Ubuntu 1192-3: Libvoikko regression

    Date19 Oct 2011
    CategoryUbuntu
    34
    Posted ByLinuxSecurity Advisories
    A regression caused Firefox to crash while spell checking in Finnish.
    ==========================================================================
    Ubuntu Security Notice USN-1192-3
    October 19, 2011
    
    libvoikko regression
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 11.04
    
    Summary:
    
    A regression caused Firefox to crash while spell checking in Finnish.
    
    Software Description:
    - libvoikko: Library of Finnish language tools
    
    Details:
    
    USN-1192-1 provided Firefox 6 as a security upgrade. Unfortunately, this
    caused a regression in libvoikko which caused Firefox to crash while spell
    checking words with hyphens. This update corrects the issue. We apologize
    for the inconvenience.
    
    Original advisory details:
    
     Aral Yaman discovered a vulnerability in the WebGL engine. An attacker
     could potentially use this to crash Firefox or execute arbitrary code with
     the privileges of the user invoking Firefox. (CVE-2011-2989)
     
     Vivekanand Bolajwar discovered a vulnerability in the JavaScript engine. An
     attacker could potentially use this to crash Firefox or execute arbitrary
     code with the privileges of the user invoking Firefox. (CVE-2011-2991)
     
     Bert Hubert and Theo Snelleman discovered a vulnerability in the Ogg
     reader. An attacker could potentially use this to crash Firefox or execute
     arbitrary code with the privileges of the user invoking Firefox.
     (CVE-2011-2991)
     
     Robert Kaiser, Jesse Ruderman, Gary Kwong, Christoph Diehl, Martijn
     Wargers, Travis Emmitt, Bob Clary, and Jonathan Watt discovered multiple
     memory vulnerabilities in the browser rendering engine. An attacker could
     use these to possibly execute arbitrary code with the privileges of the
     user invoking Firefox. (CVE-2011-2985)
     
     Rafael Gieschke discovered that unsigned JavaScript could call into a
     script inside a signed JAR. This could allow an attacker to execute
     arbitrary code with the identity and permissions of the signed JAR.
     (CVE-2011-2993)
     
     Michael Jordon discovered that an overly long shader program could cause a
     buffer overrun. An attacker could potentially use this to crash Firefox or
     execute arbitrary code with the privileges of the user invoking Firefox.
     (CVE-2011-2988)
     
     Michael Jordon discovered a heap overflow in the ANGLE library used in
     Firefox's WebGL implementation. An attacker could potentially use this to
     crash Firefox or execute arbitrary code with the privileges of the user
     invoking Firefox. (CVE-2011-2987)
     
     It was discovered that an SVG text manipulation routine contained a
     dangling pointer vulnerability. An attacker could potentially use this to
     crash Firefox or execute arbitrary code with the privileges of the user
     invoking Firefox. (CVE-2011-0084)
     
     Mike Cardwell discovered that Content Security Policy violation reports
     failed to strip out proxy authorization credentials from the list of
     request headers. This could allow a malicious website to capture proxy
     authorization credentials. Daniel Veditz discovered that redirecting to a
     website with Content Security Policy resulted in the incorrect resolution
     of hosts in the constructed policy. This could allow a malicious website to
     circumvent the Content Security Policy of another website. (CVE-2011-2990)
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 11.04:
      libvoikko1                      3.1-1ubuntu0.1
    
    After a standard system update you need to restart Firefox to make
    all the necessary changes.
    
    References:
      http://www.ubuntu.com/usn/usn-1192-3
      http://www.ubuntu.com/usn/usn-1192-1
      https://launchpad.net/bugs/832582
    
    Package Information:
      https://launchpad.net/ubuntu/+source/libvoikko/3.1-1ubuntu0.1
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.