---

Home Security

Advisories, August 28, 2006

By

Debian GNU/Linux

Debian Security Advisory DSA 1159-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
August 28th, 2006 http://www.debian.org/security/faq

Package : mozilla-thunderbird
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-2779 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807
CVE-2006-3808 CVE-2006-3809 CVE-2006-3810
CERT advisories: VU#466673 VU#655892 VU#687396 VU#876420
VU#911004
BugTraq IDs : 18228 19181

Several security related problems have been discovered in
Mozilla and derived products such as Mozilla Thunderbird. The
Common Vulnerabilities and Exposures project identifies the
following vulnerabilities:

CVE-2006-2779

Mozilla team members discovered several crashes during testing
of the browser engine showing evidence of memory corruption which
may also lead to the execution of arbitrary code. The last bit of
this problem will be corrected with the next update. You can
prevent any trouble by disabling Javascript. [MFSA-2006-32]

CVE-2006-3805

The Javascript engine might allow remote attackers to execute
arbitrary code. [MFSA-2006-50]

CVE-2006-3806

Multiple integer overflows in the Javascript engine might allow
remote attackers to execute arbitrary code. [MFSA-2006-50]

CVE-2006-3807

Specially crafted Javascript allows remote attackers to execute
arbitrary code. [MFSA-2006-51]

CVE-2006-3808

Remote AutoConfig (PAC) servers could execute code with elevated
privileges via a specially crafted PAC script. [MFSA-2006-52]

CVE-2006-3809

Scripts with the UniversalBrowserRead privilege could gain
UniversalXPConnect privileges and possibly execute code or obtain
sensitive data. [MFSA-2006-53]

CVE-2006-3810

A cross-site scripting vulnerability allows remote attackers to
inject arbitrary web script or HTML. [MFSA-2006-54]

For the stable distribution (sarge) these problems have been
fixed in version 1.0.2-2.sarge1.0.8b.1.

For the unstable distribution (sid) these problems have been
fixed in version 1.5.0.5-1.

We recommend that you upgrade your mozilla-thunderbird
package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1.dsc

      Size/MD5 checksum: 1003
04d64af96e791f70b148b47369e78fa8
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1.diff.gz

      Size/MD5 checksum: 485519
ee4edfac117a53c5af08ed97fe85fe55
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz

      Size/MD5 checksum: 33288906
806175393a226670aa66060452d31df4

Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_alpha.deb

      Size/MD5 checksum: 12848642
4c5bcb9649ff7eec7d4ad6409fccfbce
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_alpha.deb

      Size/MD5 checksum: 3279330
5de619881da404d6846a64e1ab100198
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_alpha.deb

      Size/MD5 checksum: 151606
aca457a945d7a89cc5ad25952db6d32b
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_alpha.deb

      Size/MD5 checksum: 33038
f219f0a68ebce04be1a448d582330e36
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_alpha.deb

      Size/MD5 checksum: 88998
349021463f3a1fca2c269044cf3e66ca

AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_amd64.deb

      Size/MD5 checksum: 12255144
bacce34b5bc0e00ae8dfdcb6db7effee
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_amd64.deb

      Size/MD5 checksum: 3280524
68041a19610600cd691914971d72e915
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_amd64.deb

      Size/MD5 checksum: 150580
d4cd554373b8cf9695e11b172ccd018c
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_amd64.deb

      Size/MD5 checksum: 33032
5c7cc39d0f91f8cbd7dfbcd62f5233ea
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_amd64.deb

      Size/MD5 checksum: 88794
ef6eb382de91c862944b1486e5c343a7

ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_arm.deb

      Size/MD5 checksum: 10342700
42ebac688dbc2943768353f381c48af5
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_arm.deb

      Size/MD5 checksum: 3271408
8d1d920dbc27c50d3cef51653ae67571
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_arm.deb

      Size/MD5 checksum: 142784
14df28e047604532f99d28d57fd66555
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_arm.deb

      Size/MD5 checksum: 33052
441a28a0673a0b4a341ea3d2685ef7a7
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_arm.deb

      Size/MD5 checksum: 80852
608e1e053e2bfd73099f6e853cdc3b11

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_i386.deb

      Size/MD5 checksum: 11563882
b41abc362fc0ed424a3a4cd6c4fa8ca6
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_i386.deb

      Size/MD5 checksum: 3507108
6c5268e655733613500ee2173f1012ec
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_i386.deb

      Size/MD5 checksum: 146250
ba9d20e519d188c237b4b7cef17d3bbe
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_i386.deb

      Size/MD5 checksum: 33052
ef87f87b1ec09d8b1e66591e69895233
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_i386.deb

      Size/MD5 checksum: 87606
925e4a236ba4230a8e32216a064c3f06

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_ia64.deb

      Size/MD5 checksum: 14624106
a3b234485952ea02ccfdd68133a2cf35
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_ia64.deb

      Size/MD5 checksum: 3291038
a15a8ff3fbc471ed4969bb86e67c3c4c
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_ia64.deb

      Size/MD5 checksum: 154934
96ab243eb1e9340a6c04743d761febe8
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_ia64.deb

      Size/MD5 checksum: 33034
ef4ff45411db444879bd8171814989e0
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_ia64.deb

      Size/MD5 checksum: 106730
975838d769c3c4e9821ee2f2db1f180a

HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_hppa.deb

      Size/MD5 checksum: 13565080
e4e770db9c3257e4082f6ba9a4b17942
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_hppa.deb

      Size/MD5 checksum: 3284790
cd7b3d8fa65712084108545b06bf5cf8
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_hppa.deb

      Size/MD5 checksum: 152812
a850d4bbfc5412356adb8999e4afd3a2
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_hppa.deb

      Size/MD5 checksum: 33046
4b2d523df0b35eaf49c2ee670040a746
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_hppa.deb

      Size/MD5 checksum: 96926
49c2664125f88dcbcf8fc370490f1783

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_m68k.deb

      Size/MD5 checksum: 10791242
efe7adeef2105ee962f60eb09d32be04
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_m68k.deb

      Size/MD5 checksum: 3270798
a64399e4e34ec761ddb064e650432d47
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_m68k.deb

      Size/MD5 checksum: 144566
c368a1f6bda4a639c799903d3bed7c86
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_m68k.deb

      Size/MD5 checksum: 33066
3992b0cab96e959ecea687899f8ef05f
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_m68k.deb

      Size/MD5 checksum: 82094
b13852c78fa4f46ff993f3c1e98680dc

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_mips.deb

      Size/MD5 checksum: 11943796
cb93a2f2fc4dd706defeaea3c18a6b6f
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_mips.deb

      Size/MD5 checksum: 3278794
9acf4f9583972ed1fe2d453e8330233b
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_mips.deb

      Size/MD5 checksum: 147496
07472047d17dabe204412c357bb21169
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_mips.deb

      Size/MD5 checksum: 33042
b7f0219fc847c1a52b3336aea10b1523
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_mips.deb

      Size/MD5 checksum: 84296
de6058169bdcaac13f4e44e50d86fcfa

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_mipsel.deb

      Size/MD5 checksum: 11811180
7a90700b755f8a9628743c00c5658e01
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_mipsel.deb

      Size/MD5 checksum: 3279738
b7599c5e7cb743cfe02f60402beeef4c
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_mipsel.deb

      Size/MD5 checksum: 147050
e648ba4dcabf8cd85415d259d19f9dc5
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_mipsel.deb

      Size/MD5 checksum: 33034
9892f5d7755b7b013b825acf7d239b9a
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_mipsel.deb

      Size/MD5 checksum: 84184
08802c45278f5d135118b15c261d60ff

PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_powerpc.deb

      Size/MD5 checksum: 10908332
b4899f52b0b1555eef1a52e29f7ccff0
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_powerpc.deb

