"Ubuntu Security Notice USN-836-1 September 23, 2009
webkit vulnerabilities
CVE-2009-0945, CVE-2009-1687, CVE-2009-1690, CVE-2009-1698,
CVE-2009-1711, CVE-2009-1712, CVE-2009-1725
==========================
==========================
=========
A security issue affects the following Ubuntu releases:
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.10:
libwebkit-1.0-1 1.0.1-2ubuntu0.2
libwebkit-1.0-1-dbg 1.0.1-2ubuntu0.2
libwebkit-dev 1.0.1-2ubuntu0.2
Ubuntu 9.04:
libwebkit-1.0-1 1.0.1-4ubuntu0.1
libwebkit-1.0-1-dbg 1.0.1-4ubuntu0.1
libwebkit-dev 1.0.1-4ubuntu0.1
After a standard system upgrade you need to restart any applications that
use WebKit, such as Epiphany-webkit and Midori, to effect the necessary
changes.
Details follow:
It was discovered that WebKit did not properly handle certain SVGPathList
data structures. If a user were tricked into viewing a malicious website,
an attacker could exploit this to execute arbitrary code with the
privileges of the user invoking the program. (CVE-2009-0945)
Several flaws were discovered in the WebKit browser and JavaScript engines.
If a user were tricked into viewing a malicious website, a remote attacker
could cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2009-1687, CVE-2009-1690,
CVE-2009-1698, CVE-2009-1711, CVE-2009-1725)
It was discovered that WebKit did not prevent the loading of local Java
applets. If a user were tricked into viewing a malicious website,
an attacker could exploit this to execute arbitrary code with the
privileges of the user invoking the program. (CVE-2009-1712)
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.0.1-2ubun=
tu0.2.diff.gz
Size/MD5: 25401 ca58f621eec09ea60847fb7eeb18ef2a
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.0.1-2ubun=
tu0.2.dsc
Size/MD5: 1538 ebdb32117beca5fff473ca0c1b065b42
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.0.1.orig.=
tar.gz
Size/MD5: 13418752 4de68a5773998bea14e8939aa341c466
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-dev_1.0.=
1-2ubuntu0.2_all.deb
Size/MD5: 34590 acb9cdfb9608c5f4146ea88eef384e75
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-1-db=
g_1.0.1-2ubuntu0.2_amd64.deb
Size/MD5: 62592212 df3152f6a40e538e3a267908d83783c0
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-1_1.=
0.1-2ubuntu0.2_amd64.deb
Size/MD5: 3501472 e68f67894e53eb2faa48191ea3953732
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-1-db=
g_1.0.1-2ubuntu0.2_i386.deb
Size/MD5: 62206938 b7d1dde62360865cbc814122b93d4005
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-1_1.=
0.1-2ubuntu0.2_i386.deb
Size/MD5: 3014500 73a5a3e9985f6d165120c5c3cca6d06b
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-2u=
buntu0.2_lpia.deb
Size/MD5: 62284322 75ff8aefee1fdea994f660dab5f6554f
http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-1_1.0.1-2ubunt=
u0.2_lpia.deb
Size/MD5: 2966170 1c52f1920282c659a0a81a3be44dde7f
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.0.1-4ubun=
tu0.1.diff.gz
Size/MD5: 30900 0ea9f48f994b9bd759446a939ff5dca3
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.0.1-4ubun=
tu0.1.dsc
Size/MD5: 1538 31502504b765f1161825ccdb82f71788
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.0.1.orig.=
tar.gz
Size/MD5: 13418752 4de68a5773998bea14e8939aa341c466
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-dev_1.0.=
1-4ubuntu0.1_all.deb
Size/MD5: 34678 5042c01c01e9d128a13d1457c56b0cbd
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-1-db=
g_1.0.1-4ubuntu0.1_amd64.deb
Size/MD5: 62772554 3026ef7b332447cae68ed4f72b35ddb2
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-1_1.=
0.1-4ubuntu0.1_amd64.deb
Size/MD5: 3502830 0fcd75b07524e2d70f8770ccd5bdc0c3
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-1-db=
g_1.0.1-4ubuntu0.1_i386.deb
Size/MD5: 62357024 777eb37c5384472cf9b4adac21f0d116
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-1_1.=
0.1-4ubuntu0.1_i386.deb
Size/MD5: 3014688 100fd9406ea649edd954f4d154ab4d30
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4u=
buntu0.1_lpia.deb
Size/MD5: 62441454 18aa72b5c443a86153906e5ba4a87e55
http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-1_1.0.1-4ubunt=
u0.1_lpia.deb
Size/MD5: 2968040 9651199f95dfee6252e2aacde99ebbbf
--=-3HF0opzWsiOULiTXaIDM
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAkq6ItQACgkQLMAs/0C4zNrFQACfaJ0mrT7x4jPXDV0KgdPVL8Ve
6NsAnRYNc86AEFtg9VOLIJHaDinP2mwH
!Sm
-----END PGP SIGNATURE-----
"
USN-832-1: FreeRADIUS vulnerabilityRihanna saved millions on new home
This entry was posted
on 12:16 PM
.
Archives
-
▼
2009
(488)
-
▼
September
(53)
- RHSA-2009:1465-01 Important: kvm security and bug ...
- RHSA-2009:1466-01 Important: kernel security and b...
- DSA 1897-1: New horde3 packages fix arbitrary code...
- DSA 1895-1: New xmltooling packages fix potential ...
- DSA 1894-1: New newt packages fix arbitrary code e...
- DSA 1892-1: New dovecot packages fix arbitrary cod...
- GLSA 200909-20 cURL: Certificate validation error
- RHSA-2009:1461-01 Important: Red Hat Application S...
- RHSA-2009:1463-01 Moderate: newt security update
- USN-837-1: Newt vulnerability
- RHSA-2009:1452-01 Moderate: neon security update
- DSA 1891-1: New changetrack packages fix arbitrary...
- USN-836-1: WebKit vulnerabilities
- RHSA-2009:1459-04 Important: cyrus-imapd security ...
- RHSA-2009:1453-01 Moderate: pidgin security update
- USN-835-1: neon vulnerabilities
- DSA 1888-1: New openssl packages deprecate MD2 has...
- USN-834-1: PostgreSQL vulnerabilities
- GLSA 200909-19 Dnsmasq: Multiple vulnerabilities
- GLSA 200909-18 nginx: Remote execution of arbitra...
- DSA 1889-1: New icu packages correct multibyte seq...
- USN-830-1: OpenSSL vulnerability
- RHSA-2009:1438-01 Important: kernel security and b...
- USN-832-1: FreeRADIUS vulnerability
- DSA 1884-1: New nginx packages fix arbitrary code ...
- RHSA-2009:1451-01 Moderate: freeradius security up...
- DSA 1883-2: New nagios2 packages fix regression
- GLSA 200909-17 ZNC: Directory traversal
- USN-821-1: Firefox and Xulrunner vulnerabilities
- DSA 1887-1: New rails packages fix cross-site scri...
- GLSA 200909-14 Horde: Multiple vulnerabilities
- GLSA 200909-16 Wireshark: Denial of Service
- DSA 1878-2: New devscripts packages fix regressions
- GLSA 200909-12 HTMLDOC: User-assisted execution o...
- GLSA 200909-09 Screenie: Insecure temporary file ...
- DSA 1883-1: New nagios2 packages fix several cross...
- RHSA-2009:1432-01 Critical: seamonkey security update
- RHSA-2009:1431-01 Critical: seamonkey security update
- RHSA-2009:1430-01 Critical: firefox security update
- DSA 1879-1: New silc-client/silc-toolkit packages ...
- GLSA 200909-04 Clam AntiVirus: Multiple vulnerabi...
- DSA 1878-1: New devscripts packages fix remote cod...
- DSA 1881-1: New cyrus-imapd packages fix arbitrary...
- GLSA 200909-01 Linux-PAM: Privilege escalation
- GLSA 200909-02 libvorbis: User-assisted execution...
- RHSA-2009:1339-02 Low: rgmanager security, bug fix...
- RHSA-2009:1289-02 Moderate: mysql security and bug...
- RHSA-2009:1321-02 Low: nfs-utils security and bug ...
- RHSA-2009:1278-02 Low: lftp security and bug fix u...
- RHSA-2009:1341-02 Low: cman security, bug fix, and...
- RHSA-2009:1337-02 Low: gfs2-utils security and bug...
- RHSA-2009:1232-01 Moderate: gnutls security update
- RHSA-2009:1239-02 Important: kernel-rt security an...
-
▼
September
(53)