:Advisories, April 30, 2006
Advisories, April 30, 2006 0 Talkback[s]
Debian GNU/Linux
Debian Security Advisory DSA 1045-1 security@debian.org http://www.debian.org/security/ Martin Schulzehttp://www.debian.org/security/faq
Package : openvpn
Hendrik Weimer discovered that OpenVPN, the Virtual Private Network
daemon, allows to push environment variables to a client allowing a
malicious VPN server to take over connected clients.
the old stable distribution (woody) does not contain openvpn packages.
For the stable distribution (sarge) this problem has been fixed in
version 2.0-1sarge3.
For the unstable distribution (sid) this problem has been fixed in
version 2.0.6-1.
We recommend that you upgrade your openvpn package.
Upgrade Instructions
wget url
will fetch the file for you
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge3.dsc http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge3.diff.gz http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0.orig.tar.gz
Alpha architecture:
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge3_alpha.deb
AMD64 architecture:
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge3_amd64.deb
ARM architecture:
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge3_arm.deb
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge3_i386.deb
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge3_ia64.deb
HP Precision architecture:
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge3_hppa.deb
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge3_m68k.deb
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge3_mips.deb
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge3_mipsel.deb
PowerPC architecture:
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge3_powerpc.deb
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge3_s390.deb
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge3_sparc.deb
These files will probably be moved into the stable distribution on
its next update.
Debian Security Advisory DSA 1046-1 security@debian.org http://www.debian.org/security/ Martin Schulzehttp://www.debian.org/security/faq
Package : mozilla
Several security related problems have been discovered in Mozilla.
The Common Vulnerabilities and Exposures project identifies the
following vulnerabilities:
CVE-2005-2353
The "run-mozilla.sh" script allows local users to create or
overwrite arbitrary files when debugging is enabled via a symlink
attack on temporary files.
CVE-2005-4134
Web pages with extremely long titles cause subsequent launches of
the browser to appear to "hang" for up to a few minutes, or even
crash if the computer has insufficient memory. [MFSA-2006-03]
CVE-2006-0292
The Javascript interpreter does not properly dereference objects,
which allows remote attackers to cause a denial of service or
execute arbitrary code. [MFSA-2006-01]
CVE-2006-0293
The function allocation code allows attackers to cause a denial of
service and possibly execute arbitrary code. [MFSA-2006-01]
CVE-2006-0296
XULDocument.persist() did not validate the attribute name,
allowing an attacker to inject arbitrary XML and JavaScript code
into localstore.rdf that would be read and acted upon during
startup. [MFSA-2006-05]
CVE-2006-0748
An anonymous researcher for TippingPoint and the Zero Day
Initiative reported that an invalid and nonsensical ordering of
table-related tags can be exploited to execute arbitrary code.
[MFSA-2006-27]
CVE-2006-0749
A particular sequence of HTML tags can cause memory corruption
that can be exploited to exectute arbitary code. [MFSA-2006-18]
CVE-2006-0884
Georgi Guninski reports that forwarding mail in-line while using
the default HTML "rich mail" editor will execute JavaScript
embedded in the e-mail message with full privileges of the client.
[MFSA-2006-21]
CVE-2006-1045
The HTML rendering engine does not properly block external images
from inline HTML attachments when "Block loading of remote images
in mail messages" is enabled, which could allow remote attackers
to obtain sensitive information. [MFSA-2006-26]
CVE-2006-1529
A vulnerability potentially allows remote attackers to cause a
denial of service and possibly execute arbitrary. [MFSA-2006-20]
CVE-2006-1530
A vulnerability potentially allows remote attackers to cause a
denial of service and possibly execute arbitrary. [MFSA-2006-20]
CVE-2006-1531
A vulnerability potentially allows remote attackers to cause a
denial of service and possibly execute arbitrary. [MFSA-2006-20]
CVE-2006-1723
A vulnerability potentially allows remote attackers to cause a
denial of service and possibly execute arbitrary. [MFSA-2006-20]
CVE-2006-1724
A vulnerability potentially allows remote attackers to cause a
denial of service and possibly execute arbitrary. [MFSA-2006-20]
CVE-2006-1725
Due to an interaction between XUL content windows and the history
mechanism, some windows may to become translucent, which might
allow remote attackers to execute arbitrary code. [MFSA-2006-29]
CVE-2006-1726
"shutdown" discovered that the security check of the function
js_ValueToFunctionObject() can be circumvented and exploited to
allow the installation of malware. [MFSA-2006-28]
CVE-2006-1727
Georgi Guninski reported two variants of using scripts in an XBL
control to gain chrome privileges when the page is viewed under
"Print Preview".under "Print Preview". [MFSA-2006-25]
CVE-2006-1728
"shutdown" discovered that the crypto.generateCRMFRequest method
can be used to run arbitrary code with the privilege of the user
running the browser, which could enable an attacker to install
malware. [MFSA-2006-24]
CVE-2006-1729
Claus Jørgensen reported that a text input box can be pre-filled
with a filename and then turned into a file-upload control,
allowing a malicious website to steal any local file whose name
they can guess. [MFSA-2006-23]
CVE-2006-1730
An anonymous researcher for TippingPoint and the Zero Day
Initiative discovered an integer overflow triggered by the CSS
letter-spacing property, which could be exploited to execute
arbitrary code. [MFSA-2006-22]
CVE-2006-1731
"moz_bug_r_a4" discovered that some internal functions return
prototypes instead of objects, which allows remote attackers to
conduct cross-site scripting attacks. [MFSA-2006-19]
CVE-2006-1732
"shutdown" discovered that it is possible to bypass same-origin
protections, allowing a malicious site to inject script into
content from another site, which could allow the malicious page to
steal information such as cookies or passwords from the other
site, or perform transactions on the user's behalf if the user
were already logged in. [MFSA-2006-17]
CVE-2006-1733
"moz_bug_r_a4" discovered that the compilation scope of privileged
built-in XBL bindings is not fully protected from web content and
can still be executed which could be used to execute arbitrary
JavaScript, which could allow an attacker to install malware such
as viruses and password sniffers. [MFSA-2006-16]
CVE-2006-1734
"shutdown" discovered that it is possible to access an internal
function object which could then be used to run arbitrary
JavaScriptcode with full permissions of the user running the
browser, which could be used to install spyware or viruses.
[MFSA-2006-15]
CVE-2006-1735
It is possible to create JavaScript functions that would get
compiled with the wrong privileges, allowing an attacker to run
code of their choice with full permissions of the user running the
browser, which could be used to install spyware or viruses.
[MFSA-2006-14]
CVE-2006-1736
It is possible to trick users into downloading and saving an
executable file via an image that is overlaid by a transparent
image link that points to the executable. [MFSA-2006-13]
CVE-2006-1737
An integer overflow allows remote attackers to cause a denial of
service and possibly execute arbitrary bytecode via JavaScript
with a large regular expression. [MFSA-2006-11]
CVE-2006-1738
An unspecified vulnerability allows remote attackers to cause a
denial of service. [MFSA-2006-11]
CVE-2006-1739
Certain Cascading Style Sheets (CSS) can cause an out-of-bounds
array write and buffer overflow that could lead to a denial of
service and the possible execution of arbitrary code. [MFSA-2006-11]
CVE-2006-1740
It is possible for remote attackers to spoof secure site
indicators such as the locked icon by opening the trusted site in
a popup window, then changing the location to a malicious site.
[MFSA-2006-12]
CVE-2006-1741
"shutdown" discovered that it is possible to inject arbitrary
JavaScript code into a page on another site using a modal alert to
suspend an event handler while a new page is being loaded. This
could be used to steal confidential information. [MFSA-2006-09]
CVE-2006-1742
Igor Bukanov discovered that the JavaScript engine does not
properly handle temporary variables, which might allow remote
attackers to trigger operations on freed memory and cause memory
corruption, causing memory corruption. [MFSA-2006-10]
CVE-2006-1790
A regression fix that could lead to memory corruption allows
remote attackers to cause a denial of service and possibly execute
arbitrary code. [MFSA-2006-11]
For the stable distribution (sarge) these problems have been fixed in
version 1.7.8-1sarge5.
For the unstable distribution (sid) these problems will be fixed in
version 1.7.13-1.
We recommend that you upgrade your Mozilla packages.
Upgrade Instructions
wget url
will fetch the file for you
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5.dsc http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5.diff.gz http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
Alpha architecture:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_alpha.deb http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_alpha.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_alpha.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_alpha.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_alpha.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_alpha.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_alpha.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_alpha.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_alpha.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_alpha.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_alpha.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_alpha.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_alpha.deb
AMD64 architecture:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_amd64.deb http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_amd64.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_amd64.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_amd64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_amd64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_amd64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_amd64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_amd64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_amd64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_amd64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_amd64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_amd64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_amd64.deb
ARM architecture:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_arm.deb http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_arm.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_arm.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_arm.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_arm.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_arm.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_arm.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_arm.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_arm.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_arm.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_arm.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_arm.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_arm.deb
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_i386.deb http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_i386.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_i386.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_i386.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_i386.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_i386.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_i386.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_i386.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_i386.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_i386.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_i386.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_i386.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_i386.deb
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_ia64.deb http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_ia64.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_ia64.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_ia64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_ia64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_ia64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_ia64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_ia64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_ia64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_ia64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_ia64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_ia64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_ia64.deb
HP Precision architecture:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_hppa.deb http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_hppa.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_hppa.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_hppa.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_hppa.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_hppa.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_hppa.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_hppa.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_hppa.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_hppa.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_hppa.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_hppa.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_hppa.deb
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_m68k.deb http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_m68k.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_m68k.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_m68k.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_m68k.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_m68k.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_m68k.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_m68k.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_m68k.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_m68k.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_m68k.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_m68k.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_m68k.deb
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_mips.deb http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_mips.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_mips.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_mips.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_mips.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_mips.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_mips.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_mips.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_mips.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_mips.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_mips.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_mips.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_mips.deb
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_mipsel.deb http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_mipsel.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_mipsel.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_mipsel.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_mipsel.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_mipsel.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_mipsel.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_mipsel.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_mipsel.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_mipsel.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_mipsel.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_mipsel.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_mipsel.deb
PowerPC architecture:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_powerpc.deb http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_powerpc.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_powerpc.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_powerpc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_powerpc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_powerpc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_powerpc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_powerpc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_powerpc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_powerpc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_powerpc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_powerpc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_powerpc.deb
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_s390.deb http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_s390.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_s390.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_s390.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_s390.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_s390.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_s390.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_s390.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_s390.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_s390.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_s390.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_s390.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_s390.deb
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_sparc.deb http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_sparc.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_sparc.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_sparc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_sparc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_sparc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_sparc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_sparc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_sparc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_sparc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_sparc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_sparc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_sparc.deb
These files will probably be moved into the stable distribution on
its next update.
Debian Security Advisory DSA 1047-1 security@debian.org http://www.debian.org/security/ Martin Schulzehttp://www.debian.org/security/faq
Package : resmgr
A problem has been discovered in resmgr, a resource manager library
daemon and PAM module, that allows local users to bypass access
control rules and open any USB device when access to one device was
granted.
the old stable distribution (woody) does not contain resmgr packages.
For the stable distribution (sarge) this problem has been fixed in
version 1.0-2sarge2.
For the unstable distribution (sid) this problem has been fixed in
version 1.0-4.
We recommend that you upgrade your resmgr package.
