=========================================================== Ubuntu Security Notice USN-562-1 January 08, 2008 opal vulnerability CVE-2007-4924 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libopal-2.2.0 2.2.1-1ubuntu1.1 Ubuntu 6.10: libopal-2.2.0 2.2.3.dfsg-0ubuntu2.1 Ubuntu 7.04: libopal-2.2.0 2.2.3.dfsg-2ubuntu2.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: Jose Miguel Esparza discovered that certain SIP headers were not correctly validated. A remote attacker could send a specially crafted packet to an application linked against opal (e.g. Ekiga) causing it to crash, leading to a denial of service. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.1-1ubuntu1.1.diff.gz Size/MD5: 11096 b4b07166b50466354a8924d710b025f3 http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.1-1ubuntu1.1.dsc Size/MD5: 1070 5e38c929e92b70f9ef5adb379e6929f8 http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.1.orig.tar.gz Size/MD5: 4144566 01b73a88d2d6419401ce456079da9015 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-doc_2.2.1-1ubuntu1.1_all.deb Size/MD5: 8056090 5a0e5d81828f8e686dcd3d4ed71f4e6e amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.1-1ubuntu1.1_amd64.deb Size/MD5: 3268152 6894adea417cca1c9a183eb09e03e1d9 http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.1-1ubuntu1.1_amd64.deb Size/MD5: 688128 30e8332cee33b8a28a538a353afa0c48 http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.1-1ubuntu1.1_amd64.deb Size/MD5: 488962 bdea241ba2c40bc55340c7ac56679669 http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.1-1ubuntu1.1_amd64.deb Size/MD5: 107400 d1b07a8b04ee2a58dfda81ec77e27729 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.1-1ubuntu1.1_i386.deb Size/MD5: 3012214 0767dbdce48daae6bd7eeb91d662ab1b http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.1-1ubuntu1.1_i386.deb Size/MD5: 673982 052b5fb240d8c38636cf7192dca7cfac http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.1-1ubuntu1.1_i386.deb Size/MD5: 488946 6753474950ff2f1b8755a9ae379ac9df http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.1-1ubuntu1.1_i386.deb Size/MD5: 105936 3745ad80eddc40fe702b7ecfe5cb1470 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.1-1ubuntu1.1_powerpc.deb Size/MD5: 3088304 e6adec0b8b464760b544295425b7b494 http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.1-1ubuntu1.1_powerpc.deb Size/MD5: 686320 4c043e01d3f0fa42ee8f8f4796866436 http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.1-1ubuntu1.1_powerpc.deb Size/MD5: 488940 7eccb3f391205c28ed4b4f1523fbe367 http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.1-1ubuntu1.1_powerpc.deb Size/MD5: 106844 55329249f59278b465226d6fc904a895 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.1-1ubuntu1.1_sparc.deb Size/MD5: 3152776 c4470f1fedd707bddfabfebd9251c8ff http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.1-1ubuntu1.1_sparc.deb Size/MD5: 690974 75f438123d1dbc1726967d02a1692be4 http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.1-1ubuntu1.1_sparc.deb Size/MD5: 488962 c23a127d94a671e685b6a07b78691e2f http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.1-1ubuntu1.1_sparc.deb Size/MD5: 104420 5278e79c1ecc8fd177699f12baec69bb Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.3.dfsg-0ubuntu2.1.diff.gz Size/MD5: 14292 0db1d447c8665685f515e6cba72ab2ea http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.3.dfsg-0ubuntu2.1.dsc Size/MD5: 1090 13fb03b67ef3c7c60091f244032e3dac http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.3.dfsg.orig.tar.gz Size/MD5: 3997608 29066ddbe461be125e4e60b37f103239 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-doc_2.2.3.dfsg-0ubuntu2.1_all.deb Size/MD5: 7903920 7b56b39dc1107ae12d9afd4976c7150b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-0ubuntu2.1_amd64.deb Size/MD5: 2944672 fb35c70fed70c3b2d59ef3468f24108c http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-0ubuntu2.1_amd64.deb Size/MD5: 9538 66baa146670cfb77c70f235a0085b36d http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-0ubuntu2.1_amd64.deb Size/MD5: 435490 8c99d8893d796ea9763e03419ed0de27 http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-0ubuntu2.1_amd64.deb Size/MD5: 49536 95caa2f7ee0f2307efcd6f2e1284fc3a i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-0ubuntu2.1_i386.deb Size/MD5: 2810080 97086a0cc8b9fdb5705c34d4d93c191f http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-0ubuntu2.1_i386.deb Size/MD5: 9544 8923ac17f69f308cef14521ad7536817 http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-0ubuntu2.1_i386.deb Size/MD5: 435502 0fcc9b5d9b2b761a5faadc9cbd6ab631 http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-0ubuntu2.1_i386.deb Size/MD5: 48984 c3c128ce190efaa9896541b45c2b55b6 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-0ubuntu2.1_powerpc.deb Size/MD5: 2888534 b0d62b6cbc72c5a3afe47ce5663f7aa2 http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-0ubuntu2.1_powerpc.deb Size/MD5: 9540 70aee7d211494010d6764152c3ecf1b8 http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-0ubuntu2.1_powerpc.deb Size/MD5: 435504 46734f0e2e2f5b9126da85f8e3f7e743 http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-0ubuntu2.1_powerpc.deb Size/MD5: 48896 9720814dc4d6015b8ad804e30696318d sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-0ubuntu2.1_sparc.deb Size/MD5: 3124518 651bf36123395f9d124826ca7c1a050f http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-0ubuntu2.1_sparc.deb Size/MD5: 9540 35a158ac5a170a005041c0381b3bb73c http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-0ubuntu2.1_sparc.deb Size/MD5: 435484 7a4e45e296282d54f4723ea0c654495e http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-0ubuntu2.1_sparc.deb Size/MD5: 46740 e32b2e4ad3a919a68478700fe3d10a23 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.3.dfsg-2ubuntu2.1.diff.gz Size/MD5: 25132 1fa21438372c7651ba02392c9aad1b4d http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.3.dfsg-2ubuntu2.1.dsc Size/MD5: 1178 36fc039c14064756fba29c0c8b01abc9 http://security.ubuntu.com/ubuntu/pool/main/o/opal/opal_2.2.3.dfsg.orig.tar.gz Size/MD5: 3997608 29066ddbe461be125e4e60b37f103239 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-doc_2.2.3.dfsg-2ubuntu2.1_all.deb Size/MD5: 7890546 37012a53b21133c92eb20194f2455541 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-2ubuntu2.1_amd64.deb Size/MD5: 3113332 e29de0ddb690dd360389c0e2a40bddb8 http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-2ubuntu2.1_amd64.deb Size/MD5: 643418 23b86253db671b09a49169c14b640239 http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-2ubuntu2.1_amd64.deb Size/MD5: 448872 bf6977e923e71f2292352cec151524e3 http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-2ubuntu2.1_amd64.deb Size/MD5: 64062 3c7fb4443a6722a1cea15a0f376e0f28 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-2ubuntu2.1_i386.deb Size/MD5: 2985634 b436430981821e5509c918b81f761c50 http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-2ubuntu2.1_i386.deb Size/MD5: 628264 1ff7e87ba5ed04549d0fd6fe557f788c http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-2ubuntu2.1_i386.deb Size/MD5: 448884 18a4c843fb9cee713bcc7a85392bad74 http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-2ubuntu2.1_i386.deb Size/MD5: 63484 db2f76f304bae69df2107e94245759b9 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-2ubuntu2.1_powerpc.deb Size/MD5: 3173122 b069bc945ffa6559491f327fc1e0e2ca http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-2ubuntu2.1_powerpc.deb Size/MD5: 642632 fb77c05cc314f5adc6b059312b046b8f http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-2ubuntu2.1_powerpc.deb Size/MD5: 448874 98405d8a3437dccf87dbd8fe380adcbd http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-2ubuntu2.1_powerpc.deb Size/MD5: 67956 0fef40743c604f29731766225ef1fbdc sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-2.2.0_2.2.3.dfsg-2ubuntu2.1_sparc.deb Size/MD5: 3317222 e57aaeda796c21177d158e2d1e1933a3 http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dbg_2.2.3.dfsg-2ubuntu2.1_sparc.deb Size/MD5: 646432 65757c6fae3a0c94b2b550a2ab2bf6ea http://security.ubuntu.com/ubuntu/pool/main/o/opal/libopal-dev_2.2.3.dfsg-2ubuntu2.1_sparc.deb Size/MD5: 448874 eedc3b551d2a02fc32aede484d77a516 http://security.ubuntu.com/ubuntu/pool/universe/o/opal/simpleopal_2.2.3.dfsg-2ubuntu2.1_sparc.deb Size/MD5: 61864 a9d758067dff32251256b4c159ea173e