Articles / Ubuntu: New OPIE packages f…

Ubuntu: New OPIE packages fix security issues

Maksymilian Arciemowicz and Adam Zabrocki discovered that OPIE incorrectly handled long usernames. A remote attacker could exploit this with a crafted username and make applications linked against libopie crash, leading to a denial of service. Updated packages are available from security.ubuntu.com.

===========================================================
Ubuntu Security Notice USN-955-1              June 21, 2010
opie vulnerability
CVE-2010-1938
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.04:
 libopie-dev                     2.40~dfsg-0ubuntu1.9.04.1

Ubuntu 9.10:
 libopie-dev                     2.40~dfsg-0ubuntu1.9.10.1

Ubuntu 10.04 LTS:
 libopie-dev                     2.40~dfsg-0ubuntu1.10.04.1

In general, a standard system update will make all the necessary changes.

Details follow:

Maksymilian Arciemowicz and Adam Zabrocki discovered that OPIE incorrectly
handled long usernames. A remote attacker could exploit this with a crafted
username and make applications linked against libopie crash, leading to a
denial of service.


Updated packages for Ubuntu 9.04:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg-0ubuntu1.9.04.1.diff.gz
     Size/MD5:     9412 6e9e9190b066ff3ce4d79c44af2cfebe
   http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg-0ubuntu1.9.04.1.dsc
     Size/MD5:     1139 7e1e1f2997befa10ae8cffabfa4db522
   http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg.orig.tar.gz
     Size/MD5:   174823 4a2be4eedcefedd106af82aa06aedd60

 amd64 architecture (Athlon64, Opteron, EM64T Xeon):

   http://security.ubuntu.com/ubuntu/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.04.1_amd64.deb
     Size/MD5:    32852 b9c79d257b6a746d0ad07053e41d15a5
   http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.04.1_amd64.deb
     Size/MD5:    44898 48b0a257f368ac90c41eb3484e147b0b
   http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.04.1_amd64.deb
     Size/MD5:    48514 d3bfc3b527faaadbd82d6ca83c2f1ca7

 i386 architecture (x86 compatible Intel/AMD):

   http://security.ubuntu.com/ubuntu/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.04.1_i386.deb
     Size/MD5:    31798 ed4992c032d6947a2cfea458a6ad2c51
   http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.04.1_i386.deb
     Size/MD5:    44102 9cddebdf2ff4e1cbca7d14e8cb15b984
   http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.04.1_i386.deb
     Size/MD5:    47654 688e469a8a7958453e3e205c4f3768c8

 lpia architecture (Low Power Intel Architecture):

   http://ports.ubuntu.com/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.04.1_lpia.deb
     Size/MD5:    30716 08cb73e7ff0534a082f9a6659e0ce333
   http://ports.ubuntu.com/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.04.1_lpia.deb
     Size/MD5:    43802 219ba660fd518ba025bb044e78a3a625
   http://ports.ubuntu.com/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.04.1_lpia.deb
     Size/MD5:    47284 251588648175ef401d32d3890b30a50a

 powerpc architecture (Apple Macintosh G3/G4/G5):

   http://ports.ubuntu.com/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.04.1_powerpc.deb
     Size/MD5:    33580 f585ffa422c9d61630c8d9bd4ce4dc1e
   http://ports.ubuntu.com/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.04.1_powerpc.deb
     Size/MD5:    46016 e344999d7cbbf96b42322a503bc19845
   http://ports.ubuntu.com/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.04.1_powerpc.deb
     Size/MD5:    48928 a07244aee0e9e844cac51ea172a59be6

 sparc architecture (Sun SPARC/UltraSPARC):

   http://ports.ubuntu.com/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.04.1_sparc.deb
     Size/MD5:    32112 09c04bef194c1a1e4c71cd43dd3ac537
   http://ports.ubuntu.com/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.04.1_sparc.deb
     Size/MD5:    45388 f2c093ff244a2ee6072a70cfd0fe75ca
   http://ports.ubuntu.com/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.04.1_sparc.deb
     Size/MD5:    48594 4779a75bb2a444dea595c4e83726f3b3

