lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Sun,  3 Dec 2006 17:35:28 +0100 (CET)
From: (Martin Schulze)
To: (Debian Security Announcements)
Subject: [SECURITY] [DSA 1225-1] New Mozilla Firefox
	packages fix several vulnerabilities

Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1225-1                                       Martin Schulze
December 3rd, 2006            
- --------------------------------------------------------------------------

Package        : mozilla-firefox
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2006-4310 CVE-2006-5462 CVE-2006-5463 CVE-2006-5464
CERT advisories: VU#335392 VU#390480 VU#495288 VU#714496 
BugTraq IDs    : 19678 20957

Several security related problems have been discovered in Mozilla and
derived products such as Mozilla Firefox.  The Common Vulnerabilities
and Exposures project identifies the following vulnerabilities:


    Tomas Kempinsky discovered that malformed FTP server responses
    could lead to denial of service.


    Ulrich Kühn discovered that the correction for a cryptographic
    flaw in the handling of PKCS-1 certificates was incomplete, which
    allows the forgery of certificates.


    "shutdown" discovered that modification of JavaScript objects
    during execution could lead to the execution of arbitrary
    JavaScript bytecode.


    Jesse Ruderman and Martijn Wargers discovered several crashes in
    the layout engine, which might also allow execution of arbitrary


    Igor Bukanov and Jesse Ruderman discovered several crashes in the
    JavaScript engine, which might allow execution of arbitrary code.

This update also adresses several crashes, which could be triggered by
malicious websites and fixes a regression introduced in the previous
Mozilla update.

For the stable distribution (sarge) these problems have been fixed in
version 1.0.4-2sarge13.

For the unstable distribution (sid) these problems have been fixed in
the current iceweasel package 2.0+dfsg-1.

We recommend that you upgrade your mozilla-firefox package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:     1003 4a8d05c1e9563e6066ca838e7c0b2f53
      Size/MD5 checksum:   450265 46d4bedf12a1e0c92a275ae012d92b5a
      Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d

  Alpha architecture:
      Size/MD5 checksum: 11182242 388bf02a94456182cd7a39187886875a
      Size/MD5 checksum:   170908 4cbff185bb88b1c7e11791059cd83142
      Size/MD5 checksum:    62736 f42571aa18001fc521be0f5348eb9511

  AMD64 architecture:
      Size/MD5 checksum:  9412474 fcd7ced169a47d7413197a918047036a
      Size/MD5 checksum:   165706 931ebeee155ac01fcecb1467388a2fab
      Size/MD5 checksum:    61276 cf839454fe9e09a0b58641353f9c75c6

  ARM architecture:
      Size/MD5 checksum:  8233670 39a042f6300c805ad372828fd115cab0
      Size/MD5 checksum:   157176 873eb90c91c98e1c4168f215b493fd74
      Size/MD5 checksum:    56586 c53ca4b95b188684381338eae43603cc

  HP Precision architecture:
      Size/MD5 checksum: 10287242 8a7eddef738dfe4eb164bd5e486474a2
      Size/MD5 checksum:   168624 fa195e512062a19cf92018de4009160d
      Size/MD5 checksum:    61736 b0dbfbbce97f954c9487a126d20b9a90

  Intel IA-32 architecture:
      Size/MD5 checksum:  8908194 9cfe0ac430050c7d62066cd3f8beb64f
      Size/MD5 checksum:   160902 77a78dd1eac37417b4a5629e745e4391
      Size/MD5 checksum:    58124 f82b3d3fc66e1054d5da72a69ab9bd20

  Intel IA-64 architecture:
      Size/MD5 checksum: 11646376 83d5349be8156e1f95eb75da89beb578
      Size/MD5 checksum:   171244 46ae3d6d9112d31f92407922832e6599
      Size/MD5 checksum:    65934 690969e2e7a865faee22ed6fb8a88384

  Motorola 680x0 architecture:
      Size/MD5 checksum:  8186050 ab9f31d6cbd9ff6c1820c59ef1e44ce7
      Size/MD5 checksum:   159792 69c3cf68fc12fd5fb3929339aa8cd9cb
      Size/MD5 checksum:    57394 14636fe25df3a18c536819129e83e1a0

  Big endian MIPS architecture:
      Size/MD5 checksum:  9943474 75b7796d42079421a151bfac35a17f95
      Size/MD5 checksum:   158694 a3c6f1c71947cb5e9c2fc8d8acece832
      Size/MD5 checksum:    58386 395683ab3ebb0983e24bc3afde8d28f5

  Little endian MIPS architecture:
      Size/MD5 checksum:  9819470 41ecbd5f3543c0b110771e93e2307abc
      Size/MD5 checksum:   157672 43ca2a353bacf378a2dc7dfa9a7f3a73
      Size/MD5 checksum:    57634 8d16796108c3a7627ab9654e977277a5

  PowerPC architecture:
      Size/MD5 checksum:  8580222 c2f239d0961911962bea6b7f7bf1cdc1
      Size/MD5 checksum:   159320 5a5ea9d8a9f7a845bc1898b0c9976112
      Size/MD5 checksum:    60508 3ce3df0f45aeef3acb1964960bf76406

  IBM S/390 architecture:
      Size/MD5 checksum:  9650866 9fd3e3788898152580a0ab344112b5ab
      Size/MD5 checksum:   166290 70bcea0f67fc9d0288c75bb2ad8e7b36
      Size/MD5 checksum:    60696 7d6b7a3cf65fa798f3e41275f4bb9967

  Sun Sparc architecture:
      Size/MD5 checksum:  8672090 c32301aeb3eb3ebbad2ff26f56d3e9ee
      Size/MD5 checksum:   159508 7c3fd5b5a0c78c8abf09082dcb06bbfc
      Size/MD5 checksum:    56946 0b154ceb732d771ca492e4d98ea21350

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>

Version: GnuPG v1.4.5 (GNU/Linux)


Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists