lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20080804134645.GA13344@severus.strandboge.com>
Date: Mon, 4 Aug 2008 09:46:45 -0400
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-626-2] Devhelp, Epiphany,
	Midbrowser and Yelp update

=========================================================== 
Ubuntu Security Notice USN-626-2            August 04, 2008
devhelp, epiphany-browser, midbrowser, yelp update
https://launchpad.net/bugs/253462
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  devhelp                         0.19-1ubuntu1.8.04.3
  epiphany-gecko                  2.22.2-0ubuntu0.8.04.5
  midbrowser                      0.3.0rc1a-1~8.04.2
  yelp                            2.22.1-0ubuntu2.8.04.2

After a standard system upgrade you need to restart Devhelp, Epiphany,
Midbrowser and Yelp to effect the necessary changes.

Details follow:

USN-626-1 fixed vulnerabilities in xulrunner-1.9. The changes required
that Devhelp, Epiphany, Midbrowser and Yelp also be updated to use the
new xulrunner-1.9.

Original advisory details:

 A flaw was discovered in the browser engine. A variable could be made to
 overflow causing the browser to crash. If a user were tricked into opening
 a malicious web page, an attacker could cause a denial of service or
 possibly execute arbitrary code with the privileges of the user invoking
 the program. (CVE-2008-2785)
 
 Billy Rios discovered that Firefox and xulrunner, as used by browsers
 such as Epiphany, did not properly perform URI splitting with pipe
 symbols when passed a command-line URI. If Firefox or xulrunner were
 passed a malicious URL, an attacker may be able to execute local
 content with chrome privileges. (CVE-2008-2933)


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/devhelp_0.19-1ubuntu1.8.04.3.diff.gz
      Size/MD5:    31298 9c7bb3906f79ab2c1f190cbefb703f82
    http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/devhelp_0.19-1ubuntu1.8.04.3.dsc
      Size/MD5:     1114 bb5bf149ce7b8df7a16d7ab7c411d5ed
    http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/devhelp_0.19.orig.tar.gz
      Size/MD5:   675357 3a9cb38f83d7f20391b19e305608f289
    http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-browser_2.22.2-0ubuntu0.8.04.5.diff.gz
      Size/MD5:    41819 89fa0f8815e04a0f634241b6c1f364d3
    http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-browser_2.22.2-0ubuntu0.8.04.5.dsc
      Size/MD5:     1589 61c107f668ad8b4aa25c398b0c93fe1d
    http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-browser_2.22.2.orig.tar.gz
      Size/MD5:  7126288 cdc44e20c2ebaba1fe71c1154030dcd9
    http://security.ubuntu.com/ubuntu/pool/main/m/midbrowser/midbrowser_0.3.0rc1a-1~8.04.2.dsc
      Size/MD5:     1081 fcc8bc8330370aa9df477a6b6f6fb819
    http://security.ubuntu.com/ubuntu/pool/main/m/midbrowser/midbrowser_0.3.0rc1a-1~8.04.2.tar.gz
      Size/MD5: 46625228 e35bc6b300ba8ba6795cc3c8544c1c70
    http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.22.1-0ubuntu2.8.04.2.diff.gz
      Size/MD5:  1268814 35076923ad47e759c7944548421dee51
    http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.22.1-0ubuntu2.8.04.2.dsc
      Size/MD5:     1230 bd4fda6dd2e3c57f2db67e635e805a5b
    http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.22.1.orig.tar.gz
      Size/MD5:  1528478 e97a18f7e002d293394726004fc110b7

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/devhelp-common_0.19-1ubuntu1.8.04.3_all.deb
      Size/MD5:    38486 95c5a3b17fd74b4dd632e7c8a2c559ec
    http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-browser-data_2.22.2-0ubuntu0.8.04.5_all.deb
      Size/MD5:  3296778 b77676d76c4a5ba0728fca33aadc238a
    http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-browser-dev_2.22.2-0ubuntu0.8.04.5_all.deb
      Size/MD5:   115802 30f9179b2bbeb7fc0170ec9156deedd5
    http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-browser_2.22.2-0ubuntu0.8.04.5_all.deb
      Size/MD5:    49494 bb116eb3227198464792497dbf1b1fa3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/devhelp_0.19-1ubuntu1.8.04.3_amd64.deb
      Size/MD5:    17026 5fd05c053b42d0ab1228e97953aa8775
    http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/libdevhelp-1-0_0.19-1ubuntu1.8.04.3_amd64.deb
      Size/MD5:   100988 c8f2b1a6898df9a34715ed306ce0f28d
    http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/libdevhelp-1-dev_0.19-1ubuntu1.8.04.3_amd64.deb
      Size/MD5:     6702 35a0280af7c5ad62333b6ad64c612bd9
    http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-browser-dbg_2.22.2-0ubuntu0.8.04.5_amd64.deb
      Size/MD5:  1948612 87efe42bb7facafb8f5c24ecb7d256ef
    http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-gecko_2.22.2-0ubuntu0.8.04.5_amd64.deb
      Size/MD5:   579338 3e65b363fad9bb0f9364d13312d438c1
    http://security.ubuntu.com/ubuntu/pool/main/m/midbrowser/midbrowser_0.3.0rc1a-1~8.04.2_amd64.deb
      Size/MD5:  1222428 1ec764e382c763932d3485062f9d30a8
    http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.22.1-0ubuntu2.8.04.2_amd64.deb
      Size/MD5:   359272 22eda6f6103d5b22a7fd6734941ce57a

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/devhelp_0.19-1ubuntu1.8.04.3_i386.deb
      Size/MD5:    31736 3930e413a69542a6fe692da52e122bf6
    http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/libdevhelp-1-0_0.19-1ubuntu1.8.04.3_i386.deb
      Size/MD5:    79106 7d4f9e0bca4834ffe03160a25fd5d915
    http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/libdevhelp-1-dev_0.19-1ubuntu1.8.04.3_i386.deb
      Size/MD5:    21908 4da4fbb4969b6f50dfdd970e6b330434
    http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-browser-dbg_2.22.2-0ubuntu0.8.04.5_i386.deb
      Size/MD5:  1863560 670d52c0413ae0f34b7d515e75f35022
    http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany-gecko_2.22.2-0ubuntu0.8.04.5_i386.deb
      Size/MD5:   545286 900c7fe883d5b0a134e6f562d91dfdff
    http://security.ubuntu.com/ubuntu/pool/main/m/midbrowser/midbrowser_0.3.0rc1a-1~8.04.2_i386.deb
      Size/MD5:  1192374 75f56b11566863c175d97f2015c8c4e0
    http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.22.1-0ubuntu2.8.04.2_i386.deb
      Size/MD5:   346632 08944188ce8e4e48b76f63c6bead71f9

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/d/devhelp/devhelp_0.19-1ubuntu1.8.04.3_lpia.deb
      Size/MD5:    16710 9eca7f0fe03d7555b777e2f3bbd69444
    http://ports.ubuntu.com/pool/main/d/devhelp/libdevhelp-1-0_0.19-1ubuntu1.8.04.3_lpia.deb
      Size/MD5:    92962 6ebfa49dcabb3d76a43c929d0ad9b86d
    http://ports.ubuntu.com/pool/main/d/devhelp/libdevhelp-1-dev_0.19-1ubuntu1.8.04.3_lpia.deb
      Size/MD5:     6708 1e479fcf05f054761cb6c5f645691272
    http://ports.ubuntu.com/pool/main/e/epiphany-browser/epiphany-browser-dbg_2.22.2-0ubuntu0.8.04.5_lpia.deb
      Size/MD5:  1881282 9acc6a2939b1a0f25d9957170fb2be0d
    http://ports.ubuntu.com/pool/main/e/epiphany-browser/epiphany-gecko_2.22.2-0ubuntu0.8.04.5_lpia.deb
      Size/MD5:   540030 f21b130d59e6765fcf62145741edfb31
    http://ports.ubuntu.com/pool/main/m/midbrowser/midbrowser_0.3.0rc1a-1~8.04.2_lpia.deb
      Size/MD5:  1187040 8b9a8b1a869b4126113c1a42144fa749
    http://ports.ubuntu.com/pool/main/y/yelp/yelp_2.22.1-0ubuntu2.8.04.2_lpia.deb
      Size/MD5:   347230 bb2cf6e1ffd5251a3fdc0ca040591720

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/d/devhelp/devhelp_0.19-1ubuntu1.8.04.3_powerpc.deb
      Size/MD5:    19474 c8238d336c7d5809ffd284e23e583258
    http://ports.ubuntu.com/pool/main/d/devhelp/libdevhelp-1-0_0.19-1ubuntu1.8.04.3_powerpc.deb
      Size/MD5:   101252 71fc2e25b914d62b9dcc84fa34a37bb5
    http://ports.ubuntu.com/pool/main/d/devhelp/libdevhelp-1-dev_0.19-1ubuntu1.8.04.3_powerpc.deb
      Size/MD5:     6712 f02cac506dc419a8d6bbea10f17f6c31
    http://ports.ubuntu.com/pool/main/e/epiphany-browser/epiphany-browser-dbg_2.22.2-0ubuntu0.8.04.5_powerpc.deb
      Size/MD5:  1931954 959869f5deb73dc20ad999df7db6db29
    http://ports.ubuntu.com/pool/main/e/epiphany-browser/epiphany-gecko_2.22.2-0ubuntu0.8.04.5_powerpc.deb
      Size/MD5:   576138 a07f45bdb84eda63783fda40635d12a8
    http://ports.ubuntu.com/pool/main/m/midbrowser/midbrowser_0.3.0rc1a-1~8.04.2_powerpc.deb
      Size/MD5:  1212598 1e1c5ab7e9e4e1ad45763faffc0e2d83
    http://ports.ubuntu.com/pool/main/y/yelp/yelp_2.22.1-0ubuntu2.8.04.2_powerpc.deb
      Size/MD5:   361420 7f1093eb894d3c55c8d15efd793ae451


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