OpenNET security: [USN-676-1] WebKit vulnerability

[USN-676-1] WebKit vulnerability


<< Previous	INDEX	Search	src / Print	Next >>
Subject: [USN-676-1] WebKit vulnerability
From: Marc Deslauriers <marc.deslauriers@canonical.com.>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: "bugtraq@securityfocus.com" <bugtraq@securityfocus.com.>,
        full-disclosure@lists.grok.org.uk
X-Original-To: marc.deslauriers@cleanmail.canonical.com
X-Mailcontrol-Inbound: 
 uq3drnD2P+ps5SfEb0fvr78+NoP1DHBZwGqKpaXB2eTgNv8D6KLIxb8+NoP1DHBZ8VSaBg0k0xw=
X-Spam-Score: -4.3
X-Scanned-By: MailControl A_08_51_00 (www.mailcontrol.com) on 10.69.0.139
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-UPgyQDEGXBGb49ipAUno"
Date: Mon, 24 Nov 2008 12:38:02 -0500
Message-Id: <1227548282.7339.10.camel@mdlinux.technorage.com.>
Mime-Version: 1.0
X-Mailer: Evolution 2.24.1 
X-Virus-Scanned: antivirus-gw at tyumen.ru


--=-UPgyQDEGXBGb49ipAUno
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-676-1          November 24, 2008
webkit vulnerability
CVE-2008-3632
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
  libwebkit-1.0-1                 1.0.1-2ubuntu0.1

After a standard system upgrade you need to restart any applications that
use WebKit, such as Epiphany-webkit and Midori, to effect the necessary
changes.

Details follow:

It was discovered that WebKit did not properly handle Cascading Style Sheet=
s
(CSS) import statements. If a user were tricked into opening a malicious
website, an attacker could cause a browser crash and possibly execute
arbitrary code with user privileges.


Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.0.1-2ubun=
tu0.1.diff.gz
      Size/MD5:    21219 e7f04089c687141f512cb5066d1a1c30
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.0.1-2ubun=
tu0.1.dsc
      Size/MD5:     1538 23427df68878b3540e082d778cf74ed2
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.0.1.orig.=
tar.gz
      Size/MD5: 13418752 4de68a5773998bea14e8939aa341c466

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-dev_1.0.=
1-2ubuntu0.1_all.deb
      Size/MD5:    33888 3d3e394977eb1a52a81694786831075b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-1-db=
g_1.0.1-2ubuntu0.1_amd64.deb
      Size/MD5: 62588488 b87a1a306e88f330a034de2374f08998
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-1_1.=
0.1-2ubuntu0.1_amd64.deb
      Size/MD5:  3498192 08f5383449a42b900a7a541a50f309d7

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-1-db=
g_1.0.1-2ubuntu0.1_i386.deb
      Size/MD5: 62196494 3b3c6e6c871e45ebda20daeb377c261b
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-1_1.=
0.1-2ubuntu0.1_i386.deb
      Size/MD5:  3012354 f1528e6e6dedd94de7cf80bc8cf00c83

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-2u=
buntu0.1_lpia.deb
      Size/MD5: 62283008 74002deca41e5eb530475b1b8162948c
    http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-1_1.0.1-2ubunt=
u0.1_lpia.deb
      Size/MD5:  2965064 a7e3b539e899ad5b1fae915f9da5fce2

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-2u=
buntu0.1_powerpc.deb
      Size/MD5: 64792472 dcaf2d61a355ef62a6bdc423aa68bbe2
    http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-1_1.0.1-2ubunt=
u0.1_powerpc.deb
      Size/MD5:  3291430 50b79b1e9dfd831cd4fb3ffeb6342ec8

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-2u=
buntu0.1_sparc.deb
      Size/MD5: 63702930 9a411dc78d88cdeadf1e105eafa84b31
    http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-1_1.0.1-2ubunt=
u0.1_sparc.deb
      Size/MD5:  3495810 b945ea2113760479bdc8be11aafe0272



--=-UPgyQDEGXBGb49ipAUno
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkkq5ncACgkQLMAs/0C4zNrtiQCfVa1r9Lz9cIZ22gRGmjLxHwEO
pNUAnjtgvVNLyziMB8mHhCVxMMwwr8xW
=bslA
-----END PGP SIGNATURE-----

--=-UPgyQDEGXBGb49ipAUno--

<< Previous	INDEX	Search	src / Print	Next >>
Партнёры:
Хостинг:
Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру