[USN-964-2] Likewise Open regression

Kees Cook kees at ubuntu.com
Tue Aug 3 18:52:00 UTC 2010


===========================================================
Ubuntu Security Notice USN-964-2              July 29, 2010
likewise-open regression
https://launchpad.net/bugs/610300
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.04 LTS:
  likewise-open                   5.4.0.42111-2ubuntu1.2

In general, a standard system update will make all the necessary changes.

Details follow:

USN-964-1 fixed vulnerabilities in Likewise Open. The upstream fixes
were incomplete, which caused problems running certain services. This
update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 Matt Weatherford discovered that Likewise Open did not correctly check
 password expiration for the local-provider account. A local attacker could
 exploit this to log into a system they would otherwise not have access to.


Updated packages for Ubuntu 10.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/likewise-open/likewise-open_5.4.0.42111-2ubuntu1.2.diff.gz
      Size/MD5:    64730 c06c995d1587c6e6412db742006534fd
    http://security.ubuntu.com/ubuntu/pool/main/l/likewise-open/likewise-open_5.4.0.42111-2ubuntu1.2.dsc
      Size/MD5:     1650 06e9edfb159003f9bd729fa01f1721ba
    http://security.ubuntu.com/ubuntu/pool/main/l/likewise-open/likewise-open_5.4.0.42111.orig.tar.gz
      Size/MD5: 18092080 19620caa003a2b5d72333a89bf1374f2

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open5-eventlog_5.4.0.42111-2ubuntu1.2_all.deb
      Size/MD5:     5494 4fea19be64844bb8f1cbcc3dd1193a10
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open5-gui_5.4.0.42111-2ubuntu1.2_all.deb
      Size/MD5:     5494 17747612d1dfa470664416147e52f5bb
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open5-libs_5.4.0.42111-2ubuntu1.2_all.deb
      Size/MD5:     5488 2a0895620bdcb3a5ae3de034f3a577f9
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open5-lsass_5.4.0.42111-2ubuntu1.2_all.deb
      Size/MD5:     5974 74cdea31f3008c8bf26d8b4323d66aad
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open5-netlogon_5.4.0.42111-2ubuntu1.2_all.deb
      Size/MD5:     5494 0da6e70ca8f61f9ea32ae810da9c23b7
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open5-rpc_5.4.0.42111-2ubuntu1.2_all.deb
      Size/MD5:     5488 76f4f77dce0e9b2e0c992b0f730aefef
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open5_5.4.0.42111-2ubuntu1.2_all.deb
      Size/MD5:     5478 0d0428eccd22b3a9d87234601058e636

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/l/likewise-open/likewise-open_5.4.0.42111-2ubuntu1.2_amd64.deb
      Size/MD5:  3098034 074eb0ffcb5322844b63ad0d720e06d1
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open-gui_5.4.0.42111-2ubuntu1.2_amd64.deb
      Size/MD5:    29198 99e45c76b1aac9dc4c121c0eff487c88
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open-server_5.4.0.42111-2ubuntu1.2_amd64.deb
      Size/MD5:   561310 b3ceb8663fc378b955c4d1dfef924901

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/l/likewise-open/likewise-open_5.4.0.42111-2ubuntu1.2_i386.deb
      Size/MD5:  2677376 c7bf46ea2debdf7ec2f751b765a1607d
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open-gui_5.4.0.42111-2ubuntu1.2_i386.deb
      Size/MD5:    28228 98e0e33cedffeb75c019d25f5c42723b
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open-server_5.4.0.42111-2ubuntu1.2_i386.deb
      Size/MD5:   480296 7b09a17fa783d8459bbd832a74337af6

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20100803/e19efc19/attachment.sig>


More information about the ubuntu-security-announce mailing list