[ MDKSA-2006:036 ] - Updated mozilla packages to address DoS vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:036
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mozilla
Date : February 7, 2006
Affected: Corporate 3.0
_______________________________________________________________________
Problem Description:
Mozilla and Mozilla Firefox allow remote attackers to cause a denial of
service (CPU consumption and delayed application startup) via a web
site with a large title, which is recorded in history.dat but not
processed efficiently during startup. (CVE-2005-4134)
The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before
1.5.1 does not properly dereference objects, which allows remote
attackers to cause a denial of service (crash) or execute arbitrary
code via unknown attack vectors related to garbage collection.
(CVE-2006-0292)
The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1,
and SeaMonkey before 1.0 does not validate the attribute name, which
allows remote attackers to execute arbitrary Javascript by injecting
RDF data into the user's localstore.rdf file. (CVE-2006-0296)
Updated packages are patched to address these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296
_______________________________________________________________________
Updated Packages:
Corporate 3.0:
8d1376d6440bc1602ab2b1c74262a30c
corporate/3.0/RPMS/libnspr4-1.7.8-0.7.C30mdk.i586.rpm
ceae80feec83d84891234f8bcf546247
corporate/3.0/RPMS/libnspr4-devel-1.7.8-0.7.C30mdk.i586.rpm
4be42f4a2297322ac93e6c4e635a225b
corporate/3.0/RPMS/libnss3-1.7.8-0.7.C30mdk.i586.rpm
f7490d1448b0ef6fe8eaa7561066095f
corporate/3.0/RPMS/libnss3-devel-1.7.8-0.7.C30mdk.i586.rpm
d3c71d0217099e4586818dc40f819308
corporate/3.0/RPMS/mozilla-1.7.8-0.7.C30mdk.i586.rpm
5d73ae4396714d8b5bf9892090c22724
corporate/3.0/RPMS/mozilla-devel-1.7.8-0.7.C30mdk.i586.rpm
005998ef07bd769563084275c27928ec
corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.7.C30mdk.i586.rpm
0774d333844c7d27b560146e632a33b2
corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.7.C30mdk.i586.rpm
72bda6c0dfc17eb36b5f64aced6da5a3
corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.7.C30mdk.i586.rpm
b425cbdf6b2f2261799869327527d1c7
corporate/3.0/RPMS/mozilla-irc-1.7.8-0.7.C30mdk.i586.rpm
a2ba40970fd46883f707979925553074
corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.7.C30mdk.i586.rpm
3f786a780a2355f4605886287fc489c3
corporate/3.0/RPMS/mozilla-mail-1.7.8-0.7.C30mdk.i586.rpm
4dc8edd930a75430e84520b3b2f00859
corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.7.C30mdk.i586.rpm
4f1024a56ad3c8f3aef13ff2ea881ceb
corporate/3.0/SRPMS/mozilla-1.7.8-0.7.C30mdk.src.rpm
Corporate 3.0/X86_64:
990fd040a970e2fe393665bc87f9d964
x86_64/corporate/3.0/RPMS/lib64nspr4-1.7.8-0.7.C30mdk.x86_64.rpm
e70615c6a988f23636f7bf3d642d2028
x86_64/corporate/3.0/RPMS/lib64nspr4-devel-1.7.8-0.7.C30mdk.x86_64.rpm
69e14625db53e49b4d1fcd9d346218db
x86_64/corporate/3.0/RPMS/lib64nss3-1.7.8-0.7.C30mdk.x86_64.rpm
17f22cc0913232f4d0cd3efbffd17af1
x86_64/corporate/3.0/RPMS/lib64nss3-devel-1.7.8-0.7.C30mdk.x86_64.rpm
23d7b49cde6c2e96742f45625845d825
x86_64/corporate/3.0/RPMS/mozilla-1.7.8-0.7.C30mdk.x86_64.rpm
a14cde7bc834e298f9b1ff97d0faa04c
x86_64/corporate/3.0/RPMS/mozilla-devel-1.7.8-0.7.C30mdk.x86_64.rpm
7b6a92d89e3771330e69b24eef80d02b
x86_64/corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.7.C30mdk.x86_64.rpm
88510e96eee3232f5dd931de50ef9878
x86_64/corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.7.C30mdk.x86_64.rpm
71e44f63b296849361d5733b0e6824d1
x86_64/corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.7.C30mdk.x86_64.rpm
1740b993c3c30a35dcd37d7c88bd6187
x86_64/corporate/3.0/RPMS/mozilla-irc-1.7.8-0.7.C30mdk.x86_64.rpm
13b44d4ab0a1b80fb50ad8c881d94253
x86_64/corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.7.C30mdk.x86_64.rpm
b9683c1834c25ab3d78606b912714780
x86_64/corporate/3.0/RPMS/mozilla-mail-1.7.8-0.7.C30mdk.x86_64.rpm
7ccb971d176e3e3a1a924bfc23f34b1e
x86_64/corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.7.C30mdk.x86_64.rpm
4f1024a56ad3c8f3aef13ff2ea881ceb
x86_64/corporate/3.0/SRPMS/mozilla-1.7.8-0.7.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFD6SVbmqjQ0CJFipgRAtEGAKDeolBWyZSrRKa1tL4JSbkQw+z06ACgkcGr
VCmfGeobl7Qv+lFgSZbx3rE=
=NT/H
-----END PGP SIGNATURE-----