      Size/MD5 checksum: 3269376
138a349de0a5a33317fb12e38fa7048d
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_powerpc.deb

      Size/MD5 checksum: 144570
8a5fbabc69454577f95fca69d6922183
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_powerpc.deb

      Size/MD5 checksum: 33046
eab66e527293d35eeec5a2aa21e34988
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_powerpc.deb

      Size/MD5 checksum: 80956
110bbacc7e5b85d32966e8b095d18e49

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_s390.deb

      Size/MD5 checksum: 12701528
e77cc46c7784b4678e00158c4067fb13
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_s390.deb

      Size/MD5 checksum: 3279814
9f614f520b7d24b584b4dfdde4d6856c
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_s390.deb

      Size/MD5 checksum: 150872
8ec4f9059a17b2e75afd8cb472dfd7d4
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_s390.deb

      Size/MD5 checksum: 33030
1a9dd5360add1b5c7d3940e44efc72f4
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_s390.deb

      Size/MD5 checksum: 88798
c1fc3eda5995f50df821da0913447ffa

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_sparc.deb

      Size/MD5 checksum: 11176418
d9291799bae4c157fe7f0a9dd86ebcf4
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_sparc.deb

      Size/MD5 checksum: 3275086
2a78bb9f76059b034dd1232cdd82dee6
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_sparc.deb

      Size/MD5 checksum: 144214
0f03b8b13d7cb6ae6c0eebbec1da6d2b
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_sparc.deb

      Size/MD5 checksum: 33056
4b9864766f12b2328b9e6fdfd98a4d0e
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_sparc.deb

      Size/MD5 checksum: 82648
c02d426a3ab8f7e704f946d0b0fee7c8

These files will probably be moved into the stable distribution
on its next update.

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200608-25

http://security.gentoo.org/

Severity: High
Title: X.org and some X.org libraries: Local privilege
escalations
Date: August 28, 2006
Bugs: #135974
ID: 200608-25

Synopsis

X.org, libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm are
vulnerable to local privilege escalations because of unchecked
setuid() calls.

Background

X.org is an implementation of the X Window System.

Affected packages

     Package                             /  Vulnerable  /   Unaffected



  1  x11-apps/xdm                           < 1.0.4-r1     >= 1.0.4-r1
  2  x11-apps/xinit                         < 1.0.2-r6     >= 1.0.2-r6
  3  x11-apps/xload                         < 1.0.1-r1     >= 1.0.1-r1
  4  x11-apps/xf86dga                       < 1.0.1-r1     >= 1.0.1-r1
  5  x11-base/xorg-x11                      < 6.9.0-r2    *>= 6.8.2-r8
                                                           >= 6.9.0-r2
  6  x11-base/xorg-server                   < 1.1.0-r1    *>= 1.0.2-r6
                                                           >= 1.1.0-r1
  7  x11-libs/libx11                        < 1.0.1-r1     >= 1.0.1-r1
  8  x11-libs/xtrans                        < 1.0.0-r1     >= 1.0.0-r1
  9  x11-terms/xterm                           < 215            >= 215
 10  app-emulation/emul-linux-x86-xlibs      < 7.0-r2        >= 7.0-r2
    -------------------------------------------------------------------
     # Package 10 [app-emulation/emul-linux-x86-xlibs] only applies to
       AMD64 users.

     NOTE: Any packages listed without architecture tags apply to all
          architectures...
    -------------------------------------------------------------------
     10 affected packages

Description

Several X.org libraries and X.org itself contain system calls to
set*uid() functions, without checking their result.

Impact

Local users could deliberately exceed their assigned resource
limits and elevate their privileges after an unsuccessful set*uid()
system call. This requires resource limits to be enabled on the
machine.

Workaround

There is no known workaround at this time.

Resolution

All X.Org xdm users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=x11-apps/xdm-1.0.4-r1"

All X.Org xinit users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=x11-apps/xinit-1.0.2-r6"

All X.Org xload users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=x11-apps/xload-1.0.1-r1"

All X.Org xf86dga users should upgrade to the latest
version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=x11-apps/xf86dga-1.0.1-r1"

All X.Org users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=x11-base/xorg-x11-6.9.0-r2"

All X.Org X servers users should upgrade to the latest
version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.1.0-r1"

All X.Org X11 library users should upgrade to the latest
version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=x11-libs/libx11-1.0.1-r1"

All X.Org xtrans library users should upgrade to the latest
version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=x11-libs/xtrans-1.0.1-r1"

All xterm users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=x11-terms/xterm-215"

All users of the X11R6 libraries for emulation of 32bit x86 on
amd64 should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-xlibs-7.0-r2"

Please note that the fixed packages have been available for most
architectures since June 30th but the GLSA release was held up
waiting for the remaining architectures.

References

[ 1 ] X.Org security advisory

http://lists.freedesktop.org/archives/xorg/2006-June/016146.html

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200608-25.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Red Hat Linux

Red Hat Security Advisory

Synopsis: Critical: seamonkey security update (was mozilla)
Advisory ID: RHSA-2006:0594-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0594.html

Issue date: 2006-08-28
Updated on: 2006-08-28
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-2779 CVE-2006-2780 CVE-2006-2781 CVE-2006-2783
CVE-2006-2782 CVE-2006-2778 CVE-2006-2776 CVE-2006-2784
CVE-2006-2785 CVE-2006-2786 CVE-2006-2787 CVE-2006-2788
CVE-2006-3801 CVE-2006-3677 CVE-2006-3113 CVE-2006-3802
CVE-2006-3803 CVE-2006-3804 CVE-2006-3805 CVE-2006-3806
CVE-2006-3807 CVE-2006-3808 CVE-2006-3809 CVE-2006-3810
CVE-2006-3811 CVE-2006-3812

1. Summary:

Updated seamonkey packages that fix several security bugs in the
mozilla packages are now available for Red Hat Enterprise Linux
2.1.

This update has been rated as having critical security impact by
the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 –
i386, ia64
Red Hat Linux Advanced Workstation 2.1 – ia64
Red Hat Enterprise Linux ES version 2.1 – i386
Red Hat Enterprise Linux WS version 2.1 – i386

3. Problem description:

SeaMonkey is an open source Web browser, advanced email and
newsgroup client, IRC chat client, and HTML editor.

The Mozilla Foundation has discontinued support for the Mozilla
Suite. This update deprecates the Mozilla Suite in Red Hat
Enterprise Linux 2.1 in favor of the supported SeaMonkey Suite.

This update also resolves a number of outstanding Mozilla
security issues:

Several flaws were found in the way SeaMonkey processed certain
javascript actions. A malicious web page could execute arbitrary
javascript instructions with the permissions of “chrome”, allowing
the page to steal sensitive information or install browser malware.
(CVE-2006-2776, CVE-2006-2784, CVE-2006-2785, CVE-2006-2787,
CVE-2006-3807, CVE-2006-3809, CVE-2006-3812)

Several denial of service flaws were found in the way SeaMonkey
processed certain web content. A malicious web page could crash the
browser or possibly execute arbitrary code as the user running
SeaMonkey. (CVE-2006-2779, CVE-2006-2780, CVE-2006-3801,
CVE-2006-3677, CVE-2006-3113, CVE-2006-3803, CVE-2006-3805,
CVE-2006-3806, CVE-2006-3811)

Two flaws were found in the way SeaMonkey Messenger displayed
malformed inline vcard attachments. If a victim viewed an email
message containing a carefully crafted vcard it was possible to
execute arbitrary code as the user running SeaMonkey Messenger.
(CVE-2006-2781, CVE-2006-3804)

A cross-site scripting flaw was found in the way SeaMonkey
processed Unicode Byte-Order-Mark (BOM) markers in UTF-8 web pages.
A malicious web page could execute a script within the browser that
a web input sanitizer could miss due to a malformed “script” tag.
(CVE-2006-2783)

Several flaws were found in the way SeaMonkey processed certain
javascript actions. A malicious web page could conduct a cross-site
scripting attack or steal sensitive information (such as cookies
owned by other domains). (CVE-2006-3802, CVE-2006-3810)

A form file upload flaw was found in the way SeaMonkey handled
javascript input object mutation. A malicious web page could upload
an arbitrary local file at form submission time without user
interaction. (CVE-2006-2782)

A denial of service flaw was found in the way SeaMonkey called
the crypto.signText() javascript function. A malicious web page
could crash the browser if the victim had a client certificate
loaded. (CVE-2006-2778)

Two HTTP response smuggling flaws were found in the way
SeaMonkey processed certain invalid HTTP response headers. A
malicious web site could return specially crafted HTTP response
headers which may bypass HTTP proxy restrictions.
(CVE-2006-2786)

A flaw was found in the way SeaMonkey processed Proxy AutoConfig
scripts. A malicious Proxy AutoConfig server could execute
arbitrary javascript instructions with the permissions of “chrome”,
allowing the page to steal sensitive information or install browser
malware. (CVE-2006-3808)

A double free flaw was found in the way the nsIX509::getRawDER
method was called. If a victim visited a carefully crafted web page
it was possible to execute arbitrary code as the user running
SeaMonkey. (CVE-2006-2788)

Users of Mozilla are advised to upgrade to this update, which
contains SeaMonkey version 1.0.3 that corrects these issues.

4. Solution:

Before applying this update, make sure all previously released
errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat
Network, launch the Red Hat Update Agent with the following
command:

up2date

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

198686 – CVE-2006-2783 multiple Seamonkey issues
(CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788)

198687 – CVE-2006-2779 Multiple Mozilla issues (CVE-2006-2780,
CVE-2006-2781)
200167 – CVE-2006-3801 Multiple Seamonkey issues (CVE-2006-3677,
CVE-2006-3113, CVE-2006-3802, CVE-2006-3803, CVE-2006-3804,
CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808,
CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812)

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/seamonkey-1.0.3-0.0.1.5.EL2.src.rpm

b0910e2c771e7dc70a16153bc7cf8daf
seamonkey-1.0.3-0.0.1.5.EL2.src.rpm

i386:
70958f4e8c846415378ed27c3f0c8f6b
seamonkey-1.0.3-0.0.1.5.EL2.i386.rpm
912bd251a230fb09f53c02ec08cb225f
seamonkey-chat-1.0.3-0.0.1.5.EL2.i386.rpm
0afe89859a8a396a10e7accec3a72d38
seamonkey-devel-1.0.3-0.0.1.5.EL2.i386.rpm
35b47ef74f5e060a85239f0bdc7dccd9
seamonkey-dom-inspector-1.0.3-0.0.1.5.EL2.i386.rpm
1aca4926298500257f98b47c66358ec7
seamonkey-js-debugger-1.0.3-0.0.1.5.EL2.i386.rpm
4a9dcf9c792d1048a3f06033fad6a028
seamonkey-mail-1.0.3-0.0.1.5.EL2.i386.rpm
7f0fed654899a9aab5f06bcb9bbba6a4
seamonkey-nspr-1.0.3-0.0.1.5.EL2.i386.rpm
00938797b6f04a46c110b6eb39b1c8a4
seamonkey-nspr-devel-1.0.3-0.0.1.5.EL2.i386.rpm
6415cfbcae3798fe954b1d01036adf54
seamonkey-nss-1.0.3-0.0.1.5.EL2.i386.rpm
673ecb851f6d279614a4bd50a5105bdd
seamonkey-nss-devel-1.0.3-0.0.1.5.EL2.i386.rpm

ia64:
36d03d31110dd764be5db6839c2611b7
seamonkey-1.0.3-0.0.1.5.EL2.ia64.rpm
2cf04ed7cd38f30000801786cc76acf7
seamonkey-chat-1.0.3-0.0.1.5.EL2.ia64.rpm
ff62cc2bc0b64c1316f86f4cd3bf53bb
seamonkey-devel-1.0.3-0.0.1.5.EL2.ia64.rpm
26f6361f684b74742b24f1ee5bc7f75d
seamonkey-dom-inspector-1.0.3-0.0.1.5.EL2.ia64.rpm
fcdcb3e9cb54c2cda225ab23a66b7151
seamonkey-js-debugger-1.0.3-0.0.1.5.EL2.ia64.rpm
82d8a7de653ed646e45c478402b3f6a1
seamonkey-mail-1.0.3-0.0.1.5.EL2.ia64.rpm
ad0eab741aca939f72cbd8918d25714f
seamonkey-nspr-1.0.3-0.0.1.5.EL2.ia64.rpm
2202c42a85f579dbe66ddf1fb156ea38
seamonkey-nspr-devel-1.0.3-0.0.1.5.EL2.ia64.rpm
bb1f7ebe52172d8a58c9adaf7dbae496
seamonkey-nss-1.0.3-0.0.1.5.EL2.ia64.rpm
9adfeb8c31795fad738b268ac0f615ef
seamonkey-nss-devel-1.0.3-0.0.1.5.EL2.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/seamonkey-1.0.3-0.0.1.5.EL2.src.rpm

b0910e2c771e7dc70a16153bc7cf8daf
seamonkey-1.0.3-0.0.1.5.EL2.src.rpm

ia64:
36d03d31110dd764be5db6839c2611b7
seamonkey-1.0.3-0.0.1.5.EL2.ia64.rpm
2cf04ed7cd38f30000801786cc76acf7
seamonkey-chat-1.0.3-0.0.1.5.EL2.ia64.rpm
ff62cc2bc0b64c1316f86f4cd3bf53bb
seamonkey-devel-1.0.3-0.0.1.5.EL2.ia64.rpm
26f6361f684b74742b24f1ee5bc7f75d
seamonkey-dom-inspector-1.0.3-0.0.1.5.EL2.ia64.rpm
fcdcb3e9cb54c2cda225ab23a66b7151
seamonkey-js-debugger-1.0.3-0.0.1.5.EL2.ia64.rpm
82d8a7de653ed646e45c478402b3f6a1
seamonkey-mail-1.0.3-0.0.1.5.EL2.ia64.rpm
ad0eab741aca939f72cbd8918d25714f
seamonkey-nspr-1.0.3-0.0.1.5.EL2.ia64.rpm
2202c42a85f579dbe66ddf1fb156ea38
seamonkey-nspr-devel-1.0.3-0.0.1.5.EL2.ia64.rpm
bb1f7ebe52172d8a58c9adaf7dbae496
seamonkey-nss-1.0.3-0.0.1.5.EL2.ia64.rpm
9adfeb8c31795fad738b268ac0f615ef
seamonkey-nss-devel-1.0.3-0.0.1.5.EL2.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/seamonkey-1.0.3-0.0.1.5.EL2.src.rpm

b0910e2c771e7dc70a16153bc7cf8daf
seamonkey-1.0.3-0.0.1.5.EL2.src.rpm

i386:
70958f4e8c846415378ed27c3f0c8f6b
seamonkey-1.0.3-0.0.1.5.EL2.i386.rpm
912bd251a230fb09f53c02ec08cb225f
seamonkey-chat-1.0.3-0.0.1.5.EL2.i386.rpm
0afe89859a8a396a10e7accec3a72d38
seamonkey-devel-1.0.3-0.0.1.5.EL2.i386.rpm
35b47ef74f5e060a85239f0bdc7dccd9
seamonkey-dom-inspector-1.0.3-0.0.1.5.EL2.i386.rpm
1aca4926298500257f98b47c66358ec7
seamonkey-js-debugger-1.0.3-0.0.1.5.EL2.i386.rpm
4a9dcf9c792d1048a3f06033fad6a028
seamonkey-mail-1.0.3-0.0.1.5.EL2.i386.rpm
7f0fed654899a9aab5f06bcb9bbba6a4
seamonkey-nspr-1.0.3-0.0.1.5.EL2.i386.rpm
00938797b6f04a46c110b6eb39b1c8a4
seamonkey-nspr-devel-1.0.3-0.0.1.5.EL2.i386.rpm
6415cfbcae3798fe954b1d01036adf54
seamonkey-nss-1.0.3-0.0.1.5.EL2.i386.rpm
673ecb851f6d279614a4bd50a5105bdd
seamonkey-nss-devel-1.0.3-0.0.1.5.EL2.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/seamonkey-1.0.3-0.0.1.5.EL2.src.rpm

b0910e2c771e7dc70a16153bc7cf8daf
seamonkey-1.0.3-0.0.1.5.EL2.src.rpm

i386:
70958f4e8c846415378ed27c3f0c8f6b
seamonkey-1.0.3-0.0.1.5.EL2.i386.rpm
912bd251a230fb09f53c02ec08cb225f
seamonkey-chat-1.0.3-0.0.1.5.EL2.i386.rpm
0afe89859a8a396a10e7accec3a72d38
seamonkey-devel-1.0.3-0.0.1.5.EL2.i386.rpm
35b47ef74f5e060a85239f0bdc7dccd9
seamonkey-dom-inspector-1.0.3-0.0.1.5.EL2.i386.rpm
1aca4926298500257f98b47c66358ec7
seamonkey-js-debugger-1.0.3-0.0.1.5.EL2.i386.rpm
4a9dcf9c792d1048a3f06033fad6a028
seamonkey-mail-1.0.3-0.0.1.5.EL2.i386.rpm
7f0fed654899a9aab5f06bcb9bbba6a4
seamonkey-nspr-1.0.3-0.0.1.5.EL2.i386.rpm
00938797b6f04a46c110b6eb39b1c8a4
seamonkey-nspr-devel-1.0.3-0.0.1.5.EL2.i386.rpm
6415cfbcae3798fe954b1d01036adf54
seamonkey-nss-1.0.3-0.0.1.5.EL2.i386.rpm
673ecb851f6d279614a4bd50a5105bdd
seamonkey-nss-devel-1.0.3-0.0.1.5.EL2.i386.rpm

These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2779

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2780

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2781

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2783

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2782

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2778

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2776

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2784

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2785

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2786

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2787

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2788

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3801

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3677

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3113

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3802

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3803

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3804

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3805

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3806

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3807

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3808

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3809

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3810

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3811

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3812

http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More
contact details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.

Red Hat Security Advisory

Synopsis: Moderate: kdegraphics security update
Advisory ID: RHSA-2006:0648-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0648.html

Issue date: 2006-08-28
Updated on: 2006-08-28
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-3459 CVE-2006-3460 CVE-2006-3461 CVE-2006-3462
CVE-2006-3463 CVE-2006-3464 CVE-2006-3465

1. Summary:

Updated kdegraphics packages that fix several security flaws in
kfax are now available for Red Hat Enterprise Linux 2.1, and 3.

This update has been rated as having moderate security impact by
the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 –
i386, ia64
Red Hat Linux Advanced Workstation 2.1 – ia64
Red Hat Enterprise Linux ES version 2.1 – i386
Red Hat Enterprise Linux WS version 2.1 – i386
Red Hat Enterprise Linux AS version 3 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Desktop version 3 – i386, x86_64
Red Hat Enterprise Linux ES version 3 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 – i386, ia64, x86_64

3. Problem description:

The kdegraphics package contains graphics applications for the K
Desktop Environment.

Tavis Ormandy of Google discovered a number of flaws in libtiff
during a security audit. The kfax application contains a copy of
the libtiff code used for parsing TIFF files and is therefore
affected by these flaws. An attacker who has the ability to trick a
user into opening a malicious TIFF file could cause kfax to crash
or possibly execute arbitrary code. (CVE-2006-3459, CVE-2006-3460,
CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464,
CVE-2006-3465)

Red Hat Enterprise Linux 4 is not vulnerable to these issues as
kfax uses the shared libtiff library which has been fixed in a
previous update.

Users of kfax should upgrade to these updated packages, which
contain backported patches and are not vulnerable to this
issue.

4. Solution:

Before applying this update, make sure all previously released
errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat
Network, launch the Red Hat Update Agent with the following
command:

up2date

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

201313 – CVE-2006-3459 kfax affected by libtiff flaws
(CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463
CVE-2006-3464 CVE-2006-3465)

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kdegraphics-2.2.2-4.4.src.rpm

7e02f00c6f0f04f4b2d344a4ec023d8f
kdegraphics-2.2.2-4.4.src.rpm

i386:
95b171e3e34fb770f40ca342201b8530
kdegraphics-2.2.2-4.4.i386.rpm
92d41638599ce40f99bd4dae53d4557d
kdegraphics-devel-2.2.2-4.4.i386.rpm

ia64:
b60111c884c0c11fe38c014fd2aa20a4
kdegraphics-2.2.2-4.4.ia64.rpm
8d3017d74b4c39ca38c6840127134b7d
kdegraphics-devel-2.2.2-4.4.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kdegraphics-2.2.2-4.4.src.rpm

7e02f00c6f0f04f4b2d344a4ec023d8f
kdegraphics-2.2.2-4.4.src.rpm

ia64:
b60111c884c0c11fe38c014fd2aa20a4
kdegraphics-2.2.2-4.4.ia64.rpm
8d3017d74b4c39ca38c6840127134b7d
kdegraphics-devel-2.2.2-4.4.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kdegraphics-2.2.2-4.4.src.rpm

7e02f00c6f0f04f4b2d344a4ec023d8f
kdegraphics-2.2.2-4.4.src.rpm

i386:
95b171e3e34fb770f40ca342201b8530
kdegraphics-2.2.2-4.4.i386.rpm
92d41638599ce40f99bd4dae53d4557d
kdegraphics-devel-2.2.2-4.4.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kdegraphics-2.2.2-4.4.src.rpm

7e02f00c6f0f04f4b2d344a4ec023d8f
kdegraphics-2.2.2-4.4.src.rpm

i386:
95b171e3e34fb770f40ca342201b8530
kdegraphics-2.2.2-4.4.i386.rpm
92d41638599ce40f99bd4dae53d4557d
kdegraphics-devel-2.2.2-4.4.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kdegraphics-3.1.3-3.10.src.rpm

ef88572cbd568315228054297655ef86
kdegraphics-3.1.3-3.10.src.rpm

i386:
854050e9b33c97244bb7d7c9e5448257
kdegraphics-3.1.3-3.10.i386.rpm
5b947fa999294d0458c4f9e28204609d
kdegraphics-debuginfo-3.1.3-3.10.i386.rpm
5da00f57f88c1f99308ede725c43c73c
kdegraphics-devel-3.1.3-3.10.i386.rpm

ia64:
26bd834fd42ee5aeeab12cb1e7255f4f
kdegraphics-3.1.3-3.10.ia64.rpm
c1de4ef881ce270b2927afd8153b5d8e
kdegraphics-debuginfo-3.1.3-3.10.ia64.rpm
7186b1f5ca78824f67b73cf9b83351d7

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.