A new Devhelp, Epiphany, Midbrowser and Yelp update update is available for Ubuntu Linux. Here the announcement:
"Ubuntu Security Notice USN-626-2 August 04, 2008
devhelp, epiphany-browser, midbrowser, yelp update
https://launchpad.net/bugs/253462
==========================
==========================
=========
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
devhelp 0.19-1ubuntu1.8.04.3
epiphany-gecko 2.22.2-0ubuntu0.8.04.5
midbrowser 0.3.0rc1a-1~8.04.2
yelp 2.22.1-0ubuntu2.8.04.2
After a standard system upgrade you need to restart Devhelp, Epiphany,
Midbrowser and Yelp to effect the necessary changes.
Details follow:
USN-626-1 fixed vulnerabilities in xulrunner-1.9. The changes required
that Devhelp, Epiphany, Midbrowser and Yelp also be updated to use the
new xulrunner-1.9.
Original advisory details:
A flaw was discovered in the browser engine. A variable could be made to
overflow causing the browser to crash. If a user were tricked into opening
a malicious web page, an attacker could cause a denial of service or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2008-2785)
Billy Rios discovered that Firefox and xulrunner, as used by browsers
such as Epiphany, did not properly perform URI splitting with pipe
symbols when passed a command-line URI. If Firefox or xulrunner were
passed a malicious URL, an attacker may be able to execute local
content with chrome privileges. (CVE-2008-2933)
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/devhelp_0.19-1ubu=
ntu1.8.04.3.diff.gz
Size/MD5: 31298 9c7bb3906f79ab2c1f190cbefb703f82
http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/devhelp_0.19-1ubu=
ntu1.8.04.3.dsc
Size/MD5: 1114 bb5bf149ce7b8df7a16d7ab7c411d5ed
http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/devhelp_0.19.orig=
.tar.gz
Size/MD5: 675357 3a9cb38f83d7f20391b19e305608f289
http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany=
-browser_2.22.2-0ubuntu0.8.04.5.diff.gz
Size/MD5: 41819 89fa0f8815e04a0f634241b6c1f364d3
http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany=
-browser_2.22.2-0ubuntu0.8.04.5.dsc
Size/MD5: 1589 61c107f668ad8b4aa25c398b0c93fe1d
http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany=
-browser_2.22.2.orig.tar.gz
Size/MD5: 7126288 cdc44e20c2ebaba1fe71c1154030dcd9
http://security.ubuntu.com/ubuntu/pool/main/m/midbrowser/midbrowser_0.3=
.0rc1a-1~8.04.2.dsc
Size/MD5: 1081 fcc8bc8330370aa9df477a6b6f6fb819
http://security.ubuntu.com/ubuntu/pool/main/m/midbrowser/midbrowser_0.3=
.0rc1a-1~8.04.2.tar.gz
Size/MD5: 46625228 e35bc6b300ba8ba6795cc3c8544c1c70
http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.22.1-0ubuntu2=
.8.04.2.diff.gz
Size/MD5: 1268814 35076923ad47e759c7944548421dee51
http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.22.1-0ubuntu2=
.8.04.2.dsc
Size/MD5: 1230 bd4fda6dd2e3c57f2db67e635e805a5b
http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.22.1.orig.tar=
.gz
Size/MD5: 1528478 e97a18f7e002d293394726004fc110b7
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/devhelp-common_0.=
19-1ubuntu1.8.04.3_all.deb
Size/MD5: 38486 95c5a3b17fd74b4dd632e7c8a2c559ec
http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany=
-browser-data_2.22.2-0ubuntu0.8.04.5_all.deb
Size/MD5: 3296778 b77676d76c4a5ba0728fca33aadc238a
http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany=
-browser-dev_2.22.2-0ubuntu0.8.04.5_all.deb
Size/MD5: 115802 30f9179b2bbeb7fc0170ec9156deedd5
http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany=
-browser_2.22.2-0ubuntu0.8.04.5_all.deb
Size/MD5: 49494 bb116eb3227198464792497dbf1b1fa3
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/devhelp_0.19-1ubu=
ntu1.8.04.3_amd64.deb
Size/MD5: 17026 5fd05c053b42d0ab1228e97953aa8775
http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/libdevhelp-1-0_0.=
19-1ubuntu1.8.04.3_amd64.deb
Size/MD5: 100988 c8f2b1a6898df9a34715ed306ce0f28d
http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/libdevhelp-1-dev_=
0.19-1ubuntu1.8.04.3_amd64.deb
Size/MD5: 6702 35a0280af7c5ad62333b6ad64c612bd9
http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany=
