[3571] in Release_7.7_team


home	help	back	first	fref	pref	prev	next	nref	lref	last	post
Re: Quoth Redhat: Mozilla 1.0 considered harmful

daemon@ATHENA.MIT.EDU (t. belton)
Mon Oct 21 13:36:55 2002

Date: Mon, 21 Oct 2002 13:36:53 -0400 (EDT)
From: "t. belton" <tbelton@MIT.EDU>
To: "andrew m. boardman" <amb@MIT.EDU>
cc: <release-team@MIT.EDU>
In-Reply-To: <200210181833.OAA21520@pothole.mit.edu>
Message-ID: <Pine.GSO.4.33L.0210211335060.17610-100000@iphigenia.mit.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

Yeah, this is why Mozilla is strongly encouraging Mozilla 1.0 users to go
1.0.1. (You'd think they could provide some details about the security
holes in their release notes, but no.) Linux is going to 1.0.1 any second
now; been a slight holdup because I have been busy (aside from
non-infoagents tasks) combing the universe for any signs of an equivalent
upgrade for Sun. Still haven't found one.



On Fri, 18 Oct 2002, andrew m. boardman wrote:

>
> More fuel for the fire.  I'm not sure if the relevant patches are in the
> 1.0 branch or not; I expect not.
>
> ------- Start of forwarded message -------
> Subject: [RHSA-2002:192-13] Updated Mozilla packages fix security vulnerabilities
> From: bugzilla@redhat.com
> To: redhat-watch-list@redhat.com, redhat-announce-list@redhat.com
> Cc: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com
> X-MIME-Autoconverted: from quoted-printable to 8bit by lacrosse.corp.redhat.com id g9I9IJP22640
> X-Loop: redhat-watch-list@redhat.com
> Sender: redhat-watch-list-admin@redhat.com
> Date: Fri, 18 Oct 2002 05:18 -0400
>
> - ---------------------------------------------------------------------
>                    Red Hat, Inc. Red Hat Security Advisory
>
> Synopsis:          Updated Mozilla packages fix security vulnerabilities
> Advisory ID:       RHSA-2002:192-13
> Issue date:        2002-08-28
> Updated on:        2002-10-09
> Product:           Red Hat Linux
> Keywords:
> Cross references:
> Obsoletes:         RHSA-2002:079
> CVE Names:         CAN-2002-1126 CAN-2002-1091
> - ---------------------------------------------------------------------
>
> 1. Topic:
>
> Updated Mozilla packages are now available for Red Hat Linux.  These new
> packages fix vulnerabilities in previous versions of Mozilla.
>
> 2. Relevant releases/architectures:
>
> Red Hat Linux 7.2 - i386, ia64
> Red Hat Linux 7.3 - i386
> Red Hat Linux 8.0 - i386
>
> 3. Problem description:
>
> Mozilla is an open source web browser.  Versions of Mozilla previous to
> version 1.0.1 contain various security vulnerabilities.  These
> vulnerabilities could be used by an attacker to read data off of the local
> hard drive, to gain information that should normally be kept private, and
> in some cases to execute arbitrary code.  For more information on the
> specific vulnerabilities fixed please see the references below.
>
> All users of Mozilla should update to these errata packages containing
> Mozilla version 1.0.1 which is not vulnerable to these issues.
>
> 4. Solution:
>
> Before applying this update, make sure all previously released errata
> relevant to your system have been applied.
>
> To update all RPMs for your particular architecture, run:
>
> rpm -Fvh [filenames]
>
> where [filenames] is a list of the RPMs you wish to upgrade.  Only those
> RPMs which are currently installed will be updated.  Those RPMs which are
> not installed but included in the list will not be updated.  Note that you
> can also use wildcards (*.rpm) if your current directory *only* contains the
> desired RPMs.
>
> Please note that this update is also available via Red Hat Network.  Many
> people find this an easier way to apply updates.  To use Red Hat Network,
> launch the Red Hat Update Agent with the following command:
>
> up2date
>
> This will start an interactive process that will result in the appropriate
> RPMs being upgraded on your system.
>
> 5. RPMs required:
>
> Red Hat Linux 7.2:
>
> SRPMS:
> ftp://updates.redhat.com/7.2/en/os/SRPMS/mozilla-1.0.1-2.7.2.src.rpm
> ftp://updates.redhat.com/7.2/en/os/SRPMS/galeon-1.2.6-0.7.2.src.rpm
> ftp://updates.redhat.com/7.2/en/os/SRPMS/nautilus-1.0.4-48.src.rpm
> ftp://updates.redhat.com/7.2/en/os/SRPMS/gdk-pixbuf-0.14.0-0.7.2.src.rpm
>
> i386:
> ftp://updates.redhat.com/7.2/en/os/i386/mozilla-1.0.1-2.7.2.i386.rpm
> ftp://updates.redhat.com/7.2/en/os/i386/mozilla-chat-1.0.1-2.7.2.i386.rpm
> ftp://updates.redhat.com/7.2/en/os/i386/mozilla-devel-1.0.1-2.7.2.i386.rpm
> ftp://updates.redhat.com/7.2/en/os/i386/mozilla-dom-inspector-1.0.1-2.7.2.i386.rpm
> ftp://updates.redhat.com/7.2/en/os/i386/mozilla-js-debugger-1.0.1-2.7.2.i386.rpm
> ftp://updates.redhat.com/7.2/en/os/i386/mozilla-mail-1.0.1-2.7.2.i386.rpm
> ftp://updates.redhat.com/7.2/en/os/i386/mozilla-nspr-1.0.1-2.7.2.i386.rpm
> ftp://updates.redhat.com/7.2/en/os/i386/mozilla-nspr-devel-1.0.1-2.7.2.i386.rpm
> ftp://updates.redhat.com/7.2/en/os/i386/mozilla-nss-1.0.1-2.7.2.i386.rpm
> ftp://updates.redhat.com/7.2/en/os/i386/mozilla-nss-devel-1.0.1-2.7.2.i386.rpm
> ftp://updates.redhat.com/7.2/en/os/i386/mozilla-psm-1.0.1-2.7.2.i386.rpm
> ftp://updates.redhat.com/7.2/en/os/i386/galeon-1.2.6-0.7.2.i386.rpm
> ftp://updates.redhat.com/7.2/en/os/i386/nautilus-1.0.4-48.i386.rpm
> ftp://updates.redhat.com/7.2/en/os/i386/nautilus-mozilla-1.0.4-48.i386.rpm
> ftp://updates.redhat.com/7.2/en/os/i386/nautilus-devel-1.0.4-48.i386.rpm
> ftp://updates.redhat.com/7.2/en/os/i386/gdk-pixbuf-0.14.0-0.7.2.i386.rpm
> ftp://updates.redhat.com/7.2/en/os/i386/gdk-pixbuf-gnome-0.14.0-0.7.2.i386.rpm
> ftp://updates.redhat.com/7.2/en/os/i386/gdk-pixbuf-devel-0.14.0-0.7.2.i386.rpm
>
> ia64:
> ftp://updates.redhat.com/7.2/en/os/ia64/nautilus-1.0.4-48.ia64.rpm
> ftp://updates.redhat.com/7.2/en/os/ia64/nautilus-devel-1.0.4-48.ia64.rpm
> ftp://updates.redhat.com/7.2/en/os/ia64/gdk-pixbuf-0.14.0-0.7.2.ia64.rpm
> ftp://updates.redhat.com/7.2/en/os/ia64/gdk-pixbuf-gnome-0.14.0-0.7.2.ia64.rpm
> ftp://updates.redhat.com/7.2/en/os/ia64/gdk-pixbuf-devel-0.14.0-0.7.2.ia64.rpm
>
> Red Hat Linux 7.3:
>
> SRPMS:
> ftp://updates.redhat.com/7.3/en/os/SRPMS/mozilla-1.0.1-2.7.3.src.rpm
> ftp://updates.redhat.com/7.3/en/os/SRPMS/galeon-1.2.6-0.7.3.src.rpm
> ftp://updates.redhat.com/7.3/en/os/SRPMS/nautilus-1.0.6-16.src.rpm
>
> i386:
> ftp://updates.redhat.com/7.3/en/os/i386/mozilla-1.0.1-2.7.3.i386.rpm
> ftp://updates.redhat.com/7.3/en/os/i386/mozilla-chat-1.0.1-2.7.3.i386.rpm
> ftp://updates.redhat.com/7.3/en/os/i386/mozilla-devel-1.0.1-2.7.3.i386.rpm
> ftp://updates.redhat.com/7.3/en/os/i386/mozilla-dom-inspector-1.0.1-2.7.3.i386.rpm
> ftp://updates.redhat.com/7.3/en/os/i386/mozilla-js-debugger-1.0.1-2.7.3.i386.rpm
> ftp://updates.redhat.com/7.3/en/os/i386/mozilla-mail-1.0.1-2.7.3.i386.rpm
> ftp://updates.redhat.com/7.3/en/os/i386/mozilla-nspr-1.0.1-2.7.3.i386.rpm
> ftp://updates.redhat.com/7.3/en/os/i386/mozilla-nspr-devel-1.0.1-2.7.3.i386.rpm
> ftp://updates.redhat.com/7.3/en/os/i386/mozilla-nss-1.0.1-2.7.3.i386.rpm
> ftp://updates.redhat.com/7.3/en/os/i386/mozilla-nss-devel-1.0.1-2.7.3.i386.rpm
> ftp://updates.redhat.com/7.3/en/os/i386/mozilla-psm-1.0.1-2.7.3.i386.rpm
> ftp://updates.redhat.com/7.3/en/os/i386/galeon-1.2.6-0.7.3.i386.rpm
> ftp://updates.redhat.com/7.3/en/os/i386/nautilus-1.0.6-16.i386.rpm
> ftp://updates.redhat.com/7.3/en/os/i386/nautilus-mozilla-1.0.6-16.i386.rpm
> ftp://updates.redhat.com/7.3/en/os/i386/nautilus-devel-1.0.6-16.i386.rpm
>
> Red Hat Linux 8.0:
>
> SRPMS:
> ftp://updates.redhat.com/8.0/en/os/SRPMS/galeon-1.2.6-0.8.0.src.rpm
> ftp://updates.redhat.com/8.0/en/os/SRPMS/mozilla-1.0.1-26.src.rpm
>
> i386:
> ftp://updates.redhat.com/8.0/en/os/i386/galeon-1.2.6-0.8.0.i386.rpm
> ftp://updates.redhat.com/8.0/en/os/i386/mozilla-1.0.1-26.i386.rpm
> ftp://updates.redhat.com/8.0/en/os/i386/mozilla-chat-1.0.1-26.i386.rpm
> ftp://updates.redhat.com/8.0/en/os/i386/mozilla-devel-1.0.1-26.i386.rpm
> ftp://updates.redhat.com/8.0/en/os/i386/mozilla-dom-inspector-1.0.1-26.i386.rpm
> ftp://updates.redhat.com/8.0/en/os/i386/mozilla-js-debugger-1.0.1-26.i386.rpm
> ftp://updates.redhat.com/8.0/en/os/i386/mozilla-mail-1.0.1-26.i386.rpm
> ftp://updates.redhat.com/8.0/en/os/i386/mozilla-nspr-1.0.1-26.i386.rpm
> ftp://updates.redhat.com/8.0/en/os/i386/mozilla-nspr-devel-1.0.1-26.i386.rpm
> ftp://updates.redhat.com/8.0/en/os/i386/mozilla-nss-1.0.1-26.i386.rpm
> ftp://updates.redhat.com/8.0/en/os/i386/mozilla-nss-devel-1.0.1-26.i386.rpm
> ftp://updates.redhat.com/8.0/en/os/i386/mozilla-psm-1.0.1-26.i386.rpm
>
>
>
> 6. Verification:
>
> MD5 sum                          Package Name
> - --------------------------------------------------------------------------
> 2c9290ece68000873e629ce86552a196 7.2/en/os/SRPMS/galeon-1.2.6-0.7.2.src.rpm
> 45ac827625017ff0fbf6d5cef7435aeb 7.2/en/os/SRPMS/gdk-pixbuf-0.14.0-0.7.2.src.rpm
> f92260127e30ed4da890502653b0e029 7.2/en/os/SRPMS/mozilla-1.0.1-2.7.2.src.rpm
> edf75a33af3af645257bd16d35637664 7.2/en/os/SRPMS/nautilus-1.0.4-48.src.rpm
> bce50acc0675f468a9b08d125d0f4be2 7.2/en/os/i386/galeon-1.2.6-0.7.2.i386.rpm
> bbaa3bf0948a2889644db081355ccfdf 7.2/en/os/i386/gdk-pixbuf-0.14.0-0.7.2.i386.rpm
> 35043786032f1399077cb42021e3b372 7.2/en/os/i386/gdk-pixbuf-devel-0.14.0-0.7.2.i386.rpm
> 37f9cf9f4fe3619c1d7e88a5a0f6ccca 7.2/en/os/i386/gdk-pixbuf-gnome-0.14.0-0.7.2.i386.rpm
> 55cae02cdb3588ecdb5c98162658dcf0 7.2/en/os/i386/mozilla-1.0.1-2.7.2.i386.rpm
> f02f614a369d697f72d4668306b429a3 7.2/en/os/i386/mozilla-chat-1.0.1-2.7.2.i386.rpm
> c837cb4b7e86c203e3826e154bdd53bc 7.2/en/os/i386/mozilla-devel-1.0.1-2.7.2.i386.rpm
> eb96ae6280da1b4e9af11320e466d95a 7.2/en/os/i386/mozilla-dom-inspector-1.0.1-2.7.2.i386.rpm
> 9c3612262d14acf6453c6e12d2931cd8 7.2/en/os/i386/mozilla-js-debugger-1.0.1-2.7.2.i386.rpm
> 4049e74e502d396c6de586f23d1e6543 7.2/en/os/i386/mozilla-mail-1.0.1-2.7.2.i386.rpm
> b7845d71694282593fab8d7e59761592 7.2/en/os/i386/mozilla-nspr-1.0.1-2.7.2.i386.rpm
> caf0ad56986e6be4c7e2143c26729e09 7.2/en/os/i386/mozilla-nspr-devel-1.0.1-2.7.2.i386.rpm
> 8fa96d2226a69d3e90042bd96ff755ef 7.2/en/os/i386/mozilla-nss-1.0.1-2.7.2.i386.rpm
> 4fbd4d48b9fed65d1d78790dd8f1df6c 7.2/en/os/i386/mozilla-nss-devel-1.0.1-2.7.2.i386.rpm
> 1153effb7a20ba940d84ccf4d2d1ba6d 7.2/en/os/i386/mozilla-psm-1.0.1-2.7.2.i386.rpm
> e0719ff530dceeaf85c0b35a076ff248 7.2/en/os/i386/nautilus-1.0.4-48.i386.rpm
> 5733116ad2f47d7af6f28e96c2d96545 7.2/en/os/i386/nautilus-devel-1.0.4-48.i386.rpm
> a35343068ce221c7cae6c321b8999c6f 7.2/en/os/i386/nautilus-mozilla-1.0.4-48.i386.rpm
> a214992d302e65c74547cb4f76754037 7.2/en/os/ia64/gdk-pixbuf-0.14.0-0.7.2.ia64.rpm
> ee37c010271bdef5d716cb9893ce86a2 7.2/en/os/ia64/gdk-pixbuf-devel-0.14.0-0.7.2.ia64.rpm
> ba5982cf9c1ab63b92206bd9b599504c 7.2/en/os/ia64/gdk-pixbuf-gnome-0.14.0-0.7.2.ia64.rpm
> dc7707c2e2e580801ef4e56628a73abb 7.2/en/os/ia64/nautilus-1.0.4-48.ia64.rpm
> 4e7d0a6909c132733dc9e9d935155626 7.2/en/os/ia64/nautilus-devel-1.0.4-48.ia64.rpm
> fb77474103240a26f072c20a7fd882aa 7.3/en/os/SRPMS/galeon-1.2.6-0.7.3.src.rpm
> 413fdcc522366c152052a45c04cbd514 7.3/en/os/SRPMS/mozilla-1.0.1-2.7.3.src.rpm
> 96f43ccc321db5a6c94aa8918bd67276 7.3/en/os/SRPMS/nautilus-1.0.6-16.src.rpm
> 9e6581d0c1130fe9c5b586fef8b801fd 7.3/en/os/i386/galeon-1.2.6-0.7.3.i386.rpm
> 3b7cbffce1e495fa0e7ab35524b6d8a7 7.3/en/os/i386/mozilla-1.0.1-2.7.3.i386.rpm
> c904e415dd240afd88858fc190e434f1 7.3/en/os/i386/mozilla-chat-1.0.1-2.7.3.i386.rpm
> bc8b506c8ba8ef533cb7aee51463d1fc 7.3/en/os/i386/mozilla-devel-1.0.1-2.7.3.i386.rpm
> 23e6364b844beda678b47d4eec6fd7c7 7.3/en/os/i386/mozilla-dom-inspector-1.0.1-2.7.3.i386.rpm
> d9d5da9c42bb40629be4e2f569a535f8 7.3/en/os/i386/mozilla-js-debugger-1.0.1-2.7.3.i386.rpm
> 1002a1657091994e2b6c641efccd3084 7.3/en/os/i386/mozilla-mail-1.0.1-2.7.3.i386.rpm
> e5088a329b5b370f99d1bcdc91fd1da5 7.3/en/os/i386/mozilla-nspr-1.0.1-2.7.3.i386.rpm
