Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > January 2007 > Three Ubuntu Security Notices: 1. USN-398-1 - firefox vulnerabilities 2. USN-398-2 - firefox vulnerabilities 3. USN-399-1 - w3m vulnerabilities

January 2007

Three Ubuntu Security Notices: 1. USN-398-1 - firefox vulnerabilities 2. USN-398-2 - firefox vulnerabilities 3. USN-399-1 - w3m vulnerabilities

ID: 00010
Ref: 08/2007
Date: 04 January 2007:14:31:04
Version: 1
Title: Three Ubuntu Security Notices: 1. USN-398-1 - firefox vulnerabilities 2. USN-398-2 - firefox vulnerabilities 3. USN-399-1 - w3m vulnerabilities
Abstract:
Vendors affected: Ubuntu
Operating systems affected: Ubuntu
Applications affected: Ubuntu
Title
=====

Three Ubuntu Security Notices:

1. USN-398-1 - firefox vulnerabilities

2. USN-398-2 - firefox vulnerabilities

3. USN-399-1 - w3m vulnerabilities

Detail
======

1. Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript or SVG.

2. Various flaws have been reported that allow an attacker to bypass Firefox's internal XSS protections by tricking the user into opening a malicious web page containing JavaScript.

3. A format string vulnerability was discovered in w3m. If a user were tricked into visiting an HTTPS URL protected by a specially crafted SSL certificate, an attacker could execute arbitrary code with user privileges.




1.



===========================================================
Ubuntu Security Notice USN-398-1 January 02, 2007
firefox vulnerabilities
CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6506,
CVE-2006-6507
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.10:
firefox 2.0.0.1+0dfsg-0ubuntu0.6.10
firefox-dev 2.0.0.1+0dfsg-0ubuntu0.6.10
libnspr-dev 2.0.0.1+0dfsg-0ubuntu0.6.10
libnspr4 2.0.0.1+0dfsg-0ubuntu0.6.10
libnss-dev 2.0.0.1+0dfsg-0ubuntu0.6.10
libnss3 2.0.0.1+0dfsg-0ubuntu0.6.10

After a standard system upgrade you need to restart Firefox to effect the necessary changes.

Details follow:

Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript or SVG. (CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502,
CVE-2006-6504)

Various flaws have been reported that allow an attacker to bypass Firefox's internal XSS protections by tricking the user into opening a malicious web page containing JavaScript. (CVE-2006-6503,
CVE-2006-6507)

Jared Breland discovered that the "Feed Preview" feature could leak referrer information to remote servers. (CVE-2006-6506)


Updated packages for Ubuntu 6.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.1+0dfsg-0ubuntu0.6.10.diff.gz
Size/MD5: 322554 79c04227229a107f0c9d45049605bd48
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.1+0dfsg-0ubuntu0.6.10.dsc
Size/MD5: 1218 6ce84b9960bdbb97c9ec6c3705653eae
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.1+0dfsg.orig.tar.gz
Size/MD5: 46670638 1cb13be9a35205af63fe70eeff14eb0e

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_2.0.0.1+0dfsg-0ubuntu0.6.10_all.deb
Size/MD5: 236456 9ed7043d22624085cffc10dc7cde8f26
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_2.0.0.1+0dfsg-0ubuntu0.6.10_all.deb
Size/MD5: 55270 2f8fde2f2488af7750e65e886493cd13
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dom-inspector_2.0.0.1+0dfsg-0ubuntu0.6.10_all.deb
Size/MD5: 55362 eb1b5c963f64a784e053bdeee6537481
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-gnome-support_2.0.0.1+0dfsg-0ubuntu0.6.10_all.deb
Size/MD5: 55378 dd6516fe8c1798d617bcf95b4fbd21c4
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox_2.0.0.1+0dfsg-0ubuntu0.6.10_all.deb
Size/MD5: 56176 eae029799af7b101a55a9bfdffc88330

