lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1F6eci-0001QJ-Qo@mercury.mandriva.com>
Date: Tue,  7 Feb 2006 19:00:00 -0700
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2006:036 ] - Updated mozilla packages to address DoS vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:036
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : mozilla
 Date    : February 7, 2006
 Affected: Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Mozilla and Mozilla Firefox allow remote attackers to cause a denial of
 service (CPU consumption and delayed application startup) via a web
 site with a large title, which is recorded in history.dat but not
 processed efficiently during startup. (CVE-2005-4134)
 
 The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before
 1.5.1 does not properly dereference objects, which allows remote
 attackers to cause a denial of service (crash) or execute arbitrary
 code via unknown attack vectors related to garbage collection.
 (CVE-2006-0292)
 
 The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1,
 and SeaMonkey before 1.0 does not validate the attribute name, which
 allows remote attackers to execute arbitrary Javascript by injecting
 RDF data into the user's localstore.rdf file. (CVE-2006-0296)
 
 Updated packages are patched to address these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296
 _______________________________________________________________________
 
 Updated Packages:
 
 Corporate 3.0:
 8d1376d6440bc1602ab2b1c74262a30c  corporate/3.0/RPMS/libnspr4-1.7.8-0.7.C30mdk.i586.rpm
 ceae80feec83d84891234f8bcf546247  corporate/3.0/RPMS/libnspr4-devel-1.7.8-0.7.C30mdk.i586.rpm
 4be42f4a2297322ac93e6c4e635a225b  corporate/3.0/RPMS/libnss3-1.7.8-0.7.C30mdk.i586.rpm
 f7490d1448b0ef6fe8eaa7561066095f  corporate/3.0/RPMS/libnss3-devel-1.7.8-0.7.C30mdk.i586.rpm
 d3c71d0217099e4586818dc40f819308  corporate/3.0/RPMS/mozilla-1.7.8-0.7.C30mdk.i586.rpm
 5d73ae4396714d8b5bf9892090c22724  corporate/3.0/RPMS/mozilla-devel-1.7.8-0.7.C30mdk.i586.rpm
 005998ef07bd769563084275c27928ec  corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.7.C30mdk.i586.rpm
 0774d333844c7d27b560146e632a33b2  corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.7.C30mdk.i586.rpm
 72bda6c0dfc17eb36b5f64aced6da5a3  corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.7.C30mdk.i586.rpm
 b425cbdf6b2f2261799869327527d1c7  corporate/3.0/RPMS/mozilla-irc-1.7.8-0.7.C30mdk.i586.rpm
 a2ba40970fd46883f707979925553074  corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.7.C30mdk.i586.rpm
 3f786a780a2355f4605886287fc489c3  corporate/3.0/RPMS/mozilla-mail-1.7.8-0.7.C30mdk.i586.rpm
 4dc8edd930a75430e84520b3b2f00859  corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.7.C30mdk.i586.rpm
 4f1024a56ad3c8f3aef13ff2ea881ceb  corporate/3.0/SRPMS/mozilla-1.7.8-0.7.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 990fd040a970e2fe393665bc87f9d964  x86_64/corporate/3.0/RPMS/lib64nspr4-1.7.8-0.7.C30mdk.x86_64.rpm
 e70615c6a988f23636f7bf3d642d2028  x86_64/corporate/3.0/RPMS/lib64nspr4-devel-1.7.8-0.7.C30mdk.x86_64.rpm
 69e14625db53e49b4d1fcd9d346218db  x86_64/corporate/3.0/RPMS/lib64nss3-1.7.8-0.7.C30mdk.x86_64.rpm
 17f22cc0913232f4d0cd3efbffd17af1  x86_64/corporate/3.0/RPMS/lib64nss3-devel-1.7.8-0.7.C30mdk.x86_64.rpm
 23d7b49cde6c2e96742f45625845d825  x86_64/corporate/3.0/RPMS/mozilla-1.7.8-0.7.C30mdk.x86_64.rpm
 a14cde7bc834e298f9b1ff97d0faa04c  x86_64/corporate/3.0/RPMS/mozilla-devel-1.7.8-0.7.C30mdk.x86_64.rpm
 7b6a92d89e3771330e69b24eef80d02b  x86_64/corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.7.C30mdk.x86_64.rpm
 88510e96eee3232f5dd931de50ef9878  x86_64/corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.7.C30mdk.x86_64.rpm
 71e44f63b296849361d5733b0e6824d1  x86_64/corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.7.C30mdk.x86_64.rpm
 1740b993c3c30a35dcd37d7c88bd6187  x86_64/corporate/3.0/RPMS/mozilla-irc-1.7.8-0.7.C30mdk.x86_64.rpm
 13b44d4ab0a1b80fb50ad8c881d94253  x86_64/corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.7.C30mdk.x86_64.rpm
 b9683c1834c25ab3d78606b912714780  x86_64/corporate/3.0/RPMS/mozilla-mail-1.7.8-0.7.C30mdk.x86_64.rpm
 7ccb971d176e3e3a1a924bfc23f34b1e  x86_64/corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.7.C30mdk.x86_64.rpm
 4f1024a56ad3c8f3aef13ff2ea881ceb  x86_64/corporate/3.0/SRPMS/mozilla-1.7.8-0.7.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFD6SVbmqjQ0CJFipgRAtEGAKDeolBWyZSrRKa1tL4JSbkQw+z06ACgkcGr
VCmfGeobl7Qv+lFgSZbx3rE=
=NT/H
-----END PGP SIGNATURE-----



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