Login


 
Newsletter
Werbung
Sicherheit: Denial of Service in apturl (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Denial of Service in apturl (Aktualisierung)
ID: USN-930-2
Distribution: Ubuntu
Plattformen: Ubuntu 8.04 LTS
Datum: Mi, 30. Juni 2010, 08:42
Referenzen: https://launchpad.net/bugs/599954
Update von: Denial of Service in Firefox

Originalnachricht


--===============3352170434907268366==
Content-Type: multipart/signed; micalg="pgp-sha1";
protocol="application/pgp-signature"; boundary="=-2VbA3EHht/71rPBqX1X4"


--=-2VbA3EHht/71rPBqX1X4
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

===========================================================
Ubuntu Security Notice USN-930-2 June 29, 2010
apturl, epiphany-browser, gecko-sharp, gnome-python-extras,
liferea, rhythmbox, totem, ubufox, yelp update
https://launchpad.net/bugs/599954
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
apturl 0.2.2ubuntu1.1
epiphany-gecko 2.22.2-0ubuntu0.8.04.7
libgecko2.0-cil 0.11-3ubuntu4.8.04.1
liferea 1.4.14-0ubuntu4.1
python-gnome2-extras 2.19.1-0ubuntu7.2
rhythmbox 0.11.5-0ubuntu8.8.04.2
totem-mozilla 2.22.1-0ubuntu3.8.04.6
ubufox 0.9~rc2-0ubuntu0.8.04.1
yelp 2.22.1-0ubuntu2.8.04.4

After a standard system upgrade you need to restart any applications that
use Xulrunner to effect the necessary changes.

Details follow:

USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update
provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2 on
Ubuntu 8.04 LTS.

Original advisory details:

If was discovered that Firefox could be made to access freed memory. If a
user were tricked into viewing a malicious site, a remote attacker could
cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. This issue only affected
Ubuntu 8.04 LTS. (CVE-2010-1121)

Several flaws were discovered in the browser engine of Firefox. If a
user were tricked into viewing a malicious site, a remote attacker could
cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201,
CVE-2010-1202, CVE-2010-1203)

A flaw was discovered in the way plugin instances interacted. An attacker
could potentially exploit this and use one plugin to access freed memory from
a
second plugin to execute arbitrary code with the privileges of the user
invoking the program. (CVE-2010-1198)

An integer overflow was discovered in Firefox. If a user were tricked into
viewing a malicious site, an attacker could overflow a buffer and cause a
denial of service or possibly execute arbitrary code with the privileges of
the user invoking the program. (CVE-2010-1196)

Martin Barbella discovered an integer overflow in an XSLT node sorting
routine. An attacker could exploit this to overflow a buffer and cause a
denial of service or possibly execute arbitrary code with the privileges of
the user invoking the program. (CVE-2010-1199)

Michal Zalewski discovered that the focus behavior of Firefox could be
subverted. If a user were tricked into viewing a malicious site, a remote
attacker could use this to capture keystrokes. (CVE-2010-1125)

Ilja van Sprundel discovered that the 'Content-Disposition:
attachment'
HTTP header was ignored when 'Content-Type: multipart' was also
present.
Under certain circumstances, this could potentially lead to cross-site
scripting attacks. (CVE-2010-1197)

Amit Klein discovered that Firefox did not seed its random number generator
often enough. An attacker could exploit this to identify and track users
across different web sites. (CVE-2008-5913)


Updated packages for Ubuntu 8.04 LTS:

Source archives:

