[ MDKSA-2007:050-1 ] - Updated Firefox packages fix multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:050-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mozilla-firefox
Date : March 2, 2007
Affected: 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A number of security vulnerabilities have been discovered and corrected
in the latest Mozilla Firefox program, version 1.5.0.10.
This update provides the latest Firefox to correct these issues.
Update:
A regression was found in the latest Firefox packages provided where
changes to library paths caused applications that depended on the NSS
libraries (such as Thunderbird and Evolution) to fail to start or fail
to load certain SSL-related security components. These new packages
correct that problem and we apologize for any inconvenience the
previous update may have caused.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0779
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1092
http://www.mozilla.org/security/announce/2007/mfsa2007-01.html
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
http://www.mozilla.org/security/announce/2007/mfsa2007-03.html
http://www.mozilla.org/security/announce/2007/mfsa2007-04.html
http://www.mozilla.org/security/announce/2007/mfsa2007-05.html
http://www.mozilla.org/security/announce/2007/mfsa2007-06.html
http://www.mozilla.org/security/announce/2007/mfsa2007-07.html
http://www.mozilla.org/security/announce/2007/mfsa2007-08.html
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
411bc0bdd8dc32950a84c77ed3319508
2007.0/i586/libmozilla-firefox1.5.0.10-1.5.0.10-2mdv2007.0.i586.rpm
9ceb031931003fb861882f4455c6648b
2007.0/i586/libmozilla-firefox1.5.0.10-devel-1.5.0.10-2mdv2007.0.i586.rpm
db615eadf763927182c8657d11b1ae54
2007.0/i586/libnspr4-1.5.0.10-2mdv2007.0.i586.rpm
bd7dca3e972f552b5dd347822e17f1e1
2007.0/i586/libnspr4-devel-1.5.0.10-2mdv2007.0.i586.rpm
bb4709aa4bf277e32c25e07d93641802
2007.0/i586/libnspr4-static-devel-1.5.0.10-2mdv2007.0.i586.rpm
babf7d44d0340cd51f45249d3002180e
2007.0/i586/libnss3-1.5.0.10-2mdv2007.0.i586.rpm
19a967982b748b879b1904d5bcea174d
2007.0/i586/libnss3-devel-1.5.0.10-2mdv2007.0.i586.rpm
6333bab7a5d530836fa5a64383bcdd30
2007.0/i586/mozilla-firefox-1.5.0.10-2mdv2007.0.i586.rpm
72672b4bbfcc4f13d5820a4c11bca547
2007.0/SRPMS/mozilla-firefox-1.5.0.10-2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
9fe9779d9d02f0aa73d28096cc237d00
2007.0/x86_64/lib64mozilla-firefox1.5.0.10-1.5.0.10-2mdv2007.0.x86_64.rpm
3c0a879b450f5c2569eb81d397a82906
2007.0/x86_64/lib64mozilla-firefox1.5.0.10-devel-1.5.0.10-2mdv2007.0.x86_64.rpm
338d81330e754d5ffd22dea67c2fbfd2
2007.0/x86_64/lib64nspr4-1.5.0.10-2mdv2007.0.x86_64.rpm
0c840ec9a78c48d975db6bca80e53caa
2007.0/x86_64/lib64nspr4-devel-1.5.0.10-2mdv2007.0.x86_64.rpm
3f1ba2da63bf990b3958f184bdf4d96f
2007.0/x86_64/lib64nspr4-static-devel-1.5.0.10-2mdv2007.0.x86_64.rpm
cd9ef9efe9f859467a07bfc20899156d
2007.0/x86_64/lib64nss3-1.5.0.10-2mdv2007.0.x86_64.rpm
d6243e7d7c76a5ff5a418f7304cdcff2
2007.0/x86_64/lib64nss3-devel-1.5.0.10-2mdv2007.0.x86_64.rpm
0fec2d70c6a797521304598b802d03b1
2007.0/x86_64/mozilla-firefox-1.5.0.10-2mdv2007.0.x86_64.rpm
72672b4bbfcc4f13d5820a4c11bca547
2007.0/SRPMS/mozilla-firefox-1.5.0.10-2mdv2007.0.src.rpm
Corporate 3.0:
24fbf58752279b3a5ec8d186d7c6142b
corporate/3.0/i586/libnspr4-1.5.0.10-1.1.C30mdk.i586.rpm
cc59dd85bcdc065ed4ee7f3d299e971a
corporate/3.0/i586/libnspr4-devel-1.5.0.10-1.1.C30mdk.i586.rpm
284b6bf1210fb854361a9af3062528e1
corporate/3.0/i586/libnspr4-static-devel-1.5.0.10-1.1.C30mdk.i586.rpm
cf17ffa7ff1734b850c7f7a5b7f780ee
corporate/3.0/i586/libnss3-1.5.0.10-1.1.C30mdk.i586.rpm
82e74bce4abb564958d0225bc94687d6
corporate/3.0/i586/libnss3-devel-1.5.0.10-1.1.C30mdk.i586.rpm
5af5da7a1f51c609568f03b2026c0687
corporate/3.0/i586/mozilla-firefox-1.5.0.10-1.1.C30mdk.i586.rpm
df2d940bf4af073e1dc983c1143a8079
corporate/3.0/i586/mozilla-firefox-devel-1.5.0.10-1.1.C30mdk.i586.rpm
efd17411a1dc5bed3d7e79f0a28b4073
corporate/3.0/SRPMS/mozilla-firefox-1.5.0.10-1.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
be6fa4a501b973f9016716ae6ffb1b25
corporate/3.0/x86_64/lib64nspr4-1.5.0.10-1.1.C30mdk.x86_64.rpm
a06bb78d6531ffac3e750236a0cb13de
corporate/3.0/x86_64/lib64nspr4-devel-1.5.0.10-1.1.C30mdk.x86_64.rpm
2f2dd393236be80e8f8ca226145115e7
corporate/3.0/x86_64/lib64nspr4-static-devel-1.5.0.10-1.1.C30mdk.x86_64.rpm
3a42bca7fd7ab26e65bf0a4ca7485db1
corporate/3.0/x86_64/lib64nss3-1.5.0.10-1.1.C30mdk.x86_64.rpm
68cef069c9e2d4f1336c58e8e5f126ca
corporate/3.0/x86_64/lib64nss3-devel-1.5.0.10-1.1.C30mdk.x86_64.rpm
0bd6c6adc8fd1be8d3b02fb5505c9330
corporate/3.0/x86_64/mozilla-firefox-1.5.0.10-1.1.C30mdk.x86_64.rpm
27262a966199c19006327fa21dab1f69
corporate/3.0/x86_64/mozilla-firefox-devel-1.5.0.10-1.1.C30mdk.x86_64.rpm
efd17411a1dc5bed3d7e79f0a28b4073
corporate/3.0/SRPMS/mozilla-firefox-1.5.0.10-1.1.C30mdk.src.rpm
Corporate 4.0:
0f782ea68bc9177e333dd77c26eeec7f
corporate/4.0/i586/libnspr4-1.5.0.10-1.1.20060mlcs4.i586.rpm
408511a886dd0619f4ae9a1d93137eeb
corporate/4.0/i586/libnspr4-devel-1.5.0.10-1.1.20060mlcs4.i586.rpm
6b3ad9cf7c2f4b7a008c6fd9c584289b
corporate/4.0/i586/libnspr4-static-devel-1.5.0.10-1.1.20060mlcs4.i586.rpm
31927dd82ca439052fe166e6b2864e07
corporate/4.0/i586/libnss3-1.5.0.10-1.1.20060mlcs4.i586.rpm
021eef345d030d8112f227b0b2c3a0f6
corporate/4.0/i586/libnss3-devel-1.5.0.10-1.1.20060mlcs4.i586.rpm
2485f65a1860840e7abe7cd5a447c538
corporate/4.0/i586/mozilla-firefox-1.5.0.10-1.1.20060mlcs4.i586.rpm
ef609ec54c3e70b47067668f68c74e65
corporate/4.0/i586/mozilla-firefox-devel-1.5.0.10-1.1.20060mlcs4.i586.rpm
64e5ea6cd7dc856aa4f7eda630e40d14
corporate/4.0/SRPMS/mozilla-firefox-1.5.0.10-1.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
fab1a497ea9801a29637f049e520422b
corporate/4.0/x86_64/lib64nspr4-1.5.0.10-1.1.20060mlcs4.x86_64.rpm
647d403327794eb30e81e6b91b407dd1
corporate/4.0/x86_64/lib64nspr4-devel-1.5.0.10-1.1.20060mlcs4.x86_64.rpm
247c6c555fe4917bbdf3ae884ac309ba
corporate/4.0/x86_64/lib64nspr4-static-devel-1.5.0.10-1.1.20060mlcs4.x86_64.rpm
710e426e4200912e2b4718d1c0613c58
corporate/4.0/x86_64/lib64nss3-1.5.0.10-1.1.20060mlcs4.x86_64.rpm
2efe3ddeb772f3d706f429bccd34675c
corporate/4.0/x86_64/lib64nss3-devel-1.5.0.10-1.1.20060mlcs4.x86_64.rpm
13e414365c4f1d3768a375cf29a40aa4
corporate/4.0/x86_64/mozilla-firefox-1.5.0.10-1.1.20060mlcs4.x86_64.rpm
261d63f5547804f20ee022290429c866
corporate/4.0/x86_64/mozilla-firefox-devel-1.5.0.10-1.1.20060mlcs4.x86_64.rpm
64e5ea6cd7dc856aa4f7eda630e40d14
corporate/4.0/SRPMS/mozilla-firefox-1.5.0.10-1.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFF6H18mqjQ0CJFipgRAna2AJ9Qa8Vf923jNIzai9QzQOOS4NRETgCgyICD
+eNPSjeb5EQGZ6E5dYWPNSM=
=AgMP
-----END PGP SIGNATURE-----