July 2005 - announce - Fedora Mailing-Lists

[SECURITY] Fedora Core 3 Update: perl-5.8.5-14.FC3

by Peter Rockai

--------------------------------------------------------------------- Fedora Update Notification FEDORA-2005-600 2005-07-22 --------------------------------------------------------------------- Product : Fedora Core 3 Name : perl Version : 5.8.5 Release : 14.FC3 Summary : The Perl programming language. Description : Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common applications are system administration utilities and web programming. A large proportion of the CGI scripts on the web are written in Perl. You need the perl package installed on your system so that your system can handle Perl scripts. Install this package if you want to program in Perl or enable your system to handle Perl scripts. --------------------------------------------------------------------- Update Information: Paul Szabo discovered another vulnerability in the File::Path::rmtree function of perl, the popular scripting language. When a process is deleting a directory tree, a different user could exploit a race condition to create setuid binaries in this directory tree, provided that he already had write permissions in any subdirectory of that tree. Perl interpreter would cause a segmentation fault when environment changes during the runtime. Code in lib/FindBin contained a regression which caused problems with MRTG software package. All of the above problems are now fixed in perl-5.8.5-14.FC3. Please test as much as you can and report any problems/regressions. --------------------------------------------------------------------- * Tue Jul 19 2005 Petr Rockai <prockai(a)redhat.com> - 3:5.8.5-14.FC3 - patch -b caused spurious file installed - fix * Thu Jun 16 2005 Petr Rockai <prockai(a)redhat.com> - 3:5.8.5-13.FC3 - fix for CAN-2005-0448 - patch by Brendan O'Dea from Debian, backported by myself - fix for BR127023 using the patch from the report (by Jose Pedro Oliveira) - Fix for BR159021, segfault on environment changes, upstream patch 23337. Thanks to bert.barbe <at> oracle.com for testcase and diagnostics. --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ 6f60f74d3d9cef0e9efdef54a35a6de4 SRPMS/perl-5.8.5-14.FC3.src.rpm 58616227934b77107404475bfe3ec697 x86_64/perl-5.8.5-14.FC3.x86_64.rpm f2b3514689c93c5b32ec3307fa18eadc x86_64/perl-suidperl-5.8.5-14.FC3.x86_64.rpm 45a852f4458a8583e7d8b6a7054a0e77 x86_64/debug/perl-debuginfo-5.8.5-14.FC3.x86_64.rpm 2532ba2ea52ee21cd74abea025b824dd i386/perl-5.8.5-14.FC3.i386.rpm 9b473bff75f32b22350867f4fecfc426 i386/perl-suidperl-5.8.5-14.FC3.i386.rpm dc74c8297b53b42bd423489ac986eb8f i386/debug/perl-debuginfo-5.8.5-14.FC3.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. ---------------------------------------------------------------------

18 years, 9 months

1
0
0 / 0

[SECURITY] Fedora Core 3 Update: kdenetwork-3.3.1-3.2

by than

--------------------------------------------------------------------- Fedora Update Notification FEDORA-2005-623 2005-07-22 --------------------------------------------------------------------- Product : Fedora Core 3 Name : kdenetwork Version : 3.3.1 Release : 3.2 Summary : K Desktop Environment - Network Applications Description : Networking applications for the K Desktop Environment. --------------------------------------------------------------------- Update Information: Multiple integer overflow flaws were found in the way Kopete processes Gadu-Gadu messages. A remote attacker could send a specially crafted Gadu-Gadu message which would cause Kopete to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-1852 to this issue. Users of Kopete should update to these packages which contain a patch to correct this issue. --------------------------------------------------------------------- * Thu Jul 21 2005 Than Ngo <than(a)redhat.com> 7:3.3.1-3.2 - fix crash in kopete - apply patch to fix libgadu vulnerabilities #163811, CVE CAN-2005-1852 thank to kde security team - backport patch to fix annoying problem with registration dialog not able to register/retrieve token due to network problems. --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ 4a3c668ec29fb8e773fc7e4a04b16c80 SRPMS/kdenetwork-3.3.1-3.2.src.rpm 41070969d93975e7b1647aee7824138a x86_64/kdenetwork-3.3.1-3.2.x86_64.rpm 021329dba0ce68dbc5f29317a6bf62e0 x86_64/kdenetwork-devel-3.3.1-3.2.x86_64.rpm 06e171725e200cde00ce1122a263c9db x86_64/kdenetwork-nowlistening-3.3.1-3.2.x86_64.rpm 2241fd0dd7c68cf97b8f9939299ee621 x86_64/debug/kdenetwork-debuginfo-3.3.1-3.2.x86_64.rpm 4a2cb2ac7181f4ffa6394b87cf029603 i386/kdenetwork-3.3.1-3.2.i386.rpm 56eac72b061cdf77a0df1be6f562ffb1 i386/kdenetwork-devel-3.3.1-3.2.i386.rpm da519edd88340600a98aea322f31dcf5 i386/kdenetwork-nowlistening-3.3.1-3.2.i386.rpm eb1c027b4bb2bfeb40c8082e356f29e6 i386/debug/kdenetwork-debuginfo-3.3.1-3.2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. ---------------------------------------------------------------------

18 years, 9 months

1
0
0 / 0

[SECURITY] Fedora Core 4 Update: kdenetwork-3.4.1-0.fc4.2

by than

--------------------------------------------------------------------- Fedora Update Notification FEDORA-2005-624 2005-07-22 --------------------------------------------------------------------- Product : Fedora Core 4 Name : kdenetwork Version : 3.4.1 Release : 0.fc4.2 Summary : K Desktop Environment - Network Applications Description : Networking applications for the K Desktop Environment. --------------------------------------------------------------------- Update Information: Multiple integer overflow flaws were found in the way Kopete processes Gadu-Gadu messages. A remote attacker could send a specially crafted Gadu-Gadu message which would cause Kopete to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-1852 to this issue. Users of Kopete should update to these packages which contain a patch to correct this issue. --------------------------------------------------------------------- * Thu Jul 21 2005 Than Ngo <than(a)redhat.com> 7:3.4.1-0.fc4.2 - fix crash in kopete - apply patch to fix libgadu vulnerabilities #163811, CVE CAN-2005-1852 thank to kde security team --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ 4e3db27303568ad94e65d82ffd1189f9 SRPMS/kdenetwork-3.4.1-0.fc4.2.src.rpm fb065037fb526cd9bb933c3c076a9dec ppc/kdenetwork-3.4.1-0.fc4.2.ppc.rpm 1b26b336de353a59dd7dffe5816e0951 ppc/kdenetwork-devel-3.4.1-0.fc4.2.ppc.rpm 971510423874ce1b9339a9989044f194 ppc/debug/kdenetwork-debuginfo-3.4.1-0.fc4.2.ppc.rpm ecd5ecaf2c3b2de2b9d1997f71d37183 x86_64/kdenetwork-3.4.1-0.fc4.2.x86_64.rpm 98e9c1a88792e0df169887f669608fa6 x86_64/kdenetwork-devel-3.4.1-0.fc4.2.x86_64.rpm 4d189d1a3c8c2abe037c9254a3cffeb8 x86_64/debug/kdenetwork-debuginfo-3.4.1-0.fc4.2.x86_64.rpm 54fd9578f7ab23e8d35d7e85e1b3e493 i386/kdenetwork-3.4.1-0.fc4.2.i386.rpm 12b717074ad81ed6c120d028684c3e6f i386/kdenetwork-devel-3.4.1-0.fc4.2.i386.rpm d1b78acac0474698c261d117ce9832c7 i386/debug/kdenetwork-debuginfo-3.4.1-0.fc4.2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. ---------------------------------------------------------------------