apturl_0.2.2ubuntu1.1.dsc
Size/MD5: 1183 033506549005852c57f2ebce9c7a40a8
apturl_0.2.2ubuntu1.1.tar.gz
Size/MD5: 18785 ef4c7849db7cb59386bd8da71064c539
epiphany-browser_2.22.2-0ubuntu0.8.04.7.diff.gz
Size/MD5: 44336 125002a836026ad3cd7a0126670cbf06
epiphany-browser_2.22.2-0ubuntu0.8.04.7.dsc
Size/MD5: 2333 5c99e9393b81bf53fea9a2c4522f65a5
epiphany-browser_2.22.2.orig.tar.gz
Size/MD5: 7126288 cdc44e20c2ebaba1fe71c1154030dcd9
gecko-sharp2_0.11-3ubuntu4.8.04.1.diff.gz
Size/MD5: 319066 b9d255da5374be55423efe4fbdfd55f3
gecko-sharp2_0.11-3ubuntu4.8.04.1.dsc
Size/MD5: 1846 3691c12269fa145d0dca3fcf138f5735
gecko-sharp2_0.11.orig.tar.gz
Size/MD5: 177141 7362d710b7fe6a8b5f68a614279147de
gnome-python-extras_2.19.1-0ubuntu7.2.diff.gz
Size/MD5: 102471 d7dfaef8c961831b27e584a54f7bb0db
gnome-python-extras_2.19.1-0ubuntu7.2.dsc
Size/MD5: 2206 32366846800f47a19b898f57f7534303
gnome-python-extras_2.19.1.orig.tar.gz
Size/MD5: 515369 3dd5eb6db50b86d49f065d9b8651bbc7
liferea_1.4.14-0ubuntu4.1.diff.gz
Size/MD5: 207032 281a32045a232e4521971be717b959c2
liferea_1.4.14-0ubuntu4.1.dsc
Size/MD5: 1946 5ee66c2b0e7588738d87db26c5e38e8a
liferea_1.4.14.orig.tar.gz
Size/MD5: 1616844 67fcb6b1e504b2ac3b8d151c96071ab4
rhythmbox_0.11.5-0ubuntu8.8.04.2.diff.gz
Size/MD5: 41609 ff2fbcd6d9ced053b5e8eccaa912f5c0
rhythmbox_0.11.5-0ubuntu8.8.04.2.dsc
Size/MD5: 2572 361e79ed6797953453d0c00da1f4f261
rhythmbox_0.11.5.orig.tar.gz
Size/MD5: 5949067 f8a38d080b551a75bd18bf6f4852fb86
totem_2.22.1-0ubuntu3.8.04.6.diff.gz
Size/MD5: 86094 3e2ee1d0dfc47b99b05e16b3fe96f80e
totem_2.22.1-0ubuntu3.8.04.6.dsc
Size/MD5: 2808 5c594092107ffa92b4d4d1ec7df4a456
totem_2.22.1.orig.tar.gz
Size/MD5: 3489611 37fa9e8f3b099b755aa4fa2693451311
ubufox_0.9~rc2-0ubuntu0.8.04.1.diff.gz
Size/MD5: 4237 6db33c7100ffea6d1644c4acc3bd7f15
ubufox_0.9~rc2-0ubuntu0.8.04.1.dsc
Size/MD5: 1400 a86376fa0d48e0123c5434274f357358
ubufox_0.9~rc2.orig.tar.gz
Size/MD5: 71757 373c0046b00366698f5aec0fce77e579
yelp_2.22.1-0ubuntu2.8.04.4.diff.gz
Size/MD5: 1268862 501e14edc91a2e7e7de89f31fc18ae06
yelp_2.22.1-0ubuntu2.8.04.4.dsc
Size/MD5: 1935 622d0fd71eaaae47966c029a57e19c47
http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2.22.1.orig.tar.gz
Size/MD5: 1528478 e97a18f7e002d293394726004fc110b7

Architecture independent packages:

apturl_0.2.2ubuntu1.1_all.deb
Size/MD5: 12034 c4f7b880eca2f9333b774357e4bf0a3c
epiphany-browser-data_2.22.2-0ubuntu0.8.04.7_all.deb
Size/MD5: 3296728 238824e4d5df7411c14211c430ae1ca4
epiphany-browser-dev_2.22.2-0ubuntu0.8.04.7_all.deb
Size/MD5: 115946 a8a38502124a942036a15cb4af764062
epiphany-browser_2.22.2-0ubuntu0.8.04.7_all.deb
Size/MD5: 49658 86e363ab7baac476119daa60f8b5a6f8
python-gnome2-extras-dev_2.19.1-0ubuntu7.2_all.deb
Size/MD5: 44290 1a9ee7270a8fc8ba6ac73e69f6ce6d06
python-gnome2-extras-doc_2.19.1-0ubuntu7.2_all.deb
Size/MD5: 28764 3b2fbdf52102aaaac21253ea9863a830
totem-common_2.22.1-0ubuntu3.8.04.6_all.deb
Size/MD5: 1249404 5e81afd96913802da8846a0fdf911898
totem-mozilla_2.22.1-0ubuntu3.8.04.6_all.deb
Size/MD5: 42124 6c4e95c2a42a49350992fc82299e83c1
totem_2.22.1-0ubuntu3.8.04.6_all.deb
Size/MD5: 41344 ab613778672aa0b86a87c9589c1dc1a7
ubufox_0.9~rc2-0ubuntu0.8.04.1_all.deb
Size/MD5: 55512 dc2f290182f78e963116ed3d17541648
monodoc-gecko2.0-manual_0.11-3ubuntu4.8.04.1_all.deb
Size/MD5: 68616 d6d6fe8b1788a0d16d11301b229555f4

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

epiphany-browser-dbg_2.22.2-0ubuntu0.8.04.7_amd64.deb
Size/MD5: 1948102 49f98976cc47231e02ed4d0a8a34f6c7
epiphany-gecko_2.22.2-0ubuntu0.8.04.7_amd64.deb
Size/MD5: 580978 72220d64051f68c4598bf1962f5d1e1c
libgecko2.0-cil_0.11-3ubuntu4.8.04.1_amd64.deb
Size/MD5: 67154 81bb217e218b997171416c7f780fe0ef
python-gnome2-extras-dbg_2.19.1-0ubuntu7.2_amd64.deb
Size/MD5: 1126496 00b3cf8267570037255f1244e5153b70
python-gnome2-extras_2.19.1-0ubuntu7.2_amd64.deb
Size/MD5: 385958 02ce55e9620efa3dc7eebe39a3f2bc88
python-gtkhtml2-dbg_2.19.1-0ubuntu7.2_amd64.deb
Size/MD5: 81494 4b0faf52d8dc2db67a92d68f7da24048
python-gtkhtml2_2.19.1-0ubuntu7.2_amd64.deb
Size/MD5: 30560 2c3a7fdd3e5b2b1b50ef2d968863e7f6
liferea-dbg_1.4.14-0ubuntu4.1_amd64.deb
Size/MD5: 643022 a7d717225b25fcecca518a474f772284
liferea_1.4.14-0ubuntu4.1_amd64.deb
Size/MD5: 826426 65644489a107de2f4bff6d199133339f
rhythmbox-dbg_0.11.5-0ubuntu8.8.04.2_amd64.deb
Size/MD5: 2142086 33bb5bdfcfbb0ec3364129916356e291
rhythmbox_0.11.5-0ubuntu8.8.04.2_amd64.deb
Size/MD5: 3284714 d15ea03e86bdc292b0dd795464488990
totem-dbg_2.22.1-0ubuntu3.8.04.6_amd64.deb
Size/MD5: 3286676 7b841d6f9eb37faa92777cccbf691c97
totem-gstreamer_2.22.1-0ubuntu3.8.04.6_amd64.deb
Size/MD5: 769900 39728738cfe1860f764c980ec87f298d
totem-plugins_2.22.1-0ubuntu3.8.04.6_amd64.deb
Size/MD5: 104132 4e4d50281103f5287dd7d34b39da09e3
yelp_2.22.1-0ubuntu2.8.04.4_amd64.deb
Size/MD5: 359564 8706514604bde7e162e0985ce4a73faa
totem-plugins-extra_2.22.1-0ubuntu3.8.04.6_amd64.deb
Size/MD5: 53758 2ff2c004dbc825d511882bfc5c2fbf80
totem-xine_2.22.1-0ubuntu3.8.04.6_amd64.deb
Size/MD5: 668810 d440cc30b27222c35e730bf02bca1f03

i386 architecture (x86 compatible Intel/AMD):

epiphany-browser-dbg_2.22.2-0ubuntu0.8.04.7_i386.deb
Size/MD5: 1863162 fe9794af837ca0d88944d306c502d7d4
epiphany-gecko_2.22.2-0ubuntu0.8.04.7_i386.deb
Size/MD5: 547574 fd16bcbcc34cf8c7f766ec8576a22ef0
libgecko2.0-cil_0.11-3ubuntu4.8.04.1_i386.deb
Size/MD5: 64168 37f6ee47f747ea8f18e47b2082ebf8d3
python-gnome2-extras-dbg_2.19.1-0ubuntu7.2_i386.deb
Size/MD5: 982890 49ddec629345d3d487717fb3618302eb
python-gnome2-extras_2.19.1-0ubuntu7.2_i386.deb
Size/MD5: 322182 d432c98983be6bbe9703b62423272e01
python-gtkhtml2-dbg_2.19.1-0ubuntu7.2_i386.deb
Size/MD5: 73496 b119c352938012ba86010455cce3f085
python-gtkhtml2_2.19.1-0ubuntu7.2_i386.deb
Size/MD5: 26910 74da37259c401b671c6d679859222792
liferea-dbg_1.4.14-0ubuntu4.1_i386.deb
Size/MD5: 620936 e302fc31adefba974869b45da1bff47b
liferea_1.4.14-0ubuntu4.1_i386.deb
Size/MD5: 784150 8b7c6afd60463dfe9c3057f9ccb389b3
rhythmbox-dbg_0.11.5-0ubuntu8.8.04.2_i386.deb
Size/MD5: 2032368 986375eb76b5f5525489ff8b8f39b88a
rhythmbox_0.11.5-0ubuntu8.8.04.2_i386.deb
Size/MD5: 3208798 8e8d8359bab5c30e709b18c85620fa1c
totem-dbg_2.22.1-0ubuntu3.8.04.6_i386.deb
Size/MD5: 3131708 0ff4e0845ca30d7aa1d2ef5ef5f37a76
totem-gstreamer_2.22.1-0ubuntu3.8.04.6_i386.deb
Size/MD5: 709122 2033fb8278a6aaa53ca66d1264f92d45
totem-plugins_2.22.1-0ubuntu3.8.04.6_i386.deb
Size/MD5: 98560 e2183d1c76a0ebcc9a6d37b8fe01391e
yelp_2.22.1-0ubuntu2.8.04.4_i386.deb
Size/MD5: 346882 a7623b627c77237ea6696d9974966e23
totem-plugins-extra_2.22.1-0ubuntu3.8.04.6_i386.deb
Size/MD5: 52764 bd261cf035de8db6dd37fd08f6aa0dad
totem-xine_2.22.1-0ubuntu3.8.04.6_i386.deb
Size/MD5: 618450 1f4af67fb91b060d902b60e8c16f7782

lpia architecture (Low Power Intel Architecture):

epiphany-browser-dbg_2.22.2-0ubuntu0.8.04.7_lpia.deb
Size/MD5: 1881018 35fdf3b85fa92e80e696e1cb4c34c2c9
epiphany-gecko_2.22.2-0ubuntu0.8.04.7_lpia.deb
Size/MD5: 542124 c4ab3a06b22015bbbac04355ae149d59
libgecko2.0-cil_0.11-3ubuntu4.8.04.1_lpia.deb
Size/MD5: 63740 0c797473d4356127600f0b4dce73520a
python-gnome2-extras-dbg_2.19.1-0ubuntu7.2_lpia.deb
Size/MD5: 985186 c85023a3295a161b26e2f75655c64865
python-gnome2-extras_2.19.1-0ubuntu7.2_lpia.deb
Size/MD5: 316660 932a54b005b1fde70de804124443319e
python-gtkhtml2-dbg_2.19.1-0ubuntu7.2_lpia.deb
Size/MD5: 73706 d038a0efc0ab29d40c6a3b506e56aaaf
python-gtkhtml2_2.19.1-0ubuntu7.2_lpia.deb
Size/MD5: 26836 70742ffd97780d08b300141a96f3ab08
liferea-dbg_1.4.14-0ubuntu4.1_lpia.deb
Size/MD5: 630702 052d09f5997d3a11384e831a90e2ff77
liferea_1.4.14-0ubuntu4.1_lpia.deb
Size/MD5: 788044 eaaadcf4ba6ce21b205019dda2f99a65
rhythmbox-dbg_0.11.5-0ubuntu8.8.04.2_lpia.deb
Size/MD5: 2062374 e4dd42ec1a34a234014a0133f90938ae
rhythmbox_0.11.5-0ubuntu8.8.04.2_lpia.deb
Size/MD5: 3197936 d173742e3f2abfb2bd1c64495460c843
totem-dbg_2.22.1-0ubuntu3.8.04.6_lpia.deb
Size/MD5: 3176114 8e060d6caad27f134ec2f2b4ef137e24
totem-gstreamer_2.22.1-0ubuntu3.8.04.6_lpia.deb
Size/MD5: 700378 1ce5a1bc53045f87515f0ff22747f52d
totem-plugins_2.22.1-0ubuntu3.8.04.6_lpia.deb
Size/MD5: 98416 39e61cc698d5ebcf6b9707bacc161134
yelp_2.22.1-0ubuntu2.8.04.4_lpia.deb
Size/MD5: 347428 6b243ef24ccb982ab6e1cf74bae0d531
totem-plugins-extra_2.22.1-0ubuntu3.8.04.6_lpia.deb
Size/MD5: 52634 755e59e4a976afdf1827fe6b66e7dfb2
totem-xine_2.22.1-0ubuntu3.8.04.6_lpia.deb
Size/MD5: 613154 5e6b1c7de02996891a1686c4c4b89fc2