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
Size/MD5: 50310432 263fa952660d303d4320ac519836a1fb
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
Size/MD5: 3119132 75d94b87d53efb786ffdf56ff6d6b075
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
Size/MD5: 89652 913420b9f378f322c1ca1b02037f2677
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
Size/MD5: 10387770 78104d3965f2bfbda5575574d9f755ba
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
Size/MD5: 225036 ea87d34202b6d3223dbac099cf51c8df
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
Size/MD5: 167466 55bbefb531652d568f02438aeed10f1d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
Size/MD5: 250348 1bbc07d9af10768ac6656d927000abcd
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
Size/MD5: 861350 3fc1cbb4e1eb02995567cdec7b660bd2

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
Size/MD5: 49457428 a30d035ca9fd1819091c1c6b48d325b1
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
Size/MD5: 3109488 e86991da3947ee093b840abd83cf07b2
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
Size/MD5: 83386 77793d13bf5a26f0c43962ac5fbd186c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
Size/MD5: 9207840 8dcf11221cfef75bf7f51422dcf60dd7
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
Size/MD5: 225046 90012c5f90396f6a5db7705b243e2521
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
Size/MD5: 156952 80817ef1fbd45ddfbdfdf75279275c34
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
Size/MD5: 250336 655f2f4a30dae71ec29bf96cfb7f0229
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
Size/MD5: 785180 131a2623fa95997b99085884204fd89a

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
Size/MD5: 51980774 4865d18b50b3a10dfd1b228e11ac0435
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
Size/MD5: 3115886 c6f8efcab8edfd7b83453ee041a24612
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
Size/MD5: 85272 b66da0f160a453b1f3ee18f5b1722e8d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
Size/MD5: 10056020 9102c8484c7c71186fd0b970a610e7e4
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
Size/MD5: 225038 4f83154583b4a058a123a3a8586ab0f2
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
Size/MD5: 166288 6190cda57dbebe29c65c1ca97daba292
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
Size/MD5: 250334 b3f846f1dafbf1a990ab27df8258b9e1
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
Size/MD5: 860068 d0f2e68e9d1ca8be8d9914e6fcdf1bff

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
Size/MD5: 49511534 d0e1bad8c05a69231dfee2db6b34b990
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
Size/MD5: 3106194 1adc42b08102dca85285244139d312da
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
Size/MD5: 83086 ef47b587d79afdce14ec47b2e13ce89c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
Size/MD5: 9485274 13146d26d590e4981281cf21957cfb61
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
Size/MD5: 225036 b72f082c255cd9510435cd0c0912a5bc
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
Size/MD5: 155116 9d629deae12ea27812081b13bb0216ba
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
Size/MD5: 250332 c3e90b969d3c3de2fe47c4942f8dc96f
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
Size/MD5: 766060 a32f928bcb9a7cd2d601b2aafbec6bef




2.


===========================================================
Ubuntu Security Notice USN-398-2 January 03, 2007
firefox vulnerabilities
CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504 ===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.10:
firefox 1.5.dfsg+1.5.0.9-0ubuntu0.5.10
firefox-dev 1.5.dfsg+1.5.0.9-0ubuntu0.5.10

Ubuntu 6.06 LTS:
firefox 1.5.dfsg+1.5.0.9-0ubuntu0.6.06
firefox-dev 1.5.dfsg+1.5.0.9-0ubuntu0.6.06
libnspr-dev 1.5.dfsg+1.5.0.9-0ubuntu0.6.06
libnspr4 1.5.dfsg+1.5.0.9-0ubuntu0.6.06
libnss-dev 1.5.dfsg+1.5.0.9-0ubuntu0.6.06
libnss3 1.5.dfsg+1.5.0.9-0ubuntu0.6.06

After a standard system upgrade you need to restart Firefox to effect the necessary changes.

Details follow:

USN-398-1 fixed vulnerabilities in Firefox 2.0. This update provides the corresponding updates for Firefox 1.5.

Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript or SVG. (CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502,
CVE-2006-6504)

Various flaws have been reported that allow an attacker to bypass Firefox's internal XSS protections by tricking the user into opening a malicious web page containing JavaScript. (CVE-2006-6503)


Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.diff.gz
Size/MD5: 177350 f25badcde69aee85eb82330d0daf4417
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.dsc
Size/MD5: 1056 9ae774570929de1c68168e410e608e3a
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9.orig.tar.gz
Size/MD5: 44874639 3a812560d4b85bf878bba9ca961b26b7

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_all.deb
Size/MD5: 49746 84497ea1bbd2840a37503b5e38886d67
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_all.deb
Size/MD5: 50632 9639b6c6241c35e840384a5ecd0d057d

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_amd64.deb
Size/MD5: 3155112 e5f077de48261c34807f677bc662091e
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_amd64.deb
Size/MD5: 216646 f1c933298c42c3b66ffb04f7bc2d7ea1
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_amd64.deb
Size/MD5: 82948 83870eb321a81a8dad6a0a6f2d3d8e1a
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_amd64.deb
Size/MD5: 10236150 c17e84ae66c45ac0fbcbda65c7c2f42e

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_i386.deb
Size/MD5: 3155084 d0a3d80a4f31162766cdf9fc1a7efd6d
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_i386.deb
Size/MD5: 210186 2f367ee0291586942ce9f59d98f7819f
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_i386.deb
Size/MD5: 75374 a09eb76531b5ae26b885ac81d3474aa1
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_i386.deb
Size/MD5: 8665274 5751674cb5ba9b5834d1fc25dea64f19

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_powerpc.deb
Size/MD5: 3155162 d6a5c0576de5c87dd4efe14decd72b64
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_powerpc.deb
Size/MD5: 213588 3aa264bcd755a87de5482218a58fa8da
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_powerpc.deb
Size/MD5: 78570 f640333523dd410eb9c48e67da42d223
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_powerpc.deb
Size/MD5: 9846102 127532fa6ba779840ef82f644f682f26

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_sparc.deb
Size/MD5: 3155148 8a43a11a33232ec238084cfb2f10d8a2
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_sparc.deb
Size/MD5: 211138 6d7ffa6baa8b66dd62537f7fe2212fb9
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_sparc.deb
Size/MD5: 76946 b848074711b2db139bedfbf21a0b222b
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_sparc.deb
Size/MD5: 9178266 7c0dc78fb50b1f49d5410f774e112e92

Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.diff.gz
Size/MD5: 177734 bb37d65ee1e10592a985b10c7212bc2b
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.dsc
Size/MD5: 1113 57c738f08983536c35222d634a19c54f
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9.orig.tar.gz
Size/MD5: 44874639 3a812560d4b85bf878bba9ca961b26b7

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_all.deb
Size/MD5: 49760 722b1406fca3ce894b8d2a99aeef1c4d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_all.deb
Size/MD5: 50646 fddb4ef03e948f9d1f831ebd10f82ff7

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb
Size/MD5: 47406762 81e1e328d3132ae6b6e689e7dc6e925c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb
Size/MD5: 2801586 fc5564e969c5f124d4d1caa0c7729587
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb
Size/MD5: 216702 4cbd97efd2e01a06aa8eec24e0d3ccae
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb
Size/MD5: 82932 509cea191c58287577c416468438420b
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb
Size/MD5: 9428520 a5ef3bf48aacd88d37db5c1f0b042ac2
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb
Size/MD5: 219376 d599f9cf370e33e07a777e383a4aea59
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb
Size/MD5: 162426 595ca13ae337bc0d80fbef0c617cfb3d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb
Size/MD5: 236304 6333f01d8320b203213891bfc1aea045
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb
Size/MD5: 758106 479c1e43b140959ce0253ccbd5931186

