A mozilla és firefox csomagokban számtalan biztonsági hibát találtak, ezekről szól az első két advisory. Kijött a javítás az X.org-ban talált RENDER extension buffer overflow hibájára. A SquirrelMail csomagban több biztonsági hibát is találtak. Az ipsec-tools csomagban levő racoon daemon DoS-olható volt. Régebbi Redhat/Fedora rendszerekhez kihozták a javításokat.
--- Begin Message ------------------------------------------------------------------------ Fedora Legacy Update Advisory Synopsis: Updated mozilla packages fix security issues Advisory ID: FLSA:189137-1 Issue date: 2006-06-06 Product: Red Hat Linux, Fedora Core Keywords: Bugfix, Security CVE Names: CVE-2006-0748 CVE-2006-0749 CVE-2006-0884 CVE-2006-1727 CVE-2006-1728 CVE-2006-1729 CVE-2006-1730 CVE-2006-1731 CVE-2006-1732 CVE-2006-1733 CVE-2006-1734 CVE-2006-1735 CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 CVE-2006-1740 CVE-2006-1741 CVE-2006-1742 CVE-2006-1790 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated mozilla packages that fix several security bugs are now available. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 Fedora Core 2 - i386 Fedora Core 3 - i386, x86_64 3. Problem description: Several bugs were found in the way Mozilla processes malformed javascript. A malicious web page could modify the content of a different open web page, possibly stealing sensitive information or conducting a cross-site scripting attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741) Several bugs were found in the way Mozilla processes certain javascript actions. A malicious web page could execute arbitrary javascript instructions with the permissions of "chrome", allowing the page to steal sensitive information or install browser malware. (CVE-2006-1727, CVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742) Several bugs were found in the way Mozilla processes malformed web pages. A carefully crafted malicious web page could cause the execution of arbitrary code as the user running Mozilla. (CVE-2006-0748, CVE-2006-0749, CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790) A bug was found in the way Mozilla displays the secure site icon. If a browser is configured to display the non-default secure site modal warning dialog, it may be possible to trick a user into believing they are viewing a secure site. (CVE-2006-1740) A bug was found in the way Mozilla allows javascript mutation events on "input" form elements. A malicious web page could be created in such a way that when a user submits a form, an arbitrary file could be uploaded to the attacker. (CVE-2006-1729) A bug was found in the way Mozilla executes in-line mail forwarding. If a user can be tricked into forwarding a maliciously crafted mail message as in-line content, it is possible for the message to execute javascript with the permissions of "chrome". (CVE-2006-0884) Users of Mozilla are advised to upgrade to these updated packages containing Mozilla version 1.7.13 which corrects these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189137 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/mozilla-1.7.13-0.73.1.legacy.src.rpm http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/galeon-1.2.14-0.73.6.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-1.7.13-0.73.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-chat-1.7.13-0.73.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-devel-1.7.13-0.73.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-dom-inspector-1.7.13-0.73.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-js-debugger-1.7.13-0.73.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-mail-1.7.13-0.73.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr-1.7.13-0.73.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr-devel-1.7.13-0.73.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-1.7.13-0.73.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-devel-1.7.13-0.73.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/galeon-1.2.14-0.73.6.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/mozilla-1.7.13-0.90.1.legacy.src.rpm http://download.fedoralegacy.org/redhat/9/updates/SRPMS/galeon-1.2.14-0.90.6.legacy.src.rpM i386: http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-1.7.13-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-chat-1.7.13-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-devel-1.7.13-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-dom-inspector-1.7.13-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-js-debugger-1.7.13-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-mail-1.7.13-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-1.7.13-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-devel-1.7.13-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-1.7.13-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-devel-1.7.13-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/galeon-1.2.14-0.90.6.legacy.i386.rpm Fedora Core 1: SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/mozilla-1.7.13-1.1.1.legacy.src.rpm http://download.fedoralegacy.org/fedora/1/updates/SRPMS/epiphany-1.0.8-1.fc1.6.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-1.7.13-1.1.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-chat-1.7.13-1.1.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-devel-1.7.13-1.1.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-dom-inspector-1.7.13-1.1.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-js-debugger-1.7.13-1.1.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-mail-1.7.13-1.1.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-1.7.13-1.1.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-devel-1.7.13-1.1.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-1.7.13-1.1.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-devel-1.7.13-1.1.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/epiphany-1.0.8-1.fc1.6.legacy.i386.rpm Fedora Core 2: SRPM: http://download.fedoralegacy.org/fedora/2/updates/SRPMS/mozilla-1.7.13-1.2.1.legacy.src.rpm http://download.fedoralegacy.org/fedora/2/updates/SRPMS/epiphany-1.2.10-0.2.7.legacy.src.rpm http://download.fedoralegacy.org/fedora/2/updates/SRPMS/devhelp-0.9.1-0.2.10.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-1.7.13-1.2.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-chat-1.7.13-1.2.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-devel-1.7.13-1.2.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-dom-inspector-1.7.13-1.2.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-js-debugger-1.7.13-1.2.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-mail-1.7.13-1.2.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nspr-1.7.13-1.2.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nspr-devel-1.7.13-1.2.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nss-1.7.13-1.2.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nss-devel-1.7.13-1.2.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/epiphany-1.2.10-0.2.7.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/devhelp-0.9.1-0.2.10.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/devhelp-devel-0.9.1-0.2.10.legacy.i386.rpm Fedora Core 3: SRPM: http://download.fedoralegacy.org/fedora/3/updates/SRPMS/mozilla-1.7.13-1.3.1.legacy.src.rpm http://download.fedoralegacy.org/fedora/3/updates/SRPMS/epiphany-1.4.9-1.1.legacy.src.rpm http://download.fedoralegacy.org/fedora/3/updates/SRPMS/devhelp-0.9.2-2.3.7.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-1.7.13-1.3.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-chat-1.7.13-1.3.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-devel-1.7.13-1.3.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-dom-inspector-1.7.13-1.3.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-js-debugger-1.7.13-1.3.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-mail-1.7.13-1.3.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nspr-1.7.13-1.3.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nspr-devel-1.7.13-1.3.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nss-1.7.13-1.3.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nss-devel-1.7.13-1.3.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/epiphany-1.4.9-1.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/epiphany-devel-1.4.9-1.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/devhelp-0.9.2-2.3.7.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/devhelp-devel-0.9.2-2.3.7.legacy.i386.rpm x86_64: http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-1.7.13-1.3.1.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-chat-1.7.13-1.3.1.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-devel-1.7.13-1.3.1.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-dom-inspector-1.7.13-1.3.1.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-js-debugger-1.7.13-1.3.1.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-mail-1.7.13-1.3.1.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nspr-1.7.13-1.3.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nspr-1.7.13-1.3.1.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nspr-devel-1.7.13-1.3.1.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nss-1.7.13-1.3.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nss-1.7.13-1.3.1.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nss-devel-1.7.13-1.3.1.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/epiphany-1.4.9-1.1.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/epiphany-devel-1.4.9-1.1.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/devhelp-0.9.2-2.3.7.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/devhelp-devel-0.9.2-2.3.7.legacy.x86_64.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- rh7.3: b7616c52ee2776f3577fcda0a0628c5ec6cffae7 redhat/7.3/updates/i386/mozilla-1.7.13-0.73.1.legacy.i386.rpm a6234bd3b89616ce5b924a36c95ba1421b6b8ecf redhat/7.3/updates/i386/mozilla-chat-1.7.13-0.73.1.legacy.i386.rpm 3d7b92d47b825f5a936c54ca63679916f428917e redhat/7.3/updates/i386/mozilla-devel-1.7.13-0.73.1.legacy.i386.rpm 2b4c765543b3f4fc5ac04127ca70c70a33fddaec redhat/7.3/updates/i386/mozilla-dom-inspector-1.7.13-0.73.1.legacy.i386.rpm c15eceb55105a87f8d5dc0db24b9cf95e815a5a2 redhat/7.3/updates/i386/mozilla-js-debugger-1.7.13-0.73.1.legacy.i386.rpm 09dcdb176779a013efc6b1819e5391854d94a751 redhat/7.3/updates/i386/mozilla-mail-1.7.13-0.73.1.legacy.i386.rpm 5126d56d8ff98dfdcd69ed6864821120fc959c55 redhat/7.3/updates/i386/mozilla-nspr-1.7.13-0.73.1.legacy.i386.rpm d2db357f5fe0d1ffce22db18f7d95c96dcfcffa3 redhat/7.3/updates/i386/mozilla-nspr-devel-1.7.13-0.73.1.legacy.i386.rpm 7b3a403f4981d5ffa676aa38e5699fca9e7c2f18 redhat/7.3/updates/i386/mozilla-nss-1.7.13-0.73.1.legacy.i386.rpm 3eea1812fa6a6ef13ed8826cd7734bd266c9b0fb redhat/7.3/updates/i386/mozilla-nss-devel-1.7.13-0.73.1.legacy.i386.rpm 46393b4afb72fcd8100de2c61b6531d9ffe1dbf5 redhat/7.3/updates/i386/galeon-1.2.14-0.73.6.legacy.i386.rpm d7222582e0c6d2cb635e07d91f6ffd4f85d36a49 redhat/7.3/updates/SRPMS/mozilla-1.7.13-0.73.1.legacy.src.rpm b437ce5a3b53a11730c42590f28f8a8437622a2f redhat/7.3/updates/SRPMS/galeon-1.2.14-0.73.6.legacy.src.rpm rh9: 624c5f90520fba704ad4f66dbf90b1f1c957b13c redhat/9/updates/i386/mozilla-1.7.13-0.90.1.legacy.i386.rpm d774d70acfa13e6fdfaed04fe99dc72f6d2ff9e8 redhat/9/updates/i386/mozilla-chat-1.7.13-0.90.1.legacy.i386.rpm c97b2a1d23cdcec966ad0f578ae7ed54298e0539 redhat/9/updates/i386/mozilla-devel-1.7.13-0.90.1.legacy.i386.rpm 494506d66fe98871e624009969ac642c98a1f812 redhat/9/updates/i386/mozilla-dom-inspector-1.7.13-0.90.1.legacy.i386.rpm b844468a52354d6e9233a3f2b423c21879c7ca2f redhat/9/updates/i386/mozilla-js-debugger-1.7.13-0.90.1.legacy.i386.rpm 2313fc46b0f7192d2e50675b978a6132fef9c7e3 redhat/9/updates/i386/mozilla-mail-1.7.13-0.90.1.legacy.i386.rpm c37ce58b4bc86d84585e53c97ef63f3733ffa038 redhat/9/updates/i386/mozilla-nspr-1.7.13-0.90.1.legacy.i386.rpm c99c3912597d83cdb161c1e2d4476985ebbe301f redhat/9/updates/i386/mozilla-nspr-devel-1.7.13-0.90.1.legacy.i386.rpm 82f292d71571e66844a0b6b59252271bcf26c5a9 redhat/9/updates/i386/mozilla-nss-1.7.13-0.90.1.legacy.i386.rpm 8da1e54eed9099c2dbb4c04e97157bf742128488 redhat/9/updates/i386/mozilla-nss-devel-1.7.13-0.90.1.legacy.i386.rpm 99041c948b0fb28092be0b817e2f631b76a05614 redhat/9/updates/i386/galeon-1.2.14-0.90.6.legacy.i386.rpm d20d8e1985145c55a185f67e4209a01f1654c0ac redhat/9/updates/SRPMS/mozilla-1.7.13-0.90.1.legacy.src.rpm aa35ab30634d4f5018e3f3e7bb4c290a23e8b1f0 redhat/9/updates/SRPMS/galeon-1.2.14-0.90.6.legacy.src.rpm fc1: 3d510a0a221fd0af801d32075cfec02b54e07422 fedora/1/updates/i386/mozilla-1.7.13-1.1.1.legacy.i386.rpm becd9c7a44a82ccfbe3cf6b03f051ecd4a273131 fedora/1/updates/i386/mozilla-chat-1.7.13-1.1.1.legacy.i386.rpm 1ba6d5e1f14397c25baebb208b3f94de04d46131 fedora/1/updates/i386/mozilla-devel-1.7.13-1.1.1.legacy.i386.rpm bc3d9984f60bbe6794c205e3222c9ea2335bd42e fedora/1/updates/i386/mozilla-dom-inspector-1.7.13-1.1.1.legacy.i386.rpm 27b23b8f5be8a15c8294a1a40b62aafd0c8b8da8 fedora/1/updates/i386/mozilla-js-debugger-1.7.13-1.1.1.legacy.i386.rpm fac226fb8ed3c08bd5c38729ca4bdcb7cbfa7155 fedora/1/updates/i386/mozilla-mail-1.7.13-1.1.1.legacy.i386.rpm 50de7263571cfdca103af679b2b4824cf5e4b733 fedora/1/updates/i386/mozilla-nspr-1.7.13-1.1.1.legacy.i386.rpm 6864171e9ad26571bc9fae8c22d9b713e790e217 fedora/1/updates/i386/mozilla-nspr-devel-1.7.13-1.1.1.legacy.i386.rpm 231222af647baca7cf8ad3aa70102baf065844ea fedora/1/updates/i386/mozilla-nss-1.7.13-1.1.1.legacy.i386.rpm b2a45de48fd072f61c4887c9fb7b1e28d5ceb724 fedora/1/updates/i386/mozilla-nss-devel-1.7.13-1.1.1.legacy.i386.rpm 4278190ae02b1ba55ab8f7bff797aa0b7c6367cf fedora/1/updates/i386/epiphany-1.0.8-1.fc1.6.legacy.i386.rpm d7698a730ded9bf23f9cf50af0b311344d6a32c9 fedora/1/updates/SRPMS/mozilla-1.7.13-1.1.1.legacy.src.rpm 98e8156234d0d70503b2e35958b6c16fd6af9839 fedora/1/updates/SRPMS/epiphany-1.0.8-1.fc1.6.legacy.src.rpm fc2: 159c63cf7ea9fdc986cea0e5f5385dfb5b6305b4 fedora/2/updates/i386/mozilla-1.7.13-1.2.1.legacy.i386.rpm f407853505e31c18da4b7f6cb381eda08f92e95a fedora/2/updates/i386/mozilla-chat-1.7.13-1.2.1.legacy.i386.rpm 34b9bfcbadd11a46d9c8e83bb74cadb20f5e4923 fedora/2/updates/i386/mozilla-devel-1.7.13-1.2.1.legacy.i386.rpm dee1265fd2e11184729411971ebbf78cb563a0e5 fedora/2/updates/i386/mozilla-dom-inspector-1.7.13-1.2.1.legacy.i386.rpm c04910085005cd7e6df6f94ef59c97df8825c07b fedora/2/updates/i386/mozilla-js-debugger-1.7.13-1.2.1.legacy.i386.rpm 4d7705a6ca92e8508dfc129f9d230b655fcaf1d5 fedora/2/updates/i386/mozilla-mail-1.7.13-1.2.1.legacy.i386.rpm a77cbd95adaf8033fd41a79c8fa5834f5bf6966b fedora/2/updates/i386/mozilla-nspr-1.7.13-1.2.1.legacy.i386.rpm bac22ca27bd47b5568016b836655c0205f412f07 fedora/2/updates/i386/mozilla-nspr-devel-1.7.13-1.2.1.legacy.i386.rpm a2a5c35a60ce9a77776ca68f85540f4b36a5d687 fedora/2/updates/i386/mozilla-nss-1.7.13-1.2.1.legacy.i386.rpm bc9bed78a37a55ee2c7c0447e28454117d75b2f5 fedora/2/updates/i386/mozilla-nss-devel-1.7.13-1.2.1.legacy.i386.rpm 82050caf931b8f86483430536d1044ca0e18e26c fedora/2/updates/i386/epiphany-1.2.10-0.2.7.legacy.i386.rpm fd3a6e7733046ab57d5d0578942b63039f60549f fedora/2/updates/i386/devhelp-0.9.1-0.2.10.legacy.i386.rpm dbfc536e2d5fb26ae710550517d00eb7b5c1c425 fedora/2/updates/i386/devhelp-devel-0.9.1-0.2.10.legacy.i386.rpm 7d3714941a249cf2706860c80d5fdd2f6f9d6a49 fedora/2/updates/SRPMS/mozilla-1.7.13-1.2.1.legacy.src.rpm b63f40f2d2c84c6a23ba9668a0ad523600208b88 fedora/2/updates/SRPMS/epiphany-1.2.10-0.2.7.legacy.src.rpm e0d504c88489904fe8c94cf552ba4c91ba78dd69 fedora/2/updates/SRPMS/devhelp-0.9.1-0.2.10.legacy.src.rpm fc3: fc30ba78ef98ffc0f4d7830a293a5a45532487a1 fedora/3/updates/i386/mozilla-1.7.13-1.3.1.legacy.i386.rpm 6046bfef309c48de5545ded1dff026bda82aa12a fedora/3/updates/i386/mozilla-chat-1.7.13-1.3.1.legacy.i386.rpm 2cb20e33c2931ce7f12a0149b8a2f1992ff47459 fedora/3/updates/i386/mozilla-devel-1.7.13-1.3.1.legacy.i386.rpm 182a9e1a32e9d354b6ffedb5b7be7dd49192b119 fedora/3/updates/i386/mozilla-dom-inspector-1.7.13-1.3.1.legacy.i386.rpm fbac943985224c5bdbbce8b83157614f48f2c11d fedora/3/updates/i386/mozilla-js-debugger-1.7.13-1.3.1.legacy.i386.rpm dc733cb3312c3d105e4414bf969e84ddfa5ff435 fedora/3/updates/i386/mozilla-mail-1.7.13-1.3.1.legacy.i386.rpm fd7ef3c6ab771fd368c81bd1925c0194c0503dc7 fedora/3/updates/i386/mozilla-nspr-1.7.13-1.3.1.legacy.i386.rpm 6ca450fb3bda3d9acc3e9dcd86c7480fda7c881b fedora/3/updates/i386/mozilla-nspr-devel-1.7.13-1.3.1.legacy.i386.rpm 25d618ca1f740e9ce6a8d18878dcef447f0dcfbe fedora/3/updates/i386/mozilla-nss-1.7.13-1.3.1.legacy.i386.rpm f61c46c5e3a6bbfcd84c1d1db0948ad351568cfb fedora/3/updates/i386/mozilla-nss-devel-1.7.13-1.3.1.legacy.i386.rpm 3d0a3210e82fe5059d4dd97dfad797522a8dd566 fedora/3/updates/i386/epiphany-1.4.9-1.1.legacy.i386.rpm 9e1b3c5029b1da72303b87566d0fe98ae80316ad fedora/3/updates/i386/epiphany-devel-1.4.9-1.1.legacy.i386.rpm 2700c95dbed803c53f4a632d818df4e6045abede fedora/3/updates/i386/devhelp-0.9.2-2.3.7.legacy.i386.rpm 0635473154c90a0654938e15eea3e0fab24cbcee fedora/3/updates/i386/devhelp-devel-0.9.2-2.3.7.legacy.i386.rpm 2b9902cc94ef38dac784342d1330cdb34a0308c2 fedora/3/updates/x86_64/mozilla-1.7.13-1.3.1.legacy.x86_64.rpm d6c6635c7a9004b90a20ff32330f3e2aef755e7e fedora/3/updates/x86_64/mozilla-chat-1.7.13-1.3.1.legacy.x86_64.rpm ec5ca5851ea31e60f5211d4f308b2d4eae65e97b fedora/3/updates/x86_64/mozilla-devel-1.7.13-1.3.1.legacy.x86_64.rpm 74ac4472c45fecb4562fe73c1aba2c8fbc381da6 fedora/3/updates/x86_64/mozilla-dom-inspector-1.7.13-1.3.1.legacy.x86_64.rpm 0b136eb099b9262271d29d1c55f08e3623fd9b9e fedora/3/updates/x86_64/mozilla-js-debugger-1.7.13-1.3.1.legacy.x86_64.rpm 45aaade65400ab18d12525de0949a96d06c1d784 fedora/3/updates/x86_64/mozilla-mail-1.7.13-1.3.1.legacy.x86_64.rpm fd7ef3c6ab771fd368c81bd1925c0194c0503dc7 fedora/3/updates/x86_64/mozilla-nspr-1.7.13-1.3.1.legacy.i386.rpm 19919ed666049efdb10a571441b32733e3a928c9 fedora/3/updates/x86_64/mozilla-nspr-1.7.13-1.3.1.legacy.x86_64.rpm 2020bad33430a1c9cf6e9298fb3ea8f264262e23 fedora/3/updates/x86_64/mozilla-nspr-devel-1.7.13-1.3.1.legacy.x86_64.rpm 25d618ca1f740e9ce6a8d18878dcef447f0dcfbe fedora/3/updates/x86_64/mozilla-nss-1.7.13-1.3.1.legacy.i386.rpm 1c9d432246665f03ad4c24c7a21ed2d40eea736c fedora/3/updates/x86_64/mozilla-nss-1.7.13-1.3.1.legacy.x86_64.rpm 2e47b9e82c433533cd3e39c2380c511e03e9b320 fedora/3/updates/x86_64/mozilla-nss-devel-1.7.13-1.3.1.legacy.x86_64.rpm 8e763b21f9289a454484fa65ed27053f87b83527 fedora/3/updates/x86_64/epiphany-1.4.9-1.1.legacy.x86_64.rpm a5b5f6d6dbbb2385a13d8b5290d92c119c837c43 fedora/3/updates/x86_64/epiphany-devel-1.4.9-1.1.legacy.x86_64.rpm 54b0234a8abf2b04f45b8062806bc500347a0ce2 fedora/3/updates/x86_64/devhelp-0.9.2-2.3.7.legacy.x86_64.rpm 18374065d2a67b4d0838e4c63bff44d25658ff53 fedora/3/updates/x86_64/devhelp-devel-0.9.2-2.3.7.legacy.x86_64.rpm 5a9ebd563c86b57673ee717a777b2b828cb6f7ae fedora/3/updates/SRPMS/mozilla-1.7.13-1.3.1.legacy.src.rpm 9b7f3d9405d50fb5f52931ef8f18d9e1f2b4fe58 fedora/3/updates/SRPMS/epiphany-1.4.9-1.1.legacy.src.rpm 71a4112fbd0411c57a8b37ba2179b7ec5b8f024e fedora/3/updates/SRPMS/devhelp-0.9.2-2.3.7.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum <filename> 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0748 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1727 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1728 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1729 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1732 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1737 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1740 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1741 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1742 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1790 9. Contact: The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org ---------------------------------------------------------------------Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ------------------------------------------------------------------------ Fedora Legacy Update Advisory Synopsis: Updated firefox package fixes security issues Advisory ID: FLSA:189137-2 Issue date: 2006-06-06 Product: Fedora Core Keywords: Bugfix, Security CVE Names: CVE-2006-0748 CVE-2006-0749 CVE-2006-1724 CVE-2006-1727 CVE-2006-1728 CVE-2006-1729 CVE-2006-1730 CVE-2006-1731 CVE-2006-1732 CVE-2006-1733 CVE-2006-1734 CVE-2006-1735 CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 CVE-2006-1740 CVE-2006-1741 CVE-2006-1742 CVE-2006-1790 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: An updated firefox package that fixes several security bugs is now available. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. 2. Relevant releases/architectures: Fedora Core 3 - i386, x86_64 3. Problem description: Several bugs were found in the way Firefox processes malformed javascript. A malicious web page could modify the content of a different open web page, possibly stealing sensitive information or conducting a cross-site scripting attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741) Several bugs were found in the way Firefox processes certain javascript actions. A malicious web page could execute arbitrary javascript instructions with the permissions of "chrome", allowing the page to steal sensitive information or install browser malware. (CVE-2006-1727, CVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742) Several bugs were found in the way Firefox processes malformed web pages. A carefully crafted malicious web page could cause the execution of arbitrary code as the user running Firefox. (CVE-2006-0748, CVE-2006-0749, CVE-2006-1724, CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790) A bug was found in the way Firefox displays the secure site icon. If a browser is configured to display the non-default secure site modal warning dialog, it may be possible to trick a user into believing they are viewing a secure site. (CVE-2006-1740) A bug was found in the way Firefox allows javascript mutation events on "input" form elements. A malicious web page could be created in such a way that when a user submits a form, an arbitrary file could be uploaded to the attacker. (CVE-2006-1729) Users of Firefox are advised to upgrade to these updated packages containing Firefox version 1.0.8 which corrects these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189137 6. RPMs required: Fedora Core 3: SRPM: http://download.fedoralegacy.org/fedora/3/updates/SRPMS/firefox-1.0.8-1.1.fc3.1.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/3/updates/i386/firefox-1.0.8-1.1.fc3.1.legacy.i386.rpm x86_64: http://download.fedoralegacy.org/fedora/3/updates/x86_64/firefox-1.0.8-1.1.fc3.1.legacy.x86_64.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 8b719bb18c6dfe14b472c684ac5133d82d1b96d0 fedora/3/updates/i386/firefox-1.0.8-1.1.fc3.1.legacy.i386.rpm 946f2ccbc412675ee6959a3dee50c2cb3ba90c3a fedora/3/updates/x86_64/firefox-1.0.8-1.1.fc3.1.legacy.x86_64.rpm 0747aa65730e328a9274ec66c0de8dc30645dc1d fedora/3/updates/SRPMS/firefox-1.0.8-1.1.fc3.1.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum <filename> 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0748 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1724 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1727 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1728 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1729 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1732 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1737 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1740 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1741 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1742 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1790 9. Contact: The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org ---------------------------------------------------------------------Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ------------------------------------------------------------------------ Fedora Legacy Update Advisory Synopsis: Updated X.org packages fix security issue Advisory ID: FLSA:190777 Issue date: 2006-06-06 Product: Fedora Core Keywords: Bugfix CVE Names: CVE-2006-1526 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated X.org packages that fix a security issue are now available. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon. 2. Relevant releases/architectures: Fedora Core 3 - i386, x86_64 3. Problem description: A buffer overflow flaw in the X.org server RENDER extension was discovered. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2006-1526) Users of X.org should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190777 6. RPMs required: Fedora Core 3: SRPM: http://download.fedoralegacy.org/fedora/3/updates/SRPMS/xorg-x11-6.8.2-1.FC3.45.3.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-deprecated-libs-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-deprecated-libs-devel-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-devel-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-doc-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-font-utils-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-libs-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-Mesa-libGL-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-Mesa-libGLU-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-sdk-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-tools-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-twm-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-xauth-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-xdm-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-Xdmx-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-xfs-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-Xnest-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-Xvfb-6.8.2-1.FC3.45.3.legacy.i386.rpm x86_64: http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-deprecated-libs-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-deprecated-libs-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-deprecated-libs-devel-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-devel-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-devel-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-doc-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-font-utils-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-libs-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-libs-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-Mesa-libGL-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-Mesa-libGL-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-Mesa-libGLU-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-Mesa-libGLU-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-sdk-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-tools-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-twm-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-xauth-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-xdm-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-Xdmx-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-xfs-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-Xnest-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-Xvfb-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 6c4f8cc2a12da27bc7eba148b139bbbc0c16c877 fedora/3/updates/i386/xorg-x11-6.8.2-1.FC3.45.3.legacy.i386.rpm 3f94f87fb882c2f5116fc7e153db8a27b47902d9 fedora/3/updates/i386/xorg-x11-deprecated-libs-6.8.2-1.FC3.45.3.legacy.i386.rpm 7f4c16bed758307fc89963cdc0e60d6104690384 fedora/3/updates/i386/xorg-x11-deprecated-libs-devel-6.8.2-1.FC3.45.3.legacy.i386.rpm 07b928bdc56bc8d2fe0828afbe59d8dfcfabbede fedora/3/updates/i386/xorg-x11-devel-6.8.2-1.FC3.45.3.legacy.i386.rpm c7adb504db755f139b2b8454c37b6add3204c2b0 fedora/3/updates/i386/xorg-x11-doc-6.8.2-1.FC3.45.3.legacy.i386.rpm dd5caa2e8fadf2eff908615231819cf69cf130ea fedora/3/updates/i386/xorg-x11-font-utils-6.8.2-1.FC3.45.3.legacy.i386.rpm 8e30c1a599b8f2bb39abdce9dbd9c0559926f63e fedora/3/updates/i386/xorg-x11-libs-6.8.2-1.FC3.45.3.legacy.i386.rpm 23fc45993a3e83844ad2029653c580e9c9fba606 fedora/3/updates/i386/xorg-x11-Mesa-libGL-6.8.2-1.FC3.45.3.legacy.i386.rpm 13b96e8dca25068c884a5bdf2fd188f684472eb5 fedora/3/updates/i386/xorg-x11-Mesa-libGLU-6.8.2-1.FC3.45.3.legacy.i386.rpm 2ecbdbc243d2fed742d56b7183367625c318029a fedora/3/updates/i386/xorg-x11-sdk-6.8.2-1.FC3.45.3.legacy.i386.rpm 7bba05d923dde98a77233a5cb4ef7b67660ad345 fedora/3/updates/i386/xorg-x11-tools-6.8.2-1.FC3.45.3.legacy.i386.rpm 9d51ef13a3ba67eb4afe4e4417ff1735cf659829 fedora/3/updates/i386/xorg-x11-twm-6.8.2-1.FC3.45.3.legacy.i386.rpm 61201dd9054fbe6336381d9532f3d0ec60d9b537 fedora/3/updates/i386/xorg-x11-xauth-6.8.2-1.FC3.45.3.legacy.i386.rpm 8c0f9419d979a3defbe376693c1d39cbdb8eeabb fedora/3/updates/i386/xorg-x11-xdm-6.8.2-1.FC3.45.3.legacy.i386.rpm 132c26d0cc1fe2c5e3946aae493a6bf16ec8b659 fedora/3/updates/i386/xorg-x11-Xdmx-6.8.2-1.FC3.45.3.legacy.i386.rpm 9f71fe79b510f7dd06a41b01eeb5c4850ee88411 fedora/3/updates/i386/xorg-x11-xfs-6.8.2-1.FC3.45.3.legacy.i386.rpm 2b36b8679d782f6d1f0899262d1ad961fb3703e0 fedora/3/updates/i386/xorg-x11-Xnest-6.8.2-1.FC3.45.3.legacy.i386.rpm aba6d27d8bb5befdb4694546b66cbc88d945973b fedora/3/updates/i386/xorg-x11-Xvfb-6.8.2-1.FC3.45.3.legacy.i386.rpm 9ac2f2b492165554bb358c39d8e4d031e1a4ee1b fedora/3/updates/x86_64/xorg-x11-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 3f94f87fb882c2f5116fc7e153db8a27b47902d9 fedora/3/updates/x86_64/xorg-x11-deprecated-libs-6.8.2-1.FC3.45.3.legacy.i386.rpm 26d851236ece4e649845a0923420b5a257cd1bde fedora/3/updates/x86_64/xorg-x11-deprecated-libs-6.8.2-1.FC3.45.3.legacy.x86_64.rpm c19744109a7e088d79f7ced7349af8ac8ed5d561 fedora/3/updates/x86_64/xorg-x11-deprecated-libs-devel-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 07b928bdc56bc8d2fe0828afbe59d8dfcfabbede fedora/3/updates/x86_64/xorg-x11-devel-6.8.2-1.FC3.45.3.legacy.i386.rpm 8f030968d84bcd3d602eb7aaf836a0d15b75c44d fedora/3/updates/x86_64/xorg-x11-devel-6.8.2-1.FC3.45.3.legacy.x86_64.rpm a1337070e3c6362133fde9d7779edf7533072133 fedora/3/updates/x86_64/xorg-x11-doc-6.8.2-1.FC3.45.3.legacy.x86_64.rpm a7feafa8ded15cf48d844366c1e3be37f23a1cfd fedora/3/updates/x86_64/xorg-x11-font-utils-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 8e30c1a599b8f2bb39abdce9dbd9c0559926f63e fedora/3/updates/x86_64/xorg-x11-libs-6.8.2-1.FC3.45.3.legacy.i386.rpm 0eaa41f3cf3ac8871444908aafc1691a0008e0d5 fedora/3/updates/x86_64/xorg-x11-libs-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 23fc45993a3e83844ad2029653c580e9c9fba606 fedora/3/updates/x86_64/xorg-x11-Mesa-libGL-6.8.2-1.FC3.45.3.legacy.i386.rpm 6a0b603f3acb00c85ea9d20148ecba46e7d21368 fedora/3/updates/x86_64/xorg-x11-Mesa-libGL-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 13b96e8dca25068c884a5bdf2fd188f684472eb5 fedora/3/updates/x86_64/xorg-x11-Mesa-libGLU-6.8.2-1.FC3.45.3.legacy.i386.rpm 1c479506c5b7ebd1d49063770233d431fc754004 fedora/3/updates/x86_64/xorg-x11-Mesa-libGLU-6.8.2-1.FC3.45.3.legacy.x86_64.rpm b4f4b333906a9eeed08eb6ffcb830f8584c478dd fedora/3/updates/x86_64/xorg-x11-sdk-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 0f661c108936ea85fe38a478ee45b5bf8058b3ca fedora/3/updates/x86_64/xorg-x11-tools-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 37ad2d9f35dd213b684dda7513d98420daf4834e fedora/3/updates/x86_64/xorg-x11-twm-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 33705cb293a6bfe37e55244153e5e23175d2c4e2 fedora/3/updates/x86_64/xorg-x11-xauth-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 2771026feae63c0362bfa5daa6d9666d5b8acc89 fedora/3/updates/x86_64/xorg-x11-xdm-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 5d03a8e36c3c9474d4de53d3d7cc2c7d7d936528 fedora/3/updates/x86_64/xorg-x11-Xdmx-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 46afe47ebc3548b092fa74d831cdbb80a1092213 fedora/3/updates/x86_64/xorg-x11-xfs-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 60276aa97510fc4be52aa3720a0d20a650a0c968 fedora/3/updates/x86_64/xorg-x11-Xnest-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 21260daa99910a143934800229f7acfc9f256b75 fedora/3/updates/x86_64/xorg-x11-Xvfb-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 699a18fb173a9e3a23e9fd653e152d73e7aae737 fedora/3/updates/SRPMS/xorg-x11-6.8.2-1.FC3.45.3.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum <filename> 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1526 9. Contact: The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org ---------------------------------------------------------------------Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ------------------------------------------------------------------------ Fedora Legacy Update Advisory Synopsis: Updated squirrelmail package fixes security issues Advisory ID: FLSA:190884 Issue date: 2006-06-06 Product: Red Hat Linux, Fedora Core Keywords: Bugfix CVE Names: CVE-2006-0188 CVE-2006-0195 CVE-2006-0377 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: An updated squirrelmail package that fixes three security issues is now available. SquirrelMail is a standards-based webmail package written in PHP4. 2. Relevant releases/architectures: Red Hat Linux 9 - i386 Fedora Core 1 - i386 Fedora Core 2 - i386 Fedora Core 3 - i386, x86_64 3. Problem description: A bug was found in the way SquirrelMail presents the right frame to the user. If a user can be tricked into opening a carefully crafted URL, it is possible to present the user with arbitrary HTML data. (CVE-2006-0188) A bug was found in the way SquirrelMail filters incoming HTML email. It is possible to cause a victim's web browser to request remote content by opening a HTML email while running a web browser that processes certain types of invalid style sheets. Only Internet Explorer is known to process such malformed style sheets. (CVE-2006-0195) A bug was found in the way SquirrelMail processes a request to select an IMAP mailbox. If a user can be tricked into opening a carefully crafted URL, it is possible to execute arbitrary IMAP commands as the user viewing their mail with SquirrelMail. (CVE-2006-0377) Users of SquirrelMail are advised to upgrade to this updated package, which contains SquirrelMail version 1.4.6 and is not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190884 6. RPMs required: Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/squirrelmail-1.4.6-3.rh9.1.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/squirrelmail-1.4.6-3.rh9.1.legacy.noarch.rpm Fedora Core 1: SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/squirrelmail-1.4.6-4.fc1.1.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/squirrelmail-1.4.6-4.fc1.1.legacy.noarch.rpm Fedora Core 2: SRPM: http://download.fedoralegacy.org/fedora/2/updates/SRPMS/squirrelmail-1.4.6-4.fc2.1.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/2/updates/i386/squirrelmail-1.4.6-4.fc2.1.legacy.noarch.rpm Fedora Core 3: SRPM: http://download.fedoralegacy.org/fedora/3/updates/SRPMS/squirrelmail-1.4.6-4.fc3.1.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/3/updates/i386/squirrelmail-1.4.6-4.fc3.1.legacy.noarch.rpm x86_64: http://download.fedoralegacy.org/fedora/3/updates/x86_64/squirrelmail-1.4.6-4.fc3.1.legacy.noarch.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- rh9: 62ae72ed168667c97e1b6ccc5bc23dea6c374bcb redhat/9/updates/i386/squirrelmail-1.4.6-3.rh9.1.legacy.noarch.rpm 51264756a2f2bb5d8e6f5b6d1d33dcba40f41a68 redhat/9/updates/SRPMS/squirrelmail-1.4.6-3.rh9.1.legacy.src.rpm fc1: 0e2dbf765d4df6592fad31ff331a3101fd33674e fedora/1/updates/i386/squirrelmail-1.4.6-4.fc1.1.legacy.noarch.rpm 7c6d183c795bfd1da1e872a74e7ff1f197afb93a fedora/1/updates/SRPMS/squirrelmail-1.4.6-4.fc1.1.legacy.src.rpm fc2: 36bc9ae701f8844d6369dde0f2d4a537b2dce85c fedora/2/updates/i386/squirrelmail-1.4.6-4.fc2.1.legacy.noarch.rpm 60098c585bc6bab9df4e3883e3a0b0762fd4dc6d fedora/2/updates/SRPMS/squirrelmail-1.4.6-4.fc2.1.legacy.src.rpm fc3: 9e96352495249c4aa526b24729128696467ca728 fedora/3/updates/i386/squirrelmail-1.4.6-4.fc3.1.legacy.noarch.rpm 9e96352495249c4aa526b24729128696467ca728 fedora/3/updates/x86_64/squirrelmail-1.4.6-4.fc3.1.legacy.noarch.rpm 3003904d9a5594cb6e3ebb190930bb9d82d83f60 fedora/3/updates/SRPMS/squirrelmail-1.4.6-4.fc3.1.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum <filename> 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0377 9. Contact: The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org ---------------------------------------------------------------------Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ------------------------------------------------------------------------ Fedora Legacy Update Advisory Synopsis: Updated ipsec-tools package fixes security issue Advisory ID: FLSA:190941 Issue date: 2006-06-06 Product: Fedora Core Keywords: Bugfix CVE Names: CVE-2005-3732 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: An updated ipsec-tools package that fixes a bug in racoon is now available. The ipsec-tools package is used in conjunction with the IPsec functionality in the linux kernel and includes racoon, an IKEv1 keying daemon. 2. Relevant releases/architectures: Fedora Core 2 - i386 Fedora Core 3 - i386, x86_64 3. Problem description: A denial of service flaw was found in the ipsec-tools racoon daemon. If a victim's machine has racoon configured in a non-recommended insecure manner, it is possible for a remote attacker to crash the racoon daemon. (CVE-2005-3732) Users of ipsec-tools should upgrade to this updated package, which contains backported patches, and is not vulnerable to this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190941 6. RPMs required: Fedora Core 2: SRPM: http://download.fedoralegacy.org/fedora/2/updates/SRPMS/ipsec-tools-0.5-2.fc2.1.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/2/updates/i386/ipsec-tools-0.5-2.fc2.1.legacy.i386.rpm Fedora Core 3: SRPM: http://download.fedoralegacy.org/fedora/3/updates/SRPMS/ipsec-tools-0.5-2.fc3.1.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/3/updates/i386/ipsec-tools-0.5-2.fc3.1.legacy.i386.rpm x86_64: http://download.fedoralegacy.org/fedora/3/updates/x86_64/ipsec-tools-0.5-2.fc3.1.legacy.x86_64.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- fc2: e8f91c085fb9533106c6ebc442572bd0b22f2470 fedora/2/updates/i386/ipsec-tools-0.5-2.fc2.1.legacy.i386.rpm 292a0a1426bc75abf0b34a3c91279a40ea78aac2 fedora/2/updates/SRPMS/ipsec-tools-0.5-2.fc2.1.legacy.src.rpm fc3: e49b07bcc0e3dbe56401056b65b36133dabb4b6c fedora/3/updates/i386/ipsec-tools-0.5-2.fc3.1.legacy.i386.rpm 10eed18767204b88c2811115d889c0a372079ec2 fedora/3/updates/x86_64/ipsec-tools-0.5-2.fc3.1.legacy.x86_64.rpm 0832eb1da62b597bc32b26ce9e8429d7e67f43d2 fedora/3/updates/SRPMS/ipsec-tools-0.5-2.fc3.1.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum <filename> 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3732 9. Contact: The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org ---------------------------------------------------------------------Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---