> 4d91282c418fd138d463a4f597fbe0c8 7.3/en/os/i386/mozilla-nspr-devel-1.0.1-2.7.3.i386.rpm
> 5cc1495b12fcb7aa2c5bd12cc8f3cb00 7.3/en/os/i386/mozilla-nss-1.0.1-2.7.3.i386.rpm
> 6bece76a0b4c597a2e421c9dff5abf37 7.3/en/os/i386/mozilla-nss-devel-1.0.1-2.7.3.i386.rpm
> e14c15e957472c4e1258df02821c9a42 7.3/en/os/i386/mozilla-psm-1.0.1-2.7.3.i386.rpm
> d35b4a163ae71d132a1f54abb04c6dfc 7.3/en/os/i386/nautilus-1.0.6-16.i386.rpm
> 379c05ad14b9a8154a9afe1259fe9435 7.3/en/os/i386/nautilus-devel-1.0.6-16.i386.rpm
> bfea3b16bf8ef7a706c796a26ea4afdb 7.3/en/os/i386/nautilus-mozilla-1.0.6-16.i386.rpm
> ad145735d93c8ab0e1a6ae067ce8087d 8.0/en/os/SRPMS/galeon-1.2.6-0.8.0.src.rpm
> a72e5a350f3d8060510cbae91ac0f7a2 8.0/en/os/SRPMS/mozilla-1.0.1-26.src.rpm
> d8d8b5eb226c715b6f2caadd891f3589 8.0/en/os/i386/galeon-1.2.6-0.8.0.i386.rpm
> 8970dd4ed15dc723b69981a759dc276d 8.0/en/os/i386/mozilla-1.0.1-26.i386.rpm
> c937a851972b2dc0b5fc3fcb1102b271 8.0/en/os/i386/mozilla-chat-1.0.1-26.i386.rpm
> dea17caeaecf5409b109c159c103b79f 8.0/en/os/i386/mozilla-devel-1.0.1-26.i386.rpm
> e076a16d042773e89e12b28b7881b0d3 8.0/en/os/i386/mozilla-dom-inspector-1.0.1-26.i386.rpm
> 4e598807c3deb705bb1acaf49d27bdc1 8.0/en/os/i386/mozilla-js-debugger-1.0.1-26.i386.rpm
> 738ab97dc4b45cdfc2f2183b34094b0e 8.0/en/os/i386/mozilla-mail-1.0.1-26.i386.rpm
> dafdc4e139a1b472facce214480de017 8.0/en/os/i386/mozilla-nspr-1.0.1-26.i386.rpm
> 1f5436dcc047c4957235abde0c7d635f 8.0/en/os/i386/mozilla-nspr-devel-1.0.1-26.i386.rpm
> 8e9bdb03a9ddd07a48fa1dac1268a89d 8.0/en/os/i386/mozilla-nss-1.0.1-26.i386.rpm
> 8c943caa6cfb3f885ecaed505682fdba 8.0/en/os/i386/mozilla-nss-devel-1.0.1-26.i386.rpm
> e626196daf83519788f137637c9599d1 8.0/en/os/i386/mozilla-psm-1.0.1-26.i386.rpm
>
>
> These packages are GPG signed by Red Hat, Inc. for security.  Our key
> is available at:
>     http://www.redhat.com/about/contact/pgpkey.html
>
> You can verify each package with the following command:
>     rpm --checksig  <filename>
>
> If you only wish to verify that each package has not been corrupted or
> tampered with, examine only the md5sum with the following command:
>     rpm --checksig --nogpg <filename>
>
>
> 7. References:
>
> http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html
> http://bugzilla.mozilla.org/show_bug.cgi?id=145579
> http://bugzilla.mozilla.org/show_bug.cgi?id=169982
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1126
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1091
>
>
> Copyright(c) 2000, 2001, 2002 Red Hat, Inc.
>
>
>
> _______________________________________________
> Redhat-watch-list mailing list
> To unsubscribe, visit: https://listman.redhat.com/mailman/listinfo/redhat-watch-list
> ------- End of forwarded message -------
>

home	help	back	first	fref	pref	prev	next	nref	lref	last	post
[3571] in Release_7.7_team

Re: Quoth Redhat: Mozilla 1.0 considered harmful

daemon@ATHENA.MIT.EDU (t. belton)Mon Oct 21 13:36:55 2002

daemon@ATHENA.MIT.EDU (t. belton)
Mon Oct 21 13:36:55 2002
