|
|
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] Mozilla/Firefox/Thunderbird (SSA:2005-085-01)
Date: Sun, 27 Mar 2005 02:40:12 -0800 (PST) |
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] Mozilla/Firefox/Thunderbird (SSA:2005-085-01)
New Mozilla packages are available for Slackware 9.1, 10.0, 10.1, and -current
to fix various security issues and bugs. See the Mozilla site for a complete
list of the issues patched:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla
Also updated are Firefox and Thunderbird in Slackware -current, and GAIM in
Slackware 9.1, 10.0, and 10.1 (which uses the Mozilla NSS libraries).
New versions of the mozilla-plugins symlink creation package are also out for
Slackware 9.1, 10.0, and 10.1.
Just a little note on Slackware security -- I believe the state of Slackware
right now is quite secure. I know there have been issues announced and fixed
elsewhere, and I am assessing the reality of them (to be honest, it seems the
level of proof needed to announce a security hole these days has fallen close
to zero -- where are the proof-of-concept exploits?) It is, as always, my
firm intent to keep Slackware as secure as it can possibly be. I'm still
getting back up to speed (and I do not believe that anything exploitable in
real life is being allowed to slide), but I'm continuing to look over the
various reports and would welcome input at security@slackware.com if you feel
anything important has been overlooked and is in need of attention. Please
remember that I do read BugTraq and many other security lists. I am not
asking for duplicates of BugTraq posts unless you have additional proof or
information on the issues, or can explain how an issue affects your own
servers. This will help me to priorite any work that remains to be done.
Thanks in advance for any helpful comments.
Here are the details from the Slackware 10.1 ChangeLog:
+--------------------------+
patches/packages/gaim-1.2.0-i486-1.tgz: Upgraded to gaim-1.2.0 and
gaim-encryption-2.36 (compiled against mozilla-1.7.6).
patches/packages/mozilla-1.7.6-i486-1.tgz: Upgraded to mozilla-1.7.6.
Fixes some security issues. Please see mozilla.org for a complete list.
(* Security fix *)
patches/packages/mozilla-plugins-1.7.6-noarch-1.tgz: Adjusted plugin
symlinks for Mozilla 1.7.6.
+--------------------------+
Where to find the new packages:
+-----------------------------+
Updated packages for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/gaim-1.2.0-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/mozilla-1.4.4-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/mozilla-plugins-1.4.4-noarch-1.tgz
Updated packages for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/gaim-1.2.0-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mozilla-1.7.6-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mozilla-plugins-1.7.6-noarch-1.tgz
Updated packages for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/gaim-1.2.0-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/mozilla-1.7.6-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/mozilla-plugins-1.7.6-noarch-1.tgz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/gaim-1.2.0-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/jre-symlink-1.0.2-noarch-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-1.7.6-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-1.0.2-i686-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-1.0.2-i686-1.tgz
MD5 signatures:
+-------------+
Slackware 9.1 packages:
21ca54aa595c4b2f17e66ead1afccfb3 gaim-1.2.0-i486-1.tgz
c4f90b3cad4a3287024b8674817a2c18 mozilla-1.4.4-i486-1.tgz
1052d9aaf3a72d93f368aed09bf4621d mozilla-plugins-1.4.4-noarch-1.tgz
Slackware 10.0 packages:
e1c38b004ecfa1b99dcc33f70518c1e9 gaim-1.2.0-i486-1.tgz
c3558a839c694c03e735c812f1daa8c8 mozilla-1.7.6-i486-1.tgz
8f8280c100124da310b37e01efa36faf mozilla-plugins-1.7.6-noarch-1.tgz
Slackware 10.1 packages:
b722b79421a794e660e49f4c3bc65c2a gaim-1.2.0-i486-1.tgz
086d2fccea0f0dc2f96834359a47c5ad mozilla-1.7.6-i486-1.tgz
201cb1551f44b6400b61e93fb7389212 mozilla-plugins-1.7.6-noarch-1.tgz
Slackware -current packages:
557e74c4b9d3ea2165fb93a35152b4b3 gaim-1.2.0-i486-1.tgz
122460234976155301def4e101f957cd jre-symlink-1.0.2-noarch-1.tgz
f0ea90b10eb8a6914392e2aacda476ed mozilla-1.7.6-i486-1.tgz
2fcda52717de80dc7e49c890d0c5ec2b mozilla-firefox-1.0.2-i686-1.tgz
6374edbb1a28da8f28b1ff90b279ce40 mozilla-thunderbird-1.0.2-i686-1.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg gaim-1.2.0-i486-1.tgz mozilla-1.7.6-i486-1.tgz mozilla-plugins-1.7.6-noarch-1.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)
iD8DBQFCRhR0akRjwEAQIjMRAtKkAJ99WgrN1gcN7ILrezKXMPzMfsAhxgCdEMnO
qS2kfBGAR3XrzGT5HR77w0U=
=KVHc
-----END PGP SIGNATURE-----
|
| |