==========================================================Ubuntu Security Notice USN-930-2 June 29, 2010
apturl, epiphany-browser, gecko-sharp, gnome-python-extras,
liferea, rhythmbox, totem, ubufox, yelp update
https://launchpad.net/bugs/599954
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
apturl 0.2.2ubuntu1.1
epiphany-gecko 2.22.2-0ubuntu0.8.04.7
libgecko2.0-cil 0.11-3ubuntu4.8.04.1
liferea 1.4.14-0ubuntu4.1
python-gnome2-extras 2.19.1-0ubuntu7.2
rhythmbox 0.11.5-0ubuntu8.8.04.2
totem-mozilla 2.22.1-0ubuntu3.8.04.6
ubufox 0.9~rc2-0ubuntu0.8.04.1
yelp 2.22.1-0ubuntu2.8.04.4
After a standard system upgrade you need to restart any applications that
use Xulrunner to effect the necessary changes.
Details follow:
USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update
provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2 on
Ubuntu 8.04 LTS.
Original advisory details:
If was discovered that Firefox could be made to access freed memory. If a
user were tricked into viewing a malicious site, a remote attacker could
cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. This issue only affected
Ubuntu 8.04 LTS. (CVE-2010-1121)
Several flaws were discovered in the browser engine of Firefox. If a
user were tricked into viewing a malicious site, a remote attacker could
cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201,
CVE-2010-1202, CVE-2010-1203)
A flaw was discovered in the way plugin instances interacted. An attacker
could potentially exploit this and use one plugin to access freed memory from a
second plugin to execute arbitrary code with the privileges of the user
invoking the program. (CVE-2010-1198)
An integer overflow was discovered in Firefox. If a user were tricked into
viewing a malicious site, an attacker could overflow a buffer and cause a
denial of service or possibly execute arbitrary code with the privileges of
the user invoking the program. (CVE-2010-1196)
Martin Barbella discovered an integer overflow in an XSLT node sorting
routine. An attacker could exploit this to overflow a buffer and cause a
denial of service or possibly execute arbitrary code with the privileges of
the user invoking the program. (CVE-2010-1199)
Michal Zalewski discovered that the focus behavior of Firefox could be
subverted. If a user were tricked into viewing a malicious site, a remote
attacker could use this to capture keystrokes. (CVE-2010-1125)
Ilja van Sprundel discovered that the 'Content-Disposition: attachment'
HTTP header was ignored when 'Content-Type: multipart' was also present.
Under certain circumstances, this could potentially lead to cross-site
scripting attacks. (CVE-2010-1197)
Amit Klein discovered that Firefox did not seed its random number generator
often enough. An attacker could exploit this to identify and track users
across different web sites. (CVE-2008-5913)
