Login
Newsletter
Werbung

Sicherheit: Überschreiben von Dateien in mozilla-firefox
Aktuelle Meldungen Distributionen
Name: Überschreiben von Dateien in mozilla-firefox
ID: MDKSA-2005:173
Distribution: Mandriva
Plattformen: Mandriva 10.2, Mandriva 2006.0
Datum: Fr, 7. Oktober 2005, 05:25
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2353
Applikationen: Mozilla Firefox

Originalnachricht

This is a multi-part message in MIME format...

------------=_1128655050-811-197

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: mozilla-firefox
Advisory ID: MDKSA-2005:173
Date: October 6th, 2005

Affected versions: 10.2, 2006.0
______________________________________________________________________

Problem Description:

New updates are available for Mozilla Firefox:

A regression in the LE2005 Firefox package caused problems with cursor
movement that has been fixed.

The run-mozilla.sh script, with debugging enabled, would allow local
users to create or overwrite arbitrary files via a symlink attack on
temporary files (CAN-2005-2353).

nsScriptSecurityManager::GetBaseURIScheme didn't handle
jar:view-source:... correctly because the jar: and view-source: cases
didn't use recursion as they were supposed to. This was corrected in
Firefox 1.0.4 and only affects the LE2005 package.

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2353
______________________________________________________________________

Updated Packages:

Mandrivalinux 10.2:
8802442f13b423d32f90beab90b57b39
10.2/RPMS/libnspr4-1.0.2-10.1.102mdk.i586.rpm
490de6be6ed37670b498f1b32ce9911d
10.2/RPMS/libnspr4-devel-1.0.2-10.1.102mdk.i586.rpm
15bd80dbb1661d1991d7cb5d882de84b 10.2/RPMS/libnss3-1.0.2-10.1.102mdk.i586.rpm
abb90d3203f570d84e0228214244c16a
10.2/RPMS/libnss3-devel-1.0.2-10.1.102mdk.i586.rpm
692a964ae2a2fc96bad0926ba57f6608
10.2/RPMS/mozilla-firefox-1.0.2-10.1.102mdk.i586.rpm
3d88f5181f16a5ac731c183af04973c0
10.2/RPMS/mozilla-firefox-devel-1.0.2-10.1.102mdk.i586.rpm
915ff77d3dabc2c821f7355d0fc379db
10.2/SRPMS/mozilla-firefox-1.0.2-10.1.102mdk.src.rpm

Mandrivalinux 10.2/X86_64:
a5b17c8a1142e20db9d69b934f54607d
x86_64/10.2/RPMS/lib64nspr4-1.0.2-10.1.102mdk.x86_64.rpm
f041b7de49dd120ddb63ba6b2d466feb
x86_64/10.2/RPMS/lib64nspr4-devel-1.0.2-10.1.102mdk.x86_64.rpm
8802442f13b423d32f90beab90b57b39
x86_64/10.2/RPMS/libnspr4-1.0.2-10.1.102mdk.i586.rpm
490de6be6ed37670b498f1b32ce9911d
x86_64/10.2/RPMS/libnspr4-devel-1.0.2-10.1.102mdk.i586.rpm
13b1057af97d829a4aae52cdb5f3bcab
x86_64/10.2/RPMS/lib64nss3-1.0.2-10.1.102mdk.x86_64.rpm
42cbcf8cf37d45472d7d1d742cc91e22
x86_64/10.2/RPMS/lib64nss3-devel-1.0.2-10.1.102mdk.x86_64.rpm
15bd80dbb1661d1991d7cb5d882de84b
x86_64/10.2/RPMS/libnss3-1.0.2-10.1.102mdk.i586.rpm
abb90d3203f570d84e0228214244c16a
x86_64/10.2/RPMS/libnss3-devel-1.0.2-10.1.102mdk.i586.rpm
83cb2e763eac7d6117daf62a4adb14ab
x86_64/10.2/RPMS/mozilla-firefox-1.0.2-10.1.102mdk.x86_64.rpm
76ba06daf1900bbaa357744daec1060a
x86_64/10.2/RPMS/mozilla-firefox-devel-1.0.2-10.1.102mdk.x86_64.rpm
915ff77d3dabc2c821f7355d0fc379db
x86_64/10.2/SRPMS/mozilla-firefox-1.0.2-10.1.102mdk.src.rpm