Upgrade Instructions
wget url
will fetch the file for you
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2.dsc http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2.diff.gz http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0.orig.tar.gz
Alpha architecture:
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.0-2sarge2_alpha.deb http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2sarge2_alpha.deb http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2_alpha.deb
AMD64 architecture:
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.0-2sarge2_amd64.deb http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2sarge2_amd64.deb http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2_amd64.deb
ARM architecture:
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.0-2sarge2_arm.deb http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2sarge2_arm.deb http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2_arm.deb
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.0-2sarge2_i386.deb http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2sarge2_i386.deb http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2_i386.deb
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.0-2sarge2_ia64.deb http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2sarge2_ia64.deb http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2_ia64.deb
HP Precision architecture:
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.0-2sarge2_hppa.deb http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2sarge2_hppa.deb http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2_hppa.deb
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.0-2sarge2_m68k.deb http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2sarge2_m68k.deb http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2_m68k.deb
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.0-2sarge2_mips.deb http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2sarge2_mips.deb http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2_mips.deb
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.0-2sarge2_mipsel.deb http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2sarge2_mipsel.deb http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2_mipsel.deb
PowerPC architecture:
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.0-2sarge2_powerpc.deb http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2sarge2_powerpc.deb http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2_powerpc.deb
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.0-2sarge2_s390.deb http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2sarge2_s390.deb http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2_s390.deb
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.0-2sarge2_sparc.deb http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2sarge2_sparc.deb http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2_sparc.deb
These files will probably be moved into the stable distribution on
its next update.
http://security.debian.org/ stable/updates mainftp://security.debian.org/debian-security dists/stable/updates/maindebian-security-announce@lists.debian.org http://packages.debian.org/<pkg>
Fedora Core
Product : Fedora Core 4
Description :
The libtiff package should be installed if you need to manipulate TIFF
format image files.
This updates fixes serveral vulnerabilities in libtiff.
mclasen@redhat.com > - 3.7.1-6.fc4.1
- Fix multiple vulnerabilities (#189933, #189974, CVE-2006-2024)
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
fc85fc083881e06fdeece647aeb98a2e9b2f7952 SRPMS/libtiff-3.7.1-6.fc4.1.src.rpm
This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
Product : Fedora Core 5
Description :
The libtiff package should be installed if you need to manipulate TIFF
format image files.
This update fixes several vulnerabilities in libtiff.
mclasen@redhat.com > - 3.7.4-4
- fix several vulnerabilities (#189933, #189974, CVE-2006-2024)
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
f10f9f02eeed876e595757f26b7001f89d429acd SRPMS/libtiff-3.7.4-4.src.rpm
This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
Gentoo Linux
http://security.gentoo.org/
Severity: High
Ethereal is vulnerable to numerous vulnerabilities, potentially
resulting in the execution of arbitrary code.
Ethereal is a feature-rich network protocol analyzer.
Coverity discovered numerous vulnerabilities in versions of Ethereal
prior to 0.99.0, including:
buffer overflows in the ALCAP (CVE-2006-1934), COPS (CVE-2006-1935)
and telnet (CVE-2006-1936) dissectors.
buffer overflows in the NetXray/Windows Sniffer and Network
Instruments file code (CVE-2006-1934).
For further details please consult the references below.
An attacker might be able to exploit these vulnerabilities to crash
Ethereal or execute arbitrary code with the permissions of the user
running Ethereal, which could be the root user.
There is no known workaround at this time.
All Ethereal users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.99.0"
[ 1 ] CVE-2006-1932
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1932
[ 2 ] CVE-2006-1933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1933
[ 3 ] CVE-2006-1934
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1934
[ 4 ] CVE-2006-1935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1935
[ 5 ] CVE-2006-1936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1936
[ 6 ] CVE-2006-1937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1937
[ 7 ] CVE-2006-1938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1938
[ 8 ] CVE-2006-1939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1939
[ 9 ] CVE-2006-1940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1940
[ 10 ] Ethereal enpa-sa-00023
http://www.ethereal.com/appnotes/enpa-sa-00023.html
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200604-17.xml
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org .
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
http://security.gentoo.org/
Severity: Normal
Several vulnerabilities in Mozilla Suite allow attacks ranging from
script execution with elevated privileges to information leaks.
The Mozilla Suite is a popular all-in-one web browser that includes a
mail and news reader.
1 www-client/mozilla < 1.7.13 >= 1.7.13
2 www-client/mozilla-bin < 1.7.13 >= 1.7.13
-------------------------------------------------------------------
2 affected packages on all of their supported architectures.