-browser-dbg_2.22.2-0ubuntu0.8.04.5_amd64.deb
Size/MD5: 1948612 87efe42bb7facafb8f5c24ecb7d256ef
http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany=
-gecko_2.22.2-0ubuntu0.8.04.5_amd64.deb
Size/MD5: 579338 3e65b363fad9bb0f9364d13312d438c1
http://security.ubuntu.com/ubuntu/pool/main/m/midbrowser/midbrowser_0.3=
.0rc1a-1~8.04.2_amd64.deb
Size/MD5: 1222428 1ec764e382c763932d3485062f9d30a8
http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.22.1-0ubuntu2=
.8.04.2_amd64.deb
Size/MD5: 359272 22eda6f6103d5b22a7fd6734941ce57a
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/devhelp_0.19-1ubu=
ntu1.8.04.3_i386.deb
Size/MD5: 31736 3930e413a69542a6fe692da52e122bf6
http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/libdevhelp-1-0_0.=
19-1ubuntu1.8.04.3_i386.deb
Size/MD5: 79106 7d4f9e0bca4834ffe03160a25fd5d915
http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/libdevhelp-1-dev_=
0.19-1ubuntu1.8.04.3_i386.deb
Size/MD5: 21908 4da4fbb4969b6f50dfdd970e6b330434
http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany=
-browser-dbg_2.22.2-0ubuntu0.8.04.5_i386.deb
Size/MD5: 1863560 670d52c0413ae0f34b7d515e75f35022
http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-browser/epiphany=
-gecko_2.22.2-0ubuntu0.8.04.5_i386.deb
Size/MD5: 545286 900c7fe883d5b0a134e6f562d91dfdff
http://security.ubuntu.com/ubuntu/pool/main/m/midbrowser/midbrowser_0.3=
.0rc1a-1~8.04.2_i386.deb
Size/MD5: 1192374 75f56b11566863c175d97f2015c8c4e0
http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.22.1-0ubuntu2=
.8.04.2_i386.deb
Size/MD5: 346632 08944188ce8e4e48b76f63c6bead71f9
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/d/devhelp/devhelp_0.19-1ubuntu1.8.04.=
3_lpia.deb
Size/MD5: 16710 9eca7f0fe03d7555b777e2f3bbd69444
http://ports.ubuntu.com/pool/main/d/devhelp/libdevhelp-1-0_0.19-1ubuntu=
1.8.04.3_lpia.deb
Size/MD5: 92962 6ebfa49dcabb3d76a43c929d0ad9b86d
http://ports.ubuntu.com/pool/main/d/devhelp/libdevhelp-1-dev_0.19-1ubun=
tu1.8.04.3_lpia.deb
Size/MD5: 6708 1e479fcf05f054761cb6c5f645691272
http://ports.ubuntu.com/pool/main/e/epiphany-browser/epiphany-browser-d=
bg_2.22.2-0ubuntu0.8.04.5_lpia.deb
Size/MD5: 1881282 9acc6a2939b1a0f25d9957170fb2be0d
http://ports.ubuntu.com/pool/main/e/epiphany-browser/epiphany-gecko_2.2=
2.2-0ubuntu0.8.04.5_lpia.deb
Size/MD5: 540030 f21b130d59e6765fcf62145741edfb31
http://ports.ubuntu.com/pool/main/m/midbrowser/midbrowser_0.3.0rc1a-1~8=
.04.2_lpia.deb
Size/MD5: 1187040 8b9a8b1a869b4126113c1a42144fa749
http://ports.ubuntu.com/pool/main/y/yelp/yelp_2.22.1-0ubuntu2.8.04.2_lp=
ia.deb
Size/MD5: 347230 bb2cf6e1ffd5251a3fdc0ca040591720
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/d/devhelp/devhelp_0.19-1ubuntu1.8.04.=
3_powerpc.deb
Size/MD5: 19474 c8238d336c7d5809ffd284e23e583258
http://ports.ubuntu.com/pool/main/d/devhelp/libdevhelp-1-0_0.19-1ubuntu=
1.8.04.3_powerpc.deb
Size/MD5: 101252 71fc2e25b914d62b9dcc84fa34a37bb5
http://ports.ubuntu.com/pool/main/d/devhelp/libdevhelp-1-dev_0.19-1ubun=
tu1.8.04.3_powerpc.deb
Size/MD5: 6712 f02cac506dc419a8d6bbea10f17f6c31
http://ports.ubuntu.com/pool/main/e/epiphany-browser/epiphany-browser-d=
bg_2.22.2-0ubuntu0.8.04.5_powerpc.deb
Size/MD5: 1931954 959869f5deb73dc20ad999df7db6db29
http://ports.ubuntu.com/pool/main/e/epiphany-browser/epiphany-gecko_2.2=
2.2-0ubuntu0.8.04.5_powerpc.deb
Size/MD5: 576138 a07f45bdb84eda63783fda40635d12a8
http://ports.ubuntu.com/pool/main/m/midbrowser/midbrowser_0.3.0rc1a-1~8=
.04.2_powerpc.deb
Size/MD5: 1212598 1e1c5ab7e9e4e1ad45763faffc0e2d83
http://ports.ubuntu.com/pool/main/y/yelp/yelp_2.22.1-0ubuntu2.8.04.2_po=
werpc.deb
Size/MD5: 361420 7f1093eb894d3c55c8d15efd793ae451
--sdtB3X0nJg68CQEu
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIlwhFW0JvuRdL8BoRAtO7AJ47I5c+oINcjsjv0cn+3V5b99EFoACfQpgQ
XaS9rBDbpVgkO6t/UjCxeiM=
=skLg
-----END PGP SIGNATURE-----
"
USN-620-1: OpenSSL vulnerabilities
USN-626-1: Firefox and xulrunner vulnerabilities
Safari, Mac usage climbs online in May
Microsoft Warns on Safari ‘Carpet Bombing’ Flaw
This entry was posted
on 11:16 PM
.
