lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050728101631.GA21616@piware.de>
Date: Thu, 28 Jul 2005 12:16:31 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-149-3] Ubuntu 4.10 update for Firefox
	vulnerabilities

===========================================================
Ubuntu Security Notice USN-149-3	      July 28, 2005
mozilla-firefox vulnerabilities
CAN-2004-1156, CAN-2004-1381, CAN-2005-0141, CAN-2005-0142,
CAN-2005-0143, CAN-2005-0144, CAN-2005-0145, CAN-2005-0146,
CAN-2005-0147, CAN-2005-0150, CAN-2005-0230, CAN-2005-0231,
CAN-2005-0232, CAN-2005-0233, CAN-2005-0255, CAN-2005-0399,
CAN-2005-0401, CAN-2005-0402, CAN-2005-0578, CAN-2005-0584,
CAN-2005-0585, CAN-2005-0586, CAN-2005-0587, CAN-2005-0588,
CAN-2005-0589, CAN-2005-0590, CAN-2005-0591, CAN-2005-0592,
CAN-2005-0593, CAN-2005-0752, CAN-2005-0989, CAN-2005-1153,
CAN-2005-1154, CAN-2005-1155, CAN-2005-1156, CAN-2005-1157,
CAN-2005-1158, CAN-2005-1159, CAN-2005-1160, CAN-2005-1531,
CAN-2005-1532, CAN-2005-1937, CAN-2005-2260, CAN-2005-2261,
CAN-2005-2262, CAN-2005-2263, CAN-2005-2264, CAN-2005-2265,
CAN-2005-2266, CAN-2005-2267, CAN-2005-2268, CAN-2005-2269,
CAN-2005-2270
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

mozilla-firefox
mozilla-firefox-locale-ca
mozilla-firefox-locale-de
mozilla-firefox-locale-es
mozilla-firefox-locale-fr
mozilla-firefox-locale-it
mozilla-firefox-locale-ja
mozilla-firefox-locale-nb
mozilla-firefox-locale-pl
mozilla-firefox-locale-tr
mozilla-firefox-locale-uk

The problem can be corrected by upgrading the affected package to
version 1.0.6-0ubuntu0.0.1 (mozilla-firefox) and 1.0.6-0ubuntu0.1
(mozilla-firefox-locale-... packages).

Please note that the new version does not work with the already
existing translation packages (mozilla-firefox-locale-...). New
packages have been provided which are compatible to the new Firefox
version of this security update, so they need to be upgraded as well
(a standard system upgrade will take care of this).

After a standard system upgrade you need to restart Firefox to effect
the necessary changes.

We apologize for the huge delay of this update; we changed our update
strategy for Mozilla products to make sure that such long delays will
not happen again.

Details follow:

USN-149-1 fixed some vulnerabilities in the Ubuntu 5.04 (Hoary
Hedgehog) version of Firefox. The version shipped with Ubuntu 4.10
(Warty Warthog) is also vulnerable to these flaws, so it needs to be
upgraded as well. Please see

  http://www.ubuntulinux.org/support/documentation/usn/usn-149-1

for the original advisory.

This update also fixes several older vulnerabilities; Some of them
could be exploited to execute arbitrary code with full user privileges
if the user visited a malicious web site. (MFSA-2005-01 to
MFSA-2005-44; please see the following web site for details:
http://www.mozilla.org/projects/security/known-vulnerabilities.html)


  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-ca/mozilla-firefox-locale-ca_1.0-0ubuntu0.1.dsc
      Size/MD5:      586 c6a4ba172beb50212cc8dd63cf53fe21
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-ca/mozilla-firefox-locale-ca_1.0-0ubuntu0.1.tar.gz
      Size/MD5:   413206 818b085a5c467e10da863e9d08d0fe20
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-de/mozilla-firefox-locale-de_1.0-0ubuntu0.1.dsc
      Size/MD5:      634 ce6ada2229be234d78b7a3ed9b51c6f7
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-de/mozilla-firefox-locale-de_1.0-0ubuntu0.1.tar.gz
      Size/MD5:   378461 cf83507e00cbcbde71a983143c8b2d08
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-es/mozilla-firefox-locale-es_1.0-0ubuntu0.1.dsc
      Size/MD5:      601 0a97fd79d8862e5482e0d558e995c539
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-es/mozilla-firefox-locale-es_1.0-0ubuntu0.1.tar.gz
      Size/MD5:    99717 8cbf0adeb41feb8d6b018608a962dab6
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-fr/mozilla-firefox-locale-fr_1.0-0ubuntu0.2.dsc
      Size/MD5:      578 b1568bcc4255541cee642fcf4f01b026
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-fr/mozilla-firefox-locale-fr_1.0-0ubuntu0.2.tar.gz
      Size/MD5:   411735 51e401a49e6622b063c5abc44c0338b4
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-it/mozilla-firefox-locale-it_1.0-0ubuntu0.1.dsc
      Size/MD5:      623 77ab520968ac64c4ff032b9d1a348dbf
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-it/mozilla-firefox-locale-it_1.0-0ubuntu0.1.tar.gz
      Size/MD5:   378699 5dc1756e4e5177ca07bc0b89a53fb4b5
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-ja/mozilla-firefox-locale-ja_1.0-0ubuntu0.1.dsc
      Size/MD5:      612 b2858d47a7d517efe9fd16a4e8fd6435
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-ja/mozilla-firefox-locale-ja_1.0-0ubuntu0.1.tar.gz
      Size/MD5:   169527 f580ce82d1768dedf952f816614fd176
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-nb/mozilla-firefox-locale-nb_1.0-0ubuntu0.1.dsc
      Size/MD5:      587 d5fb0d5f4a17e2a92e094c0f94c41de5
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-nb/mozilla-firefox-locale-nb_1.0-0ubuntu0.1.tar.gz
      Size/MD5:   849909 7a3e92d44123b91e6e431ac8c961c4e4
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-pl/mozilla-firefox-locale-pl_1.0-0ubuntu0.1.dsc
      Size/MD5:      620 153b29244c33886c6590f8d4560f1668
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-pl/mozilla-firefox-locale-pl_1.0-0ubuntu0.1.tar.gz
      Size/MD5:   779142 5fc8e81e27ff3a93a86282ec5381a650
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-tr/mozilla-firefox-locale-tr_1.0-0ubuntu0.1.dsc
      Size/MD5:      582 fee3e204e79115f5b5cb7aab4bd6e18e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-tr/mozilla-firefox-locale-tr_1.0-0ubuntu0.1.tar.gz
      Size/MD5:    86633 3669dd55cf3b945638af495a1179abe6
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-uk/mozilla-firefox-locale-uk_1.0-0ubuntu0.1.dsc
      Size/MD5:      578 830521a0572242e5c84d90fdf89b003f
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-uk/mozilla-firefox-locale-uk_1.0-0ubuntu0.1.tar.gz
      Size/MD5:   119114 717e7522a6824b4af9004fd5fa479b6d
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.6-0ubuntu0.0.1.diff.gz
      Size/MD5:   232845 81ff86fde63392bec52076c5c222669f
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.6-0ubuntu0.0.1.dsc
      Size/MD5:      987 abbcca4640b3c8fe9435b935f0c305b7
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.6.orig.tar.gz
      Size/MD5: 40214302 5b3ad16b600896478d8ba6fe9321e4e1

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-ca/mozilla-firefox-locale-ca_1.0-0ubuntu0.1_all.deb
      Size/MD5:   410280 fdeb997e756e0d4511d26476cdcbcdb5
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-de/mozilla-firefox-locale-de_1.0-0ubuntu0.1_all.deb
      Size/MD5:   375336 c6e0e4a5c7669474ce7d1bdcc4ac886f
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-es/mozilla-firefox-locale-es_1.0-0ubuntu0.1_all.deb
      Size/MD5:    99100 e4b16d51ddb909984f49646e50071f37
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-fr/mozilla-firefox-locale-fr_1.0-0ubuntu0.2_all.deb
      Size/MD5:   410730 61f1c94f99b77af55e716eb1fe79c072
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-it/mozilla-firefox-locale-it_1.0-0ubuntu0.1_all.deb
      Size/MD5:   376952 f6756bc0d15480a1e6684fe54c8a05e9
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-ja/mozilla-firefox-locale-ja_1.0-0ubuntu0.1_all.deb
      Size/MD5:   169420 251604405347e9bdebc131b9be2a1f35
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-nb/mozilla-firefox-locale-nb_1.0-0ubuntu0.1_all.deb
      Size/MD5:   850174 9e566347c0666b80293492222d506dd1
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-pl/mozilla-firefox-locale-pl_1.0-0ubuntu0.1_all.deb
      Size/MD5:   777800 6aae0f82e190eeeca89b604858bb6728
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-tr/mozilla-firefox-locale-tr_1.0-0ubuntu0.1_all.deb
      Size/MD5:    85352 884bbc4ad0d50f08d4f7c1abc0bb6a5d
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-uk/mozilla-firefox-locale-uk_1.0-0ubuntu0.1_all.deb
      Size/MD5:   120272 ce1588fae7a1854e08a5b6d523876258

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.6-0ubuntu0.0.1_amd64.deb
      Size/MD5:   147374 1a8aa083386d98e3fb74e6965090acb1
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.6-0ubuntu0.0.1_amd64.deb
      Size/MD5: 10673248 f90ed3698968b4609102d6e0737600d7

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.6-0ubuntu0.0.1_i386.deb
      Size/MD5:   142280 7988203c7c0c7ff141a551a517a28b1c
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.6-0ubuntu0.0.1_i386.deb
      Size/MD5:  9844756 b216dfb17fbdfb90b2deba1b2f1cc4f3

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.6-0ubuntu0.0.1_powerpc.deb
      Size/MD5:   141018 4a5925ed52aa151843d3f1cbb1d951c9
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.6-0ubuntu0.0.1_powerpc.deb
      Size/MD5:  9502076 2ce0a7d8260fdac867001461a15b6e69

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