---

Advisories, February 8, 2006


Mandriva Linux Security Advisory MDKSA-2006:036
http://www.mandriva.com/security/


Package : mozilla
Date : February 7, 2006
Affected: Corporate 3.0


Problem Description:

Mozilla and Mozilla Firefox allow remote attackers to cause a
denial of service (CPU consumption and delayed application startup)
via a web site with a large title, which is recorded in history.dat
but not processed efficiently during startup. (CVE-2005-4134)

The Javascript interpreter (jsinterp.c) in Mozilla and Firefox
before 1.5.1 does not properly dereference objects, which allows
remote attackers to cause a denial of service (crash) or execute
arbitrary code via unknown attack vectors related to garbage
collection. (CVE-2006-0292)

The XULDocument.persist function in Mozilla, Firefox before
1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute
name, which allows remote attackers to execute arbitrary Javascript
by injecting RDF data into the user’s localstore.rdf file.
(CVE-2006-0296)

Updated packages are patched to address these issues.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296


Updated Packages:

Corporate 3.0:
8d1376d6440bc1602ab2b1c74262a30c
corporate/3.0/RPMS/libnspr4-1.7.8-0.7.C30mdk.i586.rpm
ceae80feec83d84891234f8bcf546247
corporate/3.0/RPMS/libnspr4-devel-1.7.8-0.7.C30mdk.i586.rpm
4be42f4a2297322ac93e6c4e635a225b
corporate/3.0/RPMS/libnss3-1.7.8-0.7.C30mdk.i586.rpm
f7490d1448b0ef6fe8eaa7561066095f
corporate/3.0/RPMS/libnss3-devel-1.7.8-0.7.C30mdk.i586.rpm
d3c71d0217099e4586818dc40f819308
corporate/3.0/RPMS/mozilla-1.7.8-0.7.C30mdk.i586.rpm
5d73ae4396714d8b5bf9892090c22724
corporate/3.0/RPMS/mozilla-devel-1.7.8-0.7.C30mdk.i586.rpm
005998ef07bd769563084275c27928ec
corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.7.C30mdk.i586.rpm

0774d333844c7d27b560146e632a33b2
corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.7.C30mdk.i586.rpm
72bda6c0dfc17eb36b5f64aced6da5a3
corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.7.C30mdk.i586.rpm
b425cbdf6b2f2261799869327527d1c7
corporate/3.0/RPMS/mozilla-irc-1.7.8-0.7.C30mdk.i586.rpm
a2ba40970fd46883f707979925553074
corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.7.C30mdk.i586.rpm

3f786a780a2355f4605886287fc489c3
corporate/3.0/RPMS/mozilla-mail-1.7.8-0.7.C30mdk.i586.rpm
4dc8edd930a75430e84520b3b2f00859
corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.7.C30mdk.i586.rpm

4f1024a56ad3c8f3aef13ff2ea881ceb
corporate/3.0/SRPMS/mozilla-1.7.8-0.7.C30mdk.src.rpm

Corporate 3.0/X86_64:
990fd040a970e2fe393665bc87f9d964
x86_64/corporate/3.0/RPMS/lib64nspr4-1.7.8-0.7.C30mdk.x86_64.rpm

e70615c6a988f23636f7bf3d642d2028
x86_64/corporate/3.0/RPMS/lib64nspr4-devel-1.7.8-0.7.C30mdk.x86_64.rpm

69e14625db53e49b4d1fcd9d346218db
x86_64/corporate/3.0/RPMS/lib64nss3-1.7.8-0.7.C30mdk.x86_64.rpm
17f22cc0913232f4d0cd3efbffd17af1
x86_64/corporate/3.0/RPMS/lib64nss3-devel-1.7.8-0.7.C30mdk.x86_64.rpm

23d7b49cde6c2e96742f45625845d825
x86_64/corporate/3.0/RPMS/mozilla-1.7.8-0.7.C30mdk.x86_64.rpm
a14cde7bc834e298f9b1ff97d0faa04c
x86_64/corporate/3.0/RPMS/mozilla-devel-1.7.8-0.7.C30mdk.x86_64.rpm

7b6a92d89e3771330e69b24eef80d02b
x86_64/corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.7.C30mdk.x86_64.rpm

88510e96eee3232f5dd931de50ef9878
x86_64/corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.7.C30mdk.x86_64.rpm

71e44f63b296849361d5733b0e6824d1
x86_64/corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.7.C30mdk.x86_64.rpm

1740b993c3c30a35dcd37d7c88bd6187
x86_64/corporate/3.0/RPMS/mozilla-irc-1.7.8-0.7.C30mdk.x86_64.rpm

13b44d4ab0a1b80fb50ad8c881d94253
x86_64/corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.7.C30mdk.x86_64.rpm

b9683c1834c25ab3d78606b912714780
x86_64/corporate/3.0/RPMS/mozilla-mail-1.7.8-0.7.C30mdk.x86_64.rpm

7ccb971d176e3e3a1a924bfc23f34b1e
x86_64/corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.7.C30mdk.x86_64.rpm

4f1024a56ad3c8f3aef13ff2ea881ceb
x86_64/corporate/3.0/SRPMS/mozilla-1.7.8-0.7.C30mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>


Mandriva Linux Security Advisory MDKSA-2006:037
http://www.mandriva.com/security/


Package : mozilla-firefox
Date : February 7, 2006
Affected: 2006.0


Problem Description:

Mozilla and Mozilla Firefox allow remote attackers to cause a
denial of service (CPU consumption and delayed application startup)
via a web site with a large title, which is recorded in history.dat
but not processed efficiently during startup. (CVE-2005-4134)

The Javascript interpreter (jsinterp.c) in Mozilla and Firefox
before 1.5.1 does not properly dereference objects, which allows
remote attackers to cause a denial of service (crash) or execute
arbitrary code via unknown attack vectors related to garbage
collection. (CVE-2006-0292)

The XULDocument.persist function in Mozilla, Firefox before
1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute
name, which allows remote attackers to execute arbitrary Javascript
by injecting RDF data into the user’s localstore.rdf file.
(CVE-2006-0296)

Updated packages are patched to address these issues.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296


Updated Packages:

Mandriva Linux 2006.0:
da643268d4704d938689f5fe2cca120f
2006.0/RPMS/libnspr4-1.0.6-16.4.20060mdk.i586.rpm
b6911002ac57b7d9aa2b250362eb800a
2006.0/RPMS/libnspr4-devel-1.0.6-16.4.20060mdk.i586.rpm
f0b33d31942402c9375e28b67b5af7a1
2006.0/RPMS/libnss3-1.0.6-16.4.20060mdk.i586.rpm
44be800d89df092daf5fb2cccbbd38cc
2006.0/RPMS/libnss3-devel-1.0.6-16.4.20060mdk.i586.rpm
23f78dfcad4ffac1232ac34021312140
2006.0/RPMS/mozilla-firefox-1.0.6-16.4.20060mdk.i586.rpm
f15d9c997aea3efc48cfb04534e0710a
2006.0/RPMS/mozilla-firefox-devel-1.0.6-16.4.20060mdk.i586.rpm
f1309fb4699a35abfb9d0ed618eae738
2006.0/SRPMS/mozilla-firefox-1.0.6-16.4.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
6f7649defa3b0f2ecb7fad32a22e780b
x86_64/2006.0/RPMS/lib64nspr4-1.0.6-16.4.20060mdk.x86_64.rpm
bf965382a901febf026662823158aec0
x86_64/2006.0/RPMS/lib64nspr4-devel-1.0.6-16.4.20060mdk.x86_64.rpm

34e4b253f78196e93749150263447c94
x86_64/2006.0/RPMS/lib64nss3-1.0.6-16.4.20060mdk.x86_64.rpm
1d7cf344f788454a1b151fc886b88200
x86_64/2006.0/RPMS/lib64nss3-devel-1.0.6-16.4.20060mdk.x86_64.rpm

ef97a23ece3c504332437f395dad3f77
x86_64/2006.0/RPMS/mozilla-firefox-1.0.6-16.4.20060mdk.x86_64.rpm

a9f2be464482f4cf70120f12d5ff9e58
x86_64/2006.0/RPMS/mozilla-firefox-devel-1.0.6-16.4.20060mdk.x86_64.rpm

f1309fb4699a35abfb9d0ed618eae738
x86_64/2006.0/SRPMS/mozilla-firefox-1.0.6-16.4.20060mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>


Mandriva Linux Security Advisory MDKSA-2006:038
http://www.mandriva.com/security/


Package : groff
Date : February 8, 2006
Affected: 10.1, 10.2, 2006.0, Corporate 3.0


Problem Description:

The Trustix Secure Linux team discovered a vulnerability in the
groffer utility, part of the groff package. It created a temporary
directory in an insecure way which allowed for the exploitation of
a race condition to create or overwrite files the privileges of the
user invoking groffer.

Likewise, similar temporary file issues were fixed in the
pic2graph and eqn2graph programs which now use mktemp to create
temporary files, as discovered by Javier Fernandez-Sanguino
Pena.

The updated packages have been patched to correct this
issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0969


Updated Packages:

Mandriva Linux 10.1:
2da61d56e608da8cdecd8dcaefa5a608
10.1/RPMS/groff-1.19-6.1.101mdk.i586.rpm
b224b02a6d026ff2d6800c171731c9eb
10.1/RPMS/groff-for-man-1.19-6.1.101mdk.i586.rpm
ccd5222ec22c3413544f4b1a27262cf6
10.1/RPMS/groff-gxditview-1.19-6.1.101mdk.i586.rpm
23814a0830723e7c4ed5fced5995b071
10.1/RPMS/groff-perl-1.19-6.1.101mdk.i586.rpm
d3b1d5792f5f9eb941b0a0111a5488b8
10.1/SRPMS/groff-1.19-6.1.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
f8a2eec5b2d92413a599f63ea9b0c180
x86_64/10.1/RPMS/groff-1.19-6.1.101mdk.x86_64.rpm
36d3ac889a34af4274dbf966647390fb
x86_64/10.1/RPMS/groff-for-man-1.19-6.1.101mdk.x86_64.rpm
d56f7aa42108ea4ff6375714b125e443
x86_64/10.1/RPMS/groff-gxditview-1.19-6.1.101mdk.x86_64.rpm
027479132bfcfc79663f2d4e737f420e
x86_64/10.1/RPMS/groff-perl-1.19-6.1.101mdk.x86_64.rpm
d3b1d5792f5f9eb941b0a0111a5488b8
x86_64/10.1/SRPMS/groff-1.19-6.1.101mdk.src.rpm

Mandriva Linux 10.2:
9d2bf8589987d6cb7c35ad12df82c69a
10.2/RPMS/groff-1.19-9.1.102mdk.i586.rpm
2737744582fe03aa752d69bbbe72e8af
10.2/RPMS/groff-for-man-1.19-9.1.102mdk.i586.rpm
f1b10bbbaeb2a0c6310b155168fcf836
10.2/RPMS/groff-gxditview-1.19-9.1.102mdk.i586.rpm
6ebe47194102d0700c902030e9e73638
10.2/RPMS/groff-perl-1.19-9.1.102mdk.i586.rpm
88d91b5a36400352de2cd845a5c16508
10.2/SRPMS/groff-1.19-9.1.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
e274e9135c59de46ee6b81e9173ae564
x86_64/10.2/RPMS/groff-1.19-9.1.102mdk.x86_64.rpm
82320dc08ec42570eaaf7fa172d6b80a
x86_64/10.2/RPMS/groff-for-man-1.19-9.1.102mdk.x86_64.rpm
fa52ea5b60cbe0fdc2c3995003fbd63a
x86_64/10.2/RPMS/groff-gxditview-1.19-9.1.102mdk.x86_64.rpm
959423c66c0ae1aeecf56f38176f458c
x86_64/10.2/RPMS/groff-perl-1.19-9.1.102mdk.x86_64.rpm
88d91b5a36400352de2cd845a5c16508
x86_64/10.2/SRPMS/groff-1.19-9.1.102mdk.src.rpm

