b91d http://ports.ubuntu.com/pool/universe/g/glib2.0/libglib2.0-udeb_2.18.2-0ubuntu2.2_sparc.udeb Size/MD5: 1349944 9cb36ac4a77838ba835e4054ebc8006a Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.20.1-0ubuntu2.1.diff.gz Size/MD5: 37116 868528ad6cb52e2d44545af18fc1ce68 http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.20.1-0ubuntu2.1.dsc Size/MD5: 1787 da3e90ca36741d5707fecf76e8721f5a http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.20.1.orig.tar.gz Size/MD5: 7130990 855be1b668ceaec3320c702212c95638 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-data_2.20.1-0ubuntu2.1_all.deb Size/MD5: 988 a45364a2d8509221d95b1ad8c1b06dd8 http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-doc_2.20.1-0ubuntu2.1_all.deb Size/MD5: 1173566 392137fd234e3b18599cd83cc23de82e amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.20.1-0ubuntu2.1_amd64.deb Size/MD5: 1267456 ac0577ab5b91c87f538fe4c51e37dc4b http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.20.1-0ubuntu2.1_amd64.deb Size/MD5: 848734 d593e59a3c013ee23dc4abf59a24b4f3 http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.20.1-0ubuntu2.1_amd64.deb Size/MD5: 1045830 b1453c6d591e7c9bcf321cb01c9b2c1c http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-udeb_2.20.1-0ubuntu2.1_amd64.udeb Size/MD5: 1474384 b2239443a6a9a7ff36a7fdfe2e73c668 http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libgio-fam_2.20.1-0ubuntu2.1_amd64.deb Size/MD5: 34548 47a0ab55b3eb9f7b52c9527f81e963a9 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.20.1-0ubuntu2.1_i386.deb Size/MD5: 1191820 a0b07904592f136ad4ee93a8948da580 http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.20.1-0ubuntu2.1_i386.deb Size/MD5: 777212 4b21124cbefa06dfab88a4d7891db90b http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.20.1-0ubuntu2.1_i386.deb Size/MD5: 927792 3f55a23af4269bf4f194b48a784b0b25 http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-udeb_2.20.1-0ubuntu2.1_i386.udeb Size/MD5: 1403190 e685faa392ba17bf58f764336a28f5f7 http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libgio-fam_2.20.1-0ubuntu2.1_i386.deb Size/MD5: 33190 e3db9d13b73405a007d425a2c1c2df1e lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.20.1-0ubuntu2.1_lpia.deb Size/MD5: 1210906 9036b0463ab9702f87b5d4a6ff2ea0bb http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.20.1-0ubuntu2.1_lpia.deb Size/MD5: 765332 e24d23f1ed35765d084cb3324b2993a7 http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.20.1-0ubuntu2.1_lpia.deb Size/MD5: 917694 3d04fe7b5635311d9f5ad51d09995777 http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-udeb_2.20.1-0ubuntu2.1_lpia.udeb Size/MD5: 1391182 f2f71f14300d89635fb2b739a44f6132 http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.20.1-0ubuntu2.1_lpia.deb Size/MD5: 33072 fd27bbd1ef6586b26259164104d1c132 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.20.1-0ubuntu2.1_powerpc.deb Size/MD5: 1255082 55cc71be24c6a43187d3997ca8b2fcba http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.20.1-0ubuntu2.1_powerpc.deb Size/MD5: 853460 35e80083e1c62411d92855e6d75f864e http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.20.1-0ubuntu2.1_powerpc.deb Size/MD5: 1101358 6cd274b60f52dd837e8ce2f2281e8060 http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-udeb_2.20.1-0ubuntu2.1_powerpc.udeb Size/MD5: 1478758 a1430354b79feadb28d8113681337d63 http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.20.1-0ubuntu2.1_powerpc.deb Size/MD5: 34664 084bfefc579f5bd8edef02cdbd1d667b sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.20.1-0ubuntu2.1_sparc.deb Size/MD5: 1090202 9fcf2e1a5176ad1b9b694d59d826e588 http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.20.1-0ubuntu2.1_sparc.deb Size/MD5: 797802 367f79748bd2021b0da5935a7f522750 http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.20.1-0ubuntu2.1_sparc.deb Size/MD5: 1003874 80701dd1515c302b4c73f71265cdfe39 http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-udeb_2.20.1-0ubuntu2.1_sparc.udeb Size/MD5: 1423862 8f042b442ac55ddfb3b2935363bcd58a http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.20.1-0ubuntu2.1_sparc.deb Size/MD5: 33802 1ccc2b53c8127c0fa4b4f91859f9ae7d
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/