Several vulnerabilities were found in Mozilla Suite. Version 1.7.13 was
released to fix them.
A remote attacker could craft malicious web pages or emails that would
leverage these issues to inject and execute arbitrary script code with
elevated privileges, steal local files, cookies or other information
from web pages or emails, and spoof content. Some of these
vulnerabilities might even be exploited to execute arbitrary code with
the rights of the user running the client.
There are no known workarounds for all the issues at this time.
All Mozilla Suite users should upgrade to the latest version:
# emerge --sync
All Mozilla Suite binary users should upgrade to the latest version:
# emerge --sync
[ 1 ] CVE-2005-4134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134
[ 2 ] CVE-2006-0292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292
[ 3 ] CVE-2006-0293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0293
[ 4 ] CVE-2006-0296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296
[ 5 ] CVE-2006-0748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0748
[ 6 ] CVE-2006-0749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749
[ 7 ] CVE-2006-0884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0884
[ 8 ] CVE-2006-1045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1045
[ 9 ] CVE-2006-1727
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1727
[ 10 ] CVE-2006-1728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1728
[ 11 ] CVE-2006-1729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1729
[ 12 ] CVE-2006-1730
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730
[ 13 ] CVE-2006-1731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731
[ 14 ] CVE-2006-1732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1732
[ 15 ] CVE-2006-1733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733
[ 16 ] CVE-2006-1734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734
[ 17 ] CVE-2006-1735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735
[ 18 ] CVE-2006-1736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1736
[ 19 ] CVE-2006-1737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1737
[ 20 ] CVE-2006-1738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1738
[ 21 ] CVE-2006-1739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739
[ 22 ] CVE-2006-1740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1740
[ 23 ] CVE-2006-1741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1741
[ 24 ] CVE-2006-1742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1742
[ 25 ] CVE-2006-1790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1790
[ 26 ] Mozilla Foundation Security Advisories
http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200604-18.xml
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org .
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
Slackware Linux
[slackware-security] thunderbird (SSA:2006-120-01)
New Thunderbird packages are available for Slackware 10.2
and -current to fix security issues.
More details about the issues may be found here:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
Here are the details from the Slackware 10.2 ChangeLog:http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
Updated package for Slackware 10.2:ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mozilla-thunderbird-1.5.0.2-i686-1.tgz
Updated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-1.5.0.2-i686-1.tgz
Slackware 10.2 package:
Slackware -current package:
Upgrade the package as root:
+-----+
Slackware Linux Security Teamhttp://slackware.com/gpg-key security@slackware.com
Ubuntu Linux
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
mysql-server
The problem can be corrected by upgrading the affected package to
version 4.0.20-2ubuntu1.7 (for Ubuntu 4.10), 4.0.23-3ubuntu2.2 (for
Ubuntu 5.04), or 4.0.24-10ubuntu2.1 (for Ubuntu 5.10). In general, a
standard system upgrade is sufficient to effect the necessary changes.
Details follow:
A logging bypass was discovered in the MySQL query parser. A local
attacker could exploit this by inserting NUL characters into query
strings (even into comments), which would cause the query to be logged
incompletely.
This only affects you if you enabled the 'log' parameter in the MySQL
configuration.
Updated packages for Ubuntu 4.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-2ubuntu1.7.diff.gz http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-2ubuntu1.7.dsc http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20.orig.tar.gz
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-common_4.0.20-2ubuntu1.7_all.deb
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient-dev_4.0.20-2ubuntu1.7_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.20-2ubuntu1.7_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.20-2ubuntu1.7_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.20-2ubuntu1.7_amd64.deb
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient-dev_4.0.20-2ubuntu1.7_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.20-2ubuntu1.7_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.20-2ubuntu1.7_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.20-2ubuntu1.7_i386.deb
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient-dev_4.0.20-2ubuntu1.7_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.20-2ubuntu1.7_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.20-2ubuntu1.7_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.20-2ubuntu1.7_powerpc.deb
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.23-3ubuntu2.2.diff.gz http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.23-3ubuntu2.2.dsc http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.23.orig.tar.gz
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-common_4.0.23-3ubuntu2.2_all.deb
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.23-3ubuntu2.2_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.23-3ubuntu2.2_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.23-3ubuntu2.2_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.23-3ubuntu2.2_amd64.deb
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.23-3ubuntu2.2_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.23-3ubuntu2.2_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.23-3ubuntu2.2_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.23-3ubuntu2.2_i386.deb
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.23-3ubuntu2.2_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.23-3ubuntu2.2_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.23-3ubuntu2.2_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.23-3ubuntu2.2_powerpc.deb
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10ubuntu2.1.diff.gz http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10ubuntu2.1.dsc http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.24.orig.tar.gz
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-common_4.0.24-10ubuntu2.1_all.deb
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10ubuntu2.1_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10ubuntu2.1_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.24-10ubuntu2.1_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.24-10ubuntu2.1_amd64.deb
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10ubuntu2.1_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10ubuntu2.1_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.24-10ubuntu2.1_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.24-10ubuntu2.1_i386.deb
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10ubuntu2.1_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10ubuntu2.1_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.24-10ubuntu2.1_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.24-10ubuntu2.1_powerpc.deb
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
mozilla-browser
The problem can be corrected by upgrading the affected package to
version 2:1.7.13-0ubuntu04.10 (for Ubuntu 4.10), 2:1.7.13-0ubuntu05.04
(for Ubuntu 5.04), and 2:1.7.13-0ubuntu5.10 (for Ubuntu 5.10). After a
standard system upgrade you need to restart Mozilla to effect the
necessary changes.
Details follow:
Web pages with extremely long titles caused subsequent launches of
Mozilla browser to hang for up to a few minutes, or caused Mozilla to
crash on computers with insufficient memory. (CVE-2005-4134)
Igor Bukanov discovered that the JavaScript engine did not properly
declare some temporary variables. Under some rare circumstances, a
malicious website could exploit this to execute arbitrary code with
the privileges of the user. (CVE-2006-0292, CVE-2006-1742)
The function XULDocument.persist() did not sufficiently validate the
names of attributes. An attacker could exploit this to inject
arbitrary XML code into the file 'localstore.rdf', which is read and
evaluated at startup. This could include JavaScript commands that
would be run with the user's privileges. (CVE-2006-0296)
Due to a flaw in the HTML tag parser a specific sequence of HTML tags
caused memory corruption. A malicious web site could exploit this to
crash the browser or even execute arbitrary code with the user's
privileges. (CVE-2006-0748)
An invalid ordering of table-related tags caused Mozilla to use a
negative array index. A malicious website could exploit this to
execute arbitrary code with the privileges of the user.
(CVE-2006-0749)
Georgi Guninski discovered that embedded XBL scripts of web sites
could escalate their (normally reduced) privileges to get full
privileges of the user if that page is viewed with "Print Preview".
(CVE-2006-1727)
The crypto.generateCRMFRequest() function had a flaw which could be
exploited to run arbitrary code with the user's privileges.
(CVE-2006-1728)
Claus Jørgensen and Jesse Ruderman discovered that a text input box
could be pre-filled with a filename and then turned into a file-upload
control with the contents intact. A malicious web site could exploit
this to read any local file the user has read privileges for.
(CVE-2006-1729)
An integer overflow was detected in the handling of the CSS property
"letter-spacing". A malicious web site could exploit this to run
arbitrary code with the user's privileges. (CVE-2006-1730)
The methods valueOf.call() and .valueOf.apply() returned an object
whose privileges were not properly confined to those of the caller,
which made them vulnerable to cross-site scripting attacks. A
malicious web site could exploit this to modify the contents or steal
confidential data (such as passwords) from other opened web pages.
(CVE-2006-1731) The window.controllers array variable (CVE-2006-1732)
and event handlers (CVE-2006-1741) were vulnerable to a similar attack.
