lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1ENiWo-0007ed-Ty@mercury.mandriva.com>
Date: Thu, 06 Oct 2005 21:04:10 -0600
From: Mandriva Security Team <security@...driva.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:173 - Updated mozilla-firefox packages fix vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           mozilla-firefox
 Advisory ID:            MDKSA-2005:173
 Date:                   October 6th, 2005

 Affected versions:	 10.2, 2006.0
 ______________________________________________________________________

 Problem Description:

 New updates are available for Mozilla Firefox:
 
 A regression in the LE2005 Firefox package caused problems with cursor
 movement that has been fixed.
 
 The run-mozilla.sh script, with debugging enabled, would allow local
 users to create or overwrite arbitrary files via a symlink attack on
 temporary files (CAN-2005-2353).
 
 nsScriptSecurityManager::GetBaseURIScheme didn't handle
 jar:view-source:... correctly because the jar: and view-source: cases
 didn't use recursion as they were supposed to.  This was corrected in
 Firefox 1.0.4 and only affects the LE2005 package.
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2353
 ______________________________________________________________________

 Updated Packages:
  
 Mandrivalinux 10.2:
 8802442f13b423d32f90beab90b57b39  10.2/RPMS/libnspr4-1.0.2-10.1.102mdk.i586.rpm
 490de6be6ed37670b498f1b32ce9911d  10.2/RPMS/libnspr4-devel-1.0.2-10.1.102mdk.i586.rpm
 15bd80dbb1661d1991d7cb5d882de84b  10.2/RPMS/libnss3-1.0.2-10.1.102mdk.i586.rpm
 abb90d3203f570d84e0228214244c16a  10.2/RPMS/libnss3-devel-1.0.2-10.1.102mdk.i586.rpm
 692a964ae2a2fc96bad0926ba57f6608  10.2/RPMS/mozilla-firefox-1.0.2-10.1.102mdk.i586.rpm
 3d88f5181f16a5ac731c183af04973c0  10.2/RPMS/mozilla-firefox-devel-1.0.2-10.1.102mdk.i586.rpm
 915ff77d3dabc2c821f7355d0fc379db  10.2/SRPMS/mozilla-firefox-1.0.2-10.1.102mdk.src.rpm

 Mandrivalinux 10.2/X86_64:
 a5b17c8a1142e20db9d69b934f54607d  x86_64/10.2/RPMS/lib64nspr4-1.0.2-10.1.102mdk.x86_64.rpm
 f041b7de49dd120ddb63ba6b2d466feb  x86_64/10.2/RPMS/lib64nspr4-devel-1.0.2-10.1.102mdk.x86_64.rpm
 8802442f13b423d32f90beab90b57b39  x86_64/10.2/RPMS/libnspr4-1.0.2-10.1.102mdk.i586.rpm
 490de6be6ed37670b498f1b32ce9911d  x86_64/10.2/RPMS/libnspr4-devel-1.0.2-10.1.102mdk.i586.rpm
 13b1057af97d829a4aae52cdb5f3bcab  x86_64/10.2/RPMS/lib64nss3-1.0.2-10.1.102mdk.x86_64.rpm
 42cbcf8cf37d45472d7d1d742cc91e22  x86_64/10.2/RPMS/lib64nss3-devel-1.0.2-10.1.102mdk.x86_64.rpm
 15bd80dbb1661d1991d7cb5d882de84b  x86_64/10.2/RPMS/libnss3-1.0.2-10.1.102mdk.i586.rpm
 abb90d3203f570d84e0228214244c16a  x86_64/10.2/RPMS/libnss3-devel-1.0.2-10.1.102mdk.i586.rpm
 83cb2e763eac7d6117daf62a4adb14ab  x86_64/10.2/RPMS/mozilla-firefox-1.0.2-10.1.102mdk.x86_64.rpm
 76ba06daf1900bbaa357744daec1060a  x86_64/10.2/RPMS/mozilla-firefox-devel-1.0.2-10.1.102mdk.x86_64.rpm
 915ff77d3dabc2c821f7355d0fc379db  x86_64/10.2/SRPMS/mozilla-firefox-1.0.2-10.1.102mdk.src.rpm

 Mandrivalinux 2006.0:
 4729fc4e3d1b10f2e16e94c23a5d55e9  2006.0/RPMS/libnspr4-1.0.6-16.1.20060mdk.i586.rpm
 bf450dbb8f1f20abfcc57b9decb30eb4  2006.0/RPMS/libnspr4-devel-1.0.6-16.1.20060mdk.i586.rpm
 760d6ab6f917091183818d6946c4482f  2006.0/RPMS/libnss3-1.0.6-16.1.20060mdk.i586.rpm
 a9b14f14a73c89950b445c747f9c306c  2006.0/RPMS/libnss3-devel-1.0.6-16.1.20060mdk.i586.rpm
 94adfb3dbdb796da0d2ab01b842e8351  2006.0/RPMS/mozilla-firefox-1.0.6-16.1.20060mdk.i586.rpm
 01947ebf2c815bc36e955cc98ce23f27  2006.0/RPMS/mozilla-firefox-devel-1.0.6-16.1.20060mdk.i586.rpm
 93f3763d032cd82e7b214afeecccd4a9  2006.0/SRPMS/mozilla-firefox-1.0.6-16.1.20060mdk.src.rpm

 Mandrivalinux 2006.0/X86_64:
 68542f490600d394fd8246081a899894  x86_64/2006.0/RPMS/lib64nspr4-1.0.6-16.1.20060mdk.x86_64.rpm
 3589f6d4e900c9c400c881861e50a927  x86_64/2006.0/RPMS/lib64nspr4-devel-1.0.6-16.1.20060mdk.x86_64.rpm
 4729fc4e3d1b10f2e16e94c23a5d55e9  x86_64/2006.0/RPMS/libnspr4-1.0.6-16.1.20060mdk.i586.rpm
 bf450dbb8f1f20abfcc57b9decb30eb4  x86_64/2006.0/RPMS/libnspr4-devel-1.0.6-16.1.20060mdk.i586.rpm
 7a7d70dd78e89ef04b1c1f69b3711bfe  x86_64/2006.0/RPMS/lib64nss3-1.0.6-16.1.20060mdk.x86_64.rpm
 8f7a198febbcd4c819b93eee2e4822ad  x86_64/2006.0/RPMS/lib64nss3-devel-1.0.6-16.1.20060mdk.x86_64.rpm
 760d6ab6f917091183818d6946c4482f  x86_64/2006.0/RPMS/libnss3-1.0.6-16.1.20060mdk.i586.rpm
 a9b14f14a73c89950b445c747f9c306c  x86_64/2006.0/RPMS/libnss3-devel-1.0.6-16.1.20060mdk.i586.rpm
 8d72c505c3634bee91ed8a6d1add342d  x86_64/2006.0/RPMS/mozilla-firefox-1.0.6-16.1.20060mdk.x86_64.rpm
 a1e80b35074ce98d49812d46f4f0de47  x86_64/2006.0/RPMS/mozilla-firefox-devel-1.0.6-16.1.20060mdk.x86_64.rpm
 93f3763d032cd82e7b214afeecccd4a9  x86_64/2006.0/SRPMS/mozilla-firefox-1.0.6-16.1.20060mdk.src.rpm
 _______________________________________________________________________

 Bug IDs fixed (see http://qa.mandriva.com for more information):

  18980 - left/right keys on input text jump over several words
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDReWqmqjQ0CJFipgRAmCkAJ9H8FBb+mttPOvoDbAbs1aDdjAoTQCbBIvB
kb0UpSg5nxWw1XKVAu6BqgI=
=bcU2
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