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb
Size/MD5: 43973946 cbc8c149302cd85aa3340f1c6fb6556a
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb
Size/MD5: 2801606 fe19bd6f5f497621eab0b8fee4f9156f
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb
Size/MD5: 210120 3518227623d7d06342ab07ea67dcbcc0
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb
Size/MD5: 75348 dbeffcf2a2c58201eed2f1a84d6cb617
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb
Size/MD5: 7944068 9f02d1712680eadfd058c4590c26d173
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb
Size/MD5: 219386 1501d84bd496b41dba93e406e5568eef
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb
Size/MD5: 147126 cbb87b272c50e7a3e646d2460a40d974
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb
Size/MD5: 236296 0746795b91d883f50fb8b280c58658ab
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb
Size/MD5: 670250 4639cb05497532e4117bd1955f9c21db

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb
Size/MD5: 48787984 efb1774fb5bba3d9714647571c8591fe
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb
Size/MD5: 2801640 2e62374f3c50fead822f01e9712fcf5f
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb
Size/MD5: 213568 9197ba5be37eb905fe72b6768e7db181
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb
Size/MD5: 78456 b5eda90c93ca5b64cf32e87aeb2001c0
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb
Size/MD5: 9047798 3f69986dc6b187c8818604a02a60d1a3
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb
Size/MD5: 219386 e217097185da1e749b462096958dc159
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb
Size/MD5: 159720 a026903f12a1bb284125d3844277ab3f
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb
Size/MD5: 236290 39f0a869a3f24dd5fe7d443f59af29d9
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb
Size/MD5: 769050 0cd9d7fd052b5da45529447c39dec812

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb
Size/MD5: 45364958 6feca8379273bfcd93509d273c80bb3d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb
Size/MD5: 2801706 bcc563e78b0f45de039730d1cd1518e8
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb
Size/MD5: 211060 e7c737cd2fbf96ca80fe3b5da8ab265c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb
Size/MD5: 76914 42d57032d8a2f5428b2026597fa50957
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb
Size/MD5: 8437612 48829e7c5fd375db1debd36b2d929efd
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb
Size/MD5: 219398 b0a9ee505873fbf1c1f1b9839b8ff4a2
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb
Size/MD5: 149624 0b21b6362773ee675bef15dd04cf289c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb
Size/MD5: 236290 93a968fc6b14988b4ed9ea53fbddaabe
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb
Size/MD5: 682330 88de775e621fa00e144797d8512c8dad



3.


===========================================================
Ubuntu Security Notice USN-399-1 January 03, 2007
w3m vulnerabilities
http://sf.net/tracker/?func=detail&aid=1612792&group_id=39518&atid=425439
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.10:
w3m 0.5.1-3ubuntu1.1

Ubuntu 6.06 LTS:
w3m 0.5.1-4ubuntu2.6.06

Ubuntu 6.10:
w3m 0.5.1-4ubuntu2.6.10

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

A format string vulnerability was discovered in w3m. If a user were tricked into visiting an HTTPS URL protected by a specially crafted SSL certificate, an attacker could execute arbitrary code with user privileges.


Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1-3ubuntu1.1.diff.gz
Size/MD5: 26918 6c80b8da1759df35d0fbbbfd762be482
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1-3ubuntu1.1.dsc
Size/MD5: 714 d5fab4328a132271d45443b0c62c9c5f
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1.orig.tar.gz
Size/MD5: 1892121 0678b72e07e69c41709d71ef0fe5da13

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/w/w3m/w3m-img_0.5.1-3ubuntu1.1_amd64.deb
Size/MD5: 90086 e9be4901190f36350b7c3906e8d5c7c0
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1-3ubuntu1.1_amd64.deb
Size/MD5: 1119434 544af8fe74b78b80b85b0618934e993f

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/w/w3m/w3m-img_0.5.1-3ubuntu1.1_i386.deb
Size/MD5: 88984 b39f657ec9c7fc9f0b66eccf6548ecfd
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1-3ubuntu1.1_i386.deb
Size/MD5: 1062408 4681dd0f0799ac9418ae11f17c39efb6

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/w/w3m/w3m-img_0.5.1-3ubuntu1.1_powerpc.deb
Size/MD5: 91540 47fbc7739850d784fea04b739763a79b
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1-3ubuntu1.1_powerpc.deb
Size/MD5: 1120800 43549c92dd35b1b1945fefed4c10caad