18 years, 9 months

1
0
0 / 0

[SECURITY] Fedora Core 3 Update: zlib-1.2.1.2-3.fc3

by Jindrich Novy

--------------------------------------------------------------------- Fedora Update Notification FEDORA-2005-625 2005-07-22 --------------------------------------------------------------------- Product : Fedora Core 3 Name : zlib Version : 1.2.1.2 Release : 3.fc3 Summary : The zlib compression and decompression library. Description : Zlib is a general-purpose, patent-free, lossless data compression library which is used by many different programs. --------------------------------------------------------------------- * Fri Jul 22 2005 Ivana Varekova <varekova(a)redhat.com> 1.2.1.2-3.fc3 - fix bug 163038 - CAN-2005-1849 - zlib overflow problem --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ ec7a8a3e96b9aa31228c37f8bd4f110a SRPMS/zlib-1.2.1.2-3.fc3.src.rpm dd559bc465fdcf466bfd3c23e15cfb8c x86_64/zlib-1.2.1.2-3.fc3.x86_64.rpm dc7da49fa4224ce73c4b790ac2cda00d x86_64/zlib-devel-1.2.1.2-3.fc3.x86_64.rpm 8e69c323f77e8ef437e7cb9cf0175d67 x86_64/debug/zlib-debuginfo-1.2.1.2-3.fc3.x86_64.rpm 7e577c3cfd0f101a1ac37140bfff39bb x86_64/zlib-1.2.1.2-3.fc3.i386.rpm d30ab9548398d3d264ee0c6d9b3c6f20 x86_64/zlib-devel-1.2.1.2-3.fc3.i386.rpm 7e577c3cfd0f101a1ac37140bfff39bb i386/zlib-1.2.1.2-3.fc3.i386.rpm d30ab9548398d3d264ee0c6d9b3c6f20 i386/zlib-devel-1.2.1.2-3.fc3.i386.rpm 414aab621401efc097ce76735338c4d3 i386/debug/zlib-debuginfo-1.2.1.2-3.fc3.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. ---------------------------------------------------------------------

18 years, 9 months

1
0
0 / 0

[SECURITY] Fedora Core 4 Update: zlib-1.2.2.2-5.fc4

by Jindrich Novy

--------------------------------------------------------------------- Fedora Update Notification FEDORA-2005-626 2005-07-22 --------------------------------------------------------------------- Product : Fedora Core 4 Name : zlib Version : 1.2.2.2 Release : 5.fc4 Summary : The zlib compression and decompression library. Description : Zlib is a general-purpose, patent-free, lossless data compression library which is used by many different programs. --------------------------------------------------------------------- * Fri Jul 22 2005 Ivana Varekova <varekova(a)redhat.com> 1.2.2.2-5.fc4 - fix bug 163038 - CAN-2005-1849 - zlib buffer overflow --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ 98e700c464d19833dcedc322ed025609 SRPMS/zlib-1.2.2.2-5.fc4.src.rpm 8be0a81ff4daf9ee4dc0ce9859c5db71 ppc/zlib-1.2.2.2-5.fc4.ppc.rpm c17982e6cdd3f1a0c73c290677d706c3 ppc/zlib-devel-1.2.2.2-5.fc4.ppc.rpm 3ffa570c9adae5a2443bcbe57ff2d43c ppc/debug/zlib-debuginfo-1.2.2.2-5.fc4.ppc.rpm fed814656421d4c2520471f17a5a85f3 ppc/zlib-1.2.2.2-5.fc4.ppc64.rpm 846bb8c3786d55b4685ff1d958a8e311 ppc/zlib-devel-1.2.2.2-5.fc4.ppc64.rpm 123aa34ccba797575b5ee9c1ab295dd6 x86_64/zlib-1.2.2.2-5.fc4.x86_64.rpm 550d730a256853a2cd27368438cd8f3a x86_64/zlib-devel-1.2.2.2-5.fc4.x86_64.rpm 6b0dbb6cd082bb9b014cca3ecd34eb42 x86_64/debug/zlib-debuginfo-1.2.2.2-5.fc4.x86_64.rpm 7222e84cfa404931ff11e5e4b3edad5e x86_64/zlib-1.2.2.2-5.fc4.i386.rpm 67d88d89ae1cdf54afbd763b5ce48bca x86_64/zlib-devel-1.2.2.2-5.fc4.i386.rpm 7222e84cfa404931ff11e5e4b3edad5e i386/zlib-1.2.2.2-5.fc4.i386.rpm 67d88d89ae1cdf54afbd763b5ce48bca i386/zlib-devel-1.2.2.2-5.fc4.i386.rpm 63d47a678a7f6732a4cebb8551f0b2dc i386/debug/zlib-debuginfo-1.2.2.2-5.fc4.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. ---------------------------------------------------------------------

18 years, 9 months

1
0
0 / 0

Fedora Core 4 Update: subversion-1.2.1-2.1

by Joe Orton

--------------------------------------------------------------------- Fedora Update Notification FEDORA-2005-529 2005-07-22 --------------------------------------------------------------------- Product : Fedora Core 4 Name : subversion Version : 1.2.1 Release : 2.1 Summary : Modern Version Control System designed to replace CVS Description : Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS. --------------------------------------------------------------------- Update Information: This update contains the latest release of Subversion. Subversion 1.2 adds support for locking (reserved checkouts), and includes many bug fixes and improvements. Note that the default backend for newly created repositories has changed in Subversion 1.2 to the "FSFS" (filesystem) from the Berkeley DB backend. --------------------------------------------------------------------- * Wed Jul 6 2005 Joe Orton <jorton(a)redhat.com> 1.2.1-2.1 - update to 1.2.1 * Mon Jun 20 2005 Joe Orton <jorton(a)redhat.com> 1.2.0-2.2 - filter out dependencies on perl(SVN::*) * Thu Jun 16 2005 Joe Orton <jorton(a)redhat.com> 1.2.0-2.1 - rebuild * Wed May 25 2005 Joe Orton <jorton(a)redhat.com> 1.2.0-2 - disable java on all but x86, x86_64, ppc (#158719) * Tue May 24 2005 Joe Orton <jorton(a)redhat.com> 1.2.0-1 - update to 1.2.0; add ruby subpackage --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ ac1db4f1995540279f27d83ab7790e63 SRPMS/subversion-1.2.1-2.1.src.rpm 77dff5d376be4548cde4471567561c71 ppc/subversion-1.2.1-2.1.ppc.rpm af39c0df5d15cb058664733a4aaa177d ppc/subversion-devel-1.2.1-2.1.ppc.rpm dad30780dab41b51b1054508a7d23dfc ppc/mod_dav_svn-1.2.1-2.1.ppc.rpm 825b36258c8a1f9088abd602396d2513 ppc/subversion-perl-1.2.1-2.1.ppc.rpm b69572b3ab6084c82ed75f5b094d2d48 ppc/subversion-javahl-1.2.1-2.1.ppc.rpm 2f697f8962e42e1198e9d193d8f56d63 ppc/subversion-ruby-1.2.1-2.1.ppc.rpm 7e84a16d1a87db2bfac9338cbb88bd07 ppc/debug/subversion-debuginfo-1.2.1-2.1.ppc.rpm 41839322b1268fda2c89988f881bea50 x86_64/subversion-1.2.1-2.1.x86_64.rpm d3f28ac71486405f025243fa6d7317aa x86_64/subversion-devel-1.2.1-2.1.x86_64.rpm 9d02877f8da8edb974f0c40ef5274955 x86_64/mod_dav_svn-1.2.1-2.1.x86_64.rpm c354e61e01cc78dea4ac29227039c7cc x86_64/subversion-perl-1.2.1-2.1.x86_64.rpm 9ee7880b4eef2f20b5d4a447ba433569 x86_64/subversion-javahl-1.2.1-2.1.x86_64.rpm 68a9409547020d45eee367b584be3983 x86_64/subversion-ruby-1.2.1-2.1.x86_64.rpm 676a3de1fc4a37ecb982c953162dd18e x86_64/debug/subversion-debuginfo-1.2.1-2.1.x86_64.rpm 329cb16f8e2f5ea26b81aef96d249bd9 i386/subversion-1.2.1-2.1.i386.rpm 5be40d66312ccf114fa633fcc82e5688 i386/subversion-devel-1.2.1-2.1.i386.rpm ef3cb221144f2e27dec0314ee796cf90 i386/mod_dav_svn-1.2.1-2.1.i386.rpm b3f4e8088a94dd2a7a921fce4f4f93cc i386/subversion-perl-1.2.1-2.1.i386.rpm dee2cc0cab71d2997e2f3747a45e9b48 i386/subversion-javahl-1.2.1-2.1.i386.rpm 571f0884cafda480aa73aac59f7513cc i386/subversion-ruby-1.2.1-2.1.i386.rpm 065f463e453c9781d0e560d4cde99068 i386/debug/subversion-debuginfo-1.2.1-2.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. ---------------------------------------------------------------------

18 years, 9 months

1
0
0 / 0

[SECURITY] Fedora Core 4 Update: yelp-2.10.0-1.4.1

by Christopher Aillon

--------------------------------------------------------------------- Fedora Update Notification FEDORA-2005-622 2005-07-22 --------------------------------------------------------------------- Product : Fedora Core 4 Name : yelp Version : 2.10.0 Release : 1.4.1 Summary : A system documentation reader from the Gnome project. Description : Yelp is the Gnome 2 help/documentation browser. It is designed to help you browse all the documentation on your system in one central tool. --------------------------------------------------------------------- Update Information: Yelp is a help documentation browser for the GNOME environment. There were several security flaws found in the mozilla package, which yelp depends on. Users of yelp are advised to upgrade to this updated package which has been rebuilt against a version of mozilla not vulnerable to these flaws. --------------------------------------------------------------------- * Tue Jul 19 2005 Christopher Aillon <caillon(a)redhat.com> 2.10-1.4.1 - Rebuild against new mozilla packages --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ 1549d1f13932f84e5f6c9d06945595c3 SRPMS/yelp-2.10.0-1.4.1.src.rpm b04357d708957208b83890cd6e02de01 ppc/yelp-2.10.0-1.4.1.ppc.rpm 93c521fcdfb5bc053a2bac820093b80c ppc/debug/yelp-debuginfo-2.10.0-1.4.1.ppc.rpm 25d8090ceb7318131a1c7c2e9d736c32 x86_64/yelp-2.10.0-1.4.1.x86_64.rpm 6c9db5fe5d7a23996609260991c0f724 x86_64/debug/yelp-debuginfo-2.10.0-1.4.1.x86_64.rpm 8a82dd94877bcf0fd99a05ff9be5c620 i386/yelp-2.10.0-1.4.1.i386.rpm 95c3ddee41f555f9e11e660ca06ceb64 i386/debug/yelp-debuginfo-2.10.0-1.4.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. ---------------------------------------------------------------------

18 years, 9 months

1
0
0 / 0

[SECURITY] Fedora Core 4 Update: devhelp-0.10-1.4.1

by Christopher Aillon

--------------------------------------------------------------------- Fedora Update Notification FEDORA-2005-621 2005-07-22 --------------------------------------------------------------------- Product : Fedora Core 4 Name : devhelp Version : 0.10 Release : 1.4.1 Summary : API document browser Description : A API document browser for GNOME 2. --------------------------------------------------------------------- Update Information: Devhelp is an API document browser for the GNOME environment. There were several security flaws found in the mozilla package, which devhelp depends on. Users of devhelp are advised to upgrade to this updated package which has been rebuilt against a version of mozilla not vulnerable to these flaws. --------------------------------------------------------------------- * Tue Jul 19 2005 Christopher Aillon <caillon(a)redhat.com> 0.10-1.4.1 - Rebuild against new mozilla packages --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ 1ceba8f8141b25fcb5e42069b277d0e4 SRPMS/devhelp-0.10-1.4.1.src.rpm d8a189b319e5f5d01907a7842601a698 ppc/devhelp-0.10-1.4.1.ppc.rpm c94e3ac885daa3858a8fd921f57ab39b ppc/devhelp-devel-0.10-1.4.1.ppc.rpm 7e3356b797bee0b86252dc3d59728ad2 ppc/debug/devhelp-debuginfo-0.10-1.4.1.ppc.rpm e07f36bfdd2090a9b246e05b04c9574a x86_64/devhelp-0.10-1.4.1.x86_64.rpm 785e019bb309a1b113bc134dcbb55459 x86_64/devhelp-devel-0.10-1.4.1.x86_64.rpm 52ad208fe8cd1e2c7ec88f6943a437a2 x86_64/debug/devhelp-debuginfo-0.10-1.4.1.x86_64.rpm 159d3267192e15c90ddff2331dc9d284 i386/devhelp-0.10-1.4.1.i386.rpm cd715bfaff8320014d5e2a70d1c36479 i386/devhelp-devel-0.10-1.4.1.i386.rpm 2da37799d542709178a1b37515cc27a9 i386/debug/devhelp-debuginfo-0.10-1.4.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. ---------------------------------------------------------------------

18 years, 9 months

1
0
0 / 0

[SECURITY] Fedora Core 4 Update: epiphany-1.6.3-2

by Christopher Aillon

--------------------------------------------------------------------- Fedora Update Notification FEDORA-2005-620 2005-07-22 --------------------------------------------------------------------- Product : Fedora Core 4 Name : epiphany Version : 1.6.3 Release : 2 Summary : GNOME web browser based on the Mozilla rendering engine Description : epiphany is a simple GNOME web browser based on the Mozilla rendering engine --------------------------------------------------------------------- Update Information: Epiphany is a simple GNOME web browser based on the Mozilla rendering engine. There were several security flaws found in the mozilla package, which epiphany depends on. Users of epiphany are advised to upgrade to this updated package which has been rebuilt against a version of mozilla not vulnerable to these flaws. --------------------------------------------------------------------- * Tue Jul 19 2005 Christopher Aillon <caillon(a)redhat.com> 1.6.3-2 - Rebuild against new mozilla packages --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ 4f14b0270142b1394940e511e586706b SRPMS/epiphany-1.6.3-2.src.rpm 0a9f85c668fa838005b72eb8465ce5eb ppc/epiphany-1.6.3-2.ppc.rpm b731fa68befb45cfcc213f6b004ba27a ppc/epiphany-devel-1.6.3-2.ppc.rpm 188a3eea504eb32e610c8dad383682da ppc/debug/epiphany-debuginfo-1.6.3-2.ppc.rpm da60b74e7a51966d3b44f666f6d11526 x86_64/epiphany-1.6.3-2.x86_64.rpm 111fc9c64b4e96011b015c0d3082f10a x86_64/epiphany-devel-1.6.3-2.x86_64.rpm ec1efa26394206bc81d9ea1d1d8dca61 x86_64/debug/epiphany-debuginfo-1.6.3-2.x86_64.rpm 1bbdc7ebd11baae1a8fceb7aa809843e i386/epiphany-1.6.3-2.i386.rpm 076dde628d6d9c7d539dfa8444f495dc i386/epiphany-devel-1.6.3-2.i386.rpm c4b3824af6e7f6b815df635ab2b6d8e2 i386/debug/epiphany-debuginfo-1.6.3-2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. ---------------------------------------------------------------------

18 years, 9 months

1
0
0 / 0

[SECURITY] Fedora Core 4 Update: mozilla-1.7.10-1.5.1

by Christopher Aillon

--------------------------------------------------------------------- Fedora Update Notification FEDORA-2005-619 2005-07-22 --------------------------------------------------------------------- Product : Fedora Core 4 Name : mozilla Version : 1.7.10 Release : 1.5.1 Summary : A Web browser. Description : Mozilla is an open-source Web browser, designed for standards compliance, performance, and portability. --------------------------------------------------------------------- Update Information: Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A bug was found in the way Mozilla handled synthetic events. It is possible that Web content could generate events such as keystrokes or mouse clicks that could be used to steal data or execute malicious Javascript code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2260 to this issue. A bug was found in the way Mozilla executed Javascript in XBL controls. It is possible for a malicious webpage to leverage this vulnerability to execute other JavaScript based attacks even when JavaScript is disabled. (CAN-2005-2261) A bug was found in the way Mozilla installed its extensions. If a user can be tricked into visiting a malicious webpage, it may be possible to obtain sensitive information such as cookies or passwords. (CAN-2005-2263) A bug was found in the way Mozilla handled certain Javascript functions. It is possible for a malicious webpage to crash the browser by executing malformed Javascript code. (CAN-2005-2265) A bug was found in the way Mozilla handled multiple frame domains. It is possible for a frame as part of a malicious website to inject content into a frame that belongs to another domain. This issue was previously fixed as CAN-2004-0718 but was accidentally disabled. (CAN-2005-1937) A bug was found in the way Mozilla handled child frames. It is possible for a malicious framed page to steal sensitive information from its parent page. (CAN-2005-2266) A bug was found in the way Mozilla opened URLs from media players. If a media player opens a URL which is Javascript, the Javascript executes with access to the currently open webpage. (CAN-2005-2267) A design flaw was found in the way Mozilla displayed alerts and prompts. Alerts and prompts were given the generic title [JavaScript Application] which prevented a user from knowing which site created them. (CAN-2005-2268) A bug was found in the way Mozilla handled DOM node names. It is possible for a malicious site to overwrite a DOM node name, allowing certain privileged chrome actions to execute the malicious Javascript. (CAN-2005-2269) A bug was found in the way Mozilla cloned base objects. It is possible for Web content to traverse the prototype chain to gain access to privileged chrome objects. (CAN-2005-2270) Users of Mozilla are advised to upgrade to these updated packages, which contain Mozilla version 1.7.10 and are not vulnerable to these issues. --------------------------------------------------------------------- * Tue Jul 19 2005 Christopher Aillon <caillon(a)redhat.com> 37:1.7.10-1.5.1 - Update to 1.7.10 - Fix a crash on 64bit platforms (#160330) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ eb361c708dddc1af05158ce6759a61b9 SRPMS/mozilla-1.7.10-1.5.1.src.rpm c5cfc540316ed7679b562ce6e4431a53 ppc/mozilla-1.7.10-1.5.1.ppc.rpm 69ea1fde672e04a4f6913025870ae28e ppc/mozilla-nspr-1.7.10-1.5.1.ppc.rpm 26ccb88f78bb5142aa07325fd4c5a8c2 ppc/mozilla-nspr-devel-1.7.10-1.5.1.ppc.rpm 465c71611974982178a4acbd03e79848 ppc/mozilla-nss-1.7.10-1.5.1.ppc.rpm 6c3043f14271ce087413b667de05e04c ppc/mozilla-nss-devel-1.7.10-1.5.1.ppc.rpm 5489a8676730b06e32e18f375b83b55d ppc/mozilla-devel-1.7.10-1.5.1.ppc.rpm b672a31b9bf29f2a593d870f694aa014 ppc/mozilla-mail-1.7.10-1.5.1.ppc.rpm 51be9cdb1510a8b045104bf8956cd174 ppc/mozilla-chat-1.7.10-1.5.1.ppc.rpm fc3b1d1ecbfcb7a26bbfd2cb18153ec3 ppc/mozilla-js-debugger-1.7.10-1.5.1.ppc.rpm 76f4786b961fa856c99f7a6d60e53ef6 ppc/mozilla-dom-inspector-1.7.10-1.5.1.ppc.rpm 2e3612c10f295f670de5cdf5537b8d18 ppc/debug/mozilla-debuginfo-1.7.10-1.5.1.ppc.rpm e01cf2f85658577773f84c27be82a981 x86_64/mozilla-1.7.10-1.5.1.x86_64.rpm 78ea2f828bdf576072d5b1d8a117ac18 x86_64/mozilla-nspr-1.7.10-1.5.1.x86_64.rpm 6ed062540e8729a0fe20603dd81a4555 x86_64/mozilla-nspr-devel-1.7.10-1.5.1.x86_64.rpm 900e1bdda17a57a40734e4632216b09b x86_64/mozilla-nss-1.7.10-1.5.1.x86_64.rpm 0835f3a6eb0d3a28e571c659f62b58b5 x86_64/mozilla-nss-devel-1.7.10-1.5.1.x86_64.rpm 46366778caa6bbc28ac2fd7ab601b3e6 x86_64/mozilla-devel-1.7.10-1.5.1.x86_64.rpm d484918f9a9aacaa3244dfe9aa00724c x86_64/mozilla-mail-1.7.10-1.5.1.x86_64.rpm a91f3fdebba315d7a904dce6ca078a71 x86_64/mozilla-chat-1.7.10-1.5.1.x86_64.rpm b7c81fc35699665628b08becab581d89 x86_64/mozilla-js-debugger-1.7.10-1.5.1.x86_64.rpm e2159457c9cb315bb58ea141fcb61f58 x86_64/mozilla-dom-inspector-1.7.10-1.5.1.x86_64.rpm bee07c4cc4a2334c6c659b9a78b5dd27 x86_64/debug/mozilla-debuginfo-1.7.10-1.5.1.x86_64.rpm 9e00889d8cf0e0cf6e05b9e2bfa4aa59 x86_64/mozilla-nspr-1.7.10-1.5.1.i386.rpm d3debda6d568aaf48caec6f01d2c4bb5 x86_64/mozilla-nss-1.7.10-1.5.1.i386.rpm 0170da6538e34da1618ae3b496e19191 i386/mozilla-1.7.10-1.5.1.i386.rpm 9e00889d8cf0e0cf6e05b9e2bfa4aa59 i386/mozilla-nspr-1.7.10-1.5.1.i386.rpm 4284565ab14530bc3a3b9c67f19b5ef3 i386/mozilla-nspr-devel-1.7.10-1.5.1.i386.rpm d3debda6d568aaf48caec6f01d2c4bb5 i386/mozilla-nss-1.7.10-1.5.1.i386.rpm 29207a796c6f6467afaf012f4102e51f i386/mozilla-nss-devel-1.7.10-1.5.1.i386.rpm 46c2a725f16211cf11c6f247c4865baf i386/mozilla-devel-1.7.10-1.5.1.i386.rpm 6875846f0350c548aea6bc80c248f97f i386/mozilla-mail-1.7.10-1.5.1.i386.rpm ed5d8fa1b534c8226dca48c30fbab7c0 i386/mozilla-chat-1.7.10-1.5.1.i386.rpm 3cd9b40c026c9bc7ff0f1688eddb0a55 i386/mozilla-js-debugger-1.7.10-1.5.1.i386.rpm 30dea8f03254fa2b7504099592c5c073 i386/mozilla-dom-inspector-1.7.10-1.5.1.i386.rpm e85b37cef808ba529a228cec8b205a82 i386/debug/mozilla-debuginfo-1.7.10-1.5.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. ---------------------------------------------------------------------

18 years, 9 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

announce July 2005