View Full Version : USN-638-1: Yelp vulnerability

August 27th, 2008, 10:50 PM
Referenced CVEs:

================================================== ========= Ubuntu Security Notice USN-638-1 August 27, 2008 yelp vulnerability CVE-2008-3533 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: yelp 2.20.0-0ubuntu3.1 Ubuntu 8.04 LTS: yelp 2.22.1-0ubuntu2.8.04.3 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Aaron Grattafiori discovered that the Gnome Help Viewer did not handle format strings correctly when displaying certain error messages. If a user were tricked into opening a specially crafted URI, a remote attacker could execute arbitrary code with user privileges.

More... (http://www.ubuntu.com/usn/usn-638-1)