what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice 626-2

Ubuntu Security Notice 626-2
Posted Aug 4, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 626-2 - USN-626-1 fixed vulnerabilities in xulrunner-1.9. The changes required that Devhelp, Epiphany, Midbrowser and Yelp also be updated to use the new xulrunner-1.9. Original advisory details: A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Billy Rios discovered that Firefox and xulrunner, as used by browsers such as Epiphany, did not properly perform URI splitting with pipe symbols when passed a command-line URI. If Firefox or xulrunner were passed a malicious URL, an attacker may be able to execute local content with chrome privileges.

tags | advisory, web, denial of service, overflow, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2008-2785, CVE-2008-2933
SHA-256 | 208d9fa4ec91bae0914c869ff66a50adc922a82314b1dfa26695559e72d2bd49

Ubuntu Security Notice 626-2

Change Mirror Download
=========================================================== 
Ubuntu Security Notice USN-626-2 August 04, 2008
devhelp, epiphany-browser, midbrowser, yelp update
https://launchpad.net/bugs/253462
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
devhelp 0.19-1ubuntu1.8.04.3
epiphany-gecko 2.22.2-0ubuntu0.8.04.5
midbrowser 0.3.0rc1a-1~8.04.2
yelp 2.22.1-0ubuntu2.8.04.2

After a standard system upgrade you need to restart Devhelp, Epiphany,
Midbrowser and Yelp to effect the necessary changes.

Details follow:

USN-626-1 fixed vulnerabilities in xulrunner-1.9. The changes required
that Devhelp, Epiphany, Midbrowser and Yelp also be updated to use the
new xulrunner-1.9.

Original advisory details:

A flaw was discovered in the browser engine. A variable could be made to
overflow causing the browser to crash. If a user were tricked into opening
a malicious web page, an attacker could cause a denial of service or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2008-2785)

Billy Rios discovered that Firefox and xulrunner, as used by browsers
such as Epiphany, did not properly perform URI splitting with pipe
symbols when passed a command-line URI. If Firefox or xulrunner were
passed a malicious URL, an attacker may be able to execute local
content with chrome privileges. (CVE-2008-2933)


Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/devhelp_0.19-1ubuntu1.8.04.3.diff.gz
Size/MD5: 31298 9c7bb3906f79ab2c1f190cbefb703f82
http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/devhelp_0.19-1ubuntu1.8.04.3.dsc
Size/MD5: 1114 bb5bf149ce7b8df7a16d7ab7c411d5ed
http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/devhelp_0.19.orig.tar.gz
Size/MD5: 675357 3a9cb38f83d7f20391b19e305608f289
http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-browser_2.22.2-0ubuntu0.8.04.5.diff.gz
Size/MD5: 41819 89fa0f8815e04a0f634241b6c1f364d3
http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-browser_2.22.2-0ubuntu0.8.04.5.dsc
Size/MD5: 1589 61c107f668ad8b4aa25c398b0c93fe1d
http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-browser_2.22.2.orig.tar.gz
Size/MD5: 7126288 cdc44e20c2ebaba1fe71c1154030dcd9
http://security.ubuntu.com/ubuntu/pool/main/m/midbrowser/midbrowser_0.3.0rc1a-1~8.04.2.dsc
Size/MD5: 1081 fcc8bc8330370aa9df477a6b6f6fb819
http://security.ubuntu.com/ubuntu/pool/main/m/midbrowser/midbrowser_0.3.0rc1a-1~8.04.2.tar.gz
Size/MD5: 46625228 e35bc6b300ba8ba6795cc3c8544c1c70
http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.22.1-0ubuntu2.8.04.2.diff.gz
Size/MD5: 1268814 35076923ad47e759c7944548421dee51
http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.22.1-0ubuntu2.8.04.2.dsc
Size/MD5: 1230 bd4fda6dd2e3c57f2db67e635e805a5b
http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.22.1.orig.tar.gz
Size/MD5: 1528478 e97a18f7e002d293394726004fc110b7

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/devhelp-common_0.19-1ubuntu1.8.04.3_all.deb
Size/MD5: 38486 95c5a3b17fd74b4dd632e7c8a2c559ec
http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-browser-data_2.22.2-0ubuntu0.8.04.5_all.deb
Size/MD5: 3296778 b77676d76c4a5ba0728fca33aadc238a
http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-browser-dev_2.22.2-0ubuntu0.8.04.5_all.deb
Size/MD5: 115802 30f9179b2bbeb7fc0170ec9156deedd5
http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-browser_2.22.2-0ubuntu0.8.04.5_all.deb
Size/MD5: 49494 bb116eb3227198464792497dbf1b1fa3

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/devhelp_0.19-1ubuntu1.8.04.3_amd64.deb
Size/MD5: 17026 5fd05c053b42d0ab1228e97953aa8775
http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/libdevhelp-1-0_0.19-1ubuntu1.8.04.3_amd64.deb
Size/MD5: 100988 c8f2b1a6898df9a34715ed306ce0f28d
http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/libdevhelp-1-dev_0.19-1ubuntu1.8.04.3_amd64.deb
Size/MD5: 6702 35a0280af7c5ad62333b6ad64c612bd9
http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-browser-dbg_2.22.2-0ubuntu0.8.04.5_amd64.deb
Size/MD5: 1948612 87efe42bb7facafb8f5c24ecb7d256ef
http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-gecko_2.22.2-0ubuntu0.8.04.5_amd64.deb
Size/MD5: 579338 3e65b363fad9bb0f9364d13312d438c1
http://security.ubuntu.com/ubuntu/pool/main/m/midbrowser/midbrowser_0.3.0rc1a-1~8.04.2_amd64.deb
Size/MD5: 1222428 1ec764e382c763932d3485062f9d30a8
http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.22.1-0ubuntu2.8.04.2_amd64.deb
Size/MD5: 359272 22eda6f6103d5b22a7fd6734941ce57a

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/devhelp_0.19-1ubuntu1.8.04.3_i386.deb
Size/MD5: 31736 3930e413a69542a6fe692da52e122bf6
http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/libdevhelp-1-0_0.19-1ubuntu1.8.04.3_i386.deb
Size/MD5: 79106 7d4f9e0bca4834ffe03160a25fd5d915
http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/libdevhelp-1-dev_0.19-1ubuntu1.8.04.3_i386.deb
Size/MD5: 21908 4da4fbb4969b6f50dfdd970e6b330434
http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-browser-dbg_2.22.2-0ubuntu0.8.04.5_i386.deb
Size/MD5: 1863560 670d52c0413ae0f34b7d515e75f35022
http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-gecko_2.22.2-0ubuntu0.8.04.5_i386.deb
Size/MD5: 545286 900c7fe883d5b0a134e6f562d91dfdff
http://security.ubuntu.com/ubuntu/pool/main/m/midbrowser/midbrowser_0.3.0rc1a-1~8.04.2_i386.deb
Size/MD5: 1192374 75f56b11566863c175d97f2015c8c4e0
http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.22.1-0ubuntu2.8.04.2_i386.deb
Size/MD5: 346632 08944188ce8e4e48b76f63c6bead71f9

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/d/devhelp/devhelp_0.19-1ubuntu1.8.04.3_lpia.deb
Size/MD5: 16710 9eca7f0fe03d7555b777e2f3bbd69444
http://ports.ubuntu.com/pool/main/d/devhelp/libdevhelp-1-0_0.19-1ubuntu1.8.04.3_lpia.deb
Size/MD5: 92962 6ebfa49dcabb3d76a43c929d0ad9b86d
http://ports.ubuntu.com/pool/main/d/devhelp/libdevhelp-1-dev_0.19-1ubuntu1.8.04.3_lpia.deb
Size/MD5: 6708 1e479fcf05f054761cb6c5f645691272
http://ports.ubuntu.com/pool/main/e/epiphany-browser/epiphany-browser-dbg_2.22.2-0ubuntu0.8.04.5_lpia.deb
Size/MD5: 1881282 9acc6a2939b1a0f25d9957170fb2be0d
http://ports.ubuntu.com/pool/main/e/epiphany-browser/epiphany-gecko_2.22.2-0ubuntu0.8.04.5_lpia.deb
Size/MD5: 540030 f21b130d59e6765fcf62145741edfb31
http://ports.ubuntu.com/pool/main/m/midbrowser/midbrowser_0.3.0rc1a-1~8.04.2_lpia.deb
Size/MD5: 1187040 8b9a8b1a869b4126113c1a42144fa749
http://ports.ubuntu.com/pool/main/y/yelp/yelp_2.22.1-0ubuntu2.8.04.2_lpia.deb
Size/MD5: 347230 bb2cf6e1ffd5251a3fdc0ca040591720

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/d/devhelp/devhelp_0.19-1ubuntu1.8.04.3_powerpc.deb
Size/MD5: 19474 c8238d336c7d5809ffd284e23e583258
http://ports.ubuntu.com/pool/main/d/devhelp/libdevhelp-1-0_0.19-1ubuntu1.8.04.3_powerpc.deb
Size/MD5: 101252 71fc2e25b914d62b9dcc84fa34a37bb5
http://ports.ubuntu.com/pool/main/d/devhelp/libdevhelp-1-dev_0.19-1ubuntu1.8.04.3_powerpc.deb
Size/MD5: 6712 f02cac506dc419a8d6bbea10f17f6c31
http://ports.ubuntu.com/pool/main/e/epiphany-browser/epiphany-browser-dbg_2.22.2-0ubuntu0.8.04.5_powerpc.deb
Size/MD5: 1931954 959869f5deb73dc20ad999df7db6db29
http://ports.ubuntu.com/pool/main/e/epiphany-browser/epiphany-gecko_2.22.2-0ubuntu0.8.04.5_powerpc.deb
Size/MD5: 576138 a07f45bdb84eda63783fda40635d12a8
http://ports.ubuntu.com/pool/main/m/midbrowser/midbrowser_0.3.0rc1a-1~8.04.2_powerpc.deb
Size/MD5: 1212598 1e1c5ab7e9e4e1ad45763faffc0e2d83
http://ports.ubuntu.com/pool/main/y/yelp/yelp_2.22.1-0ubuntu2.8.04.2_powerpc.deb
Size/MD5: 361420 7f1093eb894d3c55c8d15efd793ae451

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close