---

Home Security

Advisories, February 27, 2006

By

Debian GNU/Linux

Debian Security Advisory DSA 982-1 [email protected]
http://www.debian.org/security/
Martin Schulze
February 27th, 2006 http://www.debian.org/security/faq

Package : gpdf
Vulnerability : several
Problem type : local (remote)
Debian-specific: no

Derek Noonburg has fixed several potential vulnerabilities in
xpdf, which are also present in gpdf, the Portable Document Format
(PDF) viewer with Gtk bindings.

The old stable distribution (woody) does not contain gpdf
packages.

For the stable distribution (sarge) these problems have been
fixed in version 2.8.2-1.2sarge4.

For the unstable distribution (sid) these problems will be fixed
soon.

We recommend that you upgrade your gpdf package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4.dsc

      Size/MD5 checksum: 1663
c8dce7a7e56fd3c6c3152261fb7d8473
    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4.diff.gz

      Size/MD5 checksum: 36661
78a2014c938cc560c4ab18a2d76a45a7
    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2.orig.tar.gz

      Size/MD5 checksum: 1245535
5ceb66aa95e51c4e1d6e10cb29560ff9

Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_alpha.deb

      Size/MD5 checksum: 868068
976e80d151a24e904276be7935dbe66c

AMD64 architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_amd64.deb

      Size/MD5 checksum: 795664
fd0ea82ed95818c814a61e360c1ffca4

ARM architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_arm.deb

      Size/MD5 checksum: 781500
67fa5d07642c3cc2a8ed73800929261b

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_i386.deb

      Size/MD5 checksum: 781880
70e32bc11652d9b5e96ea67652d899ff

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_ia64.deb

      Size/MD5 checksum: 958172
7ed29406f4eb3fdbff9557a56efcc105

HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_hppa.deb

      Size/MD5 checksum: 859604
4f0a0f85cc3da4bfb6f7824028bf216a

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_m68k.deb

      Size/MD5 checksum: 745860
28de87c193a903165593af8a6daa4e5a

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_mips.deb

      Size/MD5 checksum: 818496
65e9278872e225a471784aed49661825

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_mipsel.deb

      Size/MD5 checksum: 811016
83903092b986bd6277907bc551543bb0

PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_powerpc.deb

      Size/MD5 checksum: 799718
90d14fde4fb004ee67aaaf64a1be0a4d

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_s390.deb

      Size/MD5 checksum: 776020
d92b72bf49062fa7a3d36205b364d564

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_sparc.deb

      Size/MD5 checksum: 763828
455d1333396950f63a809aba4b6a6865

These files will probably be moved into the stable distribution
on its next update.

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: [email protected]

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Fedora Legacy

Fedora Legacy Update Advisory

Synopsis: Updated nfs-utils package fixes security issues
Advisory ID: FLSA:138098
Issue date: 2006-02-25
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2004-0946 CVE-2004-1014

1. Topic:

An updated nfs-utils package that fixes security issues is now
available.

The nfs-utils package provides a daemon for the kernel NFS
server and related tools, providing a much higher level of
performance than the traditional Linux NFS server used by most
users.

2. Relevant releases/architectures:

Red Hat Linux 7.3 – i386
Red Hat Linux 9 – i386
Fedora Core 1 – i386
Fedora Core 2 – i386

3. Problem description:

Arjan van de Ven discovered a buffer overflow in rquotad. On
64-bit architectures, an improper integer conversion can lead to a
buffer overflow. An attacker with access to an NFS share could send
a specially crafted request which could lead to the execution of
arbitrary code. The Common Vulnerabilities and Exposures project
(cve.mitre.org/) has assigned
the name CVE-2004-0946 to this issue.

In addition, the Fedora Core 2 update fixes the following
issue:

SGI reported that the statd daemon did not properly handle the
SIGPIPE signal. A misconfigured or malicious peer could cause statd
to crash, leading to a denial of service. The Common
Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CVE-2004-1014 to this issue.

All users of nfs-utils should upgrade to this updated package,
which resolves these issues.

4. Solution:

Before applying this update, make sure all previously released
errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.
Only those RPMs which are currently installed will be updated.
Those RPMs which are not installed but included in the list will
not be updated. Note that you can also use wildcards (*.rpm) if
your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt.
Many people find this an easier way to apply updates. To use yum
issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that
you have yum or apt-get configured for obtaining Fedora Legacy
content. Please visit http://www.fedoralegacy.org/docs
for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=138098

6. RPMs required:

Red Hat Linux 7.3:
SRPM:

http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/nfs-utils-0.3.3-6.73.2.legacy.src.rpm

i386:

http://download.fedoralegacy.org/redhat/7.3/updates/i386/nfs-utils-0.3.3-6.73.2.legacy.i386.rpm

Red Hat Linux 9:

SRPM:

http://download.fedoralegacy.org/redhat/9/updates/SRPMS/nfs-utils-1.0.1-3.9.2.legacy.src.rpm

i386:

http://download.fedoralegacy.org/redhat/9/updates/i386/nfs-utils-1.0.1-3.9.2.legacy.i386.rpm

Fedora Core 1:

SRPM:

http://download.fedoralegacy.org/fedora/1/updates/SRPMS/nfs-utils-1.0.6-1.2.legacy.src.rpm

i386:

http://download.fedoralegacy.org/fedora/1/updates/i386/nfs-utils-1.0.6-1.2.legacy.i386.rpm

Fedora Core 2:

SRPM:

http://download.fedoralegacy.org/fedora/2/updates/SRPMS/nfs-utils-1.0.6-22.2.legacy.src.rpm

i386:

http://download.fedoralegacy.org/fedora/2/updates/i386/nfs-utils-1.0.6-22.2.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name

fc563f70e9f2b5eeafb51b9444469689185ef504
redhat/7.3/updates/i386/nfs-utils-0.3.3-6.73.2.legacy.i386.rpm
79dd718df766c23fc8ab4880a0e1557ca990c181
redhat/7.3/updates/SRPMS/nfs-utils-0.3.3-6.73.2.legacy.src.rpm
45c4f3a310d3090271f0d0798cae1e3148ab8299
redhat/9/updates/i386/nfs-utils-1.0.1-3.9.2.legacy.i386.rpm
bf009c4fe075b7105316084c6ca577f15c5bdb52
redhat/9/updates/SRPMS/nfs-utils-1.0.1-3.9.2.legacy.src.rpm
1c96ae93420683ad79b675b205ecb5d6ddb61ef4
fedora/1/updates/i386/nfs-utils-1.0.6-1.2.legacy.i386.rpm
6d4ee9e13e8b3bf1278d59b48ccb0c48f7645f7f
fedora/1/updates/SRPMS/nfs-utils-1.0.6-1.2.legacy.src.rpm
2063735e17273d7967c8fa1f3649ab86921c910e
fedora/2/updates/i386/nfs-utils-1.0.6-22.2.legacy.i386.rpm
dc3207c089204dd1c47653dc4918fe45b81a8654
fedora/2/updates/SRPMS/nfs-utils-1.0.6-22.2.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our
key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm –checksig -v <filename>

If you only wish to verify that each package has not been
corrupted or tampered with, examine only the sha1sum with the
following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0946

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1014

9. Contact:

The Fedora Legacy security contact is <[email protected]>.
More project details at http://www.fedoralegacy.org

Fedora Legacy Update Advisory

Synopsis: Updated sudo packages fix security issue
Advisory ID: FLSA:162750
Issue date: 2006-02-23
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-1993

1. Topic:

An updated sudo package is available that fixes a race condition
in sudo’s pathname validation.

The sudo (superuser do) utility allows system administrators to
give certain users the ability to run commands as root with
logging.

2. Relevant releases/architectures:

Red Hat Linux 7.3 – i386
Red Hat Linux 9 – i386
Fedora Core 1 – i386
Fedora Core 2 – i386

3. Problem description:

A race condition bug was found in the way sudo handles
pathnames. It is possible that a local user with limited sudo
access could create a race condition that would allow the execution
of arbitrary commands as the root user. The Common Vulnerabilities
and Exposures project (cve.mitre.org/) has assigned the name
CVE-2005-1993 to this issue.

Users of sudo should update to this updated package, which
contains a backported patch and is not vulnerable to this
issue.

4. Solution:

Before applying this update, make sure all previously released
errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.
Only those RPMs which are currently installed will be updated.
Those RPMs which are not installed but included in the list will
not be updated. Note that you can also use wildcards (*.rpm) if
your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt.
Many people find this an easier way to apply updates. To use yum
issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that
you have yum or apt-get configured for obtaining Fedora Legacy
content. Please visit http://www.fedoralegacy.org/docs
for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162750

6. RPMs required:

Red Hat Linux 7.3:
SRPM:

http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/sudo-1.6.5p2-2.3.legacy.src.rpm

i386:

http://download.fedoralegacy.org/redhat/7.3/updates/i386/sudo-1.6.5p2-2.3.legacy.i386.rpm

Red Hat Linux 9:

SRPM:

http://download.fedoralegacy.org/redhat/9/updates/SRPMS/sudo-1.6.6-3.3.legacy.src.rpm

i386:

http://download.fedoralegacy.org/redhat/9/updates/i386/sudo-1.6.6-3.3.legacy.i386.rpm

Fedora Core 1:

SRPM:

http://download.fedoralegacy.org/fedora/1/updates/SRPMS/sudo-1.6.7p5-2.3.legacy.src.rpm

i386:

http://download.fedoralegacy.org/fedora/1/updates/i386/sudo-1.6.7p5-2.3.legacy.i386.rpm

Fedora Core 2:

SRPM:

http://download.fedoralegacy.org/fedora/2/updates/SRPMS/sudo-1.6.7p5-26.2.legacy.src.rpm

i386:

http://download.fedoralegacy.org/fedora/2/updates/i386/sudo-1.6.7p5-26.2.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name

5eed8171a2be78f8a03de987b86220b1c8ecb9d4
redhat/7.3/updates/i386/sudo-1.6.5p2-2.3.legacy.i386.rpm
f1fdc4b82456cf66f89764ec7f9c0909a0603805
redhat/7.3/updates/SRPMS/sudo-1.6.5p2-2.3.legacy.src.rpm
7a84e2d96bba56142ca8c6dec2603577e31b2072
redhat/9/updates/i386/sudo-1.6.6-3.3.legacy.i386.rpm
4aca97be1c9e5f61efa1165955eb219fce3af70e
redhat/9/updates/SRPMS/sudo-1.6.6-3.3.legacy.src.rpm
4e7b55e41c355e51b4cdd3a820a6d5c94df43fdc
fedora/1/updates/i386/sudo-1.6.7p5-2.3.legacy.i386.rpm
6843f6ee7792e8c63f1034107a4a4e464a613798
fedora/1/updates/SRPMS/sudo-1.6.7p5-2.3.legacy.src.rpm
954a6e7098b7e86e7bc1f1532a72f8a3dab32380
fedora/2/updates/i386/sudo-1.6.7p5-26.2.legacy.i386.rpm
82c884d6bcff123dd510ffdb8a0d81ce63606364
fedora/2/updates/SRPMS/sudo-1.6.7p5-26.2.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our
key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm –checksig -v <filename>

If you only wish to verify that each package has not been
corrupted or tampered with, examine only the sha1sum with the
following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1993

9. Contact:

The Fedora Legacy security contact is <[email protected]>.
More project details at http://www.fedoralegacy.org

Fedora Legacy Update Advisory

Synopsis: Updated perl packages fix security issue
Advisory ID: FLSA:176731
Issue date: 2006-02-25
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-3962

1. Topic:

Updated perl packages that fix a security flaw are now
available.

Perl is a high-level programming language commonly used for
system administration utilities and Web programming.

2. Relevant releases/architectures:

Red Hat Linux 9 – i386
Fedora Core 1 – i386
Fedora Core 2 – i386

3. Problem description:

An integer overflow bug was found in Perl’s format string
processor. It is possible for an attacker to cause perl to crash or
execute arbitrary code if the attacker is able to process a
malicious format string. This issue is only exploitable through a
script which passes arbitrary untrusted strings to the format
string processor. The Common Vulnerabilities and Exposures project
assigned the name CVE-2005-3962 to this issue.

Note that this vulnerability do not affect perl packages in Red
Hat Linux 7.3

Users of perl are advised to upgrade to these packages which
contain a backported patch and are not vulnerable to this
issue.

4. Solution:

Before applying this update, make sure all previously released
errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.
Only those RPMs which are currently installed will be updated.
Those RPMs which are not installed but included in the list will
not be updated. Note that you can also use wildcards (*.rpm) if
your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt.
Many people find this an easier way to apply updates. To use yum
issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that
you have yum or apt-get configured for obtaining Fedora Legacy
content. Please visit http://www.fedoralegacy.org/docs
for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=176731

6. RPMs required:

Red Hat Linux 9:

SRPM:

http://download.fedoralegacy.org/redhat/9/updates/SRPMS/perl-5.8.0-90.0.13.legacy.src.rpm

i386:

http://download.fedoralegacy.org/redhat/9/updates/i386/perl-5.8.0-90.0.13.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/perl-CGI-2.81-90.0.13.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/perl-CPAN-1.61-90.0.13.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/perl-DB_File-1.804-90.0.13.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/perl-suidperl-5.8.0-90.0.13.legacy.i386.rpm

Fedora Core 1:

SRPM:

http://download.fedoralegacy.org/fedora/1/updates/SRPMS/perl-5.8.3-17.5.legacy.src.rpm

i386:

http://download.fedoralegacy.org/fedora/1/updates/i386/perl-5.8.3-17.5.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/1/updates/i386/perl-suidperl-5.8.3-17.5.legacy.i386.rpm

Fedora Core 2:

SRPM:

http://download.fedoralegacy.org/fedora/2/updates/SRPMS/perl-5.8.3-19.5.legacy.src.rpm

i386:

http://download.fedoralegacy.org/fedora/2/updates/i386/perl-5.8.3-19.5.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/2/updates/i386/perl-suidperl-5.8.3-19.5.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name

4d2401a09f2cc0b126df88659bd9e259a528146d
redhat/9/updates/i386/perl-5.8.0-90.0.13.legacy.i386.rpm
3b5448a2a8d8241a85c4c54ad5d5deb4b9d466d4
redhat/9/updates/i386/perl-CGI-2.81-90.0.13.legacy.i386.rpm
40a05fcf3a7d128e7fa79b00022d54d0542bd3af
redhat/9/updates/i386/perl-CPAN-1.61-90.0.13.legacy.i386.rpm
5444ce68de7e8f0b1b051a15a1658c7d497be61b
redhat/9/updates/i386/perl-DB_File-1.804-90.0.13.legacy.i386.rpm

76ff3cdbe78a2e7c92c1f95760906fd396f974bf
redhat/9/updates/i386/perl-suidperl-5.8.0-90.0.13.legacy.i386.rpm

62fbcae6dd839fd18aabcf5c9fcc6babfd844d94
redhat/9/updates/SRPMS/perl-5.8.0-90.0.13.legacy.src.rpm

3267a9d83ac3cadcfa650b1625cf5c458adb5540
fedora/1/updates/i386/perl-5.8.3-17.5.legacy.i386.rpm
2445d66c7ced8bccc7d875a21404216a0cd5cdb6
fedora/1/updates/i386/perl-suidperl-5.8.3-17.5.legacy.i386.rpm
297a649694e03e67b13cfbac7ae8211554cea44b
fedora/1/updates/SRPMS/perl-5.8.3-17.5.legacy.src.rpm

772f9571df3a0eab7749bb0d162311f4cd539879
fedora/2/updates/i386/perl-5.8.3-19.5.legacy.i386.rpm
83cf2b36b48760eb1f99a042214eead7a9650d38
fedora/2/updates/i386/perl-suidperl-5.8.3-19.5.legacy.i386.rpm
260cf2c8b759afe09f205318e1fd78cabdeefcb0
fedora/2/updates/SRPMS/perl-5.8.3-19.5.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our
key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm –checksig -v <filename>

If you only wish to verify that each package has not been
corrupted or tampered with, examine only the sha1sum with the
following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3962

9. Contact:

The Fedora Legacy security contact is <[email protected]>.
More project details at http://www.fedoralegacy.org

Fedora Legacy Update Advisory

Synopsis: Updated mozilla packages fix security issues
Advisory ID: FLSA:180036-1
Issue date: 2006-02-23
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-4134 CVE-2006-0292 CVE-2006-0296

1. Topic:

Updated mozilla packages that fix several security bugs are now
available.

Mozilla is an open source Web browser, advanced email and
newsgroup client, IRC chat client, and HTML editor.

2. Relevant releases/architectures:

Red Hat Linux 7.3 – i386
Red Hat Linux 9 – i386
Fedora Core 1 – i386
Fedora Core 2 – i386
Fedora Core 3 – i386, x86_64

3. Problem description:

Igor Bukanov discovered a bug in the way Mozilla’s Javascript
interpreter dereferences objects. If a user visits a malicious web
page, Mozilla could crash or execute arbitrary code as the user
running Mozilla. The Common Vulnerabilities and Exposures project
assigned the name CVE-2006-0292 to this issue.

moz_bug_r_a4 discovered a bug in Mozilla’s XULDocument.persist()
function. A malicious web page could inject arbitrary RDF data into
a user’s localstore.rdf file, which can cause Mozilla to execute
arbitrary javascript when a user runs Mozilla. (CVE-2006-0296)

A denial of service bug was found in the way Mozilla saves
history information. If a user visits a web page with a very long
title, it is possible Mozilla will crash or take a very long time
the next time it is run. (CVE-2005-4134)

Users of Mozilla are advised to upgrade to these updated
packages, which contain backported patches to correct these
issues.

4. Solution:

Before applying this update, make sure all previously released
errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.
Only those RPMs which are currently installed will be updated.
Those RPMs which are not installed but included in the list will
not be updated. Note that you can also use wildcards (*.rpm) if
your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt.
Many people find this an easier way to apply updates. To use yum
issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that
you have yum or apt-get configured for obtaining Fedora Legacy
content. Please visit http://www.fedoralegacy.org/docs
for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=180036

6. RPMs required:

Red Hat Linux 7.3:

SRPM:

http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/mozilla-1.7.12-0.73.3.legacy.src.rpm

i386:

http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-1.7.12-0.73.3.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-chat-1.7.12-0.73.3.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-devel-1.7.12-0.73.3.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-dom-inspector-1.7.12-0.73.3.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-js-debugger-1.7.12-0.73.3.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-mail-1.7.12-0.73.3.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr-1.7.12-0.73.3.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr-devel-1.7.12-0.73.3.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-1.7.12-0.73.3.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-devel-1.7.12-0.73.3.legacy.i386.rpm

Red Hat Linux 9:

SRPM:

http://download.fedoralegacy.org/redhat/9/updates/SRPMS/mozilla-1.7.12-0.90.2.legacy.src.rpm

i386:

http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-1.7.12-0.90.2.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-chat-1.7.12-0.90.2.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-devel-1.7.12-0.90.2.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-dom-inspector-1.7.12-0.90.2.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-js-debugger-1.7.12-0.90.2.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-mail-1.7.12-0.90.2.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-1.7.12-0.90.2.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-devel-1.7.12-0.90.2.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-1.7.12-0.90.2.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-devel-1.7.12-0.90.2.legacy.i386.rpm

Fedora Core 1:

SRPM:

http://download.fedoralegacy.org/fedora/1/updates/SRPMS/mozilla-1.7.12-1.1.2.legacy.src.rpm

i386:

http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-1.7.12-1.1.2.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-chat-1.7.12-1.1.2.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-devel-1.7.12-1.1.2.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-dom-inspector-1.7.12-1.1.2.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-js-debugger-1.7.12-1.1.2.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-mail-1.7.12-1.1.2.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-1.7.12-1.1.2.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-devel-1.7.12-1.1.2.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-1.7.12-1.1.2.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-devel-1.7.12-1.1.2.legacy.i386.rpm

Fedora Core 2:

SRPM:

http://download.fedoralegacy.org/fedora/2/updates/SRPMS/mozilla-1.7.12-1.2.3.legacy.src.rpm

i386:

http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-1.7.12-1.2.3.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-chat-1.7.12-1.2.3.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-devel-1.7.12-1.2.3.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-dom-inspector-1.7.12-1.2.3.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-js-debugger-1.7.12-1.2.3.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-mail-1.7.12-1.2.3.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nspr-1.7.12-1.2.3.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nspr-devel-1.7.12-1.2.3.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nss-1.7.12-1.2.3.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nss-devel-1.7.12-1.2.3.legacy.i386.rpm

Fedora Core 3:

SRPM:

http://download.fedoralegacy.org/fedora/3/updates/SRPMS/mozilla-1.7.12-1.3.3.legacy.src.rpm

i386:

http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-1.7.12-1.3.3.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-chat-1.7.12-1.3.3.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-devel-1.7.12-1.3.3.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-dom-inspector-1.7.12-1.3.3.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-js-debugger-1.7.12-1.3.3.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-mail-1.7.12-1.3.3.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nspr-1.7.12-1.3.3.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nspr-devel-1.7.12-1.3.3.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nss-1.7.12-1.3.3.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nss-devel-1.7.12-1.3.3.legacy.i386.rpm

x86_64:

http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-1.7.12-1.3.3.legacy.x86_64.rpm


http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-chat-1.7.12-1.3.3.legacy.x86_64.rpm


http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-devel-1.7.12-1.3.3.legacy.x86_64.rpm


http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-dom-inspector-1.7.12-1.3.3.legacy.x86_64.rpm


http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-js-debugger-1.7.12-1.3.3.legacy.x86_64.rpm


http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-mail-1.7.12-1.3.3.legacy.x86_64.rpm


http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nspr-1.7.12-1.3.3.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nspr-1.7.12-1.3.3.legacy.x86_64.rpm


http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nspr-devel-1.7.12-1.3.3.legacy.x86_64.rpm


http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nss-1.7.12-1.3.3.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nss-1.7.12-1.3.3.legacy.x86_64.rpm


http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nss-devel-1.7.12-1.3.3.legacy.x86_64.rpm

7. Verification:

SHA1 sum Package Name

baf937574b92b01271c70169e5e6465eb7736c81
redhat/7.3/updates/i386/mozilla-1.7.12-0.73.3.legacy.i386.rpm
4e401f2064201c290aa00527d148141904532d8a
redhat/7.3/updates/i386/mozilla-chat-1.7.12-0.73.3.legacy.i386.rpm

d97acf0463781ac5600754b02b5a902125df5fd4
redhat/7.3/updates/i386/mozilla-devel-1.7.12-0.73.3.legacy.i386.rpm

251eb4a2d0e0f8cf63b7b7975c9819a7e58fd5b3
redhat/7.3/updates/i386/mozilla-dom-inspector-1.7.12-0.73.3.legacy.i386.rpm

584062b1c063fb8c2375693b49e48b8ae7530a00
redhat/7.3/updates/i386/mozilla-js-debugger-1.7.12-0.73.3.legacy.i386.rpm

aa3594680a3224f6b8b7abb9a6b9585fa6f519c1
redhat/7.3/updates/i386/mozilla-mail-1.7.12-0.73.3.legacy.i386.rpm

1676c32cd8143b9ff939b45269b2423b50d062f1
redhat/7.3/updates/i386/mozilla-nspr-1.7.12-0.73.3.legacy.i386.rpm

9d9d350082b38b94d45e458e02f3345b0a4e3ed0
redhat/7.3/updates/i386/mozilla-nspr-devel-1.7.12-0.73.3.legacy.i386.rpm

33753a720edea798966550963426db05a409a6c4
redhat/7.3/updates/i386/mozilla-nss-1.7.12-0.73.3.legacy.i386.rpm

b17dec4e9eab3acca07dc0345d01fa522c3f43d8
redhat/7.3/updates/i386/mozilla-nss-devel-1.7.12-0.73.3.legacy.i386.rpm

169c96bd3eae5e8f4220ed87291ceb176bf1f6b2
redhat/7.3/updates/SRPMS/mozilla-1.7.12-0.73.3.legacy.src.rpm

ffa6d9ff83d69b2aa32fb92a660775cbb92f2b53
redhat/9/updates/i386/mozilla-1.7.12-0.90.2.legacy.i386.rpm
d4bc650d1652ae30bb4df3037bcd1f9f77781774
redhat/9/updates/i386/mozilla-chat-1.7.12-0.90.2.legacy.i386.rpm

0148688359ca6168c0c77160c8891315ac319147
redhat/9/updates/i386/mozilla-devel-1.7.12-0.90.2.legacy.i386.rpm

2be970089280e3b23401402e5ea5019cc57b95ba
redhat/9/updates/i386/mozilla-dom-inspector-1.7.12-0.90.2.legacy.i386.rpm

653ceef20cbbd2d415ab8453b5c6d6e81193b6b3
redhat/9/updates/i386/mozilla-js-debugger-1.7.12-0.90.2.legacy.i386.rpm

1c576446d6eef094adf576310d6fa773ee52259b
redhat/9/updates/i386/mozilla-mail-1.7.12-0.90.2.legacy.i386.rpm

a2bf3a3f3cbf90a1d0f73bc3ecba5b3d48a8e151
redhat/9/updates/i386/mozilla-nspr-1.7.12-0.90.2.legacy.i386.rpm

8eb53c3254fdbfcb78c229672a28c22d4ef0e4c7
redhat/9/updates/i386/mozilla-nspr-devel-1.7.12-0.90.2.legacy.i386.rpm

4ca88669c7390d9181673af47c954512d6dd7eef
redhat/9/updates/i386/mozilla-nss-1.7.12-0.90.2.legacy.i386.rpm
ccc8207ee4ee6dac6b23715884c011dd023acfb0
redhat/9/updates/i386/mozilla-nss-devel-1.7.12-0.90.2.legacy.i386.rpm

9f0c42c95eee533f46cb69e9ca24983d598b7c19
redhat/9/updates/SRPMS/mozilla-1.7.12-0.90.2.legacy.src.rpm

ccc9f1f2f0a31d46cc69af0a7b3fc8279347c855
fedora/1/updates/i386/mozilla-1.7.12-1.1.2.legacy.i386.rpm
22fb3e89d2484c03774aa28756082ad7fd68c9a9
fedora/1/updates/i386/mozilla-chat-1.7.12-1.1.2.legacy.i386.rpm
971284c2c887c7de98cae3fc5fc48c542ff6934f
fedora/1/updates/i386/mozilla-devel-1.7.12-1.1.2.legacy.i386.rpm

e7c1727896f18603d38ad40a6f209d19d3049f0a
fedora/1/updates/i386/mozilla-dom-inspector-1.7.12-1.1.2.legacy.i386.rpm

938aa693e2a7a499a33c6605cfa3a74e8673df27
fedora/1/updates/i386/mozilla-js-debugger-1.7.12-1.1.2.legacy.i386.rpm

d6a2a1f6974ab09ec1d02af7592e782c27f578e6
fedora/1/updates/i386/mozilla-mail-1.7.12-1.1.2.legacy.i386.rpm
67cb0d096878aed78036e5ea0970f1147bf74d44
fedora/1/updates/i386/mozilla-nspr-1.7.12-1.1.2.legacy.i386.rpm
cd48424e01cfe88b1f438c932a673b97f2101704
fedora/1/updates/i386/mozilla-nspr-devel-1.7.12-1.1.2.legacy.i386.rpm

dd89685756cbe81a3928075f14310f58ce409af3
fedora/1/updates/i386/mozilla-nss-1.7.12-1.1.2.legacy.i386.rpm
e193799b982e920ebb932fcc06c49a5228f704f6
fedora/1/updates/i386/mozilla-nss-devel-1.7.12-1.1.2.legacy.i386.rpm

a07447de816fe5b143dd3f6a3476d3334e01576c
fedora/1/updates/SRPMS/mozilla-1.7.12-1.1.2.legacy.src.rpm

f22f8ad6584a2e8ff16f52858181f145a27ad88e
fedora/2/updates/i386/mozilla-1.7.12-1.2.3.legacy.i386.rpm
9c1600eb0de0484a292b4b556b6e13d579cba87a
fedora/2/updates/i386/mozilla-chat-1.7.12-1.2.3.legacy.i386.rpm
86859e409dc365f5bec29d0a93b175ac0bcba1b7
fedora/2/updates/i386/mozilla-devel-1.7.12-1.2.3.legacy.i386.rpm

2d9fccb410dc48ec08d16a34924db7be85b5270e
fedora/2/updates/i386/mozilla-dom-inspector-1.7.12-1.2.3.legacy.i386.rpm

089f2798d5a48d3dbff41b750c0fa263d3c084b2
fedora/2/updates/i386/mozilla-js-debugger-1.7.12-1.2.3.legacy.i386.rpm

7f7cfb22bab08e5cafb4179ab400fb20f9f0e92d
fedora/2/updates/i386/mozilla-mail-1.7.12-1.2.3.legacy.i386.rpm
122072963825101d273120c4efc5e0b414d8363c
fedora/2/updates/i386/mozilla-nspr-1.7.12-1.2.3.legacy.i386.rpm
377d51c94a02e610a0085a3805a51d97896c56ed
fedora/2/updates/i386/mozilla-nspr-devel-1.7.12-1.2.3.legacy.i386.rpm

255a282fed707f6730d559e5e182e15db1a2c647
fedora/2/updates/i386/mozilla-nss-1.7.12-1.2.3.legacy.i386.rpm
63f3f43a95d43c8d03a63a7d9914544d020e36af
fedora/2/updates/i386/mozilla-nss-devel-1.7.12-1.2.3.legacy.i386.rpm

3763ccd5bb56555376b15e3b6719addea3d72e94
fedora/2/updates/SRPMS/mozilla-1.7.12-1.2.3.legacy.src.rpm

1dc7f066ff6b1edc46037b874c88871b92e689bd
fedora/3/updates/i386/mozilla-1.7.12-1.3.3.legacy.i386.rpm
d42189ed08ecb23f10fa811233191da00a6d2b86
fedora/3/updates/i386/mozilla-chat-1.7.12-1.3.3.legacy.i386.rpm
178fde65f593bfb2c97feef7a9368acd6a85e0a1
fedora/3/updates/i386/mozilla-devel-1.7.12-1.3.3.legacy.i386.rpm

934df1335c0409c5d200d3afcf0c5d1bb619d7a0
fedora/3/updates/i386/mozilla-dom-inspector-1.7.12-1.3.3.legacy.i386.rpm

44a98a9a93f06916e80028e436f3cb5a7e757403
fedora/3/updates/i386/mozilla-js-debugger-1.7.12-1.3.3.legacy.i386.rpm

d70a4a67cae1c047ddd515ff466cc3964dc21639
fedora/3/updates/i386/mozilla-mail-1.7.12-1.3.3.legacy.i386.rpm
628cb7537726199cf5ecd459e7cbf2bb27acdca5
fedora/3/updates/i386/mozilla-nspr-1.7.12-1.3.3.legacy.i386.rpm
6c4a6afd3c1b3538a1ab0f691af18b75ae910f0a
fedora/3/updates/i386/mozilla-nspr-devel-1.7.12-1.3.3.legacy.i386.rpm

6df7e4d99d0b5b0634eaf71816aff3a76308850c
fedora/3/updates/i386/mozilla-nss-1.7.12-1.3.3.legacy.i386.rpm
86a0ea171fa09f02a13307cfd742aa4d7669dbf3
fedora/3/updates/i386/mozilla-nss-devel-1.7.12-1.3.3.legacy.i386.rpm

cc1ee55af3e20e520347b8d54604c49a3a687a68
fedora/3/updates/x86_64/mozilla-1.7.12-1.3.3.legacy.x86_64.rpm
2365e1dd78f64bfb6888e8a7c5ad16ce10a222f9
fedora/3/updates/x86_64/mozilla-chat-1.7.12-1.3.3.legacy.x86_64.rpm

1dc8b590ba623365a07c33c8a98c5d6eb7057486
fedora/3/updates/x86_64/mozilla-devel-1.7.12-1.3.3.legacy.x86_64.rpm

abdf5d08629556a3335ad70eb565b65dbec226b3
fedora/3/updates/x86_64/mozilla-dom-inspector-1.7.12-1.3.3.legacy.x86_64.rpm

3489b08fbbe7dab2e913c6c79c24296bc0ac0078
fedora/3/updates/x86_64/mozilla-js-debugger-1.7.12-1.3.3.legacy.x86_64.rpm

b544c2a6807963113eb2234ff3d846eb2c435661
fedora/3/updates/x86_64/mozilla-mail-1.7.12-1.3.3.legacy.x86_64.rpm