Mandriva Linux 2006.0:
2bfa7438040cfdfab92d3d109afa96aa
2006.0/RPMS/groff-1.19.1-1.1.20060mdk.i586.rpm
c408fa608c4234405b91f4cf763b1bd3
2006.0/RPMS/groff-for-man-1.19.1-1.1.20060mdk.i586.rpm
f8e94b09822328151af0aaf213b043a9
2006.0/RPMS/groff-gxditview-1.19.1-1.1.20060mdk.i586.rpm
c64dc660b7a906d9003205caaeabcd62
2006.0/RPMS/groff-perl-1.19.1-1.1.20060mdk.i586.rpm
2821299644c84404e2fa743835722dab
2006.0/SRPMS/groff-1.19.1-1.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
63175fa1b86871cf684d768f08837ec6
x86_64/2006.0/RPMS/groff-1.19.1-1.1.20060mdk.x86_64.rpm
c0fae16eb3f9c2a813f60b4e6b1dbfc5
x86_64/2006.0/RPMS/groff-for-man-1.19.1-1.1.20060mdk.x86_64.rpm
2ff202c91cd6a3e864b92a6c317b4803
x86_64/2006.0/RPMS/groff-gxditview-1.19.1-1.1.20060mdk.x86_64.rpm

7b877faf1a8db9af7e2d2808e100a4a5
x86_64/2006.0/RPMS/groff-perl-1.19.1-1.1.20060mdk.x86_64.rpm
2821299644c84404e2fa743835722dab
x86_64/2006.0/SRPMS/groff-1.19.1-1.1.20060mdk.src.rpm

Corporate 3.0:
410ef29b051bfb96703154b26d16d631
corporate/3.0/RPMS/groff-1.19-6.1.C30mdk.i586.rpm
0d5dc3e189003f6809f20dd9b9cb3209
corporate/3.0/RPMS/groff-for-man-1.19-6.1.C30mdk.i586.rpm
cbdbf36d7826f0699dd609d7feb17f66
corporate/3.0/RPMS/groff-gxditview-1.19-6.1.C30mdk.i586.rpm
4e9c264c0d49eb5838a38cd79e0b65a0
corporate/3.0/RPMS/groff-perl-1.19-6.1.C30mdk.i586.rpm
b7a252f9135ebd8f1b9a8b56573f8ee0
corporate/3.0/SRPMS/groff-1.19-6.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
1c4328212aa64ecbd7f51ccba72718b6
x86_64/corporate/3.0/RPMS/groff-1.19-6.1.C30mdk.x86_64.rpm
ea375e1f85f86dd87a886f32ea368228
x86_64/corporate/3.0/RPMS/groff-for-man-1.19-6.1.C30mdk.x86_64.rpm

6e09c552c3953ffa6e99a7a31a8f3516
x86_64/corporate/3.0/RPMS/groff-gxditview-1.19-6.1.C30mdk.x86_64.rpm

2f6f0e853b722e3a94b7dc09a65bcb38
x86_64/corporate/3.0/RPMS/groff-perl-1.19-6.1.C30mdk.x86_64.rpm
b7a252f9135ebd8f1b9a8b56573f8ee0
x86_64/corporate/3.0/SRPMS/groff-1.19-6.1.C30mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10
Mandriva Security Team <security*mandriva.com>

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis