Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team.
Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Mozilla Firefox is an open source Web browser.
Multiple flaws were found in the processing of malformed JavaScript
content. A web page containing such malicious content could cause Firefox
to crash or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)
Several flaws were found in the way malformed web content was displayed. A
web page containing specially-crafted content could potentially trick a
Firefox user into surrendering sensitive information. (CVE-2008-2800)
Two local file disclosure flaws were found in Firefox. A web page
containing malicious content could cause Firefox to reveal the contents of
a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810)
A flaw was found in the way a malformed .properties file was processed by
Firefox. A malicious extension could read uninitialized memory, possibly
leaking sensitive data to the extension. (CVE-2008-2807)
A flaw was found in the way Firefox escaped a listing of local file names.
If a user could be tricked into listing a local directory containing
malicious file names, arbitrary JavaScript could be run with the
permissions of the user running Firefox. (CVE-2008-2808)
A flaw was found in the way Firefox displayed information about self-signed
certificates. It was possible for a self-signed certificate to contain
multiple alternate name entries, which were not all displayed to the user,
allowing them to mistakenly extend trust to an unknown site.
(CVE-2008-2809)
All Mozilla Firefox users should upgrade to these updated packages, which
contain backported patches that correct these issues.
Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/devhelp-0.12-17.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.0-2.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9-1.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/yelp-2.16.0-19.el5.src.rpm
i386:
devhelp-0.12-17.el5.i386.rpm
devhelp-debuginfo-0.12-17.el5.i386.rpm
firefox-3.0-2.el5.i386.rpm
firefox-debuginfo-3.0-2.el5.i386.rpm
xulrunner-1.9-1.el5.i386.rpm
xulrunner-debuginfo-1.9-1.el5.i386.rpm
yelp-2.16.0-19.el5.i386.rpm
yelp-debuginfo-2.16.0-19.el5.i386.rpm
x86_64:
devhelp-0.12-17.el5.i386.rpm
devhelp-0.12-17.el5.x86_64.rpm
devhelp-debuginfo-0.12-17.el5.i386.rpm
devhelp-debuginfo-0.12-17.el5.x86_64.rpm
firefox-3.0-2.el5.i386.rpm
firefox-3.0-2.el5.x86_64.rpm
firefox-debuginfo-3.0-2.el5.i386.rpm
firefox-debuginfo-3.0-2.el5.x86_64.rpm
xulrunner-1.9-1.el5.i386.rpm
xulrunner-1.9-1.el5.x86_64.rpm
xulrunner-debuginfo-1.9-1.el5.i386.rpm
xulrunner-debuginfo-1.9-1.el5.x86_64.rpm
yelp-2.16.0-19.el5.x86_64.rpm
yelp-debuginfo-2.16.0-19.el5.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/devhelp-0.12-17.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9-1.el5.src.rpm
i386:
devhelp-debuginfo-0.12-17.el5.i386.rpm
devhelp-devel-0.12-17.el5.i386.rpm
xulrunner-debuginfo-1.9-1.el5.i386.rpm
xulrunner-devel-1.9-1.el5.i386.rpm
xulrunner-devel-unstable-1.9-1.el5.i386.rpm
x86_64:
devhelp-debuginfo-0.12-17.el5.i386.rpm
devhelp-debuginfo-0.12-17.el5.x86_64.rpm
devhelp-devel-0.12-17.el5.i386.rpm
devhelp-devel-0.12-17.el5.x86_64.rpm
xulrunner-debuginfo-1.9-1.el5.i386.rpm
xulrunner-debuginfo-1.9-1.el5.x86_64.rpm
xulrunner-devel-1.9-1.el5.i386.rpm
xulrunner-devel-1.9-1.el5.x86_64.rpm
xulrunner-devel-unstable-1.9-1.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/devhelp-0.12-17.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.0-2.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9-1.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/yelp-2.16.0-19.el5.src.rpm
i386:
devhelp-0.12-17.el5.i386.rpm
devhelp-debuginfo-0.12-17.el5.i386.rpm
devhelp-devel-0.12-17.el5.i386.rpm
firefox-3.0-2.el5.i386.rpm
firefox-debuginfo-3.0-2.el5.i386.rpm
xulrunner-1.9-1.el5.i386.rpm
xulrunner-debuginfo-1.9-1.el5.i386.rpm
xulrunner-devel-1.9-1.el5.i386.rpm
xulrunner-devel-unstable-1.9-1.el5.i386.rpm
yelp-2.16.0-19.el5.i386.rpm
yelp-debuginfo-2.16.0-19.el5.i386.rpm
ia64:
devhelp-0.12-17.el5.ia64.rpm
devhelp-debuginfo-0.12-17.el5.ia64.rpm
devhelp-devel-0.12-17.el5.ia64.rpm
firefox-3.0-2.el5.ia64.rpm
firefox-debuginfo-3.0-2.el5.ia64.rpm
xulrunner-1.9-1.el5.ia64.rpm
xulrunner-debuginfo-1.9-1.el5.ia64.rpm
xulrunner-devel-1.9-1.el5.ia64.rpm
xulrunner-devel-unstable-1.9-1.el5.ia64.rpm
yelp-2.16.0-19.el5.ia64.rpm
yelp-debuginfo-2.16.0-19.el5.ia64.rpm
ppc:
devhelp-0.12-17.el5.ppc.rpm
devhelp-debuginfo-0.12-17.el5.ppc.rpm
devhelp-devel-0.12-17.el5.ppc.rpm
firefox-3.0-2.el5.ppc.rpm
firefox-debuginfo-3.0-2.el5.ppc.rpm
xulrunner-1.9-1.el5.ppc.rpm
xulrunner-1.9-1.el5.ppc64.rpm
xulrunner-debuginfo-1.9-1.el5.ppