LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 21st, 2014
Linux Security Week: April 7th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: Yelp vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Aaron Grattafiori discovered that the Gnome Help Viewer did not handle format strings correctly when displaying certain error messages. If a user were tricked into opening a specially crafted URI, a remote attacker could execute arbitrary code with user privileges.
=========================================================== 
Ubuntu Security Notice USN-638-1            August 27, 2008
yelp vulnerability
CVE-2008-3533
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  yelp                            2.20.0-0ubuntu3.1

Ubuntu 8.04 LTS:
  yelp                            2.22.1-0ubuntu2.8.04.3

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Aaron Grattafiori discovered that the Gnome Help Viewer did not handle
format strings correctly when displaying certain error messages.  If a
user were tricked into opening a specially crafted URI, a remote attacker
could execute arbitrary code with user privileges.


Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.20.0-0ubuntu3.1.diff.gz
      Size/MD5:   850373 f1bacca35ae3410344a7bf1aef1529c8
    http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.20.0-0ubuntu3.1.dsc
      Size/MD5:     1335 bb08a9c70bc29bb5921d43b151d4abec
    http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.20.0.orig.tar.gz
      Size/MD5:  1327272 78603f3a62a2c651d813c81c553ffba2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.20.0-0ubuntu3.1_amd64.deb
      Size/MD5:   347978 0f199a836a45c0c13d431157711ff9bf

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.20.0-0ubuntu3.1_i386.deb
      Size/MD5:   337348 6b2cdaa678d2f1c08bfdadb50cc54435

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/y/yelp/yelp_2.20.0-0ubuntu3.1_lpia.deb
      Size/MD5:   337892 b5e5d4123b09e2707e099eb31e9600a2

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.20.0-0ubuntu3.1_powerpc.deb
      Size/MD5:   351482 e8e453f18768563594db022523120401

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.20.0-0ubuntu3.1_sparc.deb
      Size/MD5:   340976 ac55a07c68d69579e9835dd1a725bf6b

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.22.1-0ubuntu2.8.04.3.diff.gz
      Size/MD5:  1266220 616a1b19286e879edb4e7e94da4b1d79
    http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.22.1-0ubuntu2.8.04.3.dsc
      Size/MD5:     1276 6b3bcddcd1243e7e79f9c95452dc7210
    http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.22.1.orig.tar.gz
      Size/MD5:  1528478 e97a18f7e002d293394726004fc110b7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.22.1-0ubuntu2.8.04.3_amd64.deb
      Size/MD5:   359430 89b9fa6b606101948ee12f67d60135e4

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.22.1-0ubuntu2.8.04.3_i386.deb
      Size/MD5:   346710 a0d5b5159aca614667d72573e2cbbd70

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/y/yelp/yelp_2.22.1-0ubuntu2.8.04.3_lpia.deb
      Size/MD5:   347308 3cfb6569b2b090ead5b97ed20c4fc141

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/y/yelp/yelp_2.22.1-0ubuntu2.8.04.3_powerpc.deb
      Size/MD5:   361592 1aa001d6994747b62c1d6f90f9e42223


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.