628cb7537726199cf5ecd459e7cbf2bb27acdca5
fedora/3/updates/x86_64/mozilla-nspr-1.7.12-1.3.3.legacy.i386.rpm

6cf873ef9085f915b38f2bc70f16adfcfa155bfd
fedora/3/updates/x86_64/mozilla-nspr-1.7.12-1.3.3.legacy.x86_64.rpm

5eb2b843489853ea7d395502c492383557d1d7ce
fedora/3/updates/x86_64/mozilla-nspr-devel-1.7.12-1.3.3.legacy.x86_64.rpm

6df7e4d99d0b5b0634eaf71816aff3a76308850c
fedora/3/updates/x86_64/mozilla-nss-1.7.12-1.3.3.legacy.i386.rpm

f7c34c932da9b4f65f134123ee8b86af16c7667d
fedora/3/updates/x86_64/mozilla-nss-1.7.12-1.3.3.legacy.x86_64.rpm

5889b94be3ad690867bf59697b6d4704757d1402
fedora/3/updates/x86_64/mozilla-nss-devel-1.7.12-1.3.3.legacy.x86_64.rpm

c4051d635668658df5f1ce4df69becc721fb752a
fedora/3/updates/SRPMS/mozilla-1.7.12-1.3.3.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our
key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm –checksig -v <filename>

If you only wish to verify that each package has not been
corrupted or tampered with, examine only the sha1sum with the
following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296

9. Contact:

The Fedora Legacy security contact is <[email protected]>.
More project details at http://www.fedoralegacy.org

Fedora Legacy Update Advisory

Synopsis: Updated firefox package fixes security issues
Advisory ID: FLSA:180036-2
Issue date: 2006-02-23
Product: Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-4134 CVE-2006-0292 CVE-2006-0296

1. Topic:

An updated firefox package that fixes several security bugs is
now available.

Mozilla Firefox is an open-source web browser, designed for
standards compliance, performance and portability.

2. Relevant releases/architectures:

Fedora Core 3 – i386, x86_64

3. Problem description:

Igor Bukanov discovered a bug in the way Firefox’s Javascript
interpreter derefernces objects. If a user visits a malicious web
page, Firefox could crash or execute arbitrary code as the user
running Firefox. The Common Vulnerabilities and Exposures project
assigned the name CVE-2006-0292 to this issue.

moz_bug_r_a4 discovered a bug in Firefox’s XULDocument.persist()
function. A malicious web page could inject arbitrary RDF data into
a user’s localstore.rdf file, which can cause Firefox to execute
arbitrary javascript when a user runs Firefox. (CVE-2006-0296)

A denial of service bug was found in the way Firefox saves
history information. If a user visits a web page with a very long
title, it is possible Firefox will crash or take a very long time
the next time it is run. (CVE-2005-4134)

Users of Firefox are advised to upgrade to this updated package,
which contains backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released
errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.
Only those RPMs which are currently installed will be updated.
Those RPMs which are not installed but included in the list will
not be updated. Note that you can also use wildcards (*.rpm) if
your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt.
Many people find this an easier way to apply updates. To use yum
issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that
you have yum or apt-get configured for obtaining Fedora Legacy
content. Please visit http://www.fedoralegacy.org/docs
for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=180036

6. RPMs required:

Fedora Core 3:

SRPM:

http://download.fedoralegacy.org/fedora/3/updates/SRPMS/firefox-1.0.7-1.3.fc3.legacy.src.rpm

i386:

http://download.fedoralegacy.org/fedora/3/updates/i386/firefox-1.0.7-1.3.fc3.legacy.i386.rpm

x86_64:

http://download.fedoralegacy.org/fedora/3/updates/x86_64/firefox-1.0.7-1.3.fc3.legacy.x86_64.rpm

7. Verification:

SHA1 sum Package Name

3b05d93992aba7369a418d53344250aa275330ac
fedora/3/updates/i386/firefox-1.0.7-1.3.fc3.legacy.i386.rpm
850534b4cfa591372d8245808e46378c5923e086
fedora/3/updates/x86_64/firefox-1.0.7-1.3.fc3.legacy.x86_64.rpm
a167dc9061c484aa26f89703dc0228883409235e
fedora/3/updates/SRPMS/firefox-1.0.7-1.3.fc3.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our
key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm –checksig -v <filename>

If you only wish to verify that each package has not been
corrupted or tampered with, examine only the sha1sum with the
following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296

9. Contact:

The Fedora Legacy security contact is <[email protected]>.
More project details at http://www.fedoralegacy.org

Gentoo Linux

Gentoo Linux Security Advisory

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.