Archives
-
▼
2008
(457)
-
▼
August
(65)
- CESA-2008:0836 Moderate CentOS 5 x86_64 libxml2 Up...
- CESA-2008:0849 Important CentOS 5 x86_64 ipsec-too...
- RHSA-2008:0847-01 Important: libtiff security and ...
- RHSA-2008:0848-01 Important: libtiff security and ...
- RHSA-2008:0863-01 Important: libtiff security update
- CESA-2008:0836 Moderate CentOS 5 i386 libxml2 Update
- CESA-2008:0836 Moderate CentOS 3 x86_64 libxml2 - ...
- CESA-2008:0836 Moderate CentOS 3 i386 libxml2 - se...
- Intel acquires Linux distro developer
- RHSA-2008:0648-01 Important: tomcat security update
- RHSA-2008:0849-01 Important: ipsec-tools security ...
- CESA-2008:0839 Moderate CentOS 4 ia64 postfix - se...
- DSA 1631-1: New libxml2 packages fix denial of ser...
- MIDs offer Atom, HSDPA
- CESA-2008:0836 Moderate CentOS 4 s390(x) libxml2 -...
- CESA-2008:0836 Moderate CentOS 4 ia64 libxml2 - se...
- Kubuntu 8.10 Alpha 4 Review
- CESA-2008:0855 Critical CentOS 4 s390(x) openssh -...
- Contentteller Release Candidate 2 available
- Creating Advanced MySQL-Based Virtual Hosts On Lig...
- openSUSE 11.1 Alpha 2
- DSA 1629-2: New postfix packages fix installabilit...
- USN-636-1: Postfix vulnerability
- RHSA-2008:0815-01 Moderate: yum-rhn-plugin securit...
- Intel aims x86 at digital TVs
- Intel unveils dual-core Atom
- GLSA 200808-12 Postfix: Local privilege escalatio...
- AMD Radeon HD 4870 X2 On Linux
- DSA 1629-1: New postfix packages fix privilege esc...
- RHSA-2008:0818-02 Moderate: hplip security update
- RHSA-2008:0814-01 Moderate: condor security and bu...
- Ubuntu Linux 8.10 Alpha-4 released
- No title
- No title
- How To Set Up WebDAV With Lighttpd On Debian Etch
- RHSA-2008:0816-01 Moderate: condor security and bu...
- Contentteller Release Candidate 1 available
- GLSA 200808-09 OpenLDAP: Denial of Service vulner...
- DSA 1627-1: New PowerDNS packages reduce DNS spoof...
- GLSA 200808-11 UUDeview: Insecure temporary file ...
- GLSA 200808-10 Adobe Reader: User-assisted execut...
- GLSA 200808-07 ClamAV: Multiple Denials of Service
- ispCP Omega 1.0.0 RC6 released
- GLSA 200808-08 stunnel: Security bypass
- GLSA 200808-03 Mozilla products: Multiple vulnera...
- RHSA-2008:0612-01 Important: kernel security and b...
- Lightweight GNOME alternative emerges
- GLSA 200808-06 libxslt: Execution of arbitrary code
- GLSA 200808-04 Wireshark: Denial of Service
- At last -- native apps for Motorola Linux phones
- USN-626-2: Devhelp, Epiphany, Midbrowser and Yelp ...
- GLSA 200808-01 xine-lib: User-assisted execution ...
- How To Install The Zimbra Desktop Email Client On ...
- Fedora 10 Alpha
- GLSA 200807-15 Pan: User-assisted execution of ar...
- USN-633-1: libxslt vulnerabilities
- Installing And Using OpenVZ On CentOS 5.2
- DSA 1625-1: New cupsys packages fix arbitrary code...
- USN-634-1: OpenLDAP vulnerability
- RHSA-2008:0790-02 Critical: java-1.5.0-ibm securit...
- Netbooks growing -- in two ways
- DSA 1624-1: New libxslt packages fix arbitrary cod...
- DSA 1626-1: New httrack packages fix arbitrary cod...
- USN-626-1: Firefox and xulrunner vulnerabilities
- DSA 1623-1: New dnsmasq packages fix cache poisoning
-
▼
August
(65)