Ubuntu 6580 Published by

A new pptpd vulnerability update is available for Ubuntu Linux. Here the announcement:



Ubuntu Security Notice USN-459-1 May 14, 2007
pptpd vulnerability
CVE-2007-0244
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
pptpd 1.2.3-1ubuntu0.1

Ubuntu 6.10:
pptpd 1.3.0-1ubuntu1.1

Ubuntu 7.04:
pptpd 1.3.0-2ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

A flaw was discovered in the PPTP tunnel server. Remote attackers could
send a specially crafted packet and disrupt established PPTP tunnels,
leading to a denial of service.


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu=
0.1.diff.gz
Size/MD5: 9525 4652286f82318c860e5e76083d663a7a
http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu=
0.1.dsc
Size/MD5: 597 e9625a44d4584da014ad77eba251454f
http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3.orig.ta=
r.gz
Size/MD5: 185721 a521e40ca304b0c125cc25f9b9d03324

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.2.3-1ubun=
tu0.1_amd64.deb
Size/MD5: 20370 545e71c0d8b32e871e45e4cfc5b6ad60
http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu=
0.1_amd64.deb
Size/MD5: 56580 04a987efa3877a0fceae2edb18b3f9f4

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.2.3-1ubun=
tu0.1_i386.deb
Size/MD5: 19594 1799e178a5987452c890d56c52a9be0f
http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu=
0.1_i386.deb
Size/MD5: 54090 1ea05584c2e45f278fb8d33af0d5ae6f

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.2.3-1ubun=
tu0.1_powerpc.deb
Size/MD5: 20266 8de4f690aa76298f8fd0be5177a6d4ed
http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu=
0.1_powerpc.deb
Size/MD5: 58214 9d8bd2969a2fa04a2b7c9aa96d8f907e

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.2.3-1ubun=
tu0.1_sparc.deb
Size/MD5: 20050 c4238aecb4637927d17a459cacdfc67e
http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu=
0.1_sparc.deb
Size/MD5: 54492 865f4e30dcff960623b51f2b8b7c3606

Updated packages for Ubuntu 6.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-1ubuntu=
1.1.diff.gz
Size/MD5: 10658 4cdd436b493b97c08e2d8f9c3f0b8e78
http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-1ubuntu=
1.1.dsc
Size/MD5: 598 8debde20d9628b9bfd6b31821db08c34
http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0.orig.ta=
r.gz
Size/MD5: 204099 75d494e881f7027f4e60b114163f6b67

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.3.0-1ubun=
tu1.1_amd64.deb
Size/MD5: 20598 f5560532c5a5223bd564b055bd0abf51
http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-1ubuntu=
1.1_amd64.deb
Size/MD5: 59582 e42730cfba2837b3c6150ba56d6f9902

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.3.0-1ubun=
tu1.1_i386.deb
Size/MD5: 20114 b10592444d29719ffd929221d905e25c
http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-1ubuntu=
1.1_i386.deb
Size/MD5: 57270 a2301734c0e64841c813fc7a98ccd078

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.3.0-1ubun=
tu1.1_powerpc.deb
Size/MD5: 20758 67b6f33a7b82b79799ebf848b2841862
http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-1ubuntu=
1.1_powerpc.deb
Size/MD5: 61800 97721f1023449e7748d3cc046d7dae13

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.3.0-1ubun=
tu1.1_sparc.deb
Size/MD5: 20330 07990d07edc743e826673113a0107c81
http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-1ubuntu=
1.1_sparc.deb
Size/MD5: 57270 2703d5648dbdb6cc8be04e3af1d73b7c

Updated packages for Ubuntu 7.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-2ubuntu=
2.1.diff.gz
Size/MD5: 11874 e81de357dfab8f29c3599625d81fc8cf
http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-2ubuntu=
2.1.dsc
Size/MD5: 691 8c0d9ed20da4b2d5c7bc0e0d9af7c041
http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0.orig.ta=
r.gz
Size/MD5: 204099 75d494e881f7027f4e60b114163f6b67

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.3.0-2ubun=
tu2.1_amd64.deb
Size/MD5: 21054 f3435c33df5e7edca459e840b28250ba
http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-2ubuntu=
2.1_amd64.deb
Size/MD5: 60236 c83890c810e301e953a7e727dea4fb5f

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.3.0-2ubun=
tu2.1_i386.deb
Size/MD5: 20522 5848f785378f0b6fd5da58c1bb52e0c5
http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-2ubuntu=
2.1_i386.deb
Size/MD5: 57932 434b72a6df46510351da38769f8daded

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.3.0-2ubun=
tu2.1_powerpc.deb
Size/MD5: 21712 d9aeb4185431c0f698f70ebd48be067e
http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-2ubuntu=
2.1_powerpc.deb
Size/MD5: 65494 709ade3791d02115930e5640c1a9ae07

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.3.0-2ubun=
tu2.1_sparc.deb
Size/MD5: 21006 a6f1fa7420c618bf629ff0fd5588ce83
http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-2ubuntu=
2.1_sparc.deb
Size/MD5: 58696 be68b75cd3cf01e5c4bcf79070e1587e


--O24KMDZ/7NA1I1FI
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGSO03H/9LqRcGPm0RAurCAJ94CS6YvX7Wc9pV0JVsXB8aRSwsrACfbm3d
004enZuvmEcryuvBQuqFZjE=
=E+DB
-----END PGP SIGNATURE-----