LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: Devhelp, Epiphany, Midbrowser and Yelp update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2785)
=========================================================== 
Ubuntu Security Notice USN-626-2            August 04, 2008
devhelp, epiphany-browser, midbrowser, yelp update
https://launchpad.net/bugs/253462
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  devhelp                         0.19-1ubuntu1.8.04.3
  epiphany-gecko                  2.22.2-0ubuntu0.8.04.5
  midbrowser                      0.3.0rc1a-1~8.04.2
  yelp                            2.22.1-0ubuntu2.8.04.2

After a standard system upgrade you need to restart Devhelp, Epiphany,
Midbrowser and Yelp to effect the necessary changes.

Details follow:

USN-626-1 fixed vulnerabilities in xulrunner-1.9. The changes required
that Devhelp, Epiphany, Midbrowser and Yelp also be updated to use the
new xulrunner-1.9.

Original advisory details:

 A flaw was discovered in the browser engine. A variable could be made to
 overflow causing the browser to crash. If a user were tricked into opening
 a malicious web page, an attacker could cause a denial of service or
 possibly execute arbitrary code with the privileges of the user invoking
 the program. (CVE-2008-2785)
 
 Billy Rios discovered that Firefox and xulrunner, as used by browsers
 such as Epiphany, did not properly perform URI splitting with pipe
 symbols when passed a command-line URI. If Firefox or xulrunner were
 passed a malicious URL, an attacker may be able to execute local
 content with chrome privileges. (CVE-2008-2933)


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/devhelp_0.19-1ubuntu1.8.04.3.diff.gz
      Size/MD5:    31298 9c7bb3906f79ab2c1f190cbefb703f82
    http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/devhelp_0.19-1ubuntu1.8.04.3.dsc
      Size/MD5:     1114 bb5bf149ce7b8df7a16d7ab7c411d5ed
    http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/devhelp_0.19.orig.tar.gz
      Size/MD5:   675357 3a9cb38f83d7f20391b19e305608f289
    http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-browser_2.22.2-0ubuntu0.8.04.5.diff.gz
      Size/MD5:    41819 89fa0f8815e04a0f634241b6c1f364d3
    http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-browser_2.22.2-0ubuntu0.8.04.5.dsc
      Size/MD5:     1589 61c107f668ad8b4aa25c398b0c93fe1d
    http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-browser_2.22.2.orig.tar.gz
      Size/MD5:  7126288 cdc44e20c2ebaba1fe71c1154030dcd9
    http://security.ubuntu.com/ubuntu/pool/main/m/midbrowser/midbrowser_0.3.0rc1a-1~8.04.2.dsc
      Size/MD5:     1081 fcc8bc8330370aa9df477a6b6f6fb819
    http://security.ubuntu.com/ubuntu/pool/main/m/midbrowser/midbrowser_0.3.0rc1a-1~8.04.2.tar.gz
      Size/MD5: 46625228 e35bc6b300ba8ba6795cc3c8544c1c70
    http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.22.1-0ubuntu2.8.04.2.diff.gz
      Size/MD5:  1268814 35076923ad47e759c7944548421dee51
    http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.22.1-0ubuntu2.8.04.2.dsc
      Size/MD5:     1230 bd4fda6dd2e3c57f2db67e635e805a5b
    http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.22.1.orig.tar.gz
      Size/MD5:  1528478 e97a18f7e002d293394726004fc110b7

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/devhelp-common_0.19-1ubuntu1.8.04.3_all.deb
      Size/MD5:    38486 95c5a3b17fd74b4dd632e7c8a2c559ec
    http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-browser-data_2.22.2-0ubuntu0.8.04.5_all.deb
      Size/MD5:  3296778 b77676d76c4a5ba0728fca33aadc238a
    http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-browser-dev_2.22.2-0ubuntu0.8.04.5_all.deb
      Size/MD5:   115802 30f9179b2bbeb7fc0170ec9156deedd5
    http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-browser_2.22.2-0ubuntu0.8.04.5_all.deb
      Size/MD5:    49494 bb116eb3227198464792497dbf1b1fa3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/devhelp_0.19-1ubuntu1.8.04.3_amd64.deb
      Size/MD5:    17026 5fd05c053b42d0ab1228e97953aa8775
    http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/libdevhelp-1-0_0.19-1ubuntu1.8.04.3_amd64.deb
      Size/MD5:   100988 c8f2b1a6898df9a34715ed306ce0f28d
    http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/libdevhelp-1-dev_0.19-1ubuntu1.8.04.3_amd64.deb
      Size/MD5:     6702 35a0280af7c5ad62333b6ad64c612bd9
    http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-browser-dbg_2.22.2-0ubuntu0.8.04.5_amd64.deb
      Size/MD5:  1948612 87efe42bb7facafb8f5c24ecb7d256ef
    http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-gecko_2.22.2-0ubuntu0.8.04.5_amd64.deb
      Size/MD5:   579338 3e65b363fad9bb0f9364d13312d438c1
    http://security.ubuntu.com/ubuntu/pool/main/m/midbrowser/midbrowser_0.3.0rc1a-1~8.04.2_amd64.deb
      Size/MD5:  1222428 1ec764e382c763932d3485062f9d30a8
    http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.22.1-0ubuntu2.8.04.2_amd64.deb
      Size/MD5:   359272 22eda6f6103d5b22a7fd6734941ce57a

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/devhelp_0.19-1ubuntu1.8.04.3_i386.deb
      Size/MD5:    31736 3930e413a69542a6fe692da52e122bf6
    http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/libdevhelp-1-0_0.19-1ubuntu1.8.04.3_i386.deb
      Size/MD5:    79106 7d4f9e0bca4834ffe03160a25fd5d915
    http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/libdevhelp-1-dev_0.19-1ubuntu1.8.04.3_i386.deb
      Size/MD5:    21908 4da4fbb4969b6f50dfdd970e6b330434
    http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-browser-dbg_2.22.2-0ubuntu0.8.04.5_i386.deb
      Size/MD5:  1863560 670d52c0413ae0f34b7d515e75f35022
    http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-gecko_2.22.2-0ubuntu0.8.04.5_i386.deb
      Size/MD5:   545286 900c7fe883d5b0a134e6f562d91dfdff
    http://security.ubuntu.com/ubuntu/pool/main/m/midbrowser/midbrowser_0.3.0rc1a-1~8.04.2_i386.deb
      Size/MD5:  1192374 75f56b11566863c175d97f2015c8c4e0
    http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.22.1-0ubuntu2.8.04.2_i386.deb
      Size/MD5:   346632 08944188ce8e4e48b76f63c6bead71f9

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/d/devhelp/devhelp_0.19-1ubuntu1.8.04.3_lpia.deb
      Size/MD5:    16710 9eca7f0fe03d7555b777e2f3bbd69444
    http://ports.ubuntu.com/pool/main/d/devhelp/libdevhelp-1-0_0.19-1ubuntu1.8.04.3_lpia.deb
      Size/MD5:    92962 6ebfa49dcabb3d76a43c929d0ad9b86d
    http://ports.ubuntu.com/pool/main/d/devhelp/libdevhelp-1-dev_0.19-1ubuntu1.8.04.3_lpia.deb
      Size/MD5:     6708 1e479fcf05f054761cb6c5f645691272
    http://ports.ubuntu.com/pool/main/e/epiphany-browser/epiphany-browser-dbg_2.22.2-0ubuntu0.8.04.5_lpia.deb
      Size/MD5:  1881282 9acc6a2939b1a0f25d9957170fb2be0d
    http://ports.ubuntu.com/pool/main/e/epiphany-browser/epiphany-gecko_2.22.2-0ubuntu0.8.04.5_lpia.deb
      Size/MD5:   540030 f21b130d59e6765fcf62145741edfb31
    http://ports.ubuntu.com/pool/main/m/midbrowser/midbrowser_0.3.0rc1a-1~8.04.2_lpia.deb
      Size/MD5:  1187040 8b9a8b1a869b4126113c1a42144fa749
    http://ports.ubuntu.com/pool/main/y/yelp/yelp_2.22.1-0ubuntu2.8.04.2_lpia.deb
      Size/MD5:   347230 bb2cf6e1ffd5251a3fdc0ca040591720

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/d/devhelp/devhelp_0.19-1ubuntu1.8.04.3_powerpc.deb
      Size/MD5:    19474 c8238d336c7d5809ffd284e23e583258
    http://ports.ubuntu.com/pool/main/d/devhelp/libdevhelp-1-0_0.19-1ubuntu1.8.04.3_powerpc.deb
      Size/MD5:   101252 71fc2e25b914d62b9dcc84fa34a37bb5
    http://ports.ubuntu.com/pool/main/d/devhelp/libdevhelp-1-dev_0.19-1ubuntu1.8.04.3_powerpc.deb
      Size/MD5:     6712 f02cac506dc419a8d6bbea10f17f6c31
    http://ports.ubuntu.com/pool/main/e/epiphany-browser/epiphany-browser-dbg_2.22.2-0ubuntu0.8.04.5_powerpc.deb
      Size/MD5:  1931954 959869f5deb73dc20ad999df7db6db29
    http://ports.ubuntu.com/pool/main/e/epiphany-browser/epiphany-gecko_2.22.2-0ubuntu0.8.04.5_powerpc.deb
      Size/MD5:   576138 a07f45bdb84eda63783fda40635d12a8
    http://ports.ubuntu.com/pool/main/m/midbrowser/midbrowser_0.3.0rc1a-1~8.04.2_powerpc.deb
      Size/MD5:  1212598 1e1c5ab7e9e4e1ad45763faffc0e2d83
    http://ports.ubuntu.com/pool/main/y/yelp/yelp_2.22.1-0ubuntu2.8.04.2_powerpc.deb
      Size/MD5:   361420 7f1093eb894d3c55c8d15efd793ae451


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Google Removes SSLv3 Fallback Support From Chrome
Hacker Lexicon: What Is End-to-End Encryption?
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.