Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 23rd, 2015
Linux Advisory Watch: March 20th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: 930-2: apturl, Epiphany, gecko-sharp, gnome-python-extras, Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This updateprovides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2 onUbuntu 8.04 LTS. [More...]
Ubuntu Security Notice USN-930-2              June 29, 2010
apturl, epiphany-browser, gecko-sharp, gnome-python-extras,
liferea, rhythmbox, totem, ubufox, yelp update

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  apturl                          0.2.2ubuntu1.1
  epiphany-gecko                  2.22.2-0ubuntu0.8.04.7
  libgecko2.0-cil                 0.11-3ubuntu4.8.04.1
  liferea                         1.4.14-0ubuntu4.1
  python-gnome2-extras            2.19.1-0ubuntu7.2
  rhythmbox                       0.11.5-0ubuntu8.8.04.2
  totem-mozilla                   2.22.1-0ubuntu3.8.04.6
  ubufox                          0.9~rc2-0ubuntu0.8.04.1
  yelp                            2.22.1-0ubuntu2.8.04.4

After a standard system upgrade you need to restart any applications that
use Xulrunner to effect the necessary changes.

Details follow:

USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update
provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2 on
Ubuntu 8.04 LTS.

Original advisory details:

 If was discovered that Firefox could be made to access freed memory. If a
 user were tricked into viewing a malicious site, a remote attacker could
 cause a denial of service or possibly execute arbitrary code with the
 privileges of the user invoking the program. This issue only affected
 Ubuntu 8.04 LTS. (CVE-2010-1121)
 Several flaws were discovered in the browser engine of Firefox. If a
 user were tricked into viewing a malicious site, a remote attacker could
 cause a denial of service or possibly execute arbitrary code with the
 privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201,
 CVE-2010-1202, CVE-2010-1203)
 A flaw was discovered in the way plugin instances interacted. An attacker
 could potentially exploit this and use one plugin to access freed memory from a
 second plugin to execute arbitrary code with the privileges of the user
 invoking the program. (CVE-2010-1198)
 An integer overflow was discovered in Firefox. If a user were tricked into
 viewing a malicious site, an attacker could overflow a buffer and cause a
 denial of service or possibly execute arbitrary code with the privileges of
 the user invoking the program. (CVE-2010-1196)
 Martin Barbella discovered an integer overflow in an XSLT node sorting
 routine. An attacker could exploit this to overflow a buffer and cause a
 denial of service or possibly execute arbitrary code with the privileges of
 the user invoking the program. (CVE-2010-1199)
 Michal Zalewski discovered that the focus behavior of Firefox could be
 subverted. If a user were tricked into viewing a malicious site, a remote
 attacker could use this to capture keystrokes. (CVE-2010-1125)
 Ilja van Sprundel discovered that the 'Content-Disposition: attachment'
 HTTP header was ignored when 'Content-Type: multipart' was also present.
 Under certain circumstances, this could potentially lead to cross-site
 scripting attacks. (CVE-2010-1197)
 Amit Klein discovered that Firefox did not seed its random number generator
 often enough. An attacker could exploit this to identify and track users
 across different web sites. (CVE-2008-5913)

Updated packages for Ubuntu 8.04 LTS:

