[SECURITY] Fedora 7 Update: epiphany-2.18.3-5.fc7

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 29 01:45:27 UTC 2007


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-3952
2007-11-29 01:44:21.449766
--------------------------------------------------------------------------------

Name        : epiphany
Product     : Fedora 7
Version     : 2.18.3
Release     : 5.fc7
URL         : http://www.gnome.org/projects/epiphany/
Summary     : GNOME web browser based on the Mozilla rendering engine
Description :
epiphany is a simple GNOME web browser based on the Mozilla rendering
engine.

--------------------------------------------------------------------------------
Update Information:

Updated firefox packages that fix several security issues are now available for Fedora 7.

This update has been rated as having critical security impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 27 2007 Christopher Aillon <caillon at redhat.com> - 2.18.3-5
- Rebuild against newer gecko
* Mon Nov  5 2007 Martin Stransky <stransky at redhat.com> - 2.18.3-4
- Rebuild against newer gecko
* Fri Oct 19 2007 Christopher Aillon <caillon at redhat.com> - 2.18.3-3
- Rebuild against newer gecko
* Wed Jul 18 2007 Kai Engert <kengert at redhat.com> - 2.18.3-2
- Rebuild against newer gecko
* Mon Jul  2 2007 Matthias Clasen <mclasen at redhat.com> 2.18.3-1
- Update to 2.18.3
* Tue May 29 2007 Matthias Clasen <mclasen at redhat.com> 2.18.2-1
- Update to 2.18.2
* Thu May 24 2007 Christopher Aillon <caillon at redhat.com> 2.18.1-3
- Rebuild against newer gecko
--------------------------------------------------------------------------------
Updated packages:

92b53b48f9d1740ec140559a6d6362def41c9142 epiphany-2.18.3-5.fc7.ppc64.rpm
43b2e3669474c0cffe0b677440744cba4dca49e1 epiphany-debuginfo-2.18.3-5.fc7.ppc64.rpm
41c46490192178f54bf9973dce34a3a8ed338e02 epiphany-devel-2.18.3-5.fc7.ppc64.rpm
57885bf097a96ceaaaf516d9eacfcf2fa067402d epiphany-debuginfo-2.18.3-5.fc7.i386.rpm
77c8a3fce27582b7b1c5ae7eb591d1e8420073c7 epiphany-devel-2.18.3-5.fc7.i386.rpm
2c2b9cfe94df9d0379d12e7b65d8996dfad29187 epiphany-2.18.3-5.fc7.i386.rpm
185fe22200834ec40e8744a9d034b97e2002af8f epiphany-debuginfo-2.18.3-5.fc7.x86_64.rpm
e16928d1c75143c541e067d87d261b15508fc68f epiphany-2.18.3-5.fc7.x86_64.rpm
bfe57250157fbc8b8198272f3f54701634288a1f epiphany-devel-2.18.3-5.fc7.x86_64.rpm
9338dc34748f80131b312a21c50f80a5eeb9dc9a epiphany-devel-2.18.3-5.fc7.ppc.rpm
1a7a44bbdd669b7a3920421413d131a9b73850a8 epiphany-2.18.3-5.fc7.ppc.rpm
f7e0397dcb1f52d68a3b9508959b1eeec28d7db1 epiphany-debuginfo-2.18.3-5.fc7.ppc.rpm
949f6e91489cab540d05d51ef67a1d9556cbd0e0 epiphany-2.18.3-5.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update epiphany' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------




More information about the package-announce mailing list