--------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated mozilla packages fix security issues Advisory ID: FLSA:180036-1 Issue date: 2006-02-23 Product: Red Hat Linux, Fedora Core Keywords: Bugfix CVE Names: CVE-2005-4134 CVE-2006-0292 CVE-2006-0296 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated mozilla packages that fix several security bugs are now available. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 Fedora Core 2 - i386 Fedora Core 3 - i386, x86_64 3. Problem description: Igor Bukanov discovered a bug in the way Mozilla's Javascript interpreter dereferences objects. If a user visits a malicious web page, Mozilla could crash or execute arbitrary code as the user running Mozilla. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0292 to this issue. moz_bug_r_a4 discovered a bug in Mozilla's XULDocument.persist() function. A malicious web page could inject arbitrary RDF data into a user's localstore.rdf file, which can cause Mozilla to execute arbitrary javascript when a user runs Mozilla. (CVE-2006-0296) A denial of service bug was found in the way Mozilla saves history information. If a user visits a web page with a very long title, it is possible Mozilla will crash or take a very long time the next time it is run. (CVE-2005-4134) Users of Mozilla are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=180036 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/mozilla-1.7.12-0.73.3.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-1.7.12-0.73.3.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-chat-1.7.12-0.73.3.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-devel-1.7.12-0.73.3.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-dom-inspector-1.7.12-0.73.3.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-js-debugger-1.7.12-0.73.3.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-mail-1.7.12-0.73.3.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr-1.7.12-0.73.3.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr-devel-1.7.12-0.73.3.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-1.7.12-0.73.3.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-devel-1.7.12-0.73.3.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/mozilla-1.7.12-0.90.2.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-1.7.12-0.90.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-chat-1.7.12-0.90.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-devel-1.7.12-0.90.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-dom-inspector-1.7.12-0.90.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-js-debugger-1.7.12-0.90.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-mail-1.7.12-0.90.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-1.7.12-0.90.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-devel-1.7.12-0.90.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-1.7.12-0.90.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-devel-1.7.12-0.90.2.legacy.i386.rpm Fedora Core 1: SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/mozilla-1.7.12-1.1.2.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-1.7.12-1.1.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-chat-1.7.12-1.1.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-devel-1.7.12-1.1.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-dom-inspector-1.7.12-1.1.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-js-debugger-1.7.12-1.1.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-mail-1.7.12-1.1.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-1.7.12-1.1.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-devel-1.7.12-1.1.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-1.7.12-1.1.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-devel-1.7.12-1.1.2.legacy.i386.rpm Fedora Core 2: SRPM: http://download.fedoralegacy.org/fedora/2/updates/SRPMS/mozilla-1.7.12-1.2.3.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-1.7.12-1.2.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-chat-1.7.12-1.2.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-devel-1.7.12-1.2.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-dom-inspector-1.7.12-1.2.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-js-debugger-1.7.12-1.2.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-mail-1.7.12-1.2.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nspr-1.7.12-1.2.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nspr-devel-1.7.12-1.2.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nss-1.7.12-1.2.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nss-devel-1.7.12-1.2.3.legacy.i386.rpm Fedora Core 3: SRPM: http://download.fedoralegacy.org/fedora/3/updates/SRPMS/mozilla-1.7.12-1.3.3.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-1.7.12-1.3.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-chat-1.7.12-1.3.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-devel-1.7.12-1.3.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-dom-inspector-1.7.12-1.3.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-js-debugger-1.7.12-1.3.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-mail-1.7.12-1.3.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nspr-1.7.12-1.3.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nspr-devel-1.7.12-1.3.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nss-1.7.12-1.3.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nss-devel-1.7.12-1.3.3.legacy.i386.rpm x86_64: http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-1.7.12-1.3.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-chat-1.7.12-1.3.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-devel-1.7.12-1.3.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-dom-inspector-1.7.12-1.3.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-js-debugger-1.7.12-1.3.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-mail-1.7.12-1.3.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nspr-1.7.12-1.3.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nspr-1.7.12-1.3.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nspr-devel-1.7.12-1.3.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nss-1.7.12-1.3.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nss-1.7.12-1.3.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nss-devel-1.7.12-1.3.3.legacy.x86_64.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- baf937574b92b01271c70169e5e6465eb7736c81 redhat/7.3/updates/i386/mozilla-1.7.12-0.73.3.legacy.i386.rpm 4e401f2064201c290aa00527d148141904532d8a redhat/7.3/updates/i386/mozilla-chat-1.7.12-0.73.3.legacy.i386.rpm d97acf0463781ac5600754b02b5a902125df5fd4 redhat/7.3/updates/i386/mozilla-devel-1.7.12-0.73.3.legacy.i386.rpm 251eb4a2d0e0f8cf63b7b7975c9819a7e58fd5b3 redhat/7.3/updates/i386/mozilla-dom-inspector-1.7.12-0.73.3.legacy.i386.rpm 584062b1c063fb8c2375693b49e48b8ae7530a00 redhat/7.3/updates/i386/mozilla-js-debugger-1.7.12-0.73.3.legacy.i386.rpm aa3594680a3224f6b8b7abb9a6b9585fa6f519c1 redhat/7.3/updates/i386/mozilla-mail-1.7.12-0.73.3.legacy.i386.rpm 1676c32cd8143b9ff939b45269b2423b50d062f1 redhat/7.3/updates/i386/mozilla-nspr-1.7.12-0.73.3.legacy.i386.rpm 9d9d350082b38b94d45e458e02f3345b0a4e3ed0 redhat/7.3/updates/i386/mozilla-nspr-devel-1.7.12-0.73.3.legacy.i386.rpm 33753a720edea798966550963426db05a409a6c4 redhat/7.3/updates/i386/mozilla-nss-1.7.12-0.73.3.legacy.i386.rpm b17dec4e9eab3acca07dc0345d01fa522c3f43d8 redhat/7.3/updates/i386/mozilla-nss-devel-1.7.12-0.73.3.legacy.i386.rpm 169c96bd3eae5e8f4220ed87291ceb176bf1f6b2 redhat/7.3/updates/SRPMS/mozilla-1.7.12-0.73.3.legacy.src.rpm ffa6d9ff83d69b2aa32fb92a660775cbb92f2b53 redhat/9/updates/i386/mozilla-1.7.12-0.90.2.legacy.i386.rpm d4bc650d1652ae30bb4df3037bcd1f9f77781774 redhat/9/updates/i386/mozilla-chat-1.7.12-0.90.2.legacy.i386.rpm 0148688359ca6168c0c77160c8891315ac319147 redhat/9/updates/i386/mozilla-devel-1.7.12-0.90.2.legacy.i386.rpm 2be970089280e3b23401402e5ea5019cc57b95ba redhat/9/updates/i386/mozilla-dom-inspector-1.7.12-0.90.2.legacy.i386.rpm 653ceef20cbbd2d415ab8453b5c6d6e81193b6b3 redhat/9/updates/i386/mozilla-js-debugger-1.7.12-0.90.2.legacy.i386.rpm 1c576446d6eef094adf576310d6fa773ee52259b redhat/9/updates/i386/mozilla-mail-1.7.12-0.90.2.legacy.i386.rpm a2bf3a3f3cbf90a1d0f73bc3ecba5b3d48a8e151 redhat/9/updates/i386/mozilla-nspr-1.7.12-0.90.2.legacy.i386.rpm 8eb53c3254fdbfcb78c229672a28c22d4ef0e4c7 redhat/9/updates/i386/mozilla-nspr-devel-1.7.12-0.90.2.legacy.i386.rpm 4ca88669c7390d9181673af47c954512d6dd7eef redhat/9/updates/i386/mozilla-nss-1.7.12-0.90.2.legacy.i386.rpm ccc8207ee4ee6dac6b23715884c011dd023acfb0 redhat/9/updates/i386/mozilla-nss-devel-1.7.12-0.90.2.legacy.i386.rpm 9f0c42c95eee533f46cb69e9ca24983d598b7c19 redhat/9/updates/SRPMS/mozilla-1.7.12-0.90.2.legacy.src.rpm ccc9f1f2f0a31d46cc69af0a7b3fc8279347c855 fedora/1/updates/i386/mozilla-1.7.12-1.1.2.legacy.i386.rpm 22fb3e89d2484c03774aa28756082ad7fd68c9a9 fedora/1/updates/i386/mozilla-chat-1.7.12-1.1.2.legacy.i386.rpm 971284c2c887c7de98cae3fc5fc48c542ff6934f fedora/1/updates/i386/mozilla-devel-1.7.12-1.1.2.legacy.i386.rpm e7c1727896f18603d38ad40a6f209d19d3049f0a fedora/1/updates/i386/mozilla-dom-inspector-1.7.12-1.1.2.legacy.i386.rpm 938aa693e2a7a499a33c6605cfa3a74e8673df27 fedora/1/updates/i386/mozilla-js-debugger-1.7.12-1.1.2.legacy.i386.rpm d6a2a1f6974ab09ec1d02af7592e782c27f578e6 fedora/1/updates/i386/mozilla-mail-1.7.12-1.1.2.legacy.i386.rpm 67cb0d096878aed78036e5ea0970f1147bf74d44 fedora/1/updates/i386/mozilla-nspr-1.7.12-1.1.2.legacy.i386.rpm cd48424e01cfe88b1f438c932a673b97f2101704 fedora/1/updates/i386/mozilla-nspr-devel-1.7.12-1.1.2.legacy.i386.rpm dd89685756cbe81a3928075f14310f58ce409af3 fedora/1/updates/i386/mozilla-nss-1.7.12-1.1.2.legacy.i386.rpm e193799b982e920ebb932fcc06c49a5228f704f6 fedora/1/updates/i386/mozilla-nss-devel-1.7.12-1.1.2.legacy.i386.rpm a07447de816fe5b143dd3f6a3476d3334e01576c fedora/1/updates/SRPMS/mozilla-1.7.12-1.1.2.legacy.src.rpm f22f8ad6584a2e8ff16f52858181f145a27ad88e fedora/2/updates/i386/mozilla-1.7.12-1.2.3.legacy.i386.rpm 9c1600eb0de0484a292b4b556b6e13d579cba87a fedora/2/updates/i386/mozilla-chat-1.7.12-1.2.3.legacy.i386.rpm 86859e409dc365f5bec29d0a93b175ac0bcba1b7 fedora/2/updates/i386/mozilla-devel-1.7.12-1.2.3.legacy.i386.rpm 2d9fccb410dc48ec08d16a34924db7be85b5270e fedora/2/updates/i386/mozilla-dom-inspector-1.7.12-1.2.3.legacy.i386.rpm 089f2798d5a48d3dbff41b750c0fa263d3c084b2 fedora/2/updates/i386/mozilla-js-debugger-1.7.12-1.2.3.legacy.i386.rpm 7f7cfb22bab08e5cafb4179ab400fb20f9f0e92d fedora/2/updates/i386/mozilla-mail-1.7.12-1.2.3.legacy.i386.rpm 122072963825101d273120c4efc5e0b414d8363c fedora/2/updates/i386/mozilla-nspr-1.7.12-1.2.3.legacy.i386.rpm 377d51c94a02e610a0085a3805a51d97896c56ed fedora/2/updates/i386/mozilla-nspr-devel-1.7.12-1.2.3.legacy.i386.rpm 255a282fed707f6730d559e5e182e15db1a2c647 fedora/2/updates/i386/mozilla-nss-1.7.12-1.2.3.legacy.i386.rpm 63f3f43a95d43c8d03a63a7d9914544d020e36af fedora/2/updates/i386/mozilla-nss-devel-1.7.12-1.2.3.legacy.i386.rpm 3763ccd5bb56555376b15e3b6719addea3d72e94 fedora/2/updates/SRPMS/mozilla-1.7.12-1.2.3.legacy.src.rpm 1dc7f066ff6b1edc46037b874c88871b92e689bd fedora/3/updates/i386/mozilla-1.7.12-1.3.3.legacy.i386.rpm d42189ed08ecb23f10fa811233191da00a6d2b86 fedora/3/updates/i386/mozilla-chat-1.7.12-1.3.3.legacy.i386.rpm 178fde65f593bfb2c97feef7a9368acd6a85e0a1 fedora/3/updates/i386/mozilla-devel-1.7.12-1.3.3.legacy.i386.rpm 934df1335c0409c5d200d3afcf0c5d1bb619d7a0 fedora/3/updates/i386/mozilla-dom-inspector-1.7.12-1.3.3.legacy.i386.rpm 44a98a9a93f06916e80028e436f3cb5a7e757403 fedora/3/updates/i386/mozilla-js-debugger-1.7.12-1.3.3.legacy.i386.rpm d70a4a67cae1c047ddd515ff466cc3964dc21639 fedora/3/updates/i386/mozilla-mail-1.7.12-1.3.3.legacy.i386.rpm 628cb7537726199cf5ecd459e7cbf2bb27acdca5 fedora/3/updates/i386/mozilla-nspr-1.7.12-1.3.3.legacy.i386.rpm 6c4a6afd3c1b3538a1ab0f691af18b75ae910f0a fedora/3/updates/i386/mozilla-nspr-devel-1.7.12-1.3.3.legacy.i386.rpm 6df7e4d99d0b5b0634eaf71816aff3a76308850c fedora/3/updates/i386/mozilla-nss-1.7.12-1.3.3.legacy.i386.rpm 86a0ea171fa09f02a13307cfd742aa4d7669dbf3 fedora/3/updates/i386/mozilla-nss-devel-1.7.12-1.3.3.legacy.i386.rpm cc1ee55af3e20e520347b8d54604c49a3a687a68 fedora/3/updates/x86_64/mozilla-1.7.12-1.3.3.legacy.x86_64.rpm 2365e1dd78f64bfb6888e8a7c5ad16ce10a222f9 fedora/3/updates/x86_64/mozilla-chat-1.7.12-1.3.3.legacy.x86_64.rpm 1dc8b590ba623365a07c33c8a98c5d6eb7057486 fedora/3/updates/x86_64/mozilla-devel-1.7.12-1.3.3.legacy.x86_64.rpm abdf5d08629556a3335ad70eb565b65dbec226b3 fedora/3/updates/x86_64/mozilla-dom-inspector-1.7.12-1.3.3.legacy.x86_64.rpm 3489b08fbbe7dab2e913c6c79c24296bc0ac0078 fedora/3/updates/x86_64/mozilla-js-debugger-1.7.12-1.3.3.legacy.x86_64.rpm b544c2a6807963113eb2234ff3d846eb2c435661 fedora/3/updates/x86_64/mozilla-mail-1.7.12-1.3.3.legacy.x86_64.rpm 628cb7537726199cf5ecd459e7cbf2bb27acdca5 fedora/3/updates/x86_64/mozilla-nspr-1.7.12-1.3.3.legacy.i386.rpm 6cf873ef9085f915b38f2bc70f16adfcfa155bfd fedora/3/updates/x86_64/mozilla-nspr-1.7.12-1.3.3.legacy.x86_64.rpm 5eb2b843489853ea7d395502c492383557d1d7ce fedora/3/updates/x86_64/mozilla-nspr-devel-1.7.12-1.3.3.legacy.x86_64.rpm 6df7e4d99d0b5b0634eaf71816aff3a76308850c fedora/3/updates/x86_64/mozilla-nss-1.7.12-1.3.3.legacy.i386.rpm f7c34c932da9b4f65f134123ee8b86af16c7667d fedora/3/updates/x86_64/mozilla-nss-1.7.12-1.3.3.legacy.x86_64.rpm 5889b94be3ad690867bf59697b6d4704757d1402 fedora/3/updates/x86_64/mozilla-nss-devel-1.7.12-1.3.3.legacy.x86_64.rpm c4051d635668658df5f1ce4df69becc721fb752a fedora/3/updates/SRPMS/mozilla-1.7.12-1.3.3.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum <filename> 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296 9. Contact: The Fedora Legacy security contact is <secnotice@xxxxxxxxxxxxxxxx>. More project details at http://www.fedoralegacy.org ---------------------------------------------------------------------
Attachment:
signature.asc
Description: OpenPGP digital signature