dcsimg
Linux Today: Linux News On Internet Time.





More on LinuxToday


Advisories, February 27, 2006

Feb 28, 2006, 04:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 982-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 27th, 2006 http://www.debian.org/security/faq


Package : gpdf
Vulnerability : several
Problem type : local (remote)
Debian-specific: no

Derek Noonburg has fixed several potential vulnerabilities in xpdf, which are also present in gpdf, the Portable Document Format (PDF) viewer with Gtk bindings.

The old stable distribution (woody) does not contain gpdf packages.

For the stable distribution (sarge) these problems have been fixed in version 2.8.2-1.2sarge4.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your gpdf package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4.dsc
      Size/MD5 checksum: 1663 c8dce7a7e56fd3c6c3152261fb7d8473
    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4.diff.gz
      Size/MD5 checksum: 36661 78a2014c938cc560c4ab18a2d76a45a7
    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2.orig.tar.gz
      Size/MD5 checksum: 1245535 5ceb66aa95e51c4e1d6e10cb29560ff9

Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_alpha.deb
      Size/MD5 checksum: 868068 976e80d151a24e904276be7935dbe66c

AMD64 architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_amd64.deb
      Size/MD5 checksum: 795664 fd0ea82ed95818c814a61e360c1ffca4

ARM architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_arm.deb
      Size/MD5 checksum: 781500 67fa5d07642c3cc2a8ed73800929261b

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_i386.deb
      Size/MD5 checksum: 781880 70e32bc11652d9b5e96ea67652d899ff

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_ia64.deb
      Size/MD5 checksum: 958172 7ed29406f4eb3fdbff9557a56efcc105

HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_hppa.deb
      Size/MD5 checksum: 859604 4f0a0f85cc3da4bfb6f7824028bf216a

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_m68k.deb
      Size/MD5 checksum: 745860 28de87c193a903165593af8a6daa4e5a

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_mips.deb
      Size/MD5 checksum: 818496 65e9278872e225a471784aed49661825

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_mipsel.deb
      Size/MD5 checksum: 811016 83903092b986bd6277907bc551543bb0

PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_powerpc.deb
      Size/MD5 checksum: 799718 90d14fde4fb004ee67aaaf64a1be0a4d

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_s390.deb
      Size/MD5 checksum: 776020 d92b72bf49062fa7a3d36205b364d564

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_sparc.deb
      Size/MD5 checksum: 763828 455d1333396950f63a809aba4b6a6865

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Fedora Legacy


Fedora Legacy Update Advisory

Synopsis: Updated nfs-utils package fixes security issues
Advisory ID: FLSA:138098
Issue date: 2006-02-25
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2004-0946 CVE-2004-1014



1. Topic:

An updated nfs-utils package that fixes security issues is now available.

The nfs-utils package provides a daemon for the kernel NFS server and related tools, providing a much higher level of performance than the traditional Linux NFS server used by most users.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386

3. Problem description:

Arjan van de Ven discovered a buffer overflow in rquotad. On 64-bit architectures, an improper integer conversion can lead to a buffer overflow. An attacker with access to an NFS share could send a specially crafted request which could lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2004-0946 to this issue.

In addition, the Fedora Core 2 update fixes the following issue:

SGI reported that the statd daemon did not properly handle the SIGPIPE signal. A misconfigured or malicious peer could cause statd to crash, leading to a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2004-1014 to this issue.

All users of nfs-utils should upgrade to this updated package, which resolves these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=138098

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/nfs-utils-0.3.3-6.73.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/nfs-utils-0.3.3-6.73.2.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/nfs-utils-1.0.1-3.9.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/nfs-utils-1.0.1-3.9.2.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/nfs-utils-1.0.6-1.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/nfs-utils-1.0.6-1.2.legacy.i386.rpm

Fedora Core 2:

SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/nfs-utils-1.0.6-22.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/nfs-utils-1.0.6-22.2.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name


fc563f70e9f2b5eeafb51b9444469689185ef504 redhat/7.3/updates/i386/nfs-utils-0.3.3-6.73.2.legacy.i386.rpm
79dd718df766c23fc8ab4880a0e1557ca990c181 redhat/7.3/updates/SRPMS/nfs-utils-0.3.3-6.73.2.legacy.src.rpm
45c4f3a310d3090271f0d0798cae1e3148ab8299 redhat/9/updates/i386/nfs-utils-1.0.1-3.9.2.legacy.i386.rpm
bf009c4fe075b7105316084c6ca577f15c5bdb52 redhat/9/updates/SRPMS/nfs-utils-1.0.1-3.9.2.legacy.src.rpm
1c96ae93420683ad79b675b205ecb5d6ddb61ef4 fedora/1/updates/i386/nfs-utils-1.0.6-1.2.legacy.i386.rpm
6d4ee9e13e8b3bf1278d59b48ccb0c48f7645f7f fedora/1/updates/SRPMS/nfs-utils-1.0.6-1.2.legacy.src.rpm
2063735e17273d7967c8fa1f3649ab86921c910e fedora/2/updates/i386/nfs-utils-1.0.6-22.2.legacy.i386.rpm
dc3207c089204dd1c47653dc4918fe45b81a8654 fedora/2/updates/SRPMS/nfs-utils-1.0.6-22.2.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0946
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1014

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org


Fedora Legacy Update Advisory

Synopsis: Updated sudo packages fix security issue
Advisory ID: FLSA:162750
Issue date: 2006-02-23
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-1993



1. Topic:

An updated sudo package is available that fixes a race condition in sudo's pathname validation.

The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root with logging.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386

3. Problem description:

A race condition bug was found in the way sudo handles pathnames. It is possible that a local user with limited sudo access could create a race condition that would allow the execution of arbitrary commands as the root user. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2005-1993 to this issue.

Users of sudo should update to this updated package, which contains a backported patch and is not vulnerable to this issue.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162750

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/sudo-1.6.5p2-2.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/sudo-1.6.5p2-2.3.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/sudo-1.6.6-3.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/sudo-1.6.6-3.3.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/sudo-1.6.7p5-2.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/sudo-1.6.7p5-2.3.legacy.i386.rpm

Fedora Core 2:

SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/sudo-1.6.7p5-26.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/sudo-1.6.7p5-26.2.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name


5eed8171a2be78f8a03de987b86220b1c8ecb9d4 redhat/7.3/updates/i386/sudo-1.6.5p2-2.3.legacy.i386.rpm
f1fdc4b82456cf66f89764ec7f9c0909a0603805 redhat/7.3/updates/SRPMS/sudo-1.6.5p2-2.3.legacy.src.rpm
7a84e2d96bba56142ca8c6dec2603577e31b2072 redhat/9/updates/i386/sudo-1.6.6-3.3.legacy.i386.rpm
4aca97be1c9e5f61efa1165955eb219fce3af70e redhat/9/updates/SRPMS/sudo-1.6.6-3.3.legacy.src.rpm
4e7b55e41c355e51b4cdd3a820a6d5c94df43fdc fedora/1/updates/i386/sudo-1.6.7p5-2.3.legacy.i386.rpm
6843f6ee7792e8c63f1034107a4a4e464a613798 fedora/1/updates/SRPMS/sudo-1.6.7p5-2.3.legacy.src.rpm
954a6e7098b7e86e7bc1f1532a72f8a3dab32380 fedora/2/updates/i386/sudo-1.6.7p5-26.2.legacy.i386.rpm
82c884d6bcff123dd510ffdb8a0d81ce63606364 fedora/2/updates/SRPMS/sudo-1.6.7p5-26.2.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1993

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org



Fedora Legacy Update Advisory

Synopsis: Updated perl packages fix security issue
Advisory ID: FLSA:176731
Issue date: 2006-02-25
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-3962



1. Topic:

Updated perl packages that fix a security flaw are now available.

Perl is a high-level programming language commonly used for system administration utilities and Web programming.

2. Relevant releases/architectures:

Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386

3. Problem description:

An integer overflow bug was found in Perl's format string processor. It is possible for an attacker to cause perl to crash or execute arbitrary code if the attacker is able to process a malicious format string. This issue is only exploitable through a script which passes arbitrary untrusted strings to the format string processor. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3962 to this issue.

Note that this vulnerability do not affect perl packages in Red Hat Linux 7.3

Users of perl are advised to upgrade to these packages which contain a backported patch and are not vulnerable to this issue.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=176731

6. RPMs required:

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/perl-5.8.0-90.0.13.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/perl-5.8.0-90.0.13.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/perl-CGI-2.81-90.0.13.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/perl-CPAN-1.61-90.0.13.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/perl-DB_File-1.804-90.0.13.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/perl-suidperl-5.8.0-90.0.13.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/perl-5.8.3-17.5.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/perl-5.8.3-17.5.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/perl-suidperl-5.8.3-17.5.legacy.i386.rpm

Fedora Core 2:

SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/perl-5.8.3-19.5.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/perl-5.8.3-19.5.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/perl-suidperl-5.8.3-19.5.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name


4d2401a09f2cc0b126df88659bd9e259a528146d redhat/9/updates/i386/perl-5.8.0-90.0.13.legacy.i386.rpm
3b5448a2a8d8241a85c4c54ad5d5deb4b9d466d4 redhat/9/updates/i386/perl-CGI-2.81-90.0.13.legacy.i386.rpm
40a05fcf3a7d128e7fa79b00022d54d0542bd3af redhat/9/updates/i386/perl-CPAN-1.61-90.0.13.legacy.i386.rpm
5444ce68de7e8f0b1b051a15a1658c7d497be61b redhat/9/updates/i386/perl-DB_File-1.804-90.0.13.legacy.i386.rpm
76ff3cdbe78a2e7c92c1f95760906fd396f974bf redhat/9/updates/i386/perl-suidperl-5.8.0-90.0.13.legacy.i386.rpm
62fbcae6dd839fd18aabcf5c9fcc6babfd844d94 redhat/9/updates/SRPMS/perl-5.8.0-90.0.13.legacy.src.rpm

3267a9d83ac3cadcfa650b1625cf5c458adb5540 fedora/1/updates/i386/perl-5.8.3-17.5.legacy.i386.rpm
2445d66c7ced8bccc7d875a21404216a0cd5cdb6 fedora/1/updates/i386/perl-suidperl-5.8.3-17.5.legacy.i386.rpm
297a649694e03e67b13cfbac7ae8211554cea44b fedora/1/updates/SRPMS/perl-5.8.3-17.5.legacy.src.rpm

772f9571df3a0eab7749bb0d162311f4cd539879 fedora/2/updates/i386/perl-5.8.3-19.5.legacy.i386.rpm
83cf2b36b48760eb1f99a042214eead7a9650d38 fedora/2/updates/i386/perl-suidperl-5.8.3-19.5.legacy.i386.rpm
260cf2c8b759afe09f205318e1fd78cabdeefcb0 fedora/2/updates/SRPMS/perl-5.8.3-19.5.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3962

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org



Fedora Legacy Update Advisory

Synopsis: Updated mozilla packages fix security issues
Advisory ID: FLSA:180036-1
Issue date: 2006-02-23
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-4134 CVE-2006-0292 CVE-2006-0296



1. Topic:

Updated mozilla packages that fix several security bugs are now available.

Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386
Fedora Core 3 - i386, x86_64

3. Problem description:

Igor Bukanov discovered a bug in the way Mozilla's Javascript interpreter dereferences objects. If a user visits a malicious web page, Mozilla could crash or execute arbitrary code as the user running Mozilla. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0292 to this issue.

moz_bug_r_a4 discovered a bug in Mozilla's XULDocument.persist() function. A malicious web page could inject arbitrary RDF data into a user's localstore.rdf file, which can cause Mozilla to execute arbitrary javascript when a user runs Mozilla. (CVE-2006-0296)

A denial of service bug was found in the way Mozilla saves history information. If a user visits a web page with a very long title, it is possible Mozilla will crash or take a very long time the next time it is run. (CVE-2005-4134)

Users of Mozilla are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=180036

6. RPMs required:

Red Hat Linux 7.3:

SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/mozilla-1.7.12-0.73.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-1.7.12-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-chat-1.7.12-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-devel-1.7.12-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-dom-inspector-1.7.12-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-js-debugger-1.7.12-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-mail-1.7.12-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr-1.7.12-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr-devel-1.7.12-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-1.7.12-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-devel-1.7.12-0.73.3.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/mozilla-1.7.12-0.90.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-1.7.12-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-chat-1.7.12-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-devel-1.7.12-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-dom-inspector-1.7.12-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-js-debugger-1.7.12-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-mail-1.7.12-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-1.7.12-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-devel-1.7.12-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-1.7.12-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-devel-1.7.12-0.90.2.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/mozilla-1.7.12-1.1.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-1.7.12-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-chat-1.7.12-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-devel-1.7.12-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-dom-inspector-1.7.12-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-js-debugger-1.7.12-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-mail-1.7.12-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-1.7.12-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-devel-1.7.12-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-1.7.12-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-devel-1.7.12-1.1.2.legacy.i386.rpm

Fedora Core 2:

SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/mozilla-1.7.12-1.2.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-1.7.12-1.2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-chat-1.7.12-1.2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-devel-1.7.12-1.2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-dom-inspector-1.7.12-1.2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-js-debugger-1.7.12-1.2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-mail-1.7.12-1.2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nspr-1.7.12-1.2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nspr-devel-1.7.12-1.2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nss-1.7.12-1.2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nss-devel-1.7.12-1.2.3.legacy.i386.rpm

Fedora Core 3:

SRPM:
http://download.fedoralegacy.org/fedora/3/updates/SRPMS/mozilla-1.7.12-1.3.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-chat-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-devel-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-dom-inspector-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-js-debugger-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-mail-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nspr-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nspr-devel-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nss-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nss-devel-1.7.12-1.3.3.legacy.i386.rpm

x86_64:
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-1.7.12-1.3.3.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-chat-1.7.12-1.3.3.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-devel-1.7.12-1.3.3.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-dom-inspector-1.7.12-1.3.3.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-js-debugger-1.7.12-1.3.3.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-mail-1.7.12-1.3.3.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nspr-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nspr-1.7.12-1.3.3.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nspr-devel-1.7.12-1.3.3.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nss-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nss-1.7.12-1.3.3.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nss-devel-1.7.12-1.3.3.legacy.x86_64.rpm

7. Verification:

SHA1 sum Package Name


baf937574b92b01271c70169e5e6465eb7736c81 redhat/7.3/updates/i386/mozilla-1.7.12-0.73.3.legacy.i386.rpm
4e401f2064201c290aa00527d148141904532d8a redhat/7.3/updates/i386/mozilla-chat-1.7.12-0.73.3.legacy.i386.rpm
d97acf0463781ac5600754b02b5a902125df5fd4 redhat/7.3/updates/i386/mozilla-devel-1.7.12-0.73.3.legacy.i386.rpm
251eb4a2d0e0f8cf63b7b7975c9819a7e58fd5b3 redhat/7.3/updates/i386/mozilla-dom-inspector-1.7.12-0.73.3.legacy.i386.rpm
584062b1c063fb8c2375693b49e48b8ae7530a00 redhat/7.3/updates/i386/mozilla-js-debugger-1.7.12-0.73.3.legacy.i386.rpm
aa3594680a3224f6b8b7abb9a6b9585fa6f519c1 redhat/7.3/updates/i386/mozilla-mail-1.7.12-0.73.3.legacy.i386.rpm
1676c32cd8143b9ff939b45269b2423b50d062f1 redhat/7.3/updates/i386/mozilla-nspr-1.7.12-0.73.3.legacy.i386.rpm
9d9d350082b38b94d45e458e02f3345b0a4e3ed0 redhat/7.3/updates/i386/mozilla-nspr-devel-1.7.12-0.73.3.legacy.i386.rpm
33753a720edea798966550963426db05a409a6c4 redhat/7.3/updates/i386/mozilla-nss-1.7.12-0.73.3.legacy.i386.rpm
b17dec4e9eab3acca07dc0345d01fa522c3f43d8 redhat/7.3/updates/i386/mozilla-nss-devel-1.7.12-0.73.3.legacy.i386.rpm
169c96bd3eae5e8f4220ed87291ceb176bf1f6b2 redhat/7.3/updates/SRPMS/mozilla-1.7.12-0.73.3.legacy.src.rpm

ffa6d9ff83d69b2aa32fb92a660775cbb92f2b53 redhat/9/updates/i386/mozilla-1.7.12-0.90.2.legacy.i386.rpm
d4bc650d1652ae30bb4df3037bcd1f9f77781774 redhat/9/updates/i386/mozilla-chat-1.7.12-0.90.2.legacy.i386.rpm
0148688359ca6168c0c77160c8891315ac319147 redhat/9/updates/i386/mozilla-devel-1.7.12-0.90.2.legacy.i386.rpm
2be970089280e3b23401402e5ea5019cc57b95ba redhat/9/updates/i386/mozilla-dom-inspector-1.7.12-0.90.2.legacy.i386.rpm
653ceef20cbbd2d415ab8453b5c6d6e81193b6b3 redhat/9/updates/i386/mozilla-js-debugger-1.7.12-0.90.2.legacy.i386.rpm
1c576446d6eef094adf576310d6fa773ee52259b redhat/9/updates/i386/mozilla-mail-1.7.12-0.90.2.legacy.i386.rpm
a2bf3a3f3cbf90a1d0f73bc3ecba5b3d48a8e151 redhat/9/updates/i386/mozilla-nspr-1.7.12-0.90.2.legacy.i386.rpm
8eb53c3254fdbfcb78c229672a28c22d4ef0e4c7 redhat/9/updates/i386/mozilla-nspr-devel-1.7.12-0.90.2.legacy.i386.rpm
4ca88669c7390d9181673af47c954512d6dd7eef redhat/9/updates/i386/mozilla-nss-1.7.12-0.90.2.legacy.i386.rpm
ccc8207ee4ee6dac6b23715884c011dd023acfb0 redhat/9/updates/i386/mozilla-nss-devel-1.7.12-0.90.2.legacy.i386.rpm
9f0c42c95eee533f46cb69e9ca24983d598b7c19 redhat/9/updates/SRPMS/mozilla-1.7.12-0.90.2.legacy.src.rpm

ccc9f1f2f0a31d46cc69af0a7b3fc8279347c855 fedora/1/updates/i386/mozilla-1.7.12-1.1.2.legacy.i386.rpm
22fb3e89d2484c03774aa28756082ad7fd68c9a9 fedora/1/updates/i386/mozilla-chat-1.7.12-1.1.2.legacy.i386.rpm
971284c2c887c7de98cae3fc5fc48c542ff6934f fedora/1/updates/i386/mozilla-devel-1.7.12-1.1.2.legacy.i386.rpm
e7c1727896f18603d38ad40a6f209d19d3049f0a fedora/1/updates/i386/mozilla-dom-inspector-1.7.12-1.1.2.legacy.i386.rpm
938aa693e2a7a499a33c6605cfa3a74e8673df27 fedora/1/updates/i386/mozilla-js-debugger-1.7.12-1.1.2.legacy.i386.rpm
d6a2a1f6974ab09ec1d02af7592e782c27f578e6 fedora/1/updates/i386/mozilla-mail-1.7.12-1.1.2.legacy.i386.rpm
67cb0d096878aed78036e5ea0970f1147bf74d44 fedora/1/updates/i386/mozilla-nspr-1.7.12-1.1.2.legacy.i386.rpm
cd48424e01cfe88b1f438c932a673b97f2101704 fedora/1/updates/i386/mozilla-nspr-devel-1.7.12-1.1.2.legacy.i386.rpm
dd89685756cbe81a3928075f14310f58ce409af3 fedora/1/updates/i386/mozilla-nss-1.7.12-1.1.2.legacy.i386.rpm
e193799b982e920ebb932fcc06c49a5228f704f6 fedora/1/updates/i386/mozilla-nss-devel-1.7.12-1.1.2.legacy.i386.rpm
a07447de816fe5b143dd3f6a3476d3334e01576c fedora/1/updates/SRPMS/mozilla-1.7.12-1.1.2.legacy.src.rpm

f22f8ad6584a2e8ff16f52858181f145a27ad88e fedora/2/updates/i386/mozilla-1.7.12-1.2.3.legacy.i386.rpm
9c1600eb0de0484a292b4b556b6e13d579cba87a fedora/2/updates/i386/mozilla-chat-1.7.12-1.2.3.legacy.i386.rpm
86859e409dc365f5bec29d0a93b175ac0bcba1b7 fedora/2/updates/i386/mozilla-devel-1.7.12-1.2.3.legacy.i386.rpm
2d9fccb410dc48ec08d16a34924db7be85b5270e fedora/2/updates/i386/mozilla-dom-inspector-1.7.12-1.2.3.legacy.i386.rpm
089f2798d5a48d3dbff41b750c0fa263d3c084b2 fedora/2/updates/i386/mozilla-js-debugger-1.7.12-1.2.3.legacy.i386.rpm
7f7cfb22bab08e5cafb4179ab400fb20f9f0e92d fedora/2/updates/i386/mozilla-mail-1.7.12-1.2.3.legacy.i386.rpm
122072963825101d273120c4efc5e0b414d8363c fedora/2/updates/i386/mozilla-nspr-1.7.12-1.2.3.legacy.i386.rpm
377d51c94a02e610a0085a3805a51d97896c56ed fedora/2/updates/i386/mozilla-nspr-devel-1.7.12-1.2.3.legacy.i386.rpm
255a282fed707f6730d559e5e182e15db1a2c647 fedora/2/updates/i386/mozilla-nss-1.7.12-1.2.3.legacy.i386.rpm
63f3f43a95d43c8d03a63a7d9914544d020e36af fedora/2/updates/i386/mozilla-nss-devel-1.7.12-1.2.3.legacy.i386.rpm
3763ccd5bb56555376b15e3b6719addea3d72e94 fedora/2/updates/SRPMS/mozilla-1.7.12-1.2.3.legacy.src.rpm

1dc7f066ff6b1edc46037b874c88871b92e689bd fedora/3/updates/i386/mozilla-1.7.12-1.3.3.legacy.i386.rpm
d42189ed08ecb23f10fa811233191da00a6d2b86 fedora/3/updates/i386/mozilla-chat-1.7.12-1.3.3.legacy.i386.rpm
178fde65f593bfb2c97feef7a9368acd6a85e0a1 fedora/3/updates/i386/mozilla-devel-1.7.12-1.3.3.legacy.i386.rpm
934df1335c0409c5d200d3afcf0c5d1bb619d7a0 fedora/3/updates/i386/mozilla-dom-inspector-1.7.12-1.3.3.legacy.i386.rpm
44a98a9a93f06916e80028e436f3cb5a7e757403 fedora/3/updates/i386/mozilla-js-debugger-1.7.12-1.3.3.legacy.i386.rpm
d70a4a67cae1c047ddd515ff466cc3964dc21639 fedora/3/updates/i386/mozilla-mail-1.7.12-1.3.3.legacy.i386.rpm
628cb7537726199cf5ecd459e7cbf2bb27acdca5 fedora/3/updates/i386/mozilla-nspr-1.7.12-1.3.3.legacy.i386.rpm
6c4a6afd3c1b3538a1ab0f691af18b75ae910f0a fedora/3/updates/i386/mozilla-nspr-devel-1.7.12-1.3.3.legacy.i386.rpm
6df7e4d99d0b5b0634eaf71816aff3a76308850c fedora/3/updates/i386/mozilla-nss-1.7.12-1.3.3.legacy.i386.rpm
86a0ea171fa09f02a13307cfd742aa4d7669dbf3 fedora/3/updates/i386/mozilla-nss-devel-1.7.12-1.3.3.legacy.i386.rpm
cc1ee55af3e20e520347b8d54604c49a3a687a68 fedora/3/updates/x86_64/mozilla-1.7.12-1.3.3.legacy.x86_64.rpm
2365e1dd78f64bfb6888e8a7c5ad16ce10a222f9 fedora/3/updates/x86_64/mozilla-chat-1.7.12-1.3.3.legacy.x86_64.rpm
1dc8b590ba623365a07c33c8a98c5d6eb7057486 fedora/3/updates/x86_64/mozilla-devel-1.7.12-1.3.3.legacy.x86_64.rpm
abdf5d08629556a3335ad70eb565b65dbec226b3 fedora/3/updates/x86_64/mozilla-dom-inspector-1.7.12-1.3.3.legacy.x86_64.rpm
3489b08fbbe7dab2e913c6c79c24296bc0ac0078 fedora/3/updates/x86_64/mozilla-js-debugger-1.7.12-1.3.3.legacy.x86_64.rpm
b544c2a6807963113eb2234ff3d846eb2c435661 fedora/3/updates/x86_64/mozilla-mail-1.7.12-1.3.3.legacy.x86_64.rpm
628cb7537726199cf5ecd459e7cbf2bb27acdca5 fedora/3/updates/x86_64/mozilla-nspr-1.7.12-1.3.3.legacy.i386.rpm
6cf873ef9085f915b38f2bc70f16adfcfa155bfd fedora/3/updates/x86_64/mozilla-nspr-1.7.12-1.3.3.legacy.x86_64.rpm
5eb2b843489853ea7d395502c492383557d1d7ce fedora/3/updates/x86_64/mozilla-nspr-devel-1.7.12-1.3.3.legacy.x86_64.rpm
6df7e4d99d0b5b0634eaf71816aff3a76308850c fedora/3/updates/x86_64/mozilla-nss-1.7.12-1.3.3.legacy.i386.rpm
f7c34c932da9b4f65f134123ee8b86af16c7667d fedora/3/updates/x86_64/mozilla-nss-1.7.12-1.3.3.legacy.x86_64.rpm
5889b94be3ad690867bf59697b6d4704757d1402 fedora/3/updates/x86_64/mozilla-nss-devel-1.7.12-1.3.3.legacy.x86_64.rpm
c4051d635668658df5f1ce4df69becc721fb752a fedora/3/updates/SRPMS/mozilla-1.7.12-1.3.3.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org



Fedora Legacy Update Advisory

Synopsis: Updated firefox package fixes security issues
Advisory ID: FLSA:180036-2
Issue date: 2006-02-23
Product: Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-4134 CVE-2006-0292 CVE-2006-0296



1. Topic:

An updated firefox package that fixes several security bugs is now available.

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

2. Relevant releases/architectures:

Fedora Core 3 - i386, x86_64

3. Problem description:

Igor Bukanov discovered a bug in the way Firefox's Javascript interpreter derefernces objects. If a user visits a malicious web page, Firefox could crash or execute arbitrary code as the user running Firefox. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0292 to this issue.

moz_bug_r_a4 discovered a bug in Firefox's XULDocument.persist() function. A malicious web page could inject arbitrary RDF data into a user's localstore.rdf file, which can cause Firefox to execute arbitrary javascript when a user runs Firefox. (CVE-2006-0296)

A denial of service bug was found in the way Firefox saves history information. If a user visits a web page with a very long title, it is possible Firefox will crash or take a very long time the next time it is run. (CVE-2005-4134)

Users of Firefox are advised to upgrade to this updated package, which contains backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=180036

6. RPMs required:

Fedora Core 3:

SRPM:
http://download.fedoralegacy.org/fedora/3/updates/SRPMS/firefox-1.0.7-1.3.fc3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/3/updates/i386/firefox-1.0.7-1.3.fc3.legacy.i386.rpm

x86_64:
http://download.fedoralegacy.org/fedora/3/updates/x86_64/firefox-1.0.7-1.3.fc3.legacy.x86_64.rpm

7. Verification:

SHA1 sum Package Name


3b05d93992aba7369a418d53344250aa275330ac fedora/3/updates/i386/firefox-1.0.7-1.3.fc3.legacy.i386.rpm
850534b4cfa591372d8245808e46378c5923e086 fedora/3/updates/x86_64/firefox-1.0.7-1.3.fc3.legacy.x86_64.rpm
a167dc9061c484aa26f89703dc0228883409235e fedora/3/updates/SRPMS/firefox-1.0.7-1.3.fc3.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org


Gentoo Linux


Gentoo Linux Security Advisory