Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » [CLA-2003:568] Conectiva Linux Security Announcement - mozilla

[CLA-2003:568] Conectiva Linux Security Announcement - mozilla

by Nikola Strahija on February 13th, 2003 Mozilla is an open-source web browser designed for standards compliance, performance and portability.


PACKAGE : mozilla
SUMMARY : Several vulnerabilities
DATE : 2003-02-13 15:54:00
ID : CLA-2003:568
RELEVANT
RELEASES : 6.0, 7.0, 8

- -------------------------------------------------------------------------

DESCRIPTION
Mozilla is an open-source web browser designed for standards
compliance, performance and portability.

This update addresses several vulnerabilities found after the mozilla
1.0rc2 release, wich was the last version sent as an official
update[1] for Conectiva Linux distributions. A complete list of such
vulnerabilities can be obtained in [2,3], and details about the most
known ones in [5,6,7,8,9].

A remote attacker could exploit these vulnerabilities by creating
malicious web pages that, when acessed, would crash the browser,
potentially allow remote arbitrary code execution or cause some sort
of unexpected behavior.

The packages from this update are of Mozilla 1.2.1, which is the
latest stable release[10] from mozilla.org and includes fixes for the
known vulnerabilities. Besides the security fixes, it also includes
several new features and other minor corrections.

The vulnerabilities aforementioned also affect the Galeon web
browser, which uses the Mozilla engine. Galeon is being updated to
the version 1.2.7 in Conectiva Linux 8, but not in Conectiva Linux
6.0 and 7.0. The Galeon version distributed in these versions of
Conectiva Linux was in its early stages of development and would not
work with the new Mozilla packages. A new version of Galeon for these
distributions would need many other updated packages and therefore
will not be provided.


SOLUTION
All mozilla and galeon users should upgrade. Galeon users on
Conectiva Linux 6.0 and 7.0 should consider upgrading their
distribution or choosing another browser.


REFERENCES:
1.http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490
2.http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html
3.http://www.mozilla.org/projects/security/known-vulnerabilities.html
4.http://online.securityfocus.com/bid/5665/discussion/
5.http://online.securityfocus.com/bid/5694/discussion/
6.http://online.securityfocus.com/bid/5757/discussion/
7.http://online.securityfocus.com/bid/5759/discussion/
8.http://online.securityfocus.com/bid/5762/discussion/
9.http://online.securityfocus.com/bid/5766/discussion/
10.http://www.mozilla.org/releases/mozilla1.2.1/


UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/mozilla-1.2.1-1U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/mozilla-devel-1.2.1-1U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/mozilla-1.2.1-1U60_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-1.2.1-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-devel-1.2.1-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-devel-static-1.2.1-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-irc-1.2.1-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-mail-1.2.1-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-psm-1.2.1-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/mozilla-1.2.1-1U70_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-1.2.1-1U80_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-devel-1.2.1-1U80_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-devel-static-1.2.1-1U80_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-irc-1.2.1-1U80_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-mail-1.2.1-1U80_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-psm-1.2.1-1U80_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/galeon-1.2.7-1U80_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/galeon-devel-1.2.7-1U80_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/mozilla-1.2.1-1U80_5cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/galeon-1.2.7-1U80_5cl.src.rpm


ADDITIONAL INSTRUCTIONS
Users of Conectiva Linux version 6.0 or higher may use apt to perform
upgrades of RPM packages:

- run: apt-get update
- after that, execute: apt-get upgrade

Detailed instructions reagarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en


- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- -------------------------------------------------------------------------
subscribe: [email protected]
unsubscribe: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+S9wN42jd0JmAcZARAqZcAJ46gKJh6DkblFy3ru866JtYOwtOvQCgt/Q2
nM+hTrbUCmSQs/BlJtiuFHs=
=96my
-----END PGP SIGNATURE-----


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »