|
|
--K8nIJk4ghYZn606h
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
==========================================================Ubuntu Security Notice USN-967-1 August 09, 2010
w3m vulnerability
CVE-2010-2074
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
w3m 0.5.1-4ubuntu2.6.06.1
Ubuntu 8.04 LTS:
w3m 0.5.1-5.1ubuntu1.1
Ubuntu 9.04:
w3m 0.5.2-2ubuntu0.1
Ubuntu 9.10:
w3m 0.5.2-2ubuntu1.1
Ubuntu 10.04 LTS:
w3m 0.5.2-2.1ubuntu1.1
After a standard system update you need to restart any running instances
of w3m to effect the necessary changes.
Details follow:
Ludwig Nussel discovered w3m does not properly handle SSL/TLS
certificates with NULL characters in the certificate name. An
attacker could exploit this to perform a man in the middle
attack to view sensitive information or alter encrypted
communications. (CVE-2010-2074)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1-4ubuntu2.6.06.1.diff.gz
Size/MD5: 36950 61af8116989ea20fc9de2bc2035bff27
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1-4ubuntu2.6.06.1.dsc
Size/MD5: 1355 c63dfd7a3190d33b6a8bf3faf00cd142
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1.orig.tar.gz
Size/MD5: 1892121 0678b72e07e69c41709d71ef0fe5da13
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1-4ubuntu2.6.06.1_amd64.deb
Size/MD5: 1126754 b720fb3c60139097a5c5edd9d897b87c
http://security.ubuntu.com/ubuntu/pool/universe/w/w3m/w3m-img_0.5.1-4ubuntu2.6.06.1_amd64.deb
Size/MD5: 88686 f55ffb8f155ca56e20be538ac07e6fee
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1-4ubuntu2.6.06.1_i386.deb
Size/MD5: 1068634 434395522c44f645a31c114209dd1c2a
http://security.ubuntu.com/ubuntu/pool/universe/w/w3m/w3m-img_0.5.1-4ubuntu2.6.06.1_i386.deb
Size/MD5: 87694 6a0dad78d29a994fdf68b67b88671ae4
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1-4ubuntu2.6.06.1_powerpc.deb
Size/MD5: 1127384 b6901e8fb952d3bdb3fbb0509b5f9a5d
http://security.ubuntu.com/ubuntu/pool/universe/w/w3m/w3m-img_0.5.1-4ubuntu2.6.06.1_powerpc.deb
Size/MD5: 90024 094ae7b60a014e5a618cb8ce7d703a94
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1-4ubuntu2.6.06.1_sparc.deb
Size/MD5: 1091422 1ba881612fbd9485a867236f1d11b7dd
http://security.ubuntu.com/ubuntu/pool/universe/w/w3m/w3m-img_0.5.1-4ubuntu2.6.06.1_sparc.deb
Size/MD5: 88080 25fb4183bccb613a8488a95cb62bb3c4
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1-5.1ubuntu1.1.diff.gz
Size/MD5: 66475 4a2a88d49cf5ab546a6982a99898c58b
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1-5.1ubuntu1.1.dsc
Size/MD5: 1464 65975db4cabadca4c9bec3f29809c74b
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1.orig.tar.gz
Size/MD5: 1892121 0678b72e07e69c41709d71ef0fe5da13
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1-5.1ubuntu1.1_amd64.deb
Size/MD5: 1135768 32c8b4569c5b58a09bd64f56282ec654
http://security.ubuntu.com/ubuntu/pool/universe/w/w3m/w3m-img_0.5.1-5.1ubuntu1.1_amd64.deb
Size/MD5: 96198 1137f5eeb518741972967557945e3258
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1-5.1ubuntu1.1_i386.deb
Size/MD5: 1089658 109a28386eae068081eeb146d4925e56
http://security.ubuntu.com/ubuntu/pool/universe/w/w3m/w3m-img_0.5.1-5.1ubuntu1.1_i386.deb
Size/MD5: 94568 6da0f035169b3bf4fd4400c8acac72ca
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/w/w3m/w3m_0.5.1-5.1ubuntu1.1_lpia.deb
