LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 15th, 2014
Linux Security Week: September 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: elinks vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Arnaud Giersch discovered that elinks incorrectly attempted to load gettext catalogs from a relative path. If a user were tricked into running elinks from a specific directory, a local attacker could execute code with user privileges.
=========================================================== 
Ubuntu Security Notice USN-457-1               May 07, 2007
elinks vulnerability
CVE-2007-2027
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  elinks                                   0.10.6-1ubuntu3.1

Ubuntu 6.10:
  elinks                                   0.11.1-1ubuntu2.1

Ubuntu 7.04:
  elinks                                   0.11.1-1.2ubuntu2.1

In general, a standard system upgrade is sufficient to effect theTemp_Now.png
necessary changes.

Details follow:

Arnaud Giersch discovered that elinks incorrectly attempted to load 
gettext catalogs from a relative path.  If a user were tricked into 
running elinks from a specific directory, a local attacker could execute 
code with user privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ubuntu3.1.diff.gz
      Size/MD5:    28603 0b577b8bc6a3103935c52313a495a954
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ubuntu3.1.dsc
      Size/MD5:      738 0346748aaf2922418ec4dfe02e05c402
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6.orig.tar.gz
      Size/MD5:  3651428 0243203b9e54cf0cf002fca31244ce79

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.10.6-1ubuntu3.1_amd64.deb
      Size/MD5:   732216 d65ba4e4120fd88105adbc628a035a6f
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ubuntu3.1_amd64.deb
      Size/MD5:   906586 c3e80e8bd41f6d80c808042ed5cc1dbe

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.10.6-1ubuntu3.1_i386.deb
      Size/MD5:   682826 3b0209a4be268773185eef2d84c9e5b8
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ubuntu3.1_i386.deb
      Size/MD5:   845256 8ff10117a0c6db4c2ef0eab9b3bf5d12

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.10.6-1ubuntu3.1_powerpc.deb
      Size/MD5:   720792 e7a37e565245b54369375f92ed27ffb6
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ubuntu3.1_powerpc.deb
      Size/MD5:   889754 d52e3c0396583d7cbeae247a38103bf7

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.10.6-1ubuntu3.1_sparc.deb
      Size/MD5:   697444 f772ddcb471071477319b3b215608761
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ubuntu3.1_sparc.deb
      Size/MD5:   862440 0068be4d0c31e5c2ff9f46b8a6be801d

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ubuntu2.1.diff.gz
      Size/MD5:    28019 0d1b17d1b227466a560b0339df296dbc
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ubuntu2.1.dsc
      Size/MD5:      747 1e2a390cbc0823d457526485d1ca6ea5
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1.orig.tar.gz
      Size/MD5:  3863617 dce0fa7cb2b6e7194ddd00e34825218b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.11.1-1ubuntu2.1_amd64.deb
      Size/MD5:   460190 b950f302e8d80c25a65d6a089f3decd1
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ubuntu2.1_amd64.deb
      Size/MD5:   663668 de6d149b63992cb82358dd6fa4af10fe

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.11.1-1ubuntu2.1_i386.deb
      Size/MD5:   418540 c1fa34ff7a666af59c870cf6f97630e3
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ubuntu2.1_i386.deb
      Size/MD5:   621394 84a5bb5d26fada7ee6b9339e0b482895

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.11.1-1ubuntu2.1_powerpc.deb
      Size/MD5:   453056 26a74199993524ba5e340327eed6b614
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ubuntu2.1_powerpc.deb
      Size/MD5:   656246 3f9124e00688cca093ac6c8774d5e435

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.11.1-1ubuntu2.1_sparc.deb
      Size/MD5:   420584 74fb042c9fad6c10a9a3e2f6319b6b2e
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ubuntu2.1_sparc.deb
      Size/MD5:   622998 0bc6cf62c301a3604650c43a79710af9

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1.2ubuntu2.1.diff.gz
      Size/MD5:    28210 bbeba395c87822c7321705240db4111f
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1.2ubuntu2.1.dsc
      Size/MD5:      835 1ea4932dbbca4cc35be5c09c4c30b4a5
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1.orig.tar.gz
      Size/MD5:  3863617 dce0fa7cb2b6e7194ddd00e34825218b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.11.1-1.2ubuntu2.1_amd64.deb
      Size/MD5:   468628 6708c389f70a0357d98bb8cef8aa9a21
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1.2ubuntu2.1_amd64.deb
      Size/MD5:   667030 96db4f0809720d771667ccf46ab560bf

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.11.1-1.2ubuntu2.1_i386.deb
      Size/MD5:   424988 7935559185262ef203ae0fea05b938bd
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1.2ubuntu2.1_i386.deb
      Size/MD5:   625330 d67339cc55560497dd7c1d0d65d5c970

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.11.1-1.2ubuntu2.1_powerpc.deb
      Size/MD5:   462868 4335d0429e367f8910f475af2d851b2a
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1.2ubuntu2.1_powerpc.deb
      Size/MD5:   665126 e6be8d6ccfe1505991c1b83f10554b48

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.11.1-1.2ubuntu2.1_sparc.deb
      Size/MD5:   429848 b99d4994ed4b9617ba2c7340e09e5cb1
    http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1.2ubuntu2.1_sparc.deb
      Size/MD5:   630918 a40bbdb9d05e26f291d7c85b7e9a0d8f


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Encryption goof fixed in TorrentLocker file-locking malware
Qubes: The Open Source OS Built for Security
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.