Mandrivalinux 2006.0:
4729fc4e3d1b10f2e16e94c23a5d55e9
2006.0/RPMS/libnspr4-1.0.6-16.1.20060mdk.i586.rpm
bf450dbb8f1f20abfcc57b9decb30eb4
2006.0/RPMS/libnspr4-devel-1.0.6-16.1.20060mdk.i586.rpm
760d6ab6f917091183818d6946c4482f
2006.0/RPMS/libnss3-1.0.6-16.1.20060mdk.i586.rpm
a9b14f14a73c89950b445c747f9c306c
2006.0/RPMS/libnss3-devel-1.0.6-16.1.20060mdk.i586.rpm
94adfb3dbdb796da0d2ab01b842e8351
2006.0/RPMS/mozilla-firefox-1.0.6-16.1.20060mdk.i586.rpm
01947ebf2c815bc36e955cc98ce23f27
2006.0/RPMS/mozilla-firefox-devel-1.0.6-16.1.20060mdk.i586.rpm
93f3763d032cd82e7b214afeecccd4a9
2006.0/SRPMS/mozilla-firefox-1.0.6-16.1.20060mdk.src.rpm

Mandrivalinux 2006.0/X86_64:
68542f490600d394fd8246081a899894
x86_64/2006.0/RPMS/lib64nspr4-1.0.6-16.1.20060mdk.x86_64.rpm
3589f6d4e900c9c400c881861e50a927
x86_64/2006.0/RPMS/lib64nspr4-devel-1.0.6-16.1.20060mdk.x86_64.rpm
4729fc4e3d1b10f2e16e94c23a5d55e9
x86_64/2006.0/RPMS/libnspr4-1.0.6-16.1.20060mdk.i586.rpm
bf450dbb8f1f20abfcc57b9decb30eb4
x86_64/2006.0/RPMS/libnspr4-devel-1.0.6-16.1.20060mdk.i586.rpm
7a7d70dd78e89ef04b1c1f69b3711bfe
x86_64/2006.0/RPMS/lib64nss3-1.0.6-16.1.20060mdk.x86_64.rpm
8f7a198febbcd4c819b93eee2e4822ad
x86_64/2006.0/RPMS/lib64nss3-devel-1.0.6-16.1.20060mdk.x86_64.rpm
760d6ab6f917091183818d6946c4482f
x86_64/2006.0/RPMS/libnss3-1.0.6-16.1.20060mdk.i586.rpm
a9b14f14a73c89950b445c747f9c306c
x86_64/2006.0/RPMS/libnss3-devel-1.0.6-16.1.20060mdk.i586.rpm
8d72c505c3634bee91ed8a6d1add342d
x86_64/2006.0/RPMS/mozilla-firefox-1.0.6-16.1.20060mdk.x86_64.rpm
a1e80b35074ce98d49812d46f4f0de47
x86_64/2006.0/RPMS/mozilla-firefox-devel-1.0.6-16.1.20060mdk.x86_64.rpm
93f3763d032cd82e7b214afeecccd4a9
x86_64/2006.0/SRPMS/mozilla-firefox-1.0.6-16.1.20060mdk.src.rpm
_______________________________________________________________________

Bug IDs fixed (see http://qa.mandriva.com for more information):

18980 - left/right keys on input text jump over several words
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDReWqmqjQ0CJFipgRAmCkAJ9H8FBb+mttPOvoDbAbs1aDdjAoTQCbBIvB
kb0UpSg5nxWw1XKVAu6BqgI=
=bcU2
-----END PGP SIGNATURE-----


------------=_1128655050-811-197
Content-Type: text/plain; name="message.footer"
Content-Disposition: inline; filename="message.footer"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1128655050-811-197--
Pro-Linux
Pro-Linux @Twitter
Neue Nachrichten
Werbung