Updated packages for Ubuntu 9.10:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg-0ubuntu1.9.10.1.diff.gz
     Size/MD5:     9416 1b4036959fde389a79c60555cb294082
   http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg-0ubuntu1.9.10.1.dsc
     Size/MD5:     1139 b15759930af9e24a9858f1912003d654
   http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg.orig.tar.gz
     Size/MD5:   174823 4a2be4eedcefedd106af82aa06aedd60

 amd64 architecture (Athlon64, Opteron, EM64T Xeon):

   http://security.ubuntu.com/ubuntu/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.10.1_amd64.deb
     Size/MD5:    33946 bbcf3722c4eec05dcc85714bb4905519
   http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.10.1_amd64.deb
     Size/MD5:    45872 2904223e62ddc578dd9cec239f9cea51
   http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.10.1_amd64.deb
     Size/MD5:    49212 63025a249846bf7a9fe283d0447f83ed

 i386 architecture (x86 compatible Intel/AMD):

   http://security.ubuntu.com/ubuntu/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.10.1_i386.deb
     Size/MD5:    32460 371573fae6f6061e73efbf641293e1f8
   http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.10.1_i386.deb
     Size/MD5:    44720 17c63c58981fe7dba64f848a20224e13
   http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.10.1_i386.deb
     Size/MD5:    48218 f24bdb5f2e0f42b88d43307cbb78cc8c

 lpia architecture (Low Power Intel Architecture):

   http://ports.ubuntu.com/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.10.1_lpia.deb
     Size/MD5:    31496 98769948900f0e6a9fb3b30cd09ad418
   http://ports.ubuntu.com/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.10.1_lpia.deb
     Size/MD5:    44596 963a18749621b7615ba19ec5b0ad1a4e
   http://ports.ubuntu.com/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.10.1_lpia.deb
     Size/MD5:    47840 705abfed82e0e64ea47046e59947681a

 powerpc architecture (Apple Macintosh G3/G4/G5):

   http://ports.ubuntu.com/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.10.1_powerpc.deb
     Size/MD5:    33648 dab512cd68ebce9a256c7b126250176e
   http://ports.ubuntu.com/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.10.1_powerpc.deb
     Size/MD5:    45774 291e20a894ec6cca0d15f355ebd99f3e
   http://ports.ubuntu.com/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.10.1_powerpc.deb
     Size/MD5:    48682 b7cacffb565f7a765bda1df9d3667c75

 sparc architecture (Sun SPARC/UltraSPARC):

   http://ports.ubuntu.com/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.10.1_sparc.deb
     Size/MD5:    32326 d5afe5e50292147af7fd593ccc8f45eb
   http://ports.ubuntu.com/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.10.1_sparc.deb
     Size/MD5:    45628 1e6435a28498b1d1660555eb2feff9b1
   http://ports.ubuntu.com/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.10.1_sparc.deb
     Size/MD5:    48570 64b774c24b1d32889ad3e177a030d9db

Updated packages for Ubuntu 10.04:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg-0ubuntu1.10.04.1.diff.gz
     Size/MD5:     9417 7d69bcb66c523fabb6bcb77f6f49a75a
   http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg-0ubuntu1.10.04.1.dsc
     Size/MD5:     1143 b5ef0adf98f91a9ad6e47d51c30545ce
   http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg.orig.tar.gz
     Size/MD5:   174823 4a2be4eedcefedd106af82aa06aedd60

 amd64 architecture (Athlon64, Opteron, EM64T Xeon):

   http://security.ubuntu.com/ubuntu/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.10.04.1_amd64.deb
     Size/MD5:    33830 89f9d096e9869d76540c50875c666a2a
   http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.10.04.1_amd64.deb
     Size/MD5:    45772 f4b2493ccb1e7c77ed29003349a82cd3
   http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.10.04.1_amd64.deb
     Size/MD5:    49080 efce404aa45a9a51431396e213db5425

 i386 architecture (x86 compatible Intel/AMD):

   http://security.ubuntu.com/ubuntu/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.10.04.1_i386.deb
     Size/MD5:    32276 d387fa29e024e41302e0001d6c498b31
   http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.10.04.1_i386.deb
     Size/MD5:    44642 5b26dafeeefca98b742c083c41d9b4bc
   http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.10.04.1_i386.deb
     Size/MD5:    48008 c892f45587d5d39879c48e0f6d2d001e

 powerpc architecture (Apple Macintosh G3/G4/G5):

   http://ports.ubuntu.com/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.10.04.1_powerpc.deb
     Size/MD5:    33566 e741a9deb923cfb671bbc1812610b882
   http://ports.ubuntu.com/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.10.04.1_powerpc.deb
     Size/MD5:    45678 c53206c0d347bd0b97a37eedaa197790
   http://ports.ubuntu.com/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.10.04.1_powerpc.deb
     Size/MD5:    48600 ffcd300b5f3fa6e5c11651dc0434bbba

 sparc architecture (Sun SPARC/UltraSPARC):

   http://ports.ubuntu.com/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.10.04.1_sparc.deb
     Size/MD5:    33506 3c577ee37bc07cf204b317e2b75bb10b
   http://ports.ubuntu.com/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.10.04.1_sparc.deb
     Size/MD5:    46780 20f06a8f6a908e494bdb9e398de11f71
   http://ports.ubuntu.com/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.10.04.1_sparc.deb
     Size/MD5:    49756 9d18a9f6dfb7cb9333207f7566e0d54f
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.