lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050728101631.GA21616@piware.de> Date: Thu Jul 28 11:16:36 2005 From: martin.pitt at canonical.com (Martin Pitt) Subject: [USN-149-3] Ubuntu 4.10 update for Firefox vulnerabilities =========================================================== Ubuntu Security Notice USN-149-3 July 28, 2005 mozilla-firefox vulnerabilities CAN-2004-1156, CAN-2004-1381, CAN-2005-0141, CAN-2005-0142, CAN-2005-0143, CAN-2005-0144, CAN-2005-0145, CAN-2005-0146, CAN-2005-0147, CAN-2005-0150, CAN-2005-0230, CAN-2005-0231, CAN-2005-0232, CAN-2005-0233, CAN-2005-0255, CAN-2005-0399, CAN-2005-0401, CAN-2005-0402, CAN-2005-0578, CAN-2005-0584, CAN-2005-0585, CAN-2005-0586, CAN-2005-0587, CAN-2005-0588, CAN-2005-0589, CAN-2005-0590, CAN-2005-0591, CAN-2005-0592, CAN-2005-0593, CAN-2005-0752, CAN-2005-0989, CAN-2005-1153, CAN-2005-1154, CAN-2005-1155, CAN-2005-1156, CAN-2005-1157, CAN-2005-1158, CAN-2005-1159, CAN-2005-1160, CAN-2005-1531, CAN-2005-1532, CAN-2005-1937, CAN-2005-2260, CAN-2005-2261, CAN-2005-2262, CAN-2005-2263, CAN-2005-2264, CAN-2005-2265, CAN-2005-2266, CAN-2005-2267, CAN-2005-2268, CAN-2005-2269, CAN-2005-2270 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: mozilla-firefox mozilla-firefox-locale-ca mozilla-firefox-locale-de mozilla-firefox-locale-es mozilla-firefox-locale-fr mozilla-firefox-locale-it mozilla-firefox-locale-ja mozilla-firefox-locale-nb mozilla-firefox-locale-pl mozilla-firefox-locale-tr mozilla-firefox-locale-uk The problem can be corrected by upgrading the affected package to version 1.0.6-0ubuntu0.0.1 (mozilla-firefox) and 1.0.6-0ubuntu0.1 (mozilla-firefox-locale-... packages). Please note that the new version does not work with the already existing translation packages (mozilla-firefox-locale-...). New packages have been provided which are compatible to the new Firefox version of this security update, so they need to be upgraded as well (a standard system upgrade will take care of this). After a standard system upgrade you need to restart Firefox to effect the necessary changes. We apologize for the huge delay of this update; we changed our update strategy for Mozilla products to make sure that such long delays will not happen again. Details follow: USN-149-1 fixed some vulnerabilities in the Ubuntu 5.04 (Hoary Hedgehog) version of Firefox. The version shipped with Ubuntu 4.10 (Warty Warthog) is also vulnerable to these flaws, so it needs to be upgraded as well. Please see http://www.ubuntulinux.org/support/documentation/usn/usn-149-1 for the original advisory. This update also fixes several older vulnerabilities; Some of them could be exploited to execute arbitrary code with full user privileges if the user visited a malicious web site. (MFSA-2005-01 to MFSA-2005-44; please see the following web site for details: http://www.mozilla.org/projects/security/known-vulnerabilities.html) Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-ca/mozilla-firefox-locale-ca_1.0-0ubuntu0.1.dsc Size/MD5: 586 c6a4ba172beb50212cc8dd63cf53fe21 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-ca/mozilla-firefox-locale-ca_1.0-0ubuntu0.1.tar.gz Size/MD5: 413206 818b085a5c467e10da863e9d08d0fe20 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-de/mozilla-firefox-locale-de_1.0-0ubuntu0.1.dsc Size/MD5: 634 ce6ada2229be234d78b7a3ed9b51c6f7 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-de/mozilla-firefox-locale-de_1.0-0ubuntu0.1.tar.gz Size/MD5: 378461 cf83507e00cbcbde71a983143c8b2d08 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-es/mozilla-firefox-locale-es_1.0-0ubuntu0.1.dsc Size/MD5: 601 0a97fd79d8862e5482e0d558e995c539 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-es/mozilla-firefox-locale-es_1.0-0ubuntu0.1.tar.gz Size/MD5: 99717 8cbf0adeb41feb8d6b018608a962dab6 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-fr/mozilla-firefox-locale-fr_1.0-0ubuntu0.2.dsc Size/MD5: 578 b1568bcc4255541cee642fcf4f01b026 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-fr/mozilla-firefox-locale-fr_1.0-0ubuntu0.2.tar.gz Size/MD5: 411735 51e401a49e6622b063c5abc44c0338b4 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-it/mozilla-firefox-locale-it_1.0-0ubuntu0.1.dsc Size/MD5: 623 77ab520968ac64c4ff032b9d1a348dbf http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-it/mozilla-firefox-locale-it_1.0-0ubuntu0.1.tar.gz Size/MD5: 378699 5dc1756e4e5177ca07bc0b89a53fb4b5 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-ja/mozilla-firefox-locale-ja_1.0-0ubuntu0.1.dsc Size/MD5: 612 b2858d47a7d517efe9fd16a4e8fd6435 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-ja/mozilla-firefox-locale-ja_1.0-0ubuntu0.1.tar.gz Size/MD5: 169527 f580ce82d1768dedf952f816614fd176 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-nb/mozilla-firefox-locale-nb_1.0-0ubuntu0.1.dsc Size/MD5: 587 d5fb0d5f4a17e2a92e094c0f94c41de5 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-nb/mozilla-firefox-locale-nb_1.0-0ubuntu0.1.tar.gz Size/MD5: 849909 7a3e92d44123b91e6e431ac8c961c4e4 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-pl/mozilla-firefox-locale-pl_1.0-0ubuntu0.1.dsc Size/MD5: 620 153b29244c33886c6590f8d4560f1668 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-pl/mozilla-firefox-locale-pl_1.0-0ubuntu0.1.tar.gz Size/MD5: 779142 5fc8e81e27ff3a93a86282ec5381a650 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-tr/mozilla-firefox-locale-tr_1.0-0ubuntu0.1.dsc Size/MD5: 582 fee3e204e79115f5b5cb7aab4bd6e18e http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-tr/mozilla-firefox-locale-tr_1.0-0ubuntu0.1.tar.gz Size/MD5: 86633 3669dd55cf3b945638af495a1179abe6 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-uk/mozilla-firefox-locale-uk_1.0-0ubuntu0.1.dsc Size/MD5: 578 830521a0572242e5c84d90fdf89b003f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-uk/mozilla-firefox-locale-uk_1.0-0ubuntu0.1.tar.gz Size/MD5: 119114 717e7522a6824b4af9004fd5fa479b6d http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.6-0ubuntu0.0.1.diff.gz Size/MD5: 232845 81ff86fde63392bec52076c5c222669f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.6-0ubuntu0.0.1.dsc Size/MD5: 987 abbcca4640b3c8fe9435b935f0c305b7 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.6.orig.tar.gz Size/MD5: 40214302 5b3ad16b600896478d8ba6fe9321e4e1 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-ca/mozilla-firefox-locale-ca_1.0-0ubuntu0.1_all.deb Size/MD5: 410280 fdeb997e756e0d4511d26476cdcbcdb5 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-de/mozilla-firefox-locale-de_1.0-0ubuntu0.1_all.deb Size/MD5: 375336 c6e0e4a5c7669474ce7d1bdcc4ac886f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-es/mozilla-firefox-locale-es_1.0-0ubuntu0.1_all.deb Size/MD5: 99100 e4b16d51ddb909984f49646e50071f37 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-fr/mozilla-firefox-locale-fr_1.0-0ubuntu0.2_all.deb Size/MD5: 410730 61f1c94f99b77af55e716eb1fe79c072 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-it/mozilla-firefox-locale-it_1.0-0ubuntu0.1_all.deb Size/MD5: 376952 f6756bc0d15480a1e6684fe54c8a05e9 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-ja/mozilla-firefox-locale-ja_1.0-0ubuntu0.1_all.deb Size/MD5: 169420 251604405347e9bdebc131b9be2a1f35 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-nb/mozilla-firefox-locale-nb_1.0-0ubuntu0.1_all.deb Size/MD5: 850174 9e566347c0666b80293492222d506dd1 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-pl/mozilla-firefox-locale-pl_1.0-0ubuntu0.1_all.deb Size/MD5: 777800 6aae0f82e190eeeca89b604858bb6728 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-tr/mozilla-firefox-locale-tr_1.0-0ubuntu0.1_all.deb Size/MD5: 85352 884bbc4ad0d50f08d4f7c1abc0bb6a5d http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox-locale-uk/mozilla-firefox-locale-uk_1.0-0ubuntu0.1_all.deb Size/MD5: 120272 ce1588fae7a1854e08a5b6d523876258 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.6-0ubuntu0.0.1_amd64.deb Size/MD5: 147374 1a8aa083386d98e3fb74e6965090acb1 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.6-0ubuntu0.0.1_amd64.deb Size/MD5: 10673248 f90ed3698968b4609102d6e0737600d7 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.6-0ubuntu0.0.1_i386.deb Size/MD5: 142280 7988203c7c0c7ff141a551a517a28b1c http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.6-0ubuntu0.0.1_i386.deb Size/MD5: 9844756 b216dfb17fbdfb90b2deba1b2f1cc4f3 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.6-0ubuntu0.0.1_powerpc.deb Size/MD5: 141018 4a5925ed52aa151843d3f1cbb1d951c9 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.6-0ubuntu0.0.1_powerpc.deb Size/MD5: 9502076 2ce0a7d8260fdac867001461a15b6e69 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050728/bcf3b19f/attachment.bin
Powered by blists - more mailing lists