The privileged built-in XBL bindings were not fully protected from web
content and could be accessed by calling valueOf.call() and
valueOf.apply() on a method of that binding. A malicious web site
could exploit this to run arbitrary JavaScript code with the user's
privileges. (CVE-2006-1733)
It was possible to use the Object.watch() method to access an internal
function object (the "clone parent"). A malicious web site could
exploit this to execute arbitrary JavaScript code with the user's
privileges. (CVE-2006-1734)
By calling the XBL.method.eval() method in a special way it was
possible to create JavaScript functions that would get compiled with
the wrong privileges. A malicious web site could exploit this to
execute arbitrary JavaScript code with the user's privileges.
(CVE-2006-1735)
Michael Krax discovered that by layering a transparent image link to
an executable on top of a visible (and presumably desirable) image a
malicious site could fool the user to right-click and choose "Save
image as..." from the context menu, which would download the
executable instead of the image. (CVE-2006-1736)
Several crashes have been fixed which could be triggered by web sites
and involve memory corruption. These could potentially be exploited to
execute arbitrary code with the user's privileges. (CVE-2006-1737,
CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)
If the user has turned on the "Entering secure site" modal warning
dialog, it was possible to spoof the browser's secure-site indicators
(the lock icon and the gold URL field background) by first loading the
target secure site in a pop-up window, then changing its location to a
different site, which retained the displayed secure-browsing
indicators from the original site. (CVE-2006-1740)
Updated packages for Ubuntu 4.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.13-0ubuntu04.10.diff.gz http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.13-0ubuntu04.10.dsc http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.13.orig.tar.gz
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu04.10_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu04.10_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu04.10_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu04.10_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu04.10_amd64.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu04.10_amd64.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu04.10_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu04.10_amd64.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu04.10_amd64.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu04.10_amd64.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu04.10_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu04.10_amd64.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu04.10_amd64.deb
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu04.10_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu04.10_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu04.10_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu04.10_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu04.10_i386.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu04.10_i386.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu04.10_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu04.10_i386.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu04.10_i386.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu04.10_i386.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu04.10_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu04.10_i386.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu04.10_i386.deb
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu04.10_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu04.10_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu04.10_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu04.10_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu04.10_powerpc.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu04.10_powerpc.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu04.10_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu04.10_powerpc.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu04.10_powerpc.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu04.10_powerpc.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu04.10_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu04.10_powerpc.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu04.10_powerpc.deb
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.13-0ubuntu05.04.diff.gz http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.13-0ubuntu05.04.dsc http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.13.orig.tar.gz
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu05.04_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu05.04_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu05.04_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu05.04_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu05.04_amd64.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu05.04_amd64.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu05.04_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu05.04_amd64.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu05.04_amd64.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu05.04_amd64.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu05.04_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu05.04_amd64.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu05.04_amd64.deb
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu05.04_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu05.04_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu05.04_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu05.04_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu05.04_i386.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu05.04_i386.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu05.04_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu05.04_i386.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu05.04_i386.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu05.04_i386.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu05.04_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu05.04_i386.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu05.04_i386.deb
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu05.04_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu05.04_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu05.04_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu05.04_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu05.04_powerpc.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu05.04_powerpc.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu05.04_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu05.04_powerpc.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu05.04_powerpc.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu05.04_powerpc.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu05.04_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu05.04_powerpc.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu05.04_powerpc.deb
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.13-0ubuntu5.10.diff.gz http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.13-0ubuntu5.10.dsc http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.13.orig.tar.gz
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu5.10_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu5.10_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu5.10_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu5.10_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu5.10_amd64.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu5.10_amd64.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu5.10_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu5.10_amd64.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu5.10_amd64.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu5.10_amd64.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu5.10_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu5.10_amd64.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu5.10_amd64.deb
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu5.10_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu5.10_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu5.10_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu5.10_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu5.10_i386.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu5.10_i386.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu5.10_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu5.10_i386.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu5.10_i386.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu5.10_i386.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu5.10_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu5.10_i386.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu5.10_i386.deb
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu5.10_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu5.10_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu5.10_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu5.10_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu5.10_powerpc.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu5.10_powerpc.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu5.10_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu5.10_powerpc.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu5.10_powerpc.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu5.10_powerpc.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu5.10_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu5.10_powerpc.deb http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu5.10_powerpc.deb
