lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1M4ELQ-0000aJ-RR@titan.mandriva.com>
Date: Wed, 13 May 2009 15:18:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2009:111-1 ] firefox


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                       MDVSA-2009:111-1
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : firefox
 Date    : May 13, 2009
 Affected: 2009.0
 _______________________________________________________________________

 Problem Description:

 Security vulnerabilities have been discovered in previous
 versions, and corrected in the latest Mozilla Firefox 3.x, version
 3.0.10. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305,
 CVE-2009-0652, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308,
 CVE-2009-1309, CVE-2009-1310, CVE-2009-1311, CVE-2009-1312,
 CVE-2009-1313)
 
 This update provides the latest Mozilla Firefox 3.x to correct
 these issues.
 
 Additionally, some packages which require so, have been rebuilt and
 are being provided as updates.

 Update:

 The recent Mozilla Firefox update missed the Firefox language packs
 for Mandriva Linux 2009. This update provides them, fixing the issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1302
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1303
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1304
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1305
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0652
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1306
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1307
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1308
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1309
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1310
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1311
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1312
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1313
 http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.10
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 428c63f10fadf9d563ec2842125955eb  2009.0/i586/firefox-af-3.0.10-0.1mdv2009.0.i586.rpm
 fabdad0d8036a5dc9d8e6cd0d6f587ef  2009.0/i586/firefox-ar-3.0.10-0.1mdv2009.0.i586.rpm
 8dba866bf456bf6e8076a2e0fb1e45a2  2009.0/i586/firefox-be-3.0.10-0.1mdv2009.0.i586.rpm
 6ee779a9d993a4c04650e0a23d681601  2009.0/i586/firefox-bg-3.0.10-0.1mdv2009.0.i586.rpm
 c36835a0e2e9ff4e6b43defbeab6f787  2009.0/i586/firefox-bn-3.0.10-0.1mdv2009.0.i586.rpm
 c440e6dbcf73db73403d08278be48936  2009.0/i586/firefox-ca-3.0.10-0.1mdv2009.0.i586.rpm
 ac843b5e22e0e29094f3d6d059896850  2009.0/i586/firefox-cs-3.0.10-0.1mdv2009.0.i586.rpm
 d524e266442215bd69577532b29848dd  2009.0/i586/firefox-cy-3.0.10-0.1mdv2009.0.i586.rpm
 2cac493126fc4f6e50de0c9428303aac  2009.0/i586/firefox-da-3.0.10-0.1mdv2009.0.i586.rpm
 1c288234043f76e349200d6650afd4a1  2009.0/i586/firefox-de-3.0.10-0.1mdv2009.0.i586.rpm
 28a974d0e09b7d6eddecbf6ac7cf3fff  2009.0/i586/firefox-el-3.0.10-0.1mdv2009.0.i586.rpm
 d2bb49a40f9626fe443ef5f2c73a4063  2009.0/i586/firefox-en_GB-3.0.10-0.1mdv2009.0.i586.rpm
 7c94bab7d47bba06200b253408b922ab  2009.0/i586/firefox-eo-3.0.10-0.1mdv2009.0.i586.rpm
 d98276d0f1a26ee892bd845b9ae66762  2009.0/i586/firefox-es_AR-3.0.10-0.1mdv2009.0.i586.rpm
 208435a4d629bee649dc22440a174203  2009.0/i586/firefox-es_ES-3.0.10-0.1mdv2009.0.i586.rpm
 bac010ff6be1a42cfbef6aff68a8380c  2009.0/i586/firefox-et-3.0.10-0.1mdv2009.0.i586.rpm
 319256fe0b2e3fa32fb27b880fd12519  2009.0/i586/firefox-eu-3.0.10-0.1mdv2009.0.i586.rpm
 9ac30eebf8c9505ba0c99158e372b303  2009.0/i586/firefox-fi-3.0.10-0.1mdv2009.0.i586.rpm
 03560e30d2bd62520cf9665184c37f9d  2009.0/i586/firefox-fr-3.0.10-0.1mdv2009.0.i586.rpm
 ae16ba2e645c66b80c893fecd5bb0866  2009.0/i586/firefox-fy-3.0.10-0.1mdv2009.0.i586.rpm
 849c6cc485543fee318dd00d1e011b96  2009.0/i586/firefox-ga_IE-3.0.10-0.1mdv2009.0.i586.rpm
 00c4f1e1c75be22c9749bcb6e19ee1a8  2009.0/i586/firefox-gl-3.0.10-0.1mdv2009.0.i586.rpm
 80bb9fe95926ada2c82e50d4247acfff  2009.0/i586/firefox-gu_IN-3.0.10-0.1mdv2009.0.i586.rpm
 db271c92cbc88a0750b5ab8b4b805c34  2009.0/i586/firefox-he-3.0.10-0.1mdv2009.0.i586.rpm
 79ff9ecae9384330c16922406c51ffd6  2009.0/i586/firefox-hi-3.0.10-0.1mdv2009.0.i586.rpm
 7e87efe5ddaf54e6966d1886a746dcfe  2009.0/i586/firefox-hu-3.0.10-0.1mdv2009.0.i586.rpm
 add0fd84eb10233c260950b01a594595  2009.0/i586/firefox-id-3.0.10-0.1mdv2009.0.i586.rpm
 bc52e2cb6e992d7fb27ac61be4047f35  2009.0/i586/firefox-is-3.0.10-0.1mdv2009.0.i586.rpm
 7bb1d34c83b53b4a30dac101bcb7da1c  2009.0/i586/firefox-it-3.0.10-0.1mdv2009.0.i586.rpm
 7a159b8384a18577b0ccc3aa0564fe33  2009.0/i586/firefox-ja-3.0.10-0.1mdv2009.0.i586.rpm
 b67641682152447b0045a977011de2d0  2009.0/i586/firefox-ka-3.0.10-0.1mdv2009.0.i586.rpm
 954202831867180681e99be7e9d5cbca  2009.0/i586/firefox-kn-3.0.10-0.1mdv2009.0.i586.rpm
 309d434c54f9c9f54384b7addd7fecfa  2009.0/i586/firefox-ko-3.0.10-0.1mdv2009.0.i586.rpm
 90ac6957b7aef991c472db9de707b7e1  2009.0/i586/firefox-ku-3.0.10-0.1mdv2009.0.i586.rpm
 b5e27ae12543ab1eefb2864d51ef5f3b  2009.0/i586/firefox-lt-3.0.10-0.1mdv2009.0.i586.rpm
 5262f12accb78398ae4f33d368b2d3c8  2009.0/i586/firefox-lv-3.0.10-0.1mdv2009.0.i586.rpm
 87770cc2e9bffa12e0a9810b8c2264bf  2009.0/i586/firefox-mk-3.0.10-0.1mdv2009.0.i586.rpm
 7f71f9c789c541e482f7dbc826b1e75d  2009.0/i586/firefox-mn-3.0.10-0.1mdv2009.0.i586.rpm
 5ed115f431f83bc1710461172340cc5c  2009.0/i586/firefox-mr-3.0.10-0.1mdv2009.0.i586.rpm
 94f7104e6c94b19528b68d7fec02b116  2009.0/i586/firefox-nb_NO-3.0.10-0.1mdv2009.0.i586.rpm
 358ba12b0dd138d5a07e699b62c2e0c9  2009.0/i586/firefox-nl-3.0.10-0.1mdv2009.0.i586.rpm
 316299848df0100cd7dbf9c3f40b957f  2009.0/i586/firefox-nn_NO-3.0.10-0.1mdv2009.0.i586.rpm
 3c557eaa35fcb14b458389dab8e89956  2009.0/i586/firefox-oc-3.0.10-0.1mdv2009.0.i586.rpm
 06b6728b585e436ae1a366ae45e99cab  2009.0/i586/firefox-pa_IN-3.0.10-0.1mdv2009.0.i586.rpm
 eca2a2427556ed69b0ee5cf05b1eb946  2009.0/i586/firefox-pl-3.0.10-0.1mdv2009.0.i586.rpm
 700b9b8705803e5b5cfdb450eb2d18f4  2009.0/i586/firefox-pt_BR-3.0.10-0.1mdv2009.0.i586.rpm
 34f35eb9f2f5fb474bd369eaa3e25b41  2009.0/i586/firefox-pt_PT-3.0.10-0.1mdv2009.0.i586.rpm
 1aa56aee2364433d1f86d1639703f11d  2009.0/i586/firefox-ro-3.0.10-0.1mdv2009.0.i586.rpm
 8ad17c722f9e1156f0f0d1413961673a  2009.0/i586/firefox-ru-3.0.10-0.1mdv2009.0.i586.rpm
 a35265f3dcf9d96685670efabebe87d3  2009.0/i586/firefox-si-3.0.10-0.1mdv2009.0.i586.rpm
 40dae6edeff38b75a913bd2db75281b0  2009.0/i586/firefox-sk-3.0.10-0.1mdv2009.0.i586.rpm
 209a8c7738fa61f9ccfb1292ac0454fd  2009.0/i586/firefox-sl-3.0.10-0.1mdv2009.0.i586.rpm
 d9511239f8a809c1fa52069d80d86e9f  2009.0/i586/firefox-sq-3.0.10-0.1mdv2009.0.i586.rpm
 caaaa484cab9070ce73bd05df6f0686b  2009.0/i586/firefox-sr-3.0.10-0.1mdv2009.0.i586.rpm
 7c6b0bb2f85ed561baeed515e489c50c  2009.0/i586/firefox-sv_SE-3.0.10-0.1mdv2009.0.i586.rpm
 e7e062eee2533692dc969580ee0afc9c  2009.0/i586/firefox-te-3.0.10-0.1mdv2009.0.i586.rpm
 c3fcaa0ebe8018cd7a48cf7429a6f508  2009.0/i586/firefox-th-3.0.10-0.1mdv2009.0.i586.rpm
 11e0e6016b3aa56faf6653be4afca38a  2009.0/i586/firefox-tr-3.0.10-0.1mdv2009.0.i586.rpm
 46221144f9edcea10195d68013aa306f  2009.0/i586/firefox-uk-3.0.10-0.1mdv2009.0.i586.rpm
 2d8125037fa940ac1af678a88f6159e0  2009.0/i586/firefox-zh_CN-3.0.10-0.1mdv2009.0.i586.rpm
 ff8679f9794607e6a746024791575219  2009.0/i586/firefox-zh_TW-3.0.10-0.1mdv2009.0.i586.rpm 
 1054337c6d40a6cf130f7059724b4e4b  2009.0/SRPMS/firefox-l10n-3.0.10-0.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 258457851c723bb4cdd364e4743a3584  2009.0/x86_64/firefox-af-3.0.10-0.1mdv2009.0.x86_64.rpm
 8e3c428f56b6df607a382a66b34c0c90  2009.0/x86_64/firefox-ar-3.0.10-0.1mdv2009.0.x86_64.rpm
 116a63099398699fde88879070f4ce48  2009.0/x86_64/firefox-be-3.0.10-0.1mdv2009.0.x86_64.rpm
 f51b22c0cdc236c65a5cc6183a973dec  2009.0/x86_64/firefox-bg-3.0.10-0.1mdv2009.0.x86_64.rpm
 3ab96f66e8c4ba8c433dd33922b52a69  2009.0/x86_64/firefox-bn-3.0.10-0.1mdv2009.0.x86_64.rpm
 aafd552bda0fac22cfeb3ee806dd4bab  2009.0/x86_64/firefox-ca-3.0.10-0.1mdv2009.0.x86_64.rpm
 306ab5ea0fb84ee1e65583bf3c2987e4  2009.0/x86_64/firefox-cs-3.0.10-0.1mdv2009.0.x86_64.rpm
 d11104e846f9595a79d60475815716b3  2009.0/x86_64/firefox-cy-3.0.10-0.1mdv2009.0.x86_64.rpm
 56551fcffd2cdddc288472a2d602db54  2009.0/x86_64/firefox-da-3.0.10-0.1mdv2009.0.x86_64.rpm
 7253128e7851d3713e8455c4cc5a2309  2009.0/x86_64/firefox-de-3.0.10-0.1mdv2009.0.x86_64.rpm
 109e6f2e7dac22e0b2171ec5d05e078d  2009.0/x86_64/firefox-el-3.0.10-0.1mdv2009.0.x86_64.rpm
 bab45adcc5b17c7859d0b40a5cdb1d8d  2009.0/x86_64/firefox-en_GB-3.0.10-0.1mdv2009.0.x86_64.rpm
 1575ad3adf3c43762c48c0078b340854  2009.0/x86_64/firefox-eo-3.0.10-0.1mdv2009.0.x86_64.rpm
 dddf6533ca6612de289353c984301128  2009.0/x86_64/firefox-es_AR-3.0.10-0.1mdv2009.0.x86_64.rpm
 50b3e769444edf9a022c46b794cd4e0a  2009.0/x86_64/firefox-es_ES-3.0.10-0.1mdv2009.0.x86_64.rpm
 da53bd9533860d698ba31fcfe43864c8  2009.0/x86_64/firefox-et-3.0.10-0.1mdv2009.0.x86_64.rpm
 62f0494ed4f8ec3e70ffe336210ab5a7  2009.0/x86_64/firefox-eu-3.0.10-0.1mdv2009.0.x86_64.rpm
 a6246bef4fd6867a3e100303280fcd6f  2009.0/x86_64/firefox-fi-3.0.10-0.1mdv2009.0.x86_64.rpm
 e79b2e3b97d1ca86d5216c3587db2755  2009.0/x86_64/firefox-fr-3.0.10-0.1mdv2009.0.x86_64.rpm
 baac4499ec49448578c45a6fe4b9e6ef  2009.0/x86_64/firefox-fy-3.0.10-0.1mdv2009.0.x86_64.rpm
 e537484f39efc61f0ba8893ffd028b90  2009.0/x86_64/firefox-ga_IE-3.0.10-0.1mdv2009.0.x86_64.rpm
 d56241d4771d4f3d268dcee41d02affb  2009.0/x86_64/firefox-gl-3.0.10-0.1mdv2009.0.x86_64.rpm
 9b83b5370b86365486f46198625b822b  2009.0/x86_64/firefox-gu_IN-3.0.10-0.1mdv2009.0.x86_64.rpm
 79cef5592e2c1507f1934f5a1cfdf4f1  2009.0/x86_64/firefox-he-3.0.10-0.1mdv2009.0.x86_64.rpm
 b85e65c0fec12b11cff313c6c89bd7eb  2009.0/x86_64/firefox-hi-3.0.10-0.1mdv2009.0.x86_64.rpm
 cee173655a5c7837fffcedda0a6a61c4  2009.0/x86_64/firefox-hu-3.0.10-0.1mdv2009.0.x86_64.rpm
 e74fd5eba3f509cb8079acde1d59b4ec  2009.0/x86_64/firefox-id-3.0.10-0.1mdv2009.0.x86_64.rpm
 8a6c41c86561e40e79d1cb8168e2eb99  2009.0/x86_64/firefox-is-3.0.10-0.1mdv2009.0.x86_64.rpm
 261fea23c41776cae90872350bc4373c  2009.0/x86_64/firefox-it-3.0.10-0.1mdv2009.0.x86_64.rpm
 31feb1619ffd6a790b0f05578d67b79c  2009.0/x86_64/firefox-ja-3.0.10-0.1mdv2009.0.x86_64.rpm
 710db16d2abe8081875bc415fc19e68d  2009.0/x86_64/firefox-ka-3.0.10-0.1mdv2009.0.x86_64.rpm
 9def35657fb3728cc278afd935855e1d  2009.0/x86_64/firefox-kn-3.0.10-0.1mdv2009.0.x86_64.rpm
 8e668d4b602c3331a35a3f082584a4a5  2009.0/x86_64/firefox-ko-3.0.10-0.1mdv2009.0.x86_64.rpm
 2d9b8cbcd122caedf7e48b64275f0ae8  2009.0/x86_64/firefox-ku-3.0.10-0.1mdv2009.0.x86_64.rpm
 15bf192d4264faff185fb674104a0572  2009.0/x86_64/firefox-lt-3.0.10-0.1mdv2009.0.x86_64.rpm
 b1a39c5e6ee027f820a6ab12ac8536f1  2009.0/x86_64/firefox-lv-3.0.10-0.1mdv2009.0.x86_64.rpm
 2aaa1d49c0ba25f6e7353f546de8e872  2009.0/x86_64/firefox-mk-3.0.10-0.1mdv2009.0.x86_64.rpm
 ddfff353e9158597a1f05d8684538a15  2009.0/x86_64/firefox-mn-3.0.10-0.1mdv2009.0.x86_64.rpm
 a12226a3b68ebfa8f96836fa1da9201f  2009.0/x86_64/firefox-mr-3.0.10-0.1mdv2009.0.x86_64.rpm
 78a72a996ede70c6f2b939370381c089  2009.0/x86_64/firefox-nb_NO-3.0.10-0.1mdv2009.0.x86_64.rpm
 24402fa976b38e277d419e6e62143f2b  2009.0/x86_64/firefox-nl-3.0.10-0.1mdv2009.0.x86_64.rpm
 17718338453a1ea9263269e9a91d6f1b  2009.0/x86_64/firefox-nn_NO-3.0.10-0.1mdv2009.0.x86_64.rpm
 8ee74c9d82ed5f0c1087315dba51938c  2009.0/x86_64/firefox-oc-3.0.10-0.1mdv2009.0.x86_64.rpm
 9273d5773e8e90960c8276eaf50db994  2009.0/x86_64/firefox-pa_IN-3.0.10-0.1mdv2009.0.x86_64.rpm
 b0455ebf6902b3e944b6179c1682b6fe  2009.0/x86_64/firefox-pl-3.0.10-0.1mdv2009.0.x86_64.rpm
 654e22f863ed0442578cf8bfa8e6b14e  2009.0/x86_64/firefox-pt_BR-3.0.10-0.1mdv2009.0.x86_64.rpm
 e5dfcbca7d7c7b581deb3c51838e3ed7  2009.0/x86_64/firefox-pt_PT-3.0.10-0.1mdv2009.0.x86_64.rpm
 fca939bd4cfc3042564931b066e9be18  2009.0/x86_64/firefox-ro-3.0.10-0.1mdv2009.0.x86_64.rpm
 c5e966eca1ba5a99eb0d42ffb3a162c7  2009.0/x86_64/firefox-ru-3.0.10-0.1mdv2009.0.x86_64.rpm
 1c83187f3052cc683a6932c2a835c437  2009.0/x86_64/firefox-si-3.0.10-0.1mdv2009.0.x86_64.rpm
 9bb1eab01429b4d6a38f84f842b6b8bc  2009.0/x86_64/firefox-sk-3.0.10-0.1mdv2009.0.x86_64.rpm
 70b59b3f110a3d6745202ab51a16c244  2009.0/x86_64/firefox-sl-3.0.10-0.1mdv2009.0.x86_64.rpm
 27180ec7383f330d647e6ca6975d7d18  2009.0/x86_64/firefox-sq-3.0.10-0.1mdv2009.0.x86_64.rpm
 fe1ce31dedf9c4061db8c2d6565c85b4  2009.0/x86_64/firefox-sr-3.0.10-0.1mdv2009.0.x86_64.rpm
 1520424e6bfddd3c25fb9aa912f08307  2009.0/x86_64/firefox-sv_SE-3.0.10-0.1mdv2009.0.x86_64.rpm
 a2b966a6416b366fe860de72dce1bfbb  2009.0/x86_64/firefox-te-3.0.10-0.1mdv2009.0.x86_64.rpm
 0803f48aa31eab91c8b71f942007c7e1  2009.0/x86_64/firefox-th-3.0.10-0.1mdv2009.0.x86_64.rpm
 b75a72861f5b942a496dabea5b3d9566  2009.0/x86_64/firefox-tr-3.0.10-0.1mdv2009.0.x86_64.rpm
 68c9128ce5b1a302f7c77bff6b8ee17b  2009.0/x86_64/firefox-uk-3.0.10-0.1mdv2009.0.x86_64.rpm
 b7be4e78992bddffa18ae7a78d53882b  2009.0/x86_64/firefox-zh_CN-3.0.10-0.1mdv2009.0.x86_64.rpm
 d78d8595ace51ebd3999c246e9913255  2009.0/x86_64/firefox-zh_TW-3.0.10-0.1mdv2009.0.x86_64.rpm 
 1054337c6d40a6cf130f7059724b4e4b  2009.0/SRPMS/firefox-l10n-3.0.10-0.1mdv2009.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKCp1mmqjQ0CJFipgRAntBAKCY8I97u4bg+51olIhxCTmkPMnVPACglKFk
tGgHPCCFzG03mmVCIvEh3bU=
=segW
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