lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061121191728.GZ10960@outflux.net>
Date: Tue, 21 Nov 2006 11:17:28 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-381-1] Firefox vulnerabilities

=========================================================== 
Ubuntu Security Notice USN-381-1          November 16, 2006
firefox vulnerabilities
CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5747,
CVE-2006-5748
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  firefox                                  1.5.dfsg+1.5.0.8-0ubuntu0.5.10
  firefox-dev                              1.5.dfsg+1.5.0.8-0ubuntu0.5.10

Ubuntu 6.06 LTS:
  firefox                                  1.5.dfsg+1.5.0.8-0ubuntu0.6.06
  firefox-dev                              1.5.dfsg+1.5.0.8-0ubuntu0.6.06
  libnspr-dev                              1.5.dfsg+1.5.0.8-0ubuntu0.6.06
  libnspr4                                 1.5.dfsg+1.5.0.8-0ubuntu0.6.06
  libnss-dev                               1.5.dfsg+1.5.0.8-0ubuntu0.6.06
  libnss3                                  1.5.dfsg+1.5.0.8-0ubuntu0.6.06

After a standard system upgrade you need to restart Firefox to
effect the necessary changes.

Details follow:

USN-351-1 fixed a flaw in the verification of PKCS certificate
signatures. Ulrich Kuehn discovered a variant of the original attack
which the original fix did not cover. (CVE-2006-5462)

Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious web page containing JavaScript. (CVE-2006-5463,
CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.5.10.diff.gz
      Size/MD5:  177335 10b377fae580ae8f70363ffd70e47269
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.5.10.dsc
      Size/MD5:  1056 5db441b8802f27c49571095404b73bb7
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8.orig.tar.gz
      Size/MD5:  44080423 9716c747d634997ec34dbf5f2e9ed80f

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_all.deb
      Size/MD5:  49586 9c0480fccb28d05f504b4b07811bccc1
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_all.deb
      Size/MD5:  50476 ad8be2b891ceb1884c64b04057201418

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_amd64.deb
      Size/MD5:  82786 7c57efcd467f65b5fddb99045f368cde
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_amd64.deb
      Size/MD5:  10228966 98741e95215a819e389680e91f18e72e
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_amd64.deb
      Size/MD5:  3152342 e0ab77c6e143bb59b43fd92d34b68900
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_amd64.deb
      Size/MD5:  216484 8c13b0af86b6f83f5ee92e6367a887d7

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_i386.deb
      Size/MD5:  210022 38257be6e6a43928bb10802118a264af
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_i386.deb
      Size/MD5:  75156 0d8a65e5fa64cb0e4230e85e975a05d7
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_i386.deb
      Size/MD5:  3152316 f4b306a5bf76d7788c581ae969a754d0
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_i386.deb
      Size/MD5:  8651302 6f375546f6d948932f4a1652b3569e70

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_powerpc.deb
      Size/MD5:  3152444 7293cd7542ea90e41823b76b822a6e8b
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_powerpc.deb
      Size/MD5:  213430 b274f35517ffb38ce880679d79764a52
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_powerpc.deb
      Size/MD5:  78406 41578a0497fce59bee796ff4fcdaab3c
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_powerpc.deb
      Size/MD5:  9831168 0aabf7e840fef774adc05edef039caad

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_sparc.deb
      Size/MD5:  76784 d69cac5024601a5ea20074e9964e288e
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_sparc.deb
      Size/MD5:  9166628 27f5d52e3c828c8b1604b0982dda7cc3
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_sparc.deb
      Size/MD5:  210978 4a5ffba99714c584ca8e349b988c4400
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_sparc.deb
      Size/MD5:  3152400 65ee6a126404960525e73d7c32d587d7

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.6.06.diff.gz
      Size/MD5:   175871 52f1c28309ee6c7ef8c2f1d43d963cf8
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.6.06.dsc
      Size/MD5:     1113 cd1281da2de45441a5a3e6034a38ab13
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8.orig.tar.gz
      Size/MD5: 44080423 9716c747d634997ec34dbf5f2e9ed80f

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_all.deb
      Size/MD5:    49602 ab797aec8733b6c3e2280cdb09b64d1a
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_all.deb
      Size/MD5:    50490 1b3e5005f5e3fa797b3682b200cc50d4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_amd64.deb
      Size/MD5: 47328882 934c4351e36288e88e1168c041542f5a
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_amd64.deb
      Size/MD5:  2798910 7ee44fb3180623ce8a3a1f9efeb0d419
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_amd64.deb
      Size/MD5:   216552 92a1743a061e332e080a626dbd399570
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_amd64.deb
      Size/MD5:    82776 7d4b77da6a355c5e9f0113aaba778b03
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_amd64.deb
      Size/MD5:  9420500 dc95e234fc1c321b64073816aa347550
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_amd64.deb
      Size/MD5:   219228 e12302edf6ea04accaf83a8879dff274
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_amd64.deb
      Size/MD5:   162300 35187fec0d3be43ef0aa9bd83dfabd6b
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_amd64.deb
      Size/MD5:   236150 c98d56050fe2e27e3915acf2662aa8d4
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_amd64.deb
      Size/MD5:   757954 8ee38f642969b44e7d342d89e0c91dfd

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_i386.deb
      Size/MD5: 43902878 41afd17ae29b433ff26e51ef80e04599
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_i386.deb
      Size/MD5:  2798856 219ca82f455cad14a0021c0f66d6e8c0
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_i386.deb
      Size/MD5:   209962 02b36bc31e994256b74dd3d84dba7254
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_i386.deb
      Size/MD5:    75136 388a11c39a72e0a9a1969a5a1c0a48f8
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_i386.deb
      Size/MD5:  7932082 d6b266569d4bf056aa04a760459b8fc8
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_i386.deb
      Size/MD5:   219220 38b33e647137f579876b9047657fe390
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_i386.deb
      Size/MD5:   146980 57afd15fd3b17f8d5bf53b72592889e4
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_i386.deb
      Size/MD5:   236146 3936122367330caea7cf573973bdb0a2
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_i386.deb
      Size/MD5:   670102 67a930f2102173f1c84dd0ddf751b388

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_powerpc.deb
      Size/MD5: 48721788 ad5ed6cebb6c5c97521e8416cbb6ba06
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_powerpc.deb
      Size/MD5:  2798932 aa5d623d34acb2bea9e7a1dc21e891dc
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_powerpc.deb
      Size/MD5:   213390 0323fadebfa079e9724e1cf3e930b977
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_powerpc.deb
      Size/MD5:    78300 fda19c102717648e93f332314c0d8020
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_powerpc.deb
      Size/MD5:  9031548 360d013efe74f061ba266d4ae7ff9177
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_powerpc.deb
      Size/MD5:   219224 7385d32cb21f0b83933822c4495a6783
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_powerpc.deb
      Size/MD5:   159522 ee71fefedbaade594b3b0064524db684
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_powerpc.deb
      Size/MD5:   236156 8ea5d14656d349724f5b254e035dfc2f
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_powerpc.deb
      Size/MD5:   768836 19b4c155f8c00ccff6656590d4ffc3be

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_sparc.deb
      Size/MD5: 45291164 417432698e5e51ae96d59ac90cc8390a
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_sparc.deb
      Size/MD5:  2798918 6d3cfdc63c80688263b567e06e876d74
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_sparc.deb
      Size/MD5:   210898 d8884f2ae360e55fdcad1b1ef8b3e338
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_sparc.deb
      Size/MD5:    76754 68db0c6ff37422083ed5f0a46103a723
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_sparc.deb
      Size/MD5:  8425346 ea28be8619f1411eaff2f7fba07a47f5
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_sparc.deb
      Size/MD5:   219232 a81a2dedef311f71a8c3ae1b96d7b9d1
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_sparc.deb
      Size/MD5:   149470 08152c38d3129bc6bf3164d6f48727cc
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_sparc.deb
      Size/MD5:   236140 3b742ce49bbb397b1de45a8371672828
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_sparc.deb
      Size/MD5:   682188 d4155e8163fed88108c17a31d0320e69


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