  Source archives:
      Size/MD5:     1183 033506549005852c57f2ebce9c7a40a8
      Size/MD5:    18785 ef4c7849db7cb59386bd8da71064c539
      Size/MD5:    44336 125002a836026ad3cd7a0126670cbf06
      Size/MD5:     2333 5c99e9393b81bf53fea9a2c4522f65a5
      Size/MD5:  7126288 cdc44e20c2ebaba1fe71c1154030dcd9
      Size/MD5:   319066 b9d255da5374be55423efe4fbdfd55f3
      Size/MD5:     1846 3691c12269fa145d0dca3fcf138f5735
      Size/MD5:   177141 7362d710b7fe6a8b5f68a614279147de
      Size/MD5:   102471 d7dfaef8c961831b27e584a54f7bb0db
      Size/MD5:     2206 32366846800f47a19b898f57f7534303
      Size/MD5:   515369 3dd5eb6db50b86d49f065d9b8651bbc7
      Size/MD5:   207032 281a32045a232e4521971be717b959c2
      Size/MD5:     1946 5ee66c2b0e7588738d87db26c5e38e8a
      Size/MD5:  1616844 67fcb6b1e504b2ac3b8d151c96071ab4
      Size/MD5:    41609 ff2fbcd6d9ced053b5e8eccaa912f5c0
      Size/MD5:     2572 361e79ed6797953453d0c00da1f4f261
      Size/MD5:  5949067 f8a38d080b551a75bd18bf6f4852fb86
      Size/MD5:    86094 3e2ee1d0dfc47b99b05e16b3fe96f80e
      Size/MD5:     2808 5c594092107ffa92b4d4d1ec7df4a456
      Size/MD5:  3489611 37fa9e8f3b099b755aa4fa2693451311
      Size/MD5:     4237 6db33c7100ffea6d1644c4acc3bd7f15
      Size/MD5:     1400 a86376fa0d48e0123c5434274f357358
      Size/MD5:    71757 373c0046b00366698f5aec0fce77e579
      Size/MD5:  1268862 501e14edc91a2e7e7de89f31fc18ae06
      Size/MD5:     1935 622d0fd71eaaae47966c029a57e19c47
      Size/MD5:  1528478 e97a18f7e002d293394726004fc110b7

  Architecture independent packages:
      Size/MD5:    12034 c4f7b880eca2f9333b774357e4bf0a3c
      Size/MD5:  3296728 238824e4d5df7411c14211c430ae1ca4
      Size/MD5:   115946 a8a38502124a942036a15cb4af764062
      Size/MD5:    49658 86e363ab7baac476119daa60f8b5a6f8
      Size/MD5:    44290 1a9ee7270a8fc8ba6ac73e69f6ce6d06
      Size/MD5:    28764 3b2fbdf52102aaaac21253ea9863a830
      Size/MD5:  1249404 5e81afd96913802da8846a0fdf911898
      Size/MD5:    42124 6c4e95c2a42a49350992fc82299e83c1
      Size/MD5:    41344 ab613778672aa0b86a87c9589c1dc1a7
      Size/MD5:    55512 dc2f290182f78e963116ed3d17541648
      Size/MD5:    68616 d6d6fe8b1788a0d16d11301b229555f4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:  1948102 49f98976cc47231e02ed4d0a8a34f6c7
      Size/MD5:   580978 72220d64051f68c4598bf1962f5d1e1c
      Size/MD5:    67154 81bb217e218b997171416c7f780fe0ef
      Size/MD5:  1126496 00b3cf8267570037255f1244e5153b70
      Size/MD5:   385958 02ce55e9620efa3dc7eebe39a3f2bc88
      Size/MD5:    81494 4b0faf52d8dc2db67a92d68f7da24048
      Size/MD5:    30560 2c3a7fdd3e5b2b1b50ef2d968863e7f6
      Size/MD5:   643022 a7d717225b25fcecca518a474f772284
      Size/MD5:   826426 65644489a107de2f4bff6d199133339f
      Size/MD5:  2142086 33bb5bdfcfbb0ec3364129916356e291
      Size/MD5:  3284714 d15ea03e86bdc292b0dd795464488990
      Size/MD5:  3286676 7b841d6f9eb37faa92777cccbf691c97
      Size/MD5:   769900 39728738cfe1860f764c980ec87f298d
      Size/MD5:   104132 4e4d50281103f5287dd7d34b39da09e3
      Size/MD5:   359564 8706514604bde7e162e0985ce4a73faa
      Size/MD5:    53758 2ff2c004dbc825d511882bfc5c2fbf80
      Size/MD5:   668810 d440cc30b27222c35e730bf02bca1f03

