LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 15th, 2014
Linux Advisory Watch: August 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: WebKit vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that WebKit did not properly handle certain SVGPathList data structures. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0945) Several flaws were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1711, CVE-2009-1725) It was discovered that WebKit did not prevent the loading of local Java applets. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1712)
===========================================================
Ubuntu Security Notice USN-836-1         September 23, 2009
webkit vulnerabilities
CVE-2009-0945, CVE-2009-1687, CVE-2009-1690, CVE-2009-1698,
CVE-2009-1711, CVE-2009-1712, CVE-2009-1725
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
  libwebkit-1.0-1                 1.0.1-2ubuntu0.2
  libwebkit-1.0-1-dbg             1.0.1-2ubuntu0.2
  libwebkit-dev                   1.0.1-2ubuntu0.2

Ubuntu 9.04:
  libwebkit-1.0-1                 1.0.1-4ubuntu0.1
  libwebkit-1.0-1-dbg             1.0.1-4ubuntu0.1
  libwebkit-dev                   1.0.1-4ubuntu0.1

After a standard system upgrade you need to restart any applications that
use WebKit, such as Epiphany-webkit and Midori, to effect the necessary
changes.

Details follow:

It was discovered that WebKit did not properly handle certain SVGPathList
data structures. If a user were tricked into viewing a malicious website,
an attacker could exploit this to execute arbitrary code with the
privileges of the user invoking the program. (CVE-2009-0945)

Several flaws were discovered in the WebKit browser and JavaScript engines.
If a user were tricked into viewing a malicious website, a remote attacker
could cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2009-1687, CVE-2009-1690,
CVE-2009-1698, CVE-2009-1711, CVE-2009-1725)

It was discovered that WebKit did not prevent the loading of local Java
applets. If a user were tricked into viewing a malicious website,
an attacker could exploit this to execute arbitrary code with the
privileges of the user invoking the program. (CVE-2009-1712)


Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.0.1-2ubuntu0.2.diff.gz
      Size/MD5:    25401 ca58f621eec09ea60847fb7eeb18ef2a
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.0.1-2ubuntu0.2.dsc
      Size/MD5:     1538 ebdb32117beca5fff473ca0c1b065b42
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.0.1.orig.tar.gz
      Size/MD5: 13418752 4de68a5773998bea14e8939aa341c466

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-dev_1.0.1-2ubuntu0.2_all.deb
      Size/MD5:    34590 acb9cdfb9608c5f4146ea88eef384e75

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-2ubuntu0.2_amd64.deb
      Size/MD5: 62592212 df3152f6a40e538e3a267908d83783c0
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-1_1.0.1-2ubuntu0.2_amd64.deb
      Size/MD5:  3501472 e68f67894e53eb2faa48191ea3953732

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-2ubuntu0.2_i386.deb
      Size/MD5: 62206938 b7d1dde62360865cbc814122b93d4005
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-1_1.0.1-2ubuntu0.2_i386.deb
      Size/MD5:  3014500 73a5a3e9985f6d165120c5c3cca6d06b

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-2ubuntu0.2_lpia.deb
      Size/MD5: 62284322 75ff8aefee1fdea994f660dab5f6554f
    http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-1_1.0.1-2ubuntu0.2_lpia.deb
      Size/MD5:  2966170 1c52f1920282c659a0a81a3be44dde7f

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.0.1-4ubuntu0.1.diff.gz
      Size/MD5:    30900 0ea9f48f994b9bd759446a939ff5dca3
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.0.1-4ubuntu0.1.dsc
      Size/MD5:     1538 31502504b765f1161825ccdb82f71788
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.0.1.orig.tar.gz
      Size/MD5: 13418752 4de68a5773998bea14e8939aa341c466

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-dev_1.0.1-4ubuntu0.1_all.deb
      Size/MD5:    34678 5042c01c01e9d128a13d1457c56b0cbd

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4ubuntu0.1_amd64.deb
      Size/MD5: 62772554 3026ef7b332447cae68ed4f72b35ddb2
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-1_1.0.1-4ubuntu0.1_amd64.deb
      Size/MD5:  3502830 0fcd75b07524e2d70f8770ccd5bdc0c3

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4ubuntu0.1_i386.deb
      Size/MD5: 62357024 777eb37c5384472cf9b4adac21f0d116
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-1_1.0.1-4ubuntu0.1_i386.deb
      Size/MD5:  3014688 100fd9406ea649edd954f4d154ab4d30

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4ubuntu0.1_lpia.deb
      Size/MD5: 62441454 18aa72b5c443a86153906e5ba4a87e55
    http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-1_1.0.1-4ubuntu0.1_lpia.deb
      Size/MD5:  2968040 9651199f95dfee6252e2aacde99ebbbf




 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Moving toward smart and secure continuous software delivery
Stealthy, Razor Thin ATM Insert Skimmers
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.