[SECURITY] Fedora Core 3 Update: perl-5.8.5-14.FC3
by Peter Rockai
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-600
2005-07-22
---------------------------------------------------------------------
Product : Fedora Core 3
Name : perl
Version : 5.8.5
Release : 14.FC3
Summary : The Perl programming language.
Description :
Perl is a high-level programming language with roots in C, sed, awk
and shell scripting. Perl is good at handling processes and files,
and is especially good at handling text. Perl's hallmarks are
practicality and efficiency. While it is used to do a lot of
different things, Perl's most common applications are system
administration utilities and web programming. A large proportion of
the CGI scripts on the web are written in Perl. You need the perl
package installed on your system so that your system can handle Perl
scripts.
Install this package if you want to program in Perl or enable your
system to handle Perl scripts.
---------------------------------------------------------------------
Update Information:
Paul Szabo discovered another vulnerability in the File::Path::rmtree function of perl, the popular scripting language. When a process is deleting a directory tree, a different user could exploit a race condition to create setuid binaries in this directory tree, provided that he already had write permissions in any subdirectory of that tree.
Perl interpreter would cause a segmentation fault when environment changes during the runtime.
Code in lib/FindBin contained a regression which caused problems with MRTG software package.
All of the above problems are now fixed in perl-5.8.5-14.FC3. Please test as much as you can and report any problems/regressions.
---------------------------------------------------------------------
* Tue Jul 19 2005 Petr Rockai <prockai(a)redhat.com> - 3:5.8.5-14.FC3
- patch -b caused spurious file installed - fix
* Thu Jun 16 2005 Petr Rockai <prockai(a)redhat.com> - 3:5.8.5-13.FC3
- fix for CAN-2005-0448 - patch by Brendan O'Dea from Debian, backported
by myself
- fix for BR127023 using the patch from the report (by Jose Pedro Oliveira)
- Fix for BR159021, segfault on environment changes, upstream patch
23337. Thanks to bert.barbe <at> oracle.com for testcase and diagnostics.
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
6f60f74d3d9cef0e9efdef54a35a6de4 SRPMS/perl-5.8.5-14.FC3.src.rpm
58616227934b77107404475bfe3ec697 x86_64/perl-5.8.5-14.FC3.x86_64.rpm
f2b3514689c93c5b32ec3307fa18eadc x86_64/perl-suidperl-5.8.5-14.FC3.x86_64.rpm
45a852f4458a8583e7d8b6a7054a0e77 x86_64/debug/perl-debuginfo-5.8.5-14.FC3.x86_64.rpm
2532ba2ea52ee21cd74abea025b824dd i386/perl-5.8.5-14.FC3.i386.rpm
9b473bff75f32b22350867f4fecfc426 i386/perl-suidperl-5.8.5-14.FC3.i386.rpm
dc74c8297b53b42bd423489ac986eb8f i386/debug/perl-debuginfo-5.8.5-14.FC3.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
18 years, 9 months
[SECURITY] Fedora Core 3 Update: kdenetwork-3.3.1-3.2
by than
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-623
2005-07-22
---------------------------------------------------------------------
Product : Fedora Core 3
Name : kdenetwork
Version : 3.3.1
Release : 3.2
Summary : K Desktop Environment - Network Applications
Description :
Networking applications for the K Desktop Environment.
---------------------------------------------------------------------
Update Information:
Multiple integer overflow flaws were found in the way Kopete processes
Gadu-Gadu messages. A remote attacker could send a specially crafted
Gadu-Gadu message which would cause Kopete to crash or possibly execute
arbitrary code. The Common Vulnerabilities and Exposures project
assigned the name CAN-2005-1852 to this issue.
Users of Kopete should update to these packages which contain a
patch to correct this issue.
---------------------------------------------------------------------
* Thu Jul 21 2005 Than Ngo <than(a)redhat.com> 7:3.3.1-3.2
- fix crash in kopete
- apply patch to fix libgadu vulnerabilities #163811, CVE CAN-2005-1852
thank to kde security team
- backport patch to fix annoying problem with registration
dialog not able to register/retrieve token due to network problems.
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
4a3c668ec29fb8e773fc7e4a04b16c80 SRPMS/kdenetwork-3.3.1-3.2.src.rpm
41070969d93975e7b1647aee7824138a x86_64/kdenetwork-3.3.1-3.2.x86_64.rpm
021329dba0ce68dbc5f29317a6bf62e0 x86_64/kdenetwork-devel-3.3.1-3.2.x86_64.rpm
06e171725e200cde00ce1122a263c9db x86_64/kdenetwork-nowlistening-3.3.1-3.2.x86_64.rpm
2241fd0dd7c68cf97b8f9939299ee621 x86_64/debug/kdenetwork-debuginfo-3.3.1-3.2.x86_64.rpm
4a2cb2ac7181f4ffa6394b87cf029603 i386/kdenetwork-3.3.1-3.2.i386.rpm
56eac72b061cdf77a0df1be6f562ffb1 i386/kdenetwork-devel-3.3.1-3.2.i386.rpm
da519edd88340600a98aea322f31dcf5 i386/kdenetwork-nowlistening-3.3.1-3.2.i386.rpm
eb1c027b4bb2bfeb40c8082e356f29e6 i386/debug/kdenetwork-debuginfo-3.3.1-3.2.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
18 years, 9 months
[SECURITY] Fedora Core 4 Update: kdenetwork-3.4.1-0.fc4.2
by than
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-624
2005-07-22
---------------------------------------------------------------------
Product : Fedora Core 4
Name : kdenetwork
Version : 3.4.1
Release : 0.fc4.2
Summary : K Desktop Environment - Network Applications
Description :
Networking applications for the K Desktop Environment.
---------------------------------------------------------------------
Update Information:
Multiple integer overflow flaws were found in the way Kopete processes
Gadu-Gadu messages. A remote attacker could send a specially crafted
Gadu-Gadu message which would cause Kopete to crash or possibly execute
arbitrary code. The Common Vulnerabilities and Exposures project
assigned the name CAN-2005-1852 to this issue.
Users of Kopete should update to these packages which contain a
patch to correct this issue.
---------------------------------------------------------------------
* Thu Jul 21 2005 Than Ngo <than(a)redhat.com> 7:3.4.1-0.fc4.2
- fix crash in kopete
- apply patch to fix libgadu vulnerabilities #163811, CVE CAN-2005-1852
thank to kde security team
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
4e3db27303568ad94e65d82ffd1189f9 SRPMS/kdenetwork-3.4.1-0.fc4.2.src.rpm
fb065037fb526cd9bb933c3c076a9dec ppc/kdenetwork-3.4.1-0.fc4.2.ppc.rpm
1b26b336de353a59dd7dffe5816e0951 ppc/kdenetwork-devel-3.4.1-0.fc4.2.ppc.rpm
971510423874ce1b9339a9989044f194 ppc/debug/kdenetwork-debuginfo-3.4.1-0.fc4.2.ppc.rpm
ecd5ecaf2c3b2de2b9d1997f71d37183 x86_64/kdenetwork-3.4.1-0.fc4.2.x86_64.rpm
98e9c1a88792e0df169887f669608fa6 x86_64/kdenetwork-devel-3.4.1-0.fc4.2.x86_64.rpm
4d189d1a3c8c2abe037c9254a3cffeb8 x86_64/debug/kdenetwork-debuginfo-3.4.1-0.fc4.2.x86_64.rpm
54fd9578f7ab23e8d35d7e85e1b3e493 i386/kdenetwork-3.4.1-0.fc4.2.i386.rpm
12b717074ad81ed6c120d028684c3e6f i386/kdenetwork-devel-3.4.1-0.fc4.2.i386.rpm
d1b78acac0474698c261d117ce9832c7 i386/debug/kdenetwork-debuginfo-3.4.1-0.fc4.2.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
18 years, 9 months
[SECURITY] Fedora Core 3 Update: zlib-1.2.1.2-3.fc3
by Jindrich Novy
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-625
2005-07-22
---------------------------------------------------------------------
Product : Fedora Core 3
Name : zlib
Version : 1.2.1.2
Release : 3.fc3
Summary : The zlib compression and decompression library.
Description :
Zlib is a general-purpose, patent-free, lossless data compression
library which is used by many different programs.
---------------------------------------------------------------------
* Fri Jul 22 2005 Ivana Varekova <varekova(a)redhat.com> 1.2.1.2-3.fc3
- fix bug 163038 - CAN-2005-1849 - zlib overflow problem
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
ec7a8a3e96b9aa31228c37f8bd4f110a SRPMS/zlib-1.2.1.2-3.fc3.src.rpm
dd559bc465fdcf466bfd3c23e15cfb8c x86_64/zlib-1.2.1.2-3.fc3.x86_64.rpm
dc7da49fa4224ce73c4b790ac2cda00d x86_64/zlib-devel-1.2.1.2-3.fc3.x86_64.rpm
8e69c323f77e8ef437e7cb9cf0175d67 x86_64/debug/zlib-debuginfo-1.2.1.2-3.fc3.x86_64.rpm
7e577c3cfd0f101a1ac37140bfff39bb x86_64/zlib-1.2.1.2-3.fc3.i386.rpm
d30ab9548398d3d264ee0c6d9b3c6f20 x86_64/zlib-devel-1.2.1.2-3.fc3.i386.rpm
7e577c3cfd0f101a1ac37140bfff39bb i386/zlib-1.2.1.2-3.fc3.i386.rpm
d30ab9548398d3d264ee0c6d9b3c6f20 i386/zlib-devel-1.2.1.2-3.fc3.i386.rpm
414aab621401efc097ce76735338c4d3 i386/debug/zlib-debuginfo-1.2.1.2-3.fc3.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
18 years, 9 months
[SECURITY] Fedora Core 4 Update: zlib-1.2.2.2-5.fc4
by Jindrich Novy
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-626
2005-07-22
---------------------------------------------------------------------
Product : Fedora Core 4
Name : zlib
Version : 1.2.2.2
Release : 5.fc4
Summary : The zlib compression and decompression library.
Description :
Zlib is a general-purpose, patent-free, lossless data compression
library which is used by many different programs.
---------------------------------------------------------------------
* Fri Jul 22 2005 Ivana Varekova <varekova(a)redhat.com> 1.2.2.2-5.fc4
- fix bug 163038 - CAN-2005-1849 - zlib buffer overflow
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
98e700c464d19833dcedc322ed025609 SRPMS/zlib-1.2.2.2-5.fc4.src.rpm
8be0a81ff4daf9ee4dc0ce9859c5db71 ppc/zlib-1.2.2.2-5.fc4.ppc.rpm
c17982e6cdd3f1a0c73c290677d706c3 ppc/zlib-devel-1.2.2.2-5.fc4.ppc.rpm
3ffa570c9adae5a2443bcbe57ff2d43c ppc/debug/zlib-debuginfo-1.2.2.2-5.fc4.ppc.rpm
fed814656421d4c2520471f17a5a85f3 ppc/zlib-1.2.2.2-5.fc4.ppc64.rpm
846bb8c3786d55b4685ff1d958a8e311 ppc/zlib-devel-1.2.2.2-5.fc4.ppc64.rpm
123aa34ccba797575b5ee9c1ab295dd6 x86_64/zlib-1.2.2.2-5.fc4.x86_64.rpm
550d730a256853a2cd27368438cd8f3a x86_64/zlib-devel-1.2.2.2-5.fc4.x86_64.rpm
6b0dbb6cd082bb9b014cca3ecd34eb42 x86_64/debug/zlib-debuginfo-1.2.2.2-5.fc4.x86_64.rpm
7222e84cfa404931ff11e5e4b3edad5e x86_64/zlib-1.2.2.2-5.fc4.i386.rpm
67d88d89ae1cdf54afbd763b5ce48bca x86_64/zlib-devel-1.2.2.2-5.fc4.i386.rpm
7222e84cfa404931ff11e5e4b3edad5e i386/zlib-1.2.2.2-5.fc4.i386.rpm
67d88d89ae1cdf54afbd763b5ce48bca i386/zlib-devel-1.2.2.2-5.fc4.i386.rpm
63d47a678a7f6732a4cebb8551f0b2dc i386/debug/zlib-debuginfo-1.2.2.2-5.fc4.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
18 years, 9 months
Fedora Core 4 Update: subversion-1.2.1-2.1
by Joe Orton
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-529
2005-07-22
---------------------------------------------------------------------
Product : Fedora Core 4
Name : subversion
Version : 1.2.1
Release : 2.1
Summary : Modern Version Control System designed to replace CVS
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes. Subversion only stores the differences between versions,
instead of every complete file. Subversion is intended to be a
compelling replacement for CVS.
---------------------------------------------------------------------
Update Information:
This update contains the latest release of Subversion. Subversion 1.2 adds support for locking (reserved checkouts), and includes many bug fixes and improvements. Note that the default backend for newly created repositories has changed in Subversion 1.2 to the "FSFS" (filesystem) from the Berkeley DB backend.
---------------------------------------------------------------------
* Wed Jul 6 2005 Joe Orton <jorton(a)redhat.com> 1.2.1-2.1
- update to 1.2.1
* Mon Jun 20 2005 Joe Orton <jorton(a)redhat.com> 1.2.0-2.2
- filter out dependencies on perl(SVN::*)
* Thu Jun 16 2005 Joe Orton <jorton(a)redhat.com> 1.2.0-2.1
- rebuild
* Wed May 25 2005 Joe Orton <jorton(a)redhat.com> 1.2.0-2
- disable java on all but x86, x86_64, ppc (#158719)
* Tue May 24 2005 Joe Orton <jorton(a)redhat.com> 1.2.0-1
- update to 1.2.0; add ruby subpackage
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
ac1db4f1995540279f27d83ab7790e63 SRPMS/subversion-1.2.1-2.1.src.rpm
77dff5d376be4548cde4471567561c71 ppc/subversion-1.2.1-2.1.ppc.rpm
af39c0df5d15cb058664733a4aaa177d ppc/subversion-devel-1.2.1-2.1.ppc.rpm
dad30780dab41b51b1054508a7d23dfc ppc/mod_dav_svn-1.2.1-2.1.ppc.rpm
825b36258c8a1f9088abd602396d2513 ppc/subversion-perl-1.2.1-2.1.ppc.rpm
b69572b3ab6084c82ed75f5b094d2d48 ppc/subversion-javahl-1.2.1-2.1.ppc.rpm
2f697f8962e42e1198e9d193d8f56d63 ppc/subversion-ruby-1.2.1-2.1.ppc.rpm
7e84a16d1a87db2bfac9338cbb88bd07 ppc/debug/subversion-debuginfo-1.2.1-2.1.ppc.rpm
41839322b1268fda2c89988f881bea50 x86_64/subversion-1.2.1-2.1.x86_64.rpm
d3f28ac71486405f025243fa6d7317aa x86_64/subversion-devel-1.2.1-2.1.x86_64.rpm
9d02877f8da8edb974f0c40ef5274955 x86_64/mod_dav_svn-1.2.1-2.1.x86_64.rpm
c354e61e01cc78dea4ac29227039c7cc x86_64/subversion-perl-1.2.1-2.1.x86_64.rpm
9ee7880b4eef2f20b5d4a447ba433569 x86_64/subversion-javahl-1.2.1-2.1.x86_64.rpm
68a9409547020d45eee367b584be3983 x86_64/subversion-ruby-1.2.1-2.1.x86_64.rpm
676a3de1fc4a37ecb982c953162dd18e x86_64/debug/subversion-debuginfo-1.2.1-2.1.x86_64.rpm
329cb16f8e2f5ea26b81aef96d249bd9 i386/subversion-1.2.1-2.1.i386.rpm
5be40d66312ccf114fa633fcc82e5688 i386/subversion-devel-1.2.1-2.1.i386.rpm
ef3cb221144f2e27dec0314ee796cf90 i386/mod_dav_svn-1.2.1-2.1.i386.rpm
b3f4e8088a94dd2a7a921fce4f4f93cc i386/subversion-perl-1.2.1-2.1.i386.rpm
dee2cc0cab71d2997e2f3747a45e9b48 i386/subversion-javahl-1.2.1-2.1.i386.rpm
571f0884cafda480aa73aac59f7513cc i386/subversion-ruby-1.2.1-2.1.i386.rpm
065f463e453c9781d0e560d4cde99068 i386/debug/subversion-debuginfo-1.2.1-2.1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
18 years, 9 months
[SECURITY] Fedora Core 4 Update: yelp-2.10.0-1.4.1
by Christopher Aillon
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-622
2005-07-22
---------------------------------------------------------------------
Product : Fedora Core 4
Name : yelp
Version : 2.10.0
Release : 1.4.1
Summary : A system documentation reader from the Gnome project.
Description :
Yelp is the Gnome 2 help/documentation browser. It is designed
to help you browse all the documentation on your system in
one central tool.
---------------------------------------------------------------------
Update Information:
Yelp is a help documentation browser for the GNOME environment.
There were several security flaws found in the mozilla package, which yelp depends on. Users of yelp are advised to upgrade to this updated package which has been rebuilt against a version of mozilla not vulnerable to these flaws.