Size/MD5: 1090736 9bfff0a2b71d4aa37b4b28cdb5e61582
http://ports.ubuntu.com/pool/universe/w/w3m/w3m-img_0.5.1-5.1ubuntu1.1_lpia.deb
Size/MD5: 90628 358b504f48d6d172dfbb1945804c4bf7
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/w/w3m/w3m_0.5.1-5.1ubuntu1.1_powerpc.deb
Size/MD5: 1146328 20445145a9b1bc1e2b8d77f6e4a349ee
http://ports.ubuntu.com/pool/universe/w/w3m/w3m-img_0.5.1-5.1ubuntu1.1_powerpc.deb
Size/MD5: 98408 b292393ea87c7c4af64e962eba0f4def
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/w/w3m/w3m_0.5.1-5.1ubuntu1.1_sparc.deb
Size/MD5: 1102868 0349f127140948bf9138633aa7e14b81
http://ports.ubuntu.com/pool/universe/w/w3m/w3m-img_0.5.1-5.1ubuntu1.1_sparc.deb
Size/MD5: 95032 0f57e7c9d6316376841b333696c54f0e
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.2-2ubuntu0.1.diff.gz
Size/MD5: 37423 f9c79d46cdf642203df8f9867be41b98
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.2-2ubuntu0.1.dsc
Size/MD5: 1937 3f60110a2c58344bafd61cf1863f4346
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.2.orig.tar.gz
Size/MD5: 1906812 ba06992d3207666ed1bf2dcf7c72bf58
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.2-2ubuntu0.1_amd64.deb
Size/MD5: 1148486 0a0afd4fc3e428aa769b0accee982c2f
http://security.ubuntu.com/ubuntu/pool/universe/w/w3m/w3m-img_0.5.2-2ubuntu0.1_amd64.deb
Size/MD5: 97846 d6b9ad66d995620113ab184e37fc55a0
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.2-2ubuntu0.1_i386.deb
Size/MD5: 1101060 a518ef4f702cbe2efbb688a1b8fe57c5
http://security.ubuntu.com/ubuntu/pool/universe/w/w3m/w3m-img_0.5.2-2ubuntu0.1_i386.deb
Size/MD5: 96398 40ad5e711321e2c634a63daa92a5686b
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/w/w3m/w3m_0.5.2-2ubuntu0.1_lpia.deb
Size/MD5: 1103342 0c37ef9df76f00333c84f1a50b068c15
http://ports.ubuntu.com/pool/universe/w/w3m/w3m-img_0.5.2-2ubuntu0.1_lpia.deb
Size/MD5: 92336 44ee9a7564bd1bf4d6a75f687a45ad87
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/w/w3m/w3m_0.5.2-2ubuntu0.1_powerpc.deb
Size/MD5: 1151018 ce85e8a091ed9f8056994090f390900a
http://ports.ubuntu.com/pool/universe/w/w3m/w3m-img_0.5.2-2ubuntu0.1_powerpc.deb
Size/MD5: 99444 827a9275bb181723b3ad96f89f525588
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/w/w3m/w3m_0.5.2-2ubuntu0.1_sparc.deb
Size/MD5: 1111604 596d221abad7062a0761d149e8d461e4
http://ports.ubuntu.com/pool/universe/w/w3m/w3m-img_0.5.2-2ubuntu0.1_sparc.deb
Size/MD5: 96710 4d62bc85313b1410137d02f6d7b03101
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.2-2ubuntu1.1.diff.gz
Size/MD5: 38057 33741d01f9123e2ac4b001b5965a138f
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.2-2ubuntu1.1.dsc
Size/MD5: 1937 67fd371f8f538cc9da75fd1f40117138
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.2.orig.tar.gz
Size/MD5: 1906812 ba06992d3207666ed1bf2dcf7c72bf58
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.2-2ubuntu1.1_amd64.deb
Size/MD5: 1150762 ee4b7f030484b3f3c82f3ea60c4f1796
http://security.ubuntu.com/ubuntu/pool/universe/w/w3m/w3m-img_0.5.2-2ubuntu1.1_amd64.deb
Size/MD5: 98118 91bee71d56786bbe73c8f6ae1238951e
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.2-2ubuntu1.1_i386.deb
Size/MD5: 1103128 39d85b0b193ca5d9e69715e48274cdb4
http://security.ubuntu.com/ubuntu/pool/universe/w/w3m/w3m-img_0.5.2-2ubuntu1.1_i386.deb
Size/MD5: 96774 15ef3b3fb97297448af1897a0f44fa22
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/w/w3m/w3m_0.5.2-2ubuntu1.1_lpia.deb
Size/MD5: 1105262 c76bfae2336b8f471d1c44a8b288c144
http://ports.ubuntu.com/pool/universe/w/w3m/w3m-img_0.5.2-2ubuntu1.1_lpia.deb
Size/MD5: 92824 7e87ecc07fb95c7b1ede3d500b147c6c
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/w/w3m/w3m_0.5.2-2ubuntu1.1_powerpc.deb
Size/MD5: 1147542 338a4b4598416c4ecf4719b53f2f65eb
http://ports.ubuntu.com/pool/universe/w/w3m/w3m-img_0.5.2-2ubuntu1.1_powerpc.deb
Size/MD5: 97778 29626ad65098a96d57f105c7b0dcb8a2
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/w/w3m/w3m_0.5.2-2ubuntu1.1_sparc.deb
Size/MD5: 1113262 a00f705f6878a81a8a10038278556355
http://ports.ubuntu.com/pool/universe/w/w3m/w3m-img_0.5.2-2ubuntu1.1_sparc.deb
Size/MD5: 96812 5dfef2c4d1cfe12959e15d385962ab65
Updated packages for Ubuntu 10.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.2-2.1ubuntu1.1.diff.gz
Size/MD5: 38392 cfbd215d8a95d51e06ab3d72a879863a
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.2-2.1ubuntu1.1.dsc
Size/MD5: 1940 c18dc9fcb5667e45486d62d69fb411d8
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.2.orig.tar.gz
Size/MD5: 1906812 ba06992d3207666ed1bf2dcf7c72bf58
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.2-2.1ubuntu1.1_amd64.deb
Size/MD5: 1151090 ae18fccc687875c58e6576a7e327d7e4
http://security.ubuntu.com/ubuntu/pool/universe/w/w3m/w3m-img_0.5.2-2.1ubuntu1.1_amd64.deb
Size/MD5: 98324 c4b5ef5d809bf943281f227dc87da1d7
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.2-2.1ubuntu1.1_i386.deb
Size/MD5: 1103332 404cffbd005ddec39219472b00d49875
http://security.ubuntu.com/ubuntu/pool/universe/w/w3m/w3m-img_0.5.2-2.1ubuntu1.1_i386.deb
Size/MD5: 96974 2835f76d90b03d30a81dd77021f7edd9
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/w/w3m/w3m_0.5.2-2.1ubuntu1.1_powerpc.deb
Size/MD5: 1147860 924efbbb4dd2a8d85819e26a3bb6cd49
http://ports.ubuntu.com/pool/universe/w/w3m/w3m-img_0.5.2-2.1ubuntu1.1_powerpc.deb
Size/MD5: 98012 db7bb2da4a5ed140d2d80d5f7446d6ba
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/w/w3m/w3m_0.5.2-2.1ubuntu1.1_sparc.deb
Size/MD5: 1130804 f0b2cfa9cda748b3a0170c5befac81f2
http://ports.ubuntu.com/pool/universe/w/w3m/w3m-img_0.5.2-2.1ubuntu1.1_sparc.deb
Size/MD5: 97348 8919be99fd6a450fec6b9cf57ab7f2fd
--K8nIJk4ghYZn606h
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCgAGBQJMYH5MAAoJEC8Jno0AXoH0smIP/1kaR2FURxcKXTbqcAauHN3E
fmMDiZjtDG3iM9pFWYxOrb/TN85/MjIaXq5op89ZGpkuIOlnyZPAPAIMUrv5rHnH
KlCaskOHAKnNaKJZmtyiHt3B2ahM7RcYQ0GJFSlmv2j/I2BQiZpvVIvNM/gM7nV9
dlRT8tUFDmWB25DWt9ila6Qc5k6KTE5n83VYcDSPDWRU7Sr6fL1d5J3QW+hWm9BC
VuNh35zsHhcJ0pa4C4zxI5hLU3QFbghqFu+tduRwYUxHXL5i5nASHUmT462S/fY8
iWX8nVBFFbleE/mSzvkJEFhytHpyWShh/eG+SCLQrNftkFbmBa1gyfJHRoixvwlK
vLAV/O9wBIRDJBo2kblEIyBTQ7Gr8j5MT/tN7FiAgQuvvzedvD+HWvQLlJ3CZ1VS
xcMSPHPKkzQNOjhR7Zb2p1RYMy9sE3sL0XtmBBaSvNT7Akmf6e1ASPAUsSk3F/hs
SW6PFkQzadUcKSt8gi3VeXYFOUf18RXwcEVt9WK+4Ij5wgZ2Zsk9ce4sI8rKYFSs
qGceY0S1Rtdg2Ux6AYTjGaKXQimlR99XetCUw9tyGtpLKCQSIo850x9XYKYeLb7I
oobryO6Q7vVPRD7ObUopQPiotmd8oKubBCYzagwn854Wup6/MZqiiEBIfKpeyjvu
z8hlRbcKa0+PbkU5/PLS
=COpa
-----END PGP SIGNATURE-----
--K8nIJk4ghYZn606h--