| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Nov 2008 12:38:02 -0500
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: "bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>,
full-disclosure@...ts.grok.org.uk
Subject: [USN-676-1] WebKit vulnerability
===========================================================
Ubuntu Security Notice USN-676-1 November 24, 2008
webkit vulnerability
CVE-2008-3632
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.10:
libwebkit-1.0-1 1.0.1-2ubuntu0.1
After a standard system upgrade you need to restart any applications that
use WebKit, such as Epiphany-webkit and Midori, to effect the necessary
changes.
Details follow:
It was discovered that WebKit did not properly handle Cascading Style Sheets
(CSS) import statements. If a user were tricked into opening a malicious
website, an attacker could cause a browser crash and possibly execute
arbitrary code with user privileges.
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.0.1-2ubuntu0.1.diff.gz
Size/MD5: 21219 e7f04089c687141f512cb5066d1a1c30
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.0.1-2ubuntu0.1.dsc
Size/MD5: 1538 23427df68878b3540e082d778cf74ed2
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.0.1.orig.tar.gz
Size/MD5: 13418752 4de68a5773998bea14e8939aa341c466
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-dev_1.0.1-2ubuntu0.1_all.deb
Size/MD5: 33888 3d3e394977eb1a52a81694786831075b
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-2ubuntu0.1_amd64.deb
Size/MD5: 62588488 b87a1a306e88f330a034de2374f08998
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-1_1.0.1-2ubuntu0.1_amd64.deb
Size/MD5: 3498192 08f5383449a42b900a7a541a50f309d7
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-2ubuntu0.1_i386.deb
Size/MD5: 62196494 3b3c6e6c871e45ebda20daeb377c261b
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-1_1.0.1-2ubuntu0.1_i386.deb
Size/MD5: 3012354 f1528e6e6dedd94de7cf80bc8cf00c83
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-2ubuntu0.1_lpia.deb
Size/MD5: 62283008 74002deca41e5eb530475b1b8162948c
http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-1_1.0.1-2ubuntu0.1_lpia.deb
Size/MD5: 2965064 a7e3b539e899ad5b1fae915f9da5fce2
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-2ubuntu0.1_powerpc.deb
Size/MD5: 64792472 dcaf2d61a355ef62a6bdc423aa68bbe2
http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-1_1.0.1-2ubuntu0.1_powerpc.deb
Size/MD5: 3291430 50b79b1e9dfd831cd4fb3ffeb6342ec8
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-2ubuntu0.1_sparc.deb
Size/MD5: 63702930 9a411dc78d88cdeadf1e105eafa84b31
http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-1_1.0.1-2ubuntu0.1_sparc.deb
Size/MD5: 3495810 b945ea2113760479bdc8be11aafe0272
Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)
Powered by blists - more mailing lists