--------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated mozilla packages fix security issues Advisory ID: FLSA:158149 Issue date: 2005-07-15 Product: Red Hat Linux, Fedora Core Keywords: Bugfix CVE Names: CAN-2005-1476 CAN-2005-1477 CAN-2005-1531 CAN-2005-1532 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated mozilla packages that fix various security bugs are now available. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 Fedora Core 2 - i386 3. Problem description: Several bugs were found in the way Mozilla executes javascript code. Javascript executed from a web page should run with a restricted access level, preventing dangerous actions. It is possible that a malicious web page could execute javascript code with elevated privileges, allowing access to protected data and functions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-1476, CAN-2005-1477, CAN-2005-1531, and CAN-2005-1532 to these issues. Users of Mozilla are advised to upgrade to this updated package, which contains Mozilla version 1.7.8 to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158149 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/mozilla-1.7.8-0.73.1.legacy.src.rpm http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/galeon-1.2.14-0.73.3.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-1.7.8-0.73.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-chat-1.7.8-0.73.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-devel-1.7.8-0.73.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-dom-inspector-1.7.8-0.73.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-js-debugger-1.7.8-0.73.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-mail-1.7.8-0.73.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr-1.7.8-0.73.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr-devel-1.7.8-0.73.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-1.7.8-0.73.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-devel-1.7.8-0.73.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/galeon-1.2.14-0.73.3.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/mozilla-1.7.8-0.90.1.legacy.src.rpm http://download.fedoralegacy.org/redhat/9/updates/SRPMS/galeon-1.2.14-0.90.3.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-1.7.8-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-chat-1.7.8-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-devel-1.7.8-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-dom-inspector-1.7.8-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-js-debugger-1.7.8-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-mail-1.7.8-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-1.7.8-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-devel-1.7.8-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-1.7.8-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-devel-1.7.8-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/galeon-1.2.14-0.90.3.legacy.i386.rpm Fedora Core 1: SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/mozilla-1.7.8-1.1.1.legacy.src.rpm http://download.fedoralegacy.org/fedora/1/updates/SRPMS/epiphany-1.0.8-1.fc1.3.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-1.7.8-1.1.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-chat-1.7.8-1.1.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-devel-1.7.8-1.1.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-dom-inspector-1.7.8-1.1.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-js-debugger-1.7.8-1.1.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-mail-1.7.8-1.1.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-1.7.8-1.1.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-devel-1.7.8-1.1.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-1.7.8-1.1.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-devel-1.7.8-1.1.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/epiphany-1.0.8-1.fc1.3.legacy.i386.rpm Fedora Core 2: SRPM: http://download.fedoralegacy.org/fedora/2/updates/SRPMS/mozilla-1.7.8-1.2.1.legacy.src.rpm http://download.fedoralegacy.org/fedora/2/updates/SRPMS/epiphany-1.2.10-0.2.4.legacy.src.rpm http://download.fedoralegacy.org/fedora/2/updates/SRPMS/devhelp-0.9.1-0.2.7.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-1.7.8-1.2.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-chat-1.7.8-1.2.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-devel-1.7.8-1.2.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-dom-inspector-1.7.8-1.2.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-js-debugger-1.7.8-1.2.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-mail-1.7.8-1.2.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nspr-1.7.8-1.2.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nspr-devel-1.7.8-1.2.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nss-1.7.8-1.2.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nss-devel-1.7.8-1.2.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/epiphany-1.2.10-0.2.4.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/devhelp-0.9.1-0.2.7.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/devhelp-devel-0.9.1-0.2.7.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 53bfba163e4771b025d445b797325241c2f64cc5 redhat/7.3/updates/i386/mozilla-1.7.8-0.73.1.legacy.i386.rpm 1adb3bd0f07970e08a68ad7885455291c715057e redhat/7.3/updates/i386/mozilla-chat-1.7.8-0.73.1.legacy.i386.rpm 00b6c60d5595977f421566918da4c61aef8fe575 redhat/7.3/updates/i386/mozilla-devel-1.7.8-0.73.1.legacy.i386.rpm 8a41e399f0db66efd9ab716d0a6a8ff6d5d62566 redhat/7.3/updates/i386/mozilla-dom-inspector-1.7.8-0.73.1.legacy.i386.rpm f7d191586e65e40bff5a68efda356628dbfb5ecf redhat/7.3/updates/i386/mozilla-js-debugger-1.7.8-0.73.1.legacy.i386.rpm f3659f9a5c7f90abbc6e8ed95867103773f7a032 redhat/7.3/updates/i386/mozilla-mail-1.7.8-0.73.1.legacy.i386.rpm b3891f513e1ac4473811b3fb9d6d6cf10fc793eb redhat/7.3/updates/i386/mozilla-nspr-1.7.8-0.73.1.legacy.i386.rpm 4ec6616b781f1f94ad807525327084435b5be477 redhat/7.3/updates/i386/mozilla-nspr-devel-1.7.8-0.73.1.legacy.i386.rpm 5af05b2836009b2081c3ac035ab82661a056705a redhat/7.3/updates/i386/mozilla-nss-1.7.8-0.73.1.legacy.i386.rpm 3b41861da189e369bafdca92e22a7ba5cd403d3b redhat/7.3/updates/i386/mozilla-nss-devel-1.7.8-0.73.1.legacy.i386.rpm 3c0dec35034ceec86ccbe5976d7bcaa937372c99 redhat/7.3/updates/SRPMS/mozilla-1.7.8-0.73.1.legacy.src.rpm f1d71f876d9a14884a2c78e6f52b0d85eda58420 redhat/7.3/updates/i386/galeon-1.2.14-0.73.3.legacy.i386.rpm c7c74a1d0c0e82963ae297b299870c0266a6fd29 redhat/7.3/updates/SRPMS/galeon-1.2.14-0.73.3.legacy.src.rpm 19f88b4dc5a45a4252dafe81ecefa575caafac72 redhat/9/updates/i386/mozilla-1.7.8-0.90.1.legacy.i386.rpm 575d3b0ede7f8b9f44b2e5490ac35df7a2b6dbf4 redhat/9/updates/i386/mozilla-chat-1.7.8-0.90.1.legacy.i386.rpm 378b0f97133657932c4cd3d37bc7253382ff4a36 redhat/9/updates/i386/mozilla-devel-1.7.8-0.90.1.legacy.i386.rpm 4d95a0a8aa165cf936ed8241429a6ab79eba2503 redhat/9/updates/i386/mozilla-dom-inspector-1.7.8-0.90.1.legacy.i386.rpm 65c8f757d727d0f9574a453487075150062d67f4 redhat/9/updates/i386/mozilla-js-debugger-1.7.8-0.90.1.legacy.i386.rpm 7293d848df84337a70c2a9a1b1d91761e74ec0a9 redhat/9/updates/i386/mozilla-mail-1.7.8-0.90.1.legacy.i386.rpm 1b82a4b2c9b949d81ee15847e8d60175a164012e redhat/9/updates/i386/mozilla-nspr-1.7.8-0.90.1.legacy.i386.rpm 743753ebcfa235ab55d2973bf1f27f29edd58740 redhat/9/updates/i386/mozilla-nspr-devel-1.7.8-0.90.1.legacy.i386.rpm 581ba496932635198b89e90b73bdbc2e3960a535 redhat/9/updates/i386/mozilla-nss-1.7.8-0.90.1.legacy.i386.rpm 3a1564245d1fb4f7fec69dc8d804630ae0289846 redhat/9/updates/i386/mozilla-nss-devel-1.7.8-0.90.1.legacy.i386.rpm d2ec94bec7f180a30689df5ef71dfce501803514 redhat/9/updates/SRPMS/mozilla-1.7.8-0.90.1.legacy.src.rpm a9d0d67e3e1decf95935fb586e2c20169342a6d9 redhat/9/updates/i386/galeon-1.2.14-0.90.3.legacy.i386.rpm 05aeb7cbb8752b2329a8d8fdda5c8a79fcd6546f redhat/9/updates/SRPMS/galeon-1.2.14-0.90.3.legacy.src.rpm f2ccc30d5dee06f1154ba54adac985750e530adf fedora/1/updates/i386/mozilla-1.7.8-1.1.1.legacy.i386.rpm 0048085efd174b33a9eeed00e48aa687aaee7f99 fedora/1/updates/i386/mozilla-chat-1.7.8-1.1.1.legacy.i386.rpm d0d0cc511d4d2ffc84073927e34b38345f6abab9 fedora/1/updates/i386/mozilla-devel-1.7.8-1.1.1.legacy.i386.rpm 1b886dbcef418cc55ca974ca3d80850bffe30052 fedora/1/updates/i386/mozilla-dom-inspector-1.7.8-1.1.1.legacy.i386.rpm 177808f5cfe0aa7bd3aa881b3667f8c19c2e0269 fedora/1/updates/i386/mozilla-js-debugger-1.7.8-1.1.1.legacy.i386.rpm 1655745d989c7d66b8f99e0864be7860a59e92fe fedora/1/updates/i386/mozilla-mail-1.7.8-1.1.1.legacy.i386.rpm 07b0a00586ef0daac144ef99b1af769bb93e9b8c fedora/1/updates/i386/mozilla-nspr-1.7.8-1.1.1.legacy.i386.rpm 1d613a99f63808f47bc7187012c58211e455ba8d fedora/1/updates/i386/mozilla-nspr-devel-1.7.8-1.1.1.legacy.i386.rpm 39ff2c9023453a8288010d4c51bfaa08575989f4 fedora/1/updates/i386/mozilla-nss-1.7.8-1.1.1.legacy.i386.rpm 4f48517697ddd63df94272a19ea381b591dad2f5 fedora/1/updates/i386/mozilla-nss-devel-1.7.8-1.1.1.legacy.i386.rpm bcc8e1337881d00774d61109b795ff26dbaef05f fedora/1/updates/SRPMS/mozilla-1.7.8-1.1.1.legacy.src.rpm 54323a70f1a98fed5e2cfe1f110ebe36e6b369f0 fedora/1/updates/i386/epiphany-1.0.8-1.fc1.3.legacy.i386.rpm 5fdcb7b6eb361740d92ee428c13896bf279d4d42 fedora/1/updates/SRPMS/epiphany-1.0.8-1.fc1.3.legacy.src.rpm 4c9998181a6aec013277b6033fb76d995ca744fa fedora/2/updates/i386/mozilla-1.7.8-1.2.1.legacy.i386.rpm f63261e90613cc48ab9890481b9ba79dbe57e32f fedora/2/updates/i386/mozilla-chat-1.7.8-1.2.1.legacy.i386.rpm ac6deaaa97b6a07a751c85002e119158a65ae6bc fedora/2/updates/i386/mozilla-devel-1.7.8-1.2.1.legacy.i386.rpm 31391d41a8e4580761ee6d8f769f98ac60695e6a fedora/2/updates/i386/mozilla-dom-inspector-1.7.8-1.2.1.legacy.i386.rpm dbc5b635361a4c81a16f40e24aa2b5a431bd8cb9 fedora/2/updates/i386/mozilla-js-debugger-1.7.8-1.2.1.legacy.i386.rpm eb40fa6b6ea9a346a92940341b436a10db1447ab fedora/2/updates/i386/mozilla-mail-1.7.8-1.2.1.legacy.i386.rpm 6d2ef4fcf9f89756e21a2446584e8e64a3ebc1f2 fedora/2/updates/i386/mozilla-nspr-1.7.8-1.2.1.legacy.i386.rpm c1096bad603bf508c86e1dbef2a7def8dd5bc457 fedora/2/updates/i386/mozilla-nspr-devel-1.7.8-1.2.1.legacy.i386.rpm 8f576d7491bf3f342ca561f4fd0d7958204f90f1 fedora/2/updates/i386/mozilla-nss-1.7.8-1.2.1.legacy.i386.rpm 852ca275701aca0661fd10135432438f28f3dba4 fedora/2/updates/i386/mozilla-nss-devel-1.7.8-1.2.1.legacy.i386.rpm 4325b3cc4308aa7a0f38da1916b1660762470984 fedora/2/updates/SRPMS/mozilla-1.7.8-1.2.1.legacy.src.rpm 271bcd5329cd2de25c7e306bad38b7fb3c06e0d3 fedora/2/updates/i386/epiphany-1.2.10-0.2.4.legacy.i386.rpm 782fa5b86e1c01c6913c8c17ccba29a807de8443 fedora/2/updates/SRPMS/epiphany-1.2.10-0.2.4.legacy.src.rpm d90b234dbaeca4b4ade39c5b9dd56cefd6891e90 fedora/2/updates/i386/devhelp-0.9.1-0.2.7.legacy.i386.rpm 76064f34923bafe79ab89a47e2a95d944fdfda51 fedora/2/updates/i386/devhelp-devel-0.9.1-0.2.7.legacy.i386.rpm 11d23437935e95917a803662e6475dc4ea8037ff fedora/2/updates/SRPMS/devhelp-0.9.1-0.2.7.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum <filename> 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1477 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1531 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1532 9. Contact: The Fedora Legacy security contact is <secnotice@xxxxxxxxxxxxxxxx>. More project details at http://www.fedoralegacy.org ---------------------------------------------------------------------
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list