lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040813022240.10386.qmail@updates.mandrakesoft.com>
Date: 13 Aug 2004 02:22:40 -0000
From: Mandrake Linux Security Team <security@...ux-mandrake.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2004:082 - Updated mozilla packages fix multiple vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           mozilla
 Advisory ID:            MDKSA-2004:082
 Date:                   August 12th, 2004

 Affected versions:	 10.0, 9.2
 ______________________________________________________________________

 Problem Description:

 A number of security vulnerabilities in mozilla are addressed by this
 update for Mandrakelinux 10.0 users, including a fix for frame
 spoofing, a fixed popup XPInstall/security dialog bug, a fix for
 untrusted chrome calls, a fix for SSL certificate spoofing, a fix
 for stealing secure HTTP Auth passwords via DNS spoofing, a fix for
 insecure matching of cert names for non-FQDNs, a fix for focus
 redefinition from another domain, a fix for a SOAP parameter overflow,
 a fix for text drag on file entry, a fix for certificate DoS, and a
 fix for lock icon and cert spoofing.
 
 Additionally, mozilla for both Mandrakelinux 9.2 and 10.0 have been
 rebuilt to use the system libjpeg and libpng which addresses
 vulnerabilities discovered in libpng (ref: MDKSA-2004:079).
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599
  http://bugzilla.mozilla.org/show_bug.cgi?id=246448
  http://bugzilla.mozilla.org/show_bug.cgi?id=162020
  http://bugzilla.mozilla.org/show_bug.cgi?id=149478
  http://bugzilla.mozilla.org/show_bug.cgi?id=239580
  http://bugzilla.mozilla.org/show_bug.cgi?id=244965
  http://bugzilla.mozilla.org/show_bug.cgi?id=229374
  http://bugzilla.mozilla.org/show_bug.cgi?id=240053
  http://bugzilla.mozilla.org/show_bug.cgi?id=226278
  http://bugzilla.mozilla.org/show_bug.cgi?id=234058
  http://bugzilla.mozilla.org/show_bug.cgi?id=86028
  http://bugzilla.mozilla.org/show_bug.cgi?id=236618
  http://bugzilla.mozilla.org/show_bug.cgi?id=206859
  http://bugzilla.mozilla.org/show_bug.cgi?id=249004
  http://bugzilla.mozilla.org/show_bug.cgi?id=253121
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 19b31b7ed83a5bfd62872777f48c2251  10.0/RPMS/libnspr4-1.6-12.1.100mdk.i586.rpm
 2c751db4638e066a8089dde8eb2b940b  10.0/RPMS/libnspr4-devel-1.6-12.1.100mdk.i586.rpm
 f44262d9e905090a756ebee318b00e14  10.0/RPMS/libnss3-1.6-12.1.100mdk.i586.rpm
 ac3f3659e97a43a62ce6e574885a7ddf  10.0/RPMS/libnss3-devel-1.6-12.1.100mdk.i586.rpm
 c60181755c6de63f125940311bb0d075  10.0/RPMS/mozilla-1.6-12.1.100mdk.i586.rpm
 880ed64c45f293c64f9756b39334b82d  10.0/RPMS/mozilla-devel-1.6-12.1.100mdk.i586.rpm
 f14a0240536662e2a43b4133ba2fd1b2  10.0/RPMS/mozilla-dom-inspector-1.6-12.1.100mdk.i586.rpm
 0f5f524ff411923f3c542a40d81caab3  10.0/RPMS/mozilla-enigmail-1.6-12.1.100mdk.i586.rpm
 2138a4308f6287b2a26a0ee509c732a4  10.0/RPMS/mozilla-enigmime-1.6-12.1.100mdk.i586.rpm
 ac4f3906cf8db1d57722a2485eb5fba5  10.0/RPMS/mozilla-irc-1.6-12.1.100mdk.i586.rpm
 bc535199a712e47ca30d93ad448513c1  10.0/RPMS/mozilla-js-debugger-1.6-12.1.100mdk.i586.rpm
 4e1c2b9fae3b96a8a4821386f8cde4a0  10.0/RPMS/mozilla-mail-1.6-12.1.100mdk.i586.rpm
 60384666732ca5895ea1696fd0088d45  10.0/RPMS/mozilla-spellchecker-1.6-12.1.100mdk.i586.rpm
 4261307ca2dfbc1bf7ee53fa0d9cadda  10.0/SRPMS/mozilla-1.6-12.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 f950ed0e8c533c272b89242b285bfb51  amd64/10.0/RPMS/lib64nspr4-1.6-12.1.100mdk.amd64.rpm
 1da39ad805ac3dfb6e15f4e2a4b81395  amd64/10.0/RPMS/lib64nspr4-devel-1.6-12.1.100mdk.amd64.rpm
 82541944b78f9ae28b8fbaad7d8cff7f  amd64/10.0/RPMS/lib64nss3-1.6-12.1.100mdk.amd64.rpm
 7a1755840c9e86c6d9d3b0700fe22a64  amd64/10.0/RPMS/lib64nss3-devel-1.6-12.1.100mdk.amd64.rpm
 bbad752b3e6173227dbe3e10d2e22b7e  amd64/10.0/RPMS/mozilla-1.6-12.1.100mdk.amd64.rpm
 160581d9505230143d3af6c0a68dbb50  amd64/10.0/RPMS/mozilla-devel-1.6-12.1.100mdk.amd64.rpm
 a1e933df64ffb535c48f58efcb56f744  amd64/10.0/RPMS/mozilla-dom-inspector-1.6-12.1.100mdk.amd64.rpm
 5b72c641ece4f0f086b9aac12623e4a5  amd64/10.0/RPMS/mozilla-enigmail-1.6-12.1.100mdk.amd64.rpm
 6c55c3641ce9af81569179f2e0883571  amd64/10.0/RPMS/mozilla-enigmime-1.6-12.1.100mdk.amd64.rpm
 de69eccc5e36ee64808b6465cdd2f2cf  amd64/10.0/RPMS/mozilla-irc-1.6-12.1.100mdk.amd64.rpm
 c8bfd663339969ee8ed98f5fcb489772  amd64/10.0/RPMS/mozilla-js-debugger-1.6-12.1.100mdk.amd64.rpm
 36aaa030ab4cce56c7e213f36e899662  amd64/10.0/RPMS/mozilla-mail-1.6-12.1.100mdk.amd64.rpm
 f617cce1aca29d7b55c22c7d71cbe706  amd64/10.0/RPMS/mozilla-spellchecker-1.6-12.1.100mdk.amd64.rpm
 4261307ca2dfbc1bf7ee53fa0d9cadda  amd64/10.0/SRPMS/mozilla-1.6-12.1.100mdk.src.rpm

 Mandrakelinux 9.2:
 39f8a9919bf499e7e889d2f857fa930c  9.2/RPMS/libnspr4-1.4-13.3.92mdk.i586.rpm
 0ca14f5d18f20b75015140db28c18751  9.2/RPMS/libnspr4-devel-1.4-13.3.92mdk.i586.rpm
 f663c0295b8b27489802a913115660e1  9.2/RPMS/libnss3-1.4-13.3.92mdk.i586.rpm
 cf80137d87041af69f724f4d3bae21ee  9.2/RPMS/libnss3-devel-1.4-13.3.92mdk.i586.rpm
 eb592c81a204899305540827f831178f  9.2/RPMS/mozilla-1.4-13.3.92mdk.i586.rpm
 7cef1eab0eb7c38aed0743570912dbc1  9.2/RPMS/mozilla-devel-1.4-13.3.92mdk.i586.rpm
 cbbcb63f5db34ab4342bd79d9a0edbaa  9.2/RPMS/mozilla-dom-inspector-1.4-13.3.92mdk.i586.rpm
 4a16188a7091803a643278d27c0bedd9  9.2/RPMS/mozilla-enigmail-1.4-13.3.92mdk.i586.rpm
 2f247ec2b03fa15358bef296cbf5b5fa  9.2/RPMS/mozilla-enigmime-1.4-13.3.92mdk.i586.rpm
 d372cb79f4137257a5ecc2f8bba50058  9.2/RPMS/mozilla-irc-1.4-13.3.92mdk.i586.rpm
 7123054edd8308a9389eef15204db3f3  9.2/RPMS/mozilla-js-debugger-1.4-13.3.92mdk.i586.rpm
 f4a920a8b551d78066dc23eb8c7a6520  9.2/RPMS/mozilla-mail-1.4-13.3.92mdk.i586.rpm
 4b486d04fbf4c34217ec1fe272bde217  9.2/RPMS/mozilla-spellchecker-1.4-13.3.92mdk.i586.rpm
 bbd208cba121308110ff629941999d4e  9.2/SRPMS/mozilla-1.4-13.3.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 5a5ce0f34c6d517dac5bd796539d727b  amd64/9.2/RPMS/lib64nspr4-1.4-13.3.92mdk.amd64.rpm
 95ff73b58ff07df8658ba7db479a6409  amd64/9.2/RPMS/lib64nspr4-devel-1.4-13.3.92mdk.amd64.rpm
 f47f3edc3305680e4dfe6fc4f11da651  amd64/9.2/RPMS/lib64nss3-1.4-13.3.92mdk.amd64.rpm
 9ffc28e6db6dae88d3f61f647407a863  amd64/9.2/RPMS/lib64nss3-devel-1.4-13.3.92mdk.amd64.rpm
 986fff85fd8f3826df7a503da6123cd8  amd64/9.2/RPMS/mozilla-1.4-13.3.92mdk.amd64.rpm
 0b3800d499e9b0a38e7d45af293f93cc  amd64/9.2/RPMS/mozilla-devel-1.4-13.3.92mdk.amd64.rpm
 786af5e02f3a30b091155c7fbe361052  amd64/9.2/RPMS/mozilla-dom-inspector-1.4-13.3.92mdk.amd64.rpm
 65987dda19d9f901d84e2bd364395970  amd64/9.2/RPMS/mozilla-enigmail-1.4-13.3.92mdk.amd64.rpm
 0b4d182f8aeac8e5189aa58475de3368  amd64/9.2/RPMS/mozilla-enigmime-1.4-13.3.92mdk.amd64.rpm
 7fefe5af19372137780d21fc286cce3c  amd64/9.2/RPMS/mozilla-irc-1.4-13.3.92mdk.amd64.rpm
 7dd3a9b2be038019e19a7839f015f952  amd64/9.2/RPMS/mozilla-js-debugger-1.4-13.3.92mdk.amd64.rpm
 90e24a878db2c4dbad41322595c0f67c  amd64/9.2/RPMS/mozilla-mail-1.4-13.3.92mdk.amd64.rpm
 2225c48c1e6ef9113fffad76a278b7f8  amd64/9.2/RPMS/mozilla-spellchecker-1.4-13.3.92mdk.amd64.rpm
 bbd208cba121308110ff629941999d4e  amd64/9.2/SRPMS/mozilla-1.4-13.3.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBHCXvmqjQ0CJFipgRAlVgAKCl7DzHJONwWyBpUmzVRckXICAIgQCg3Y3R
m7crvhuptqzB9o3Y/hs/qzY=
=y5eZ
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