Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: Devhelp, Epiphany, Midbrowser and Yelp update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2785)
Ubuntu Security Notice USN-626-2            August 04, 2008
devhelp, epiphany-browser, midbrowser, yelp update

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  devhelp                         0.19-1ubuntu1.8.04.3
  epiphany-gecko                  2.22.2-0ubuntu0.8.04.5
  midbrowser                      0.3.0rc1a-1~8.04.2
  yelp                            2.22.1-0ubuntu2.8.04.2

After a standard system upgrade you need to restart Devhelp, Epiphany,
Midbrowser and Yelp to effect the necessary changes.

Details follow:

USN-626-1 fixed vulnerabilities in xulrunner-1.9. The changes required
that Devhelp, Epiphany, Midbrowser and Yelp also be updated to use the
new xulrunner-1.9.

Original advisory details:

 A flaw was discovered in the browser engine. A variable could be made to
 overflow causing the browser to crash. If a user were tricked into opening
 a malicious web page, an attacker could cause a denial of service or
 possibly execute arbitrary code with the privileges of the user invoking
 the program. (CVE-2008-2785)
 Billy Rios discovered that Firefox and xulrunner, as used by browsers
 such as Epiphany, did not properly perform URI splitting with pipe
 symbols when passed a command-line URI. If Firefox or xulrunner were
 passed a malicious URL, an attacker may be able to execute local
 content with chrome privileges. (CVE-2008-2933)

Updated packages for Ubuntu 8.04 LTS:

  Source archives:
      Size/MD5:    31298 9c7bb3906f79ab2c1f190cbefb703f82
      Size/MD5:     1114 bb5bf149ce7b8df7a16d7ab7c411d5ed
      Size/MD5:   675357 3a9cb38f83d7f20391b19e305608f289
      Size/MD5:    41819 89fa0f8815e04a0f634241b6c1f364d3
      Size/MD5:     1589 61c107f668ad8b4aa25c398b0c93fe1d
      Size/MD5:  7126288 cdc44e20c2ebaba1fe71c1154030dcd9
      Size/MD5:     1081 fcc8bc8330370aa9df477a6b6f6fb819
      Size/MD5: 46625228 e35bc6b300ba8ba6795cc3c8544c1c70
      Size/MD5:  1268814 35076923ad47e759c7944548421dee51
      Size/MD5:     1230 bd4fda6dd2e3c57f2db67e635e805a5b
      Size/MD5:  1528478 e97a18f7e002d293394726004fc110b7

  Architecture independent packages:
      Size/MD5:    38486 95c5a3b17fd74b4dd632e7c8a2c559ec
      Size/MD5:  3296778 b77676d76c4a5ba0728fca33aadc238a
      Size/MD5:   115802 30f9179b2bbeb7fc0170ec9156deedd5
      Size/MD5:    49494 bb116eb3227198464792497dbf1b1fa3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:    17026 5fd05c053b42d0ab1228e97953aa8775
      Size/MD5:   100988 c8f2b1a6898df9a34715ed306ce0f28d
      Size/MD5:     6702 35a0280af7c5ad62333b6ad64c612bd9
      Size/MD5:  1948612 87efe42bb7facafb8f5c24ecb7d256ef
      Size/MD5:   579338 3e65b363fad9bb0f9364d13312d438c1
      Size/MD5:  1222428 1ec764e382c763932d3485062f9d30a8
      Size/MD5:   359272 22eda6f6103d5b22a7fd6734941ce57a

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:    31736 3930e413a69542a6fe692da52e122bf6
      Size/MD5:    79106 7d4f9e0bca4834ffe03160a25fd5d915
      Size/MD5:    21908 4da4fbb4969b6f50dfdd970e6b330434
      Size/MD5:  1863560 670d52c0413ae0f34b7d515e75f35022
      Size/MD5:   545286 900c7fe883d5b0a134e6f562d91dfdff
      Size/MD5:  1192374 75f56b11566863c175d97f2015c8c4e0
      Size/MD5:   346632 08944188ce8e4e48b76f63c6bead71f9

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:    16710 9eca7f0fe03d7555b777e2f3bbd69444
      Size/MD5:    92962 6ebfa49dcabb3d76a43c929d0ad9b86d
      Size/MD5:     6708 1e479fcf05f054761cb6c5f645691272
      Size/MD5:  1881282 9acc6a2939b1a0f25d9957170fb2be0d
      Size/MD5:   540030 f21b130d59e6765fcf62145741edfb31
      Size/MD5:  1187040 8b9a8b1a869b4126113c1a42144fa749
      Size/MD5:   347230 bb2cf6e1ffd5251a3fdc0ca040591720

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:    19474 c8238d336c7d5809ffd284e23e583258
      Size/MD5:   101252 71fc2e25b914d62b9dcc84fa34a37bb5
      Size/MD5:     6712 f02cac506dc419a8d6bbea10f17f6c31
      Size/MD5:  1931954 959869f5deb73dc20ad999df7db6db29
      Size/MD5:   576138 a07f45bdb84eda63783fda40635d12a8
      Size/MD5:  1212598 1e1c5ab7e9e4e1ad45763faffc0e2d83
      Size/MD5:   361420 7f1093eb894d3c55c8d15efd793ae451

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
FBI Quietly Removes Recommendation To Encrypt Your Phone
And the prize for LEAST SECURE BROWSER goes to ... Chrome!
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.