powerpc architecture (Apple Macintosh G3/G4/G5):

epiphany-browser-dbg_2.22.2-0ubuntu0.8.04.7_powerpc.deb
Size/MD5: 1932440 ea4ae556feb929f6a8e73d7516e95e89
epiphany-gecko_2.22.2-0ubuntu0.8.04.7_powerpc.deb
Size/MD5: 580180 a97a6ada5574be24fd5f222d60f31494
libgecko2.0-cil_0.11-3ubuntu4.8.04.1_powerpc.deb
Size/MD5: 70044 e66c3ef0e604c542806871a7cc2d8eeb
python-gnome2-extras-dbg_2.19.1-0ubuntu7.2_powerpc.deb
Size/MD5: 1070912 a009d018f0896c01e2abba858f7c5827
python-gnome2-extras_2.19.1-0ubuntu7.2_powerpc.deb
Size/MD5: 361694 8363760b96de2a28a1fea788cf44354c
python-gtkhtml2-dbg_2.19.1-0ubuntu7.2_powerpc.deb
Size/MD5: 77598 049fa35abd0c39f0b0aae6c386e3d768
python-gtkhtml2_2.19.1-0ubuntu7.2_powerpc.deb
Size/MD5: 27690 87ff5f626ace30a762c2667713e29029
liferea-dbg_1.4.14-0ubuntu4.1_powerpc.deb
Size/MD5: 636486 d81c8fb120719e8de20f6c670f1f8c10
liferea_1.4.14-0ubuntu4.1_powerpc.deb
Size/MD5: 822802 6fc97eebaf34407704822cd9bf98237c
rhythmbox-dbg_0.11.5-0ubuntu8.8.04.2_powerpc.deb
Size/MD5: 2125022 5b60498ca23979dc3498c4bafffe5706
rhythmbox_0.11.5-0ubuntu8.8.04.2_powerpc.deb
Size/MD5: 3325182 3439489924a0e8b7876f5b81f5fec57b
totem-dbg_2.22.1-0ubuntu3.8.04.6_powerpc.deb
Size/MD5: 3276744 1226aa63df23803cde841c4f4ad7099a
totem-gstreamer_2.22.1-0ubuntu3.8.04.6_powerpc.deb
Size/MD5: 810154 e5fef604ee03e2a1ee46fa167b4b1379
totem-plugins_2.22.1-0ubuntu3.8.04.6_powerpc.deb
Size/MD5: 116074 aac96a6b6e9f0b199fc6272744c1c1f3
yelp_2.22.1-0ubuntu2.8.04.4_powerpc.deb
Size/MD5: 361770 1c4a4ebff32fa9d06893dab4f20597fb
totem-plugins-extra_2.22.1-0ubuntu3.8.04.6_powerpc.deb
Size/MD5: 56528 344978fc39fff4dca5504ae0e45892ad
totem-xine_2.22.1-0ubuntu3.8.04.6_powerpc.deb
Size/MD5: 705722 ac90a30e055de0b7b03e3c6caef7b66f

sparc architecture (Sun SPARC/UltraSPARC):

rhythmbox-dbg_0.11.5-0ubuntu8.8.04.2_sparc.deb
Size/MD5: 1973012 b4b5b4f83e01555b8dcd72f5d5164d95
rhythmbox_0.11.5-0ubuntu8.8.04.2_sparc.deb
Size/MD5: 3231364 70de2cf39032c78ebc1d19b348d8038e




--
Pro-Linux
Frohe Ostern
Neue Nachrichten
Werbung