Updated packages for Ubuntu 8.04 LTS:
Source archives:
Size/MD5: 1183 033506549005852c57f2ebce9c7a40a8
Size/MD5: 18785 ef4c7849db7cb59386bd8da71064c539
Size/MD5: 44336 125002a836026ad3cd7a0126670cbf06
Size/MD5: 2333 5c99e9393b81bf53fea9a2c4522f65a5
Size/MD5: 7126288 cdc44e20c2ebaba1fe71c1154030dcd9
Size/MD5: 319066 b9d255da5374be55423efe4fbdfd55f3
Size/MD5: 1846 3691c12269fa145d0dca3fcf138f5735
Size/MD5: 177141 7362d710b7fe6a8b5f68a614279147de
Size/MD5: 102471 d7dfaef8c961831b27e584a54f7bb0db
Size/MD5: 2206 32366846800f47a19b898f57f7534303
Size/MD5: 515369 3dd5eb6db50b86d49f065d9b8651bbc7
Size/MD5: 207032 281a32045a232e4521971be717b959c2
Size/MD5: 1946 5ee66c2b0e7588738d87db26c5e38e8a
Size/MD5: 1616844 67fcb6b1e504b2ac3b8d151c96071ab4
Size/MD5: 41609 ff2fbcd6d9ced053b5e8eccaa912f5c0
Size/MD5: 2572 361e79ed6797953453d0c00da1f4f261
Size/MD5: 5949067 f8a38d080b551a75bd18bf6f4852fb86
Size/MD5: 86094 3e2ee1d0dfc47b99b05e16b3fe96f80e
Size/MD5: 2808 5c594092107ffa92b4d4d1ec7df4a456
Size/MD5: 3489611 37fa9e8f3b099b755aa4fa2693451311
Size/MD5: 4237 6db33c7100ffea6d1644c4acc3bd7f15
Size/MD5: 1400 a86376fa0d48e0123c5434274f357358
Size/MD5: 71757 373c0046b00366698f5aec0fce77e579
Size/MD5: 1268862 501e14edc91a2e7e7de89f31fc18ae06
Size/MD5: 1935 622d0fd71eaaae47966c029a57e19c47
Size/MD5: 1528478 e97a18f7e002d293394726004fc110b7
Architecture independent packages:
Size/MD5: 12034 c4f7b880eca2f9333b774357e4bf0a3c
Size/MD5: 3296728 238824e4d5df7411c14211c430ae1ca4
Size/MD5: 115946 a8a38502124a942036a15cb4af764062
Size/MD5: 49658 86e363ab7baac476119daa60f8b5a6f8
Size/MD5: 44290 1a9ee7270a8fc8ba6ac73e69f6ce6d06
Size/MD5: 28764 3b2fbdf52102aaaac21253ea9863a830
Size/MD5: 1249404 5e81afd96913802da8846a0fdf911898
Size/MD5: 42124 6c4e95c2a42a49350992fc82299e83c1
Size/MD5: 41344 ab613778672aa0b86a87c9589c1dc1a7
Size/MD5: 55512 dc2f290182f78e963116ed3d17541648
Size/MD5: 68616 d6d6fe8b1788a0d16d11301b229555f4
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 1948102 49f98976cc47231e02ed4d0a8a34f6c7
Size/MD5: 580978 72220d64051f68c4598bf1962f5d1e1c
Size/MD5: 67154 81bb217e218b997171416c7f780fe0ef
Size/MD5: 1126496 00b3cf8267570037255f1244e5153b70
Size/MD5: 385958 02ce55e9620efa3dc7eebe39a3f2bc88
Size/MD5: 81494 4b0faf52d8dc2db67a92d68f7da24048
Size/MD5: 30560 2c3a7fdd3e5b2b1b50ef2d968863e7f6
Size/MD5: 643022 a7d717225b25fcecca518a474f772284
Size/MD5: 826426 65644489a107de2f4bff6d199133339f
Size/MD5: 2142086 33bb5bdfcfbb0ec3364129916356e291
Size/MD5: 3284714 d15ea03e86bdc292b0dd795464488990
Size/MD5: 3286676 7b841d6f9eb37faa92777cccbf691c97
Size/MD5: 769900 39728738cfe1860f764c980ec87f298d
Size/MD5: 104132 4e4d50281103f5287dd7d34b39da09e3
Size/MD5: 359564 8706514604bde7e162e0985ce4a73faa
Size/MD5: 53758 2ff2c004dbc825d511882bfc5c2fbf80
Size/MD5: 668810 d440cc30b27222c35e730bf02bca1f03
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 1863162 fe9794af837ca0d88944d306c502d7d4
Size/MD5: 547574 fd16bcbcc34cf8c7f766ec8576a22ef0
Size/MD5: 64168 37f6ee47f747ea8f18e47b2082ebf8d3
Size/MD5: 982890 49ddec629345d3d487717fb3618302eb
Size/MD5: 322182 d432c98983be6bbe9703b62423272e01
Size/MD5: 73496 b119c352938012ba86010455cce3f085
Size/MD5: 26910 74da37259c401b671c6d679859222792
Size/MD5: 620936 e302fc31adefba974869b45da1bff47b
Size/MD5: 784150 8b7c6afd60463dfe9c3057f9ccb389b3
Size/MD5: 2032368 986375eb76b5f5525489ff8b8f39b88a
Size/MD5: 3208798 8e8d8359bab5c30e709b18c85620fa1c
Size/MD5: 3131708 0ff4e0845ca30d7aa1d2ef5ef5f37a76
Size/MD5: 709122 2033fb8278a6aaa53ca66d1264f92d45
Size/MD5: 98560 e2183d1c76a0ebcc9a6d37b8fe01391e
Size/MD5: 346882 a7623b627c77237ea6696d9974966e23
Size/MD5: 52764 bd261cf035de8db6dd37fd08f6aa0dad
Size/MD5: 618450 1f4af67fb91b060d902b60e8c16f7782
lpia architecture (Low Power Intel Architecture):
Size/MD5: 1881018 35fdf3b85fa92e80e696e1cb4c34c2c9
Size/MD5: 542124 c4ab3a06b22015bbbac04355ae149d59
Size/MD5: 63740 0c797473d4356127600f0b4dce73520a
Size/MD5: 985186 c85023a3295a161b26e2f75655c64865
Size/MD5: 316660 932a54b005b1fde70de804124443319e
Size/MD5: 73706 d038a0efc0ab29d40c6a3b506e56aaaf
Size/MD5: 26836 70742ffd97780d08b300141a96f3ab08
Size/MD5: 630702 052d09f5997d3a11384e831a90e2ff77
Size/MD5: 788044 eaaadcf4ba6ce21b205019dda2f99a65
Size/MD5: 2062374 e4dd42ec1a34a234014a0133f90938ae
Size/MD5: 3197936 d173742e3f2abfb2bd1c64495460c843
Size/MD5: 3176114 8e060d6caad27f134ec2f2b4ef137e24
Size/MD5: 700378 1ce5a1bc53045f87515f0ff22747f52d
Size/MD5: 98416 39e61cc698d5ebcf6b9707bacc161134
Size/MD5: 347428 6b243ef24ccb982ab6e1cf74bae0d531
Size/MD5: 52634 755e59e4a976afdf1827fe6b66e7dfb2
Size/MD5: 613154 5e6b1c7de02996891a1686c4c4b89fc2
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 1932440 ea4ae556feb929f6a8e73d7516e95e89
Size/MD5: 580180 a97a6ada5574be24fd5f222d60f31494
Size/MD5: 70044 e66c3ef0e604c542806871a7cc2d8eeb
Size/MD5: 1070912 a009d018f0896c01e2abba858f7c5827
Size/MD5: 361694 8363760b96de2a28a1fea788cf44354c
Size/MD5: 77598 049fa35abd0c39f0b0aae6c386e3d768
Size/MD5: 27690 87ff5f626ace30a762c2667713e29029
Size/MD5: 636486 d81c8fb120719e8de20f6c670f1f8c10
Size/MD5: 822802 6fc97eebaf34407704822cd9bf98237c
Size/MD5: 2125022 5b60498ca23979dc3498c4bafffe5706
Size/MD5: 3325182 3439489924a0e8b7876f5b81f5fec57b
Size/MD5: 3276744 1226aa63df23803cde841c4f4ad7099a
Size/MD5: 810154 e5fef604ee03e2a1ee46fa167b4b1379
Size/MD5: 116074 aac96a6b6e9f0b199fc6272744c1c1f3
Size/MD5: 361770 1c4a4ebff32fa9d06893dab4f20597fb
Size/MD5: 56528 344978fc39fff4dca5504ae0e45892ad
Size/MD5: 705722 ac90a30e055de0b7b03e3c6caef7b66f
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 1973012 b4b5b4f83e01555b8dcd72f5d5164d95
Size/MD5: 3231364 70de2cf39032c78ebc1d19b348d8038e
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
