----------------------------------------------------------------------

Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?

Click here to learn more:
http://secunia.com/advisories/business_solutions/

----------------------------------------------------------------------

TITLE:
Ubuntu update for fglrx-installer

SECUNIA ADVISORY ID:
SA33895

VERIFY ADVISORY:
http://secunia.com/advisories/33895/

DESCRIPTION:
Ubuntu has issued an update for fglrx-installer. This fixes a
vulnerability, which can be exploited by malicious, local users to
perform certain actions with escalated privileges.

The vulnerability is caused due to the installer creating an insecure
LD_LIBRARY_PATH on 64bit systems. This can be exploited to execute
arbitrary code with privileges of the user running the affected
binaries by causing the binaries to load a malicious shared library
from the current directory.

SOLUTION:
Apply updated packages.

-- Ubuntu 8.10 --

Source archives:

http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/fglrx-installer_8.543-0ubuntu4.1.diff.gz
Size/MD5: 26000 8fd05a4ab9e9f04c59ed5b731bcacd8b
http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/fglrx-installer_8.543-0ubuntu4.1.dsc
Size/MD5: 1443 e7dee56d6c645ff3bce0c3093af205e3
http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/fglrx-installer_8.543.orig.tar.gz
Size/MD5: 47046692 6abc8e86f1a00168ba8f43d58f71cb69

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/f/fglrx-installer/fglrx-modaliases_8.543-0ubuntu4.1_amd64.deb
Size/MD5: 10938 8f0014e73c06b1fd0e586359067641c7
http://security.ubuntu.com/ubuntu/pool/multiverse/f/fglrx-installer/libamdxvba1_8.543-0ubuntu4.1_amd64.deb
Size/MD5: 846038 8982e97324d57a3db0072123d2406a56
http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/fglrx-amdcccle_8.543-0ubuntu4.1_amd64.deb
Size/MD5: 6630112 72d48d2e40f3bb63b7ad9b66367d5dca
http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/fglrx-kernel-source_8.543-0ubuntu4.1_amd64.deb
Size/MD5: 1430276 cd88c1a040f050472b82406308e28ec5
http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/xorg-driver-fglrx-dev_8.543-0ubuntu4.1_amd64.deb
Size/MD5: 83402 8b2fc26c7f1e2417613e543428d5b21f
http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/xorg-driver-fglrx_8.543-0ubuntu4.1_amd64.deb
Size/MD5: 17264298 e26cff93ff7eb4cddede61ea41b81aee

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/f/fglrx-installer/fglrx-modaliases_8.543-0ubuntu4.1_i386.deb
Size/MD5: 10938 2fc0c5d1a8c799df60ee474b10e57e0a
http://security.ubuntu.com/ubuntu/pool/multiverse/f/fglrx-installer/libamdxvba1_8.543-0ubuntu4.1_i386.deb
Size/MD5: 412474 c23a19c9e238b0cc8986b98910c0da9d
http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/fglrx-amdcccle_8.543-0ubuntu4.1_i386.deb
Size/MD5: 6749062 80263acaf045f9a196d8a2486dc42969
http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/fglrx-kernel-source_8.543-0ubuntu4.1_i386.deb
Size/MD5: 1368946 18257688f659b91d95746e1b509edc5d
http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/xorg-driver-fglrx-dev_8.543-0ubuntu4.1_i386.deb
Size/MD5: 78658 537cc59d4b86274114f0eeb5febdf283
http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/xorg-driver-fglrx_8.543-0ubuntu4.1_i386.deb
Size/MD5: 11915472 d392662d6ecefae8992c12c0356b63fa

PROVIDED AND/OR DISCOVERED BY:
Marko Lindqvist

ORIGINAL ADVISORY:
USN-721-1:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2009-February/000841.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------