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:  1863162 fe9794af837ca0d88944d306c502d7d4
      Size/MD5:   547574 fd16bcbcc34cf8c7f766ec8576a22ef0
      Size/MD5:    64168 37f6ee47f747ea8f18e47b2082ebf8d3
      Size/MD5:   982890 49ddec629345d3d487717fb3618302eb
      Size/MD5:   322182 d432c98983be6bbe9703b62423272e01
      Size/MD5:    73496 b119c352938012ba86010455cce3f085
      Size/MD5:    26910 74da37259c401b671c6d679859222792
      Size/MD5:   620936 e302fc31adefba974869b45da1bff47b
      Size/MD5:   784150 8b7c6afd60463dfe9c3057f9ccb389b3
      Size/MD5:  2032368 986375eb76b5f5525489ff8b8f39b88a
      Size/MD5:  3208798 8e8d8359bab5c30e709b18c85620fa1c
      Size/MD5:  3131708 0ff4e0845ca30d7aa1d2ef5ef5f37a76
      Size/MD5:   709122 2033fb8278a6aaa53ca66d1264f92d45
      Size/MD5:    98560 e2183d1c76a0ebcc9a6d37b8fe01391e
      Size/MD5:   346882 a7623b627c77237ea6696d9974966e23
      Size/MD5:    52764 bd261cf035de8db6dd37fd08f6aa0dad
      Size/MD5:   618450 1f4af67fb91b060d902b60e8c16f7782

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:  1881018 35fdf3b85fa92e80e696e1cb4c34c2c9
      Size/MD5:   542124 c4ab3a06b22015bbbac04355ae149d59
      Size/MD5:    63740 0c797473d4356127600f0b4dce73520a
      Size/MD5:   985186 c85023a3295a161b26e2f75655c64865
      Size/MD5:   316660 932a54b005b1fde70de804124443319e
      Size/MD5:    73706 d038a0efc0ab29d40c6a3b506e56aaaf
      Size/MD5:    26836 70742ffd97780d08b300141a96f3ab08
      Size/MD5:   630702 052d09f5997d3a11384e831a90e2ff77
      Size/MD5:   788044 eaaadcf4ba6ce21b205019dda2f99a65
      Size/MD5:  2062374 e4dd42ec1a34a234014a0133f90938ae
      Size/MD5:  3197936 d173742e3f2abfb2bd1c64495460c843
      Size/MD5:  3176114 8e060d6caad27f134ec2f2b4ef137e24
      Size/MD5:   700378 1ce5a1bc53045f87515f0ff22747f52d
      Size/MD5:    98416 39e61cc698d5ebcf6b9707bacc161134
      Size/MD5:   347428 6b243ef24ccb982ab6e1cf74bae0d531
      Size/MD5:    52634 755e59e4a976afdf1827fe6b66e7dfb2
      Size/MD5:   613154 5e6b1c7de02996891a1686c4c4b89fc2

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:  1932440 ea4ae556feb929f6a8e73d7516e95e89
      Size/MD5:   580180 a97a6ada5574be24fd5f222d60f31494
      Size/MD5:    70044 e66c3ef0e604c542806871a7cc2d8eeb
      Size/MD5:  1070912 a009d018f0896c01e2abba858f7c5827
      Size/MD5:   361694 8363760b96de2a28a1fea788cf44354c
      Size/MD5:    77598 049fa35abd0c39f0b0aae6c386e3d768
      Size/MD5:    27690 87ff5f626ace30a762c2667713e29029
      Size/MD5:   636486 d81c8fb120719e8de20f6c670f1f8c10
      Size/MD5:   822802 6fc97eebaf34407704822cd9bf98237c
      Size/MD5:  2125022 5b60498ca23979dc3498c4bafffe5706
      Size/MD5:  3325182 3439489924a0e8b7876f5b81f5fec57b
      Size/MD5:  3276744 1226aa63df23803cde841c4f4ad7099a
      Size/MD5:   810154 e5fef604ee03e2a1ee46fa167b4b1379
      Size/MD5:   116074 aac96a6b6e9f0b199fc6272744c1c1f3
      Size/MD5:   361770 1c4a4ebff32fa9d06893dab4f20597fb
      Size/MD5:    56528 344978fc39fff4dca5504ae0e45892ad
      Size/MD5:   705722 ac90a30e055de0b7b03e3c6caef7b66f

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:  1973012 b4b5b4f83e01555b8dcd72f5d5164d95
      Size/MD5:  3231364 70de2cf39032c78ebc1d19b348d8038e

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Tech Companies, Privacy Advocates Call for NSA Reform
Google warns of unauthorized TLS certificates trusted by almost all OSes
How Kevin Mitnick hacked the audience at CeBIT 2015
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.