|
|
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] Mozilla (SSA:2004-223-01)
Date: Tue, 10 Aug 2004 14:17:12 -0700 (PDT) |
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] Mozilla (SSA:2004-223-01)
New Mozilla packages are available for Slackware 9.1, 10.0, and -current
to fix a number of security issues. Slackware 10.0 and -current were
upgraded to Mozilla 1.7.2, and Slackware 9.1 was upgraded to Mozilla 1.4.3.
As usual, new versions of Mozilla require new versions of things that link
with the Mozilla libraries, so for Slackware 10.0 and -current new versions
of epiphany, galeon, gaim, and mozilla-plugins have also been provided.
There don't appear to be epiphany and galeon versions that are compatible
with Mozilla 1.4.3 and the GNOME in Slackware 9.1, so these are not
provided and Epiphany and Galeon will be broken on Slackware 9.1 if the
new Mozilla package is installed. Furthermore, earlier versions of
Mozilla (such as the 1.3 series) were not fixed upstream, so versions
of Slackware earlier than 9.1 will remain vulnerable to these browser
issues. If you still use Slackware 9.0 or earlier, you may want to
consider removing Mozilla or upgrading to a newer version.
More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
Issues fixed in Mozilla 1.7.2:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0758
Issues fixed in Mozilla 1.4.3:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0757
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0759
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0765
Here are the details from the Slackware 10.0 ChangeLog:
+--------------------------+
Mon Aug 9 01:56:43 PDT 2004
patches/packages/epiphany-1.2.7-i486-1.tgz: Upgraded to epiphany-1.2.7.
(compiled against Mozilla 1.7.2)
patches/packages/gaim-0.81-i486-1.tgz: Upgraded to gaim-0.81.
(compiled against Mozilla 1.7.2)
patches/packages/galeon-1.3.17-i486-1.tgz: Upgraded to galeon-1.3.17.
(compiled against Mozilla 1.7.2)
patches/packages/mozilla-1.7.2-i486-1.tgz: Upgraded to Mozilla 1.7.2. This
fixes three security vulnerabilities. For details, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.2
(* Security fix *)
patches/packages/mozilla-plugins-1.7.2-noarch-1.tgz: Changed plugin symlinks
for Mozilla 1.7.2.
+--------------------------+
Where to find the new packages:
+-----------------------------+
Updated packages for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/mozilla-1.4.3-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/mozilla-plugins-1.4.3-noarch-1.tgz
Updated packages for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mozilla-1.7.2-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mozilla-plugins-1.7.2-noarch-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/epiphany-1.2.7-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/gaim-0.81-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/galeon-1.3.17-i486-1.tgz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-1.7.2-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-plugins-1.7.2-noarch-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/gnome/epiphany-1.2.7-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/gnome/galeon-1.3.17-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/gaim-0.81-i486-1.tgz
MD5 signatures:
+-------------+
Slackware 9.1 packages:
29515193166b9b618be405a71b5e9a59 mozilla-1.4.3-i486-1.tgz
49d537be814de72a3d62a5cc9f6e3b15 mozilla-plugins-1.4.3-noarch-1.tgz
Slackware 10.0 packages:
612a65758f03fe08a44e004b1ae92d70 mozilla-1.7.2-i486-1.tgz
55da20d3c7acdd50a3b4abfe12191069 mozilla-plugins-1.7.2-noarch-1.tgz
86034039fbf6b52584e05701a0598ca4 epiphany-1.2.7-i486-1.tgz
c3f238fdba8684948d8817d7cf0db567 gaim-0.81-i486-1.tgz
0e8393b8f1b992dc7804fe925a839755 galeon-1.3.17-i486-1.tgz
Slackware -current packages:
612a65758f03fe08a44e004b1ae92d70 mozilla-1.7.2-i486-1.tgz
55da20d3c7acdd50a3b4abfe12191069 mozilla-plugins-1.7.2-noarch-1.tgz
86034039fbf6b52584e05701a0598ca4 epiphany-1.2.7-i486-1.tgz
0e8393b8f1b992dc7804fe925a839755 galeon-1.3.17-i486-1.tgz
ddb7281b985c6b7efb20afc69e5c2ffb gaim-0.81-i486-1.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg mozilla-1.7.2-i486-1.tgz \
mozilla-plugins-1.7.2-noarch-1.tgz \
epiphany-1.2.7-i486-1.tgz \
gaim-0.81-i486-1.tgz \
galeon-1.3.17-i486-1.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBGTtHakRjwEAQIjMRAtD8AKCO3R9Ubm4CiDHepqy8Ar2pGAXASwCgiIyV
rneqNVIK7NAxkFLpymLzC7s=
=CUBZ
-----END PGP SIGNATURE-----
|
| |