=========================================================== Ubuntu Security Notice USN-991-1 September 23, 2010 quassel vulnerability https://launchpad.net/bugs/629774 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.04: quassel 0.4.1-0ubuntu3.1 quassel-core 0.4.1-0ubuntu3.1 Ubuntu 9.10: quassel 0.5.0-0ubuntu1.2 quassel-core 0.5.0-0ubuntu1.2 Ubuntu 10.04 LTS: quassel 0.6.1-0ubuntu1.1 quassel-core 0.6.1-0ubuntu1.1 After a standard system update you need to restart quassel or quasselcore to make all the necessary changes. Details follow: Jima discovered that quassel would respond to a single privmsg containing multiple CTCP requests with multiple NOTICEs, possibly resulting in a denial of service against the IRC connection. Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.4.1-0ubuntu3.1.diff.gz Size/MD5: 14652 af43ed7a72ffa090d37c2d0d00702078 http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.4.1-0ubuntu3.1.dsc Size/MD5: 1963 5ae8d0ff60b5b06b895bb9ae171d5245 http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.4.1.orig.tar.gz Size/MD5: 3387386 ad02d180d013e4e802405bc0d4fbc92f Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel-data_0.4.1-0ubuntu3.1_all.deb Size/MD5: 473278 ed6d2d9ce47958e33c22d53eeb130eb1 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.4.1-0ubuntu3.1_amd64.deb Size/MD5: 19585188 055a31fd179133cea112d8ade393af00 http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-client_0.4.1-0ubuntu3.1_amd64.deb Size/MD5: 16123196 4768b70faa56de99a58887eba390df0f http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-core_0.4.1-0ubuntu3.1_amd64.deb Size/MD5: 5329522 59c6d37437fe451c63a57ac97e16a73e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.4.1-0ubuntu3.1_i386.deb Size/MD5: 19364706 5accb85ff4b7650cef63ea278d68240c http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-client_0.4.1-0ubuntu3.1_i386.deb Size/MD5: 15952248 61e3e2a169bd98c1ddb4e281f658588e http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-core_0.4.1-0ubuntu3.1_i386.deb Size/MD5: 5235750 6312c44c3bf5bac1db19898f335a607e lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/q/quassel/quassel_0.4.1-0ubuntu3.1_lpia.deb Size/MD5: 19463224 baa50d79d8a62f81c6864a5db776e7eb http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client_0.4.1-0ubuntu3.1_lpia.deb Size/MD5: 16028358 88bc16020301f4bfc678737932d3b199 http://ports.ubuntu.com/pool/universe/q/quassel/quassel-core_0.4.1-0ubuntu3.1_lpia.deb Size/MD5: 5263036 aca976fd07ee5ff6dbb3ee73267781c1 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/q/quassel/quassel_0.4.1-0ubuntu3.1_powerpc.deb Size/MD5: 20086318 f5e0299a1d9419a08955f4706768f15d http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client_0.4.1-0ubuntu3.1_powerpc.deb Size/MD5: 16547258 91262f19d6d83196f7124b90e5d331a7 http://ports.ubuntu.com/pool/universe/q/quassel/quassel-core_0.4.1-0ubuntu3.1_powerpc.deb Size/MD5: 5444286 7628daecf48ef865fc46fee187b89815 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/q/quassel/quassel_0.4.1-0ubuntu3.1_sparc.deb Size/MD5: 901540 b050e39630f12db8759a6d0071501b6a http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client_0.4.1-0ubuntu3.1_sparc.deb Size/MD5: 748492 5d3f95e15324a98ffe371154c7846681 http://ports.ubuntu.com/pool/universe/q/quassel/quassel-core_0.4.1-0ubuntu3.1_sparc.deb Size/MD5: 286256 1451beeb70db724cab56ccc61b188600 Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.5.0-0ubuntu1.2.diff.gz Size/MD5: 17877 a7e04cda3cc45e3409eb57a4ea20148c http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.5.0-0ubuntu1.2.dsc Size/MD5: 1991 6ff013a9b19d1d76b87817da84d37687 http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.5.0.orig.tar.gz Size/MD5: 3708203 24e2733475557ba9641d83a74442a329 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel-data_0.5.0-0ubuntu1.2_all.deb Size/MD5: 1118114 daef742c8ed0581b36866a6230f57279 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel-dbg_0.5.0-0ubuntu1.2_amd64.deb Size/MD5: 13617108 94c8dc2426de0bad88137cfdd10157f3 http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.5.0-0ubuntu1.2_amd64.deb Size/MD5: 798800 84c29f58597f26952cd99af53fd20044 http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-client_0.5.0-0ubuntu1.2_amd64.deb Size/MD5: 643210 e9284ca8bd9338440f66f9ec9df5c144 http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-core_0.5.0-0ubuntu1.2_amd64.deb Size/MD5: 289588 ec455d993f45fee6fb369a428bb2d1b9 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel-dbg_0.5.0-0ubuntu1.2_i386.deb Size/MD5: 13398662 8a4946ca41efeb8e5da0d4a1de40f94c http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.5.0-0ubuntu1.2_i386.deb Size/MD5: 718874 88985af3b8b3c0ec86475603d0bd911c http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-client_0.5.0-0ubuntu1.2_i386.deb Size/MD5: 573058 24ba9f3e8c54a2184d21a8070798528a http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-core_0.5.0-0ubuntu1.2_i386.deb Size/MD5: 258348 faf03e06b48194cae6b7397e9b31d7bf lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/q/quassel/quassel-dbg_0.5.0-0ubuntu1.2_lpia.deb Size/MD5: 13484634 ea119b79c6f10c5f468f42a1261a21fe http://ports.ubuntu.com/pool/main/q/quassel/quassel_0.5.0-0ubuntu1.2_lpia.deb Size/MD5: 750220 c93f8350459ab54a67d4ed15674c161e http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client_0.5.0-0ubuntu1.2_lpia.deb Size/MD5: 598854 eecdc6c1fe079d1f91fb1ae9e75fe888 http://ports.ubuntu.com/pool/universe/q/quassel/quassel-core_0.5.0-0ubuntu1.2_lpia.deb Size/MD5: 266918 35caabd03e6e96765abf21fb3e96ba25 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/q/quassel/quassel-dbg_0.5.0-0ubuntu1.2_powerpc.deb Size/MD5: 13362254 455876ecad334f3d47cc961f9d542882 http://ports.ubuntu.com/pool/main/q/quassel/quassel_0.5.0-0ubuntu1.2_powerpc.deb Size/MD5: 683910 428a6c2c5ac213f37f4be7d07d24421e http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client_0.5.0-0ubuntu1.2_powerpc.deb Size/MD5: 550606 98c59f305f95b778a427eda949870e18 http://ports.ubuntu.com/pool/universe/q/quassel/quassel-core_0.5.0-0ubuntu1.2_powerpc.deb Size/MD5: 240866 00f3f5d56de26f7c198f4d5b1c42a83f sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/q/quassel/quassel-dbg_0.5.0-0ubuntu1.2_sparc.deb Size/MD5: 12870536 0c26033e159f8fa8e0515d231ed8b5dc http://ports.ubuntu.com/pool/main/q/quassel/quassel_0.5.0-0ubuntu1.2_sparc.deb Size/MD5: 697712 5db7fc580d0a5668f57eea842e6d6d96 http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client_0.5.0-0ubuntu1.2_sparc.deb Size/MD5: 562214 8017a2a7aaa61766db7669bb25610f67 http://ports.ubuntu.com/pool/universe/q/quassel/quassel-core_0.5.0-0ubuntu1.2_sparc.deb Size/MD5: 238760 e5684b9ee3244cbacf89d39efc64a864 Updated packages for Ubuntu 10.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.6.1-0ubuntu1.1.diff.gz Size/MD5: 17335 6ef325c343740527c723a98f2610b4b0 http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.6.1-0ubuntu1.1.dsc Size/MD5: 2103 29587f5b391aa00a8383a0fc86aa48fb http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.6.1.orig.tar.gz Size/MD5: 2955756 6bda53416187ce4d80c498ec7742a3ff Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel-data_0.6.1-0ubuntu1.1_all.deb Size/MD5: 411078 142d15c7c197a5678440c8bc1663cfbc amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel-dbg_0.6.1-0ubuntu1.1_amd64.deb Size/MD5: 13762064 ac4fa17c3f153b31e48710836cd04118 http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.6.1-0ubuntu1.1_amd64.deb Size/MD5: 848954 3dfe977c0e08d67f0e768e7ff21cbeaa http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-client-qt4_0.6.1-0ubuntu1.1_amd64.deb Size/MD5: 7738614 cc022c8cb8a20d98b264d5b9071dbb2c http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-client_0.6.1-0ubuntu1.1_amd64.deb Size/MD5: 689906 8620ad03d7d1b6292d8f73e38d8521e7 http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-core_0.6.1-0ubuntu1.1_amd64.deb Size/MD5: 300578 095fe9ebe92dcbccd68c2caae9eaddd6 http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-qt4_0.6.1-0ubuntu1.1_amd64.deb Size/MD5: 9180230 b2361610cb686f6b0fec9c12ec3b3105 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel-dbg_0.6.1-0ubuntu1.1_i386.deb Size/MD5: 13850914 f3d28f9ad948bd49511f921afd8b8c76 http://security.ubuntu.com/ubuntu/pool/main/q/quassel/quassel_0.6.1-0ubuntu1.1_i386.deb Size/MD5: 775228 afe558076285e911a1d4a4f03b36d7ee http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-client-qt4_0.6.1-0ubuntu1.1_i386.deb Size/MD5: 7643656 f5545c998ff3da6a4813ad8c05379007 http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-client_0.6.1-0ubuntu1.1_i386.deb Size/MD5: 624750 5b85e0ad310fbdff8f6b46cbcf1f0269 http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-core_0.6.1-0ubuntu1.1_i386.deb Size/MD5: 267622 be3e9ddff363ccfbf84b026012c65716 http://security.ubuntu.com/ubuntu/pool/universe/q/quassel/quassel-qt4_0.6.1-0ubuntu1.1_i386.deb Size/MD5: 9092034 c141744e896c1883cf3fd16b56301e3a powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/q/quassel/quassel-dbg_0.6.1-0ubuntu1.1_powerpc.deb Size/MD5: 13629256 b1c44c71d90612b77ac6620d31c28682 http://ports.ubuntu.com/pool/main/q/quassel/quassel_0.6.1-0ubuntu1.1_powerpc.deb Size/MD5: 726084 2e80db84854a26657dc2dd780b2823bc http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client-qt4_0.6.1-0ubuntu1.1_powerpc.deb Size/MD5: 7503830 514e0af5679a3d50a93f520e2d6a7ae5 http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client_0.6.1-0ubuntu1.1_powerpc.deb Size/MD5: 591360 dbb809d80a8172cc2d4c66092c016751 http://ports.ubuntu.com/pool/universe/q/quassel/quassel-core_0.6.1-0ubuntu1.1_powerpc.deb Size/MD5: 249718 6f01517af6d40a9df03c561588969219 http://ports.ubuntu.com/pool/universe/q/quassel/quassel-qt4_0.6.1-0ubuntu1.1_powerpc.deb Size/MD5: 8903884 6f639491914209752e14b6e2e145e1fe sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/q/quassel/quassel-dbg_0.6.1-0ubuntu1.1_sparc.deb Size/MD5: 13122498 84562bf0f6cf99ad0b6a1f2eed93684d http://ports.ubuntu.com/pool/main/q/quassel/quassel_0.6.1-0ubuntu1.1_sparc.deb Size/MD5: 695148 1b45d6d593296d3166bad999541f7b72 http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client-qt4_0.6.1-0ubuntu1.1_sparc.deb Size/MD5: 7314170 c8dcff3fce69ecc8fce569ea1b254ef6 http://ports.ubuntu.com/pool/universe/q/quassel/quassel-client_0.6.1-0ubuntu1.1_sparc.deb Size/MD5: 567846 c39e338a570d34aa267c7a4739a2d52c http://ports.ubuntu.com/pool/universe/q/quassel/quassel-core_0.6.1-0ubuntu1.1_sparc.deb Size/MD5: 232296 d7ed93144b074fc6947ef7a0125d9c6e http://ports.ubuntu.com/pool/universe/q/quassel/quassel-qt4_0.6.1-0ubuntu1.1_sparc.deb Size/MD5: 8626464 13cfeaa7f4c722cffd6042e481ae731f _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/