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/universe/w/w3m/w3m-img_0.5.1-3ubuntu1.1_sparc.deb
Size/MD5: 89256 e9975d718fb34e212ab9471a19b293b8
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1-3ubuntu1.1_sparc.deb
Size/MD5: 1087110 ac0ece82654dc503f9aff5c961d766ae

Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1-4ubuntu2.6.06.diff.gz
Size/MD5: 35266 4eb07f00d81679ccf53f5c50c3cf5403
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1-4ubuntu2.6.06.dsc
Size/MD5: 702 ced346058b3f71ecec26652b9aa919d7
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1.orig.tar.gz
Size/MD5: 1892121 0678b72e07e69c41709d71ef0fe5da13

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/w/w3m/w3m-img_0.5.1-4ubuntu2.6.06_amd64.deb
Size/MD5: 88458 ac45f4fade3fa7f60643b18553ccfb32
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1-4ubuntu2.6.06_amd64.deb
Size/MD5: 1119712 d48a1acda4b04bd2b8870d7328d471af

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/w/w3m/w3m-img_0.5.1-4ubuntu2.6.06_i386.deb
Size/MD5: 87464 790cddd717ef3d53576cd44325bbe74c
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1-4ubuntu2.6.06_i386.deb
Size/MD5: 1061434 1309934c6ce36eddc7d1fe10c8a397d7

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/w/w3m/w3m-img_0.5.1-4ubuntu2.6.06_powerpc.deb
Size/MD5: 89786 7a5076bb3784d7c3ee23a83a799c006e
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1-4ubuntu2.6.06_powerpc.deb
Size/MD5: 1120114 a3464f27e707e26c6282a0913e485330

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/universe/w/w3m/w3m-img_0.5.1-4ubuntu2.6.06_sparc.deb
Size/MD5: 87854 18bcf4fe486d5d5223c6cff38fc2badd
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1-4ubuntu2.6.06_sparc.deb
Size/MD5: 1084034 f76db440d2206b0f6cccda184bbc1380

Updated packages for Ubuntu 6.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1-4ubuntu2.6.10.diff.gz
Size/MD5: 35266 30be4e65c986ec185ff1bc0855b1debb
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1-4ubuntu2.6.10.dsc
Size/MD5: 702 0ba7b9609b67a3312af4eda07da0b342
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1.orig.tar.gz
Size/MD5: 1892121 0678b72e07e69c41709d71ef0fe5da13

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/w/w3m/w3m-img_0.5.1-4ubuntu2.6.10_amd64.deb
Size/MD5: 88446 f05692dbf3a8ece4a7c4897fca454fe1
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1-4ubuntu2.6.10_amd64.deb
Size/MD5: 1131030 1500cfb7d6066f6df6ac510dbd133a57

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/w/w3m/w3m-img_0.5.1-4ubuntu2.6.10_i386.deb
Size/MD5: 87712 f17dcbf4a518d4704f203f6694166ab1
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1-4ubuntu2.6.10_i386.deb
Size/MD5: 1085166 861a156c3ac25b0908756cb83c593ff3

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/w/w3m/w3m-img_0.5.1-4ubuntu2.6.10_powerpc.deb
Size/MD5: 89888 b98545747a5f409b99fa7667ce034595
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1-4ubuntu2.6.10_powerpc.deb
Size/MD5: 1136062 b20c1b12d34f3cf52ed85d6a8441eb0e

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/universe/w/w3m/w3m-img_0.5.1-4ubuntu2.6.10_sparc.deb
Size/MD5: 87830 547b4ccbf9cde9c40ad8a18e0a67436e
http://security.ubuntu.com/ubuntu/pool/main/w/w3m/w3m_0.5.1-4ubuntu2.6.10_sparc.deb
Size/MD5: 1099004 7175fd58a8037a2d6a652a661c09c3ac
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |