[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050728101631.GA21616@piware.de>
Date: Thu, 28 Jul 2005 12:16:31 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-149-3] Ubuntu 4.10 update for Firefox
vulnerabilities
===========================================================
Ubuntu Security Notice USN-149-3 July 28, 2005
mozilla-firefox vulnerabilities
CAN-2004-1156, CAN-2004-1381, CAN-2005-0141, CAN-2005-0142,
CAN-2005-0143, CAN-2005-0144, CAN-2005-0145, CAN-2005-0146,
CAN-2005-0147, CAN-2005-0150, CAN-2005-0230, CAN-2005-0231,
CAN-2005-0232, CAN-2005-0233, CAN-2005-0255, CAN-2005-0399,
CAN-2005-0401, CAN-2005-0402, CAN-2005-0578, CAN-2005-0584,
CAN-2005-0585, CAN-2005-0586, CAN-2005-0587, CAN-2005-0588,
CAN-2005-0589, CAN-2005-0590, CAN-2005-0591, CAN-2005-0592,
CAN-2005-0593, CAN-2005-0752, CAN-2005-0989, CAN-2005-1153,
CAN-2005-1154, CAN-2005-1155, CAN-2005-1156, CAN-2005-1157,
CAN-2005-1158, CAN-2005-1159, CAN-2005-1160, CAN-2005-1531,
CAN-2005-1532, CAN-2005-1937, CAN-2005-2260, CAN-2005-2261,
CAN-2005-2262, CAN-2005-2263, CAN-2005-2264, CAN-2005-2265,
CAN-2005-2266, CAN-2005-2267, CAN-2005-2268, CAN-2005-2269,
CAN-2005-2270
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
mozilla-firefox
mozilla-firefox-locale-ca
mozilla-firefox-locale-de
mozilla-firefox-locale-es
mozilla-firefox-locale-fr
mozilla-firefox-locale-it
mozilla-firefox-locale-ja
mozilla-firefox-locale-nb
mozilla-firefox-locale-pl
mozilla-firefox-locale-tr
mozilla-firefox-locale-uk
The problem can be corrected by upgrading the affected package to
version 1.0.6-0ubuntu0.0.1 (mozilla-firefox) and 1.0.6-0ubuntu0.1
(mozilla-firefox-locale-... packages).
Please note that the new version does not work with the already
existing translation packages (mozilla-firefox-locale-...). New
packages have been provided which are compatible to the new Firefox
version of this security update, so they need to be upgraded as well
(a standard system upgrade will take care of this).
After a standard system upgrade you need to restart Firefox to effect
the necessary changes.
We apologize for the huge delay of this update; we changed our update
strategy for Mozilla products to make sure that such long delays will
not happen again.
Details follow:
USN-149-1 fixed some vulnerabilities in the Ubuntu 5.04 (Hoary
Hedgehog) version of Firefox. The version shipped with Ubuntu 4.10
(Warty Warthog) is also vulnerable to these flaws, so it needs to be
upgraded as well. Please see
http://www.ubuntulinux.org/support/documentation/usn/usn-149-1
for the original advisory.
This update also fixes several older vulnerabilities; Some of them
could be exploited to execute arbitrary code with full user privileges
if the user visited a malicious web site. (MFSA-2005-01 to
MFSA-2005-44; please see the following web site for details:
http://www.mozilla.org/projects/security/known-vulnerabilities.html)
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-ca/mozilla-firefox-locale-ca_1.0-0ubuntu0.1.dsc
Size/MD5: 586 c6a4ba172beb50212cc8dd63cf53fe21
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-ca/mozilla-firefox-locale-ca_1.0-0ubuntu0.1.tar.gz
Size/MD5: 413206 818b085a5c467e10da863e9d08d0fe20
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-de/mozilla-firefox-locale-de_1.0-0ubuntu0.1.dsc
Size/MD5: 634 ce6ada2229be234d78b7a3ed9b51c6f7
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-de/mozilla-firefox-locale-de_1.0-0ubuntu0.1.tar.gz
Size/MD5: 378461 cf83507e00cbcbde71a983143c8b2d08
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-es/mozilla-firefox-locale-es_1.0-0ubuntu0.1.dsc
Size/MD5: 601 0a97fd79d8862e5482e0d558e995c539
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-es/mozilla-firefox-locale-es_1.0-0ubuntu0.1.tar.gz
Size/MD5: 99717 8cbf0adeb41feb8d6b018608a962dab6
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-fr/mozilla-firefox-locale-fr_1.0-0ubuntu0.2.dsc
Size/MD5: 578 b1568bcc4255541cee642fcf4f01b026
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-fr/mozilla-firefox-locale-fr_1.0-0ubuntu0.2.tar.gz
Size/MD5: 411735 51e401a49e6622b063c5abc44c0338b4
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-it/mozilla-firefox-locale-it_1.0-0ubuntu0.1.dsc
Size/MD5: 623 77ab520968ac64c4ff032b9d1a348dbf
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-it/mozilla-firefox-locale-it_1.0-0ubuntu0.1.tar.gz
Size/MD5: 378699 5dc1756e4e5177ca07bc0b89a53fb4b5
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-ja/mozilla-firefox-locale-ja_1.0-0ubuntu0.1.dsc
Size/MD5: 612 b2858d47a7d517efe9fd16a4e8fd6435
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-ja/mozilla-firefox-locale-ja_1.0-0ubuntu0.1.tar.gz
Size/MD5: 169527 f580ce82d1768dedf952f816614fd176
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-nb/mozilla-firefox-locale-nb_1.0-0ubuntu0.1.dsc
Size/MD5: 587 d5fb0d5f4a17e2a92e094c0f94c41de5
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-nb/mozilla-firefox-locale-nb_1.0-0ubuntu0.1.tar.gz
Size/MD5: 849909 7a3e92d44123b91e6e431ac8c961c4e4
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-pl/mozilla-firefox-locale-pl_1.0-0ubuntu0.1.dsc
Size/MD5: 620 153b29244c33886c6590f8d4560f1668
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-pl/mozilla-firefox-locale-pl_1.0-0ubuntu0.1.tar.gz
Size/MD5: 779142 5fc8e81e27ff3a93a86282ec5381a650
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-tr/mozilla-firefox-locale-tr_1.0-0ubuntu0.1.dsc
Size/MD5: 582 fee3e204e79115f5b5cb7aab4bd6e18e
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-tr/mozilla-firefox-locale-tr_1.0-0ubuntu0.1.tar.gz
Size/MD5: 86633 3669dd55cf3b945638af495a1179abe6
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-uk/mozilla-firefox-locale-uk_1.0-0ubuntu0.1.dsc
Size/MD5: 578 830521a0572242e5c84d90fdf89b003f
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-uk/mozilla-firefox-locale-uk_1.0-0ubuntu0.1.tar.gz
Size/MD5: 119114 717e7522a6824b4af9004fd5fa479b6d
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.6-0ubuntu0.0.1.diff.gz
Size/MD5: 232845 81ff86fde63392bec52076c5c222669f
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.6-0ubuntu0.0.1.dsc
Size/MD5: 987 abbcca4640b3c8fe9435b935f0c305b7
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.6.orig.tar.gz
Size/MD5: 40214302 5b3ad16b600896478d8ba6fe9321e4e1
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-ca/mozilla-firefox-locale-ca_1.0-0ubuntu0.1_all.deb
Size/MD5: 410280 fdeb997e756e0d4511d26476cdcbcdb5
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-de/mozilla-firefox-locale-de_1.0-0ubuntu0.1_all.deb
Size/MD5: 375336 c6e0e4a5c7669474ce7d1bdcc4ac886f
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-es/mozilla-firefox-locale-es_1.0-0ubuntu0.1_all.deb
Size/MD5: 99100 e4b16d51ddb909984f49646e50071f37
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-fr/mozilla-firefox-locale-fr_1.0-0ubuntu0.2_all.deb
Size/MD5: 410730 61f1c94f99b77af55e716eb1fe79c072
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-it/mozilla-firefox-locale-it_1.0-0ubuntu0.1_all.deb
Size/MD5: 376952 f6756bc0d15480a1e6684fe54c8a05e9
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-ja/mozilla-firefox-locale-ja_1.0-0ubuntu0.1_all.deb
Size/MD5: 169420 251604405347e9bdebc131b9be2a1f35
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-nb/mozilla-firefox-locale-nb_1.0-0ubuntu0.1_all.deb
Size/MD5: 850174 9e566347c0666b80293492222d506dd1
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-pl/mozilla-firefox-locale-pl_1.0-0ubuntu0.1_all.deb
Size/MD5: 777800 6aae0f82e190eeeca89b604858bb6728
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-tr/mozilla-firefox-locale-tr_1.0-0ubuntu0.1_all.deb
Size/MD5: 85352 884bbc4ad0d50f08d4f7c1abc0bb6a5d
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-uk/mozilla-firefox-locale-uk_1.0-0ubuntu0.1_all.deb
Size/MD5: 120272 ce1588fae7a1854e08a5b6d523876258
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.6-0ubuntu0.0.1_amd64.deb
Size/MD5: 147374 1a8aa083386d98e3fb74e6965090acb1
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.6-0ubuntu0.0.1_amd64.deb
Size/MD5: 10673248 f90ed3698968b4609102d6e0737600d7
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.6-0ubuntu0.0.1_i386.deb
Size/MD5: 142280 7988203c7c0c7ff141a551a517a28b1c
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.6-0ubuntu0.0.1_i386.deb
Size/MD5: 9844756 b216dfb17fbdfb90b2deba1b2f1cc4f3
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.6-0ubuntu0.0.1_powerpc.deb
Size/MD5: 141018 4a5925ed52aa151843d3f1cbb1d951c9
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.6-0ubuntu0.0.1_powerpc.deb
Size/MD5: 9502076 2ce0a7d8260fdac867001461a15b6e69
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists