-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: mozilla
Advisory ID: MDKSA-2004:082
Date: August 12th, 2004
Affected versions: 10.0, 9.2
______________________________________________________________________
Problem Description:
A number of security vulnerabilities in mozilla are addressed by this
update for Mandrakelinux 10.0 users, including a fix for frame
spoofing, a fixed popup XPInstall/security dialog bug, a fix for
untrusted chrome calls, a fix for SSL certificate spoofing, a fix
for stealing secure HTTP Auth passwords via DNS spoofing, a fix for
insecure matching of cert names for non-FQDNs, a fix for focus
redefinition from another domain, a fix for a SOAP parameter overflow,
a fix for text drag on file entry, a fix for certificate DoS, and a
fix for lock icon and cert spoofing.
Additionally, mozilla for both Mandrakelinux 9.2 and 10.0 have been
rebuilt to use the system libjpeg and libpng which addresses
vulnerabilities discovered in libpng (ref: MDKSA-2004:079).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2004-0597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2004-0598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2004-0599
http://bugzilla.mozilla.org/show_bug.cgi?id=246448
http://bugzilla.mozilla.org/show_bug.cgi?id=162020
http://bugzilla.mozilla.org/show_bug.cgi?id=149478
http://bugzilla.mozilla.org/show_bug.cgi?id=239580
http://bugzilla.mozilla.org/show_bug.cgi?id=244965
http://bugzilla.mozilla.org/show_bug.cgi?id=229374
http://bugzilla.mozilla.org/show_bug.cgi?id=240053
http://bugzilla.mozilla.org/show_bug.cgi?id=226278
http://bugzilla.mozilla.org/show_bug.cgi?id=234058
http://bugzilla.mozilla.org/show_bug.cgi?id=86028
http://bugzilla.mozilla.org/show_bug.cgi?id=236618
http://bugzilla.mozilla.org/show_bug.cgi?id=206859
http://bugzilla.mozilla.org/show_bug.cgi?id=249004
http://bugzilla.mozilla.org/show_bug.cgi?id=253121
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
19b31b7ed83a5bfd62872777f48c2251 10.0/RPMS/libnspr4-1.6-12.1.100mdk.i586.rpm
2c751db4638e066a8089dde8eb2b940b 10.0/RPMS/libnspr4-devel-1.6-12.1.100mdk.i586.rpm
f44262d9e905090a756ebee318b00e14 10.0/RPMS/libnss3-1.6-12.1.100mdk.i586.rpm
ac3f3659e97a43a62ce6e574885a7ddf 10.0/RPMS/libnss3-devel-1.6-12.1.100mdk.i586.rpm
c60181755c6de63f125940311bb0d075 10.0/RPMS/mozilla-1.6-12.1.100mdk.i586.rpm
880ed64c45f293c64f9756b39334b82d 10.0/RPMS/mozilla-devel-1.6-12.1.100mdk.i586.rpm
f14a0240536662e2a43b4133ba2fd1b2 10.0/RPMS/mozilla-dom-inspector-1.6-12.1.100mdk.i586.rpm
0f5f524ff411923f3c542a40d81caab3 10.0/RPMS/mozilla-enigmail-1.6-12.1.100mdk.i586.rpm
2138a4308f6287b2a26a0ee509c732a4 10.0/RPMS/mozilla-enigmime-1.6-12.1.100mdk.i586.rpm
ac4f3906cf8db1d57722a2485eb5fba5 10.0/RPMS/mozilla-irc-1.6-12.1.100mdk.i586.rpm
bc535199a712e47ca30d93ad448513c1 10.0/RPMS/mozilla-js-debugger-1.6-12.1.100mdk.i586.rpm
4e1c2b9fae3b96a8a4821386f8cde4a0 10.0/RPMS/mozilla-mail-1.6-12.1.100mdk.i586.rpm
60384666732ca5895ea1696fd0088d45 10.0/RPMS/mozilla-spellchecker-1.6-12.1.100mdk.i586.rpm
4261307ca2dfbc1bf7ee53fa0d9cadda 10.0/SRPMS/mozilla-1.6-12.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
f950ed0e8c533c272b89242b285bfb51 amd64/10.0/RPMS/lib64nspr4-1.6-12.1.100mdk.amd64.rpm
1da39ad805ac3dfb6e15f4e2a4b81395 amd64/10.0/RPMS/lib64nspr4-devel-1.6-12.1.100mdk.amd64.rpm
82541944b78f9ae28b8fbaad7d8cff7f amd64/10.0/RPMS/lib64nss3-1.6-12.1.100mdk.amd64.rpm
7a1755840c9e86c6d9d3b0700fe22a64 amd64/10.0/RPMS/lib64nss3-devel-1.6-12.1.100mdk.amd64.rpm
bbad752b3e6173227dbe3e10d2e22b7e amd64/10.0/RPMS/mozilla-1.6-12.1.100mdk.amd64.rpm
160581d9505230143d3af6c0a68dbb50 amd64/10.0/RPMS/mozilla-devel-1.6-12.1.100mdk.amd64.rpm
a1e933df64ffb535c48f58efcb56f744 amd64/10.0/RPMS/mozilla-dom-inspector-1.6-12.1.100mdk.amd64.rpm
5b72c641ece4f0f086b9aac12623e4a5 amd64/10.0/RPMS/mozilla-enigmail-1.6-12.1.100mdk.amd64.rpm
6c55c3641ce9af81569179f2e0883571 amd64/10.0/RPMS/mozilla-enigmime-1.6-12.1.100mdk.amd64.rpm
de69eccc5e36ee64808b6465cdd2f2cf amd64/10.0/RPMS/mozilla-irc-1.6-12.1.100mdk.amd64.rpm
c8bfd663339969ee8ed98f5fcb489772 amd64/10.0/RPMS/mozilla-js-debugger-1.6-12.1.100mdk.amd64.rpm
36aaa030ab4cce56c7e213f36e899662 amd64/10.0/RPMS/mozilla-mail-1.6-12.1.100mdk.amd64.rpm
f617cce1aca29d7b55c22c7d71cbe706 amd64/10.0/RPMS/mozilla-spellchecker-1.6-12.1.100mdk.amd64.rpm
4261307ca2dfbc1bf7ee53fa0d9cadda amd64/10.0/SRPMS/mozilla-1.6-12.1.100mdk.src.rpm
Mandrakelinux 9.2:
39f8a9919bf499e7e889d2f857fa930c 9.2/RPMS/libnspr4-1.4-13.3.92mdk.i586.rpm
0ca14f5d18f20b75015140db28c18751 9.2/RPMS/libnspr4-devel-1.4-13.3.92mdk.i586.rpm
f663c0295b8b27489802a913115660e1 9.2/RPMS/libnss3-1.4-13.3.92mdk.i586.rpm
cf80137d87041af69f724f4d3bae21ee 9.2/RPMS/libnss3-devel-1.4-13.3.92mdk.i586.rpm
eb592c81a204899305540827f831178f 9.2/RPMS/mozilla-1.4-13.3.92mdk.i586.rpm
7cef1eab0eb7c38aed0743570912dbc1 9.2/RPMS/mozilla-devel-1.4-13.3.92mdk.i586.rpm
cbbcb63f5db34ab4342bd79d9a0edbaa 9.2/RPMS/mozilla-dom-inspector-1.4-13.3.92mdk.i586.rpm
4a16188a7091803a643278d27c0bedd9 9.2/RPMS/mozilla-enigmail-1.4-13.3.92mdk.i586.rpm
2f247ec2b03fa15358bef296cbf5b5fa 9.2/RPMS/mozilla-enigmime-1.4-13.3.92mdk.i586.rpm
d372cb79f4137257a5ecc2f8bba50058 9.2/RPMS/mozilla-irc-1.4-13.3.92mdk.i586.rpm
7123054edd8308a9389eef15204db3f3 9.2/RPMS/mozilla-js-debugger-1.4-13.3.92mdk.i586.rpm
f4a920a8b551d78066dc23eb8c7a6520 9.2/RPMS/mozilla-mail-1.4-13.3.92mdk.i586.rpm
4b486d04fbf4c34217ec1fe272bde217 9.2/RPMS/mozilla-spellchecker-1.4-13.3.92mdk.i586.rpm
bbd208cba121308110ff629941999d4e 9.2/SRPMS/mozilla-1.4-13.3.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
5a5ce0f34c6d517dac5bd796539d727b amd64/9.2/RPMS/lib64nspr4-1.4-13.3.92mdk.amd64.rpm
95ff73b58ff07df8658ba7db479a6409 amd64/9.2/RPMS/lib64nspr4-devel-1.4-13.3.92mdk.amd64.rpm
f47f3edc3305680e4dfe6fc4f11da651 amd64/9.2/RPMS/lib64nss3-1.4-13.3.92mdk.amd64.rpm
9ffc28e6db6dae88d3f61f647407a863 amd64/9.2/RPMS/lib64nss3-devel-1.4-13.3.92mdk.amd64.rpm
986fff85fd8f3826df7a503da6123cd8 amd64/9.2/RPMS/mozilla-1.4-13.3.92mdk.amd64.rpm
0b3800d499e9b0a38e7d45af293f93cc amd64/9.2/RPMS/mozilla-devel-1.4-13.3.92mdk.amd64.rpm
786af5e02f3a30b091155c7fbe361052 amd64/9.2/RPMS/mozilla-dom-inspector-1.4-13.3.92mdk.amd64.rpm
65987dda19d9f901d84e2bd364395970 amd64/9.2/RPMS/mozilla-enigmail-1.4-13.3.92mdk.amd64.rpm
0b4d182f8aeac8e5189aa58475de3368 amd64/9.2/RPMS/mozilla-enigmime-1.4-13.3.92mdk.amd64.rpm
7fefe5af19372137780d21fc286cce3c amd64/9.2/RPMS/mozilla-irc-1.4-13.3.92mdk.amd64.rpm
7dd3a9b2be038019e19a7839f015f952 amd64/9.2/RPMS/mozilla-js-debugger-1.4-13.3.92mdk.amd64.rpm
90e24a878db2c4dbad41322595c0f67c amd64/9.2/RPMS/mozilla-mail-1.4-13.3.92mdk.amd64.rpm
2225c48c1e6ef9113fffad76a278b7f8 amd64/9.2/RPMS/mozilla-spellchecker-1.4-13.3.92mdk.amd64.rpm
bbd208cba121308110ff629941999d4e amd64/9.2/SRPMS/mozilla-1.4-13.3.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBHCXvmqjQ0CJFipgRAlVgAKCl7DzHJONwWyBpUmzVRckXICAIgQCg3Y3R
m7crvhuptqzB9o3Y/hs/qzY=
=y5eZ
-----END PGP SIGNATURE-----