---------------------------------------------------------------------
* Tue Jul 19 2005 Christopher Aillon <caillon(a)redhat.com> 2.10-1.4.1
- Rebuild against new mozilla packages
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
1549d1f13932f84e5f6c9d06945595c3 SRPMS/yelp-2.10.0-1.4.1.src.rpm
b04357d708957208b83890cd6e02de01 ppc/yelp-2.10.0-1.4.1.ppc.rpm
93c521fcdfb5bc053a2bac820093b80c ppc/debug/yelp-debuginfo-2.10.0-1.4.1.ppc.rpm
25d8090ceb7318131a1c7c2e9d736c32 x86_64/yelp-2.10.0-1.4.1.x86_64.rpm
6c9db5fe5d7a23996609260991c0f724 x86_64/debug/yelp-debuginfo-2.10.0-1.4.1.x86_64.rpm
8a82dd94877bcf0fd99a05ff9be5c620 i386/yelp-2.10.0-1.4.1.i386.rpm
95c3ddee41f555f9e11e660ca06ceb64 i386/debug/yelp-debuginfo-2.10.0-1.4.1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
18 years, 9 months
[SECURITY] Fedora Core 4 Update: devhelp-0.10-1.4.1
by Christopher Aillon
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-621
2005-07-22
---------------------------------------------------------------------
Product : Fedora Core 4
Name : devhelp
Version : 0.10
Release : 1.4.1
Summary : API document browser
Description :
A API document browser for GNOME 2.
---------------------------------------------------------------------
Update Information:
Devhelp is an API document browser for the GNOME environment.
There were several security flaws found in the mozilla package, which devhelp depends on. Users of devhelp are advised to upgrade to this updated package which has been rebuilt against a version of mozilla not vulnerable to these flaws.
---------------------------------------------------------------------
* Tue Jul 19 2005 Christopher Aillon <caillon(a)redhat.com> 0.10-1.4.1
- Rebuild against new mozilla packages
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
1ceba8f8141b25fcb5e42069b277d0e4 SRPMS/devhelp-0.10-1.4.1.src.rpm
d8a189b319e5f5d01907a7842601a698 ppc/devhelp-0.10-1.4.1.ppc.rpm
c94e3ac885daa3858a8fd921f57ab39b ppc/devhelp-devel-0.10-1.4.1.ppc.rpm
7e3356b797bee0b86252dc3d59728ad2 ppc/debug/devhelp-debuginfo-0.10-1.4.1.ppc.rpm
e07f36bfdd2090a9b246e05b04c9574a x86_64/devhelp-0.10-1.4.1.x86_64.rpm
785e019bb309a1b113bc134dcbb55459 x86_64/devhelp-devel-0.10-1.4.1.x86_64.rpm
52ad208fe8cd1e2c7ec88f6943a437a2 x86_64/debug/devhelp-debuginfo-0.10-1.4.1.x86_64.rpm
159d3267192e15c90ddff2331dc9d284 i386/devhelp-0.10-1.4.1.i386.rpm
cd715bfaff8320014d5e2a70d1c36479 i386/devhelp-devel-0.10-1.4.1.i386.rpm
2da37799d542709178a1b37515cc27a9 i386/debug/devhelp-debuginfo-0.10-1.4.1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
18 years, 9 months
[SECURITY] Fedora Core 4 Update: epiphany-1.6.3-2
by Christopher Aillon
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-620
2005-07-22
---------------------------------------------------------------------
Product : Fedora Core 4
Name : epiphany
Version : 1.6.3
Release : 2
Summary : GNOME web browser based on the Mozilla rendering engine
Description :
epiphany is a simple GNOME web browser based on the Mozilla rendering
engine
---------------------------------------------------------------------
Update Information:
Epiphany is a simple GNOME web browser based on the Mozilla rendering
engine.
There were several security flaws found in the mozilla package, which epiphany depends on. Users of epiphany are advised to upgrade to this updated package which has been rebuilt against a version of mozilla not vulnerable to these flaws.
---------------------------------------------------------------------
* Tue Jul 19 2005 Christopher Aillon <caillon(a)redhat.com> 1.6.3-2
- Rebuild against new mozilla packages
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
4f14b0270142b1394940e511e586706b SRPMS/epiphany-1.6.3-2.src.rpm
0a9f85c668fa838005b72eb8465ce5eb ppc/epiphany-1.6.3-2.ppc.rpm
b731fa68befb45cfcc213f6b004ba27a ppc/epiphany-devel-1.6.3-2.ppc.rpm
188a3eea504eb32e610c8dad383682da ppc/debug/epiphany-debuginfo-1.6.3-2.ppc.rpm
da60b74e7a51966d3b44f666f6d11526 x86_64/epiphany-1.6.3-2.x86_64.rpm
111fc9c64b4e96011b015c0d3082f10a x86_64/epiphany-devel-1.6.3-2.x86_64.rpm
ec1efa26394206bc81d9ea1d1d8dca61 x86_64/debug/epiphany-debuginfo-1.6.3-2.x86_64.rpm
1bbdc7ebd11baae1a8fceb7aa809843e i386/epiphany-1.6.3-2.i386.rpm
076dde628d6d9c7d539dfa8444f495dc i386/epiphany-devel-1.6.3-2.i386.rpm
c4b3824af6e7f6b815df635ab2b6d8e2 i386/debug/epiphany-debuginfo-1.6.3-2.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
18 years, 9 months
[SECURITY] Fedora Core 4 Update: mozilla-1.7.10-1.5.1
by Christopher Aillon
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-619
2005-07-22
---------------------------------------------------------------------
Product : Fedora Core 4
Name : mozilla
Version : 1.7.10
Release : 1.5.1
Summary : A Web browser.
Description :
Mozilla is an open-source Web browser, designed for standards
compliance, performance, and portability.
---------------------------------------------------------------------
Update Information:
Mozilla is an open source Web browser, advanced email and newsgroup client,
IRC chat client, and HTML editor.
A bug was found in the way Mozilla handled synthetic events. It is possible
that Web content could generate events such as keystrokes or mouse clicks
that could be used to steal data or execute malicious Javascript code. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-2260 to this issue.
A bug was found in the way Mozilla executed Javascript in XBL controls. It
is possible for a malicious webpage to leverage this vulnerability to
execute other JavaScript based attacks even when JavaScript is disabled.
(CAN-2005-2261)
A bug was found in the way Mozilla installed its extensions. If a user can
be tricked into visiting a malicious webpage, it may be possible to obtain
sensitive information such as cookies or passwords. (CAN-2005-2263)
A bug was found in the way Mozilla handled certain Javascript functions. It
is possible for a malicious webpage to crash the browser by executing
malformed Javascript code. (CAN-2005-2265)
A bug was found in the way Mozilla handled multiple frame domains. It is
possible for a frame as part of a malicious website to inject content into
a frame that belongs to another domain. This issue was previously fixed as
CAN-2004-0718 but was accidentally disabled. (CAN-2005-1937)
A bug was found in the way Mozilla handled child frames. It is possible for
a malicious framed page to steal sensitive information from its parent
page. (CAN-2005-2266)
A bug was found in the way Mozilla opened URLs from media players. If a
media player opens a URL which is Javascript, the Javascript executes
with access to the currently open webpage. (CAN-2005-2267)
A design flaw was found in the way Mozilla displayed alerts and prompts.
Alerts and prompts were given the generic title [JavaScript Application]
which prevented a user from knowing which site created them. (CAN-2005-2268)
A bug was found in the way Mozilla handled DOM node names. It is possible
for a malicious site to overwrite a DOM node name, allowing certain
privileged chrome actions to execute the malicious Javascript. (CAN-2005-2269)
A bug was found in the way Mozilla cloned base objects. It is possible for
Web content to traverse the prototype chain to gain access to privileged
chrome objects. (CAN-2005-2270)
Users of Mozilla are advised to upgrade to these updated packages, which
contain Mozilla version 1.7.10 and are not vulnerable to these issues.
---------------------------------------------------------------------
* Tue Jul 19 2005 Christopher Aillon <caillon(a)redhat.com> 37:1.7.10-1.5.1
- Update to 1.7.10
- Fix a crash on 64bit platforms (#160330)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
eb361c708dddc1af05158ce6759a61b9 SRPMS/mozilla-1.7.10-1.5.1.src.rpm
c5cfc540316ed7679b562ce6e4431a53 ppc/mozilla-1.7.10-1.5.1.ppc.rpm
69ea1fde672e04a4f6913025870ae28e ppc/mozilla-nspr-1.7.10-1.5.1.ppc.rpm
26ccb88f78bb5142aa07325fd4c5a8c2 ppc/mozilla-nspr-devel-1.7.10-1.5.1.ppc.rpm
465c71611974982178a4acbd03e79848 ppc/mozilla-nss-1.7.10-1.5.1.ppc.rpm
6c3043f14271ce087413b667de05e04c ppc/mozilla-nss-devel-1.7.10-1.5.1.ppc.rpm
5489a8676730b06e32e18f375b83b55d ppc/mozilla-devel-1.7.10-1.5.1.ppc.rpm
b672a31b9bf29f2a593d870f694aa014 ppc/mozilla-mail-1.7.10-1.5.1.ppc.rpm
51be9cdb1510a8b045104bf8956cd174 ppc/mozilla-chat-1.7.10-1.5.1.ppc.rpm
fc3b1d1ecbfcb7a26bbfd2cb18153ec3 ppc/mozilla-js-debugger-1.7.10-1.5.1.ppc.rpm
76f4786b961fa856c99f7a6d60e53ef6 ppc/mozilla-dom-inspector-1.7.10-1.5.1.ppc.rpm
2e3612c10f295f670de5cdf5537b8d18 ppc/debug/mozilla-debuginfo-1.7.10-1.5.1.ppc.rpm
e01cf2f85658577773f84c27be82a981 x86_64/mozilla-1.7.10-1.5.1.x86_64.rpm
78ea2f828bdf576072d5b1d8a117ac18 x86_64/mozilla-nspr-1.7.10-1.5.1.x86_64.rpm
6ed062540e8729a0fe20603dd81a4555 x86_64/mozilla-nspr-devel-1.7.10-1.5.1.x86_64.rpm
900e1bdda17a57a40734e4632216b09b x86_64/mozilla-nss-1.7.10-1.5.1.x86_64.rpm
0835f3a6eb0d3a28e571c659f62b58b5 x86_64/mozilla-nss-devel-1.7.10-1.5.1.x86_64.rpm
46366778caa6bbc28ac2fd7ab601b3e6 x86_64/mozilla-devel-1.7.10-1.5.1.x86_64.rpm
d484918f9a9aacaa3244dfe9aa00724c x86_64/mozilla-mail-1.7.10-1.5.1.x86_64.rpm
a91f3fdebba315d7a904dce6ca078a71 x86_64/mozilla-chat-1.7.10-1.5.1.x86_64.rpm
b7c81fc35699665628b08becab581d89 x86_64/mozilla-js-debugger-1.7.10-1.5.1.x86_64.rpm
e2159457c9cb315bb58ea141fcb61f58 x86_64/mozilla-dom-inspector-1.7.10-1.5.1.x86_64.rpm
bee07c4cc4a2334c6c659b9a78b5dd27 x86_64/debug/mozilla-debuginfo-1.7.10-1.5.1.x86_64.rpm
9e00889d8cf0e0cf6e05b9e2bfa4aa59 x86_64/mozilla-nspr-1.7.10-1.5.1.i386.rpm
d3debda6d568aaf48caec6f01d2c4bb5 x86_64/mozilla-nss-1.7.10-1.5.1.i386.rpm
0170da6538e34da1618ae3b496e19191 i386/mozilla-1.7.10-1.5.1.i386.rpm
9e00889d8cf0e0cf6e05b9e2bfa4aa59 i386/mozilla-nspr-1.7.10-1.5.1.i386.rpm
4284565ab14530bc3a3b9c67f19b5ef3 i386/mozilla-nspr-devel-1.7.10-1.5.1.i386.rpm
d3debda6d568aaf48caec6f01d2c4bb5 i386/mozilla-nss-1.7.10-1.5.1.i386.rpm
29207a796c6f6467afaf012f4102e51f i386/mozilla-nss-devel-1.7.10-1.5.1.i386.rpm
46c2a725f16211cf11c6f247c4865baf i386/mozilla-devel-1.7.10-1.5.1.i386.rpm
6875846f0350c548aea6bc80c248f97f i386/mozilla-mail-1.7.10-1.5.1.i386.rpm
ed5d8fa1b534c8226dca48c30fbab7c0 i386/mozilla-chat-1.7.10-1.5.1.i386.rpm
3cd9b40c026c9bc7ff0f1688eddb0a55 i386/mozilla-js-debugger-1.7.10-1.5.1.i386.rpm
30dea8f03254fa2b7504099592c5c073 i386/mozilla-dom-inspector-1.7.10-1.5.1.i386.rpm
e85b37cef808ba529a228cec8b205a82 i386/debug/mozilla-debuginfo-1.7.10-1.5.1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
18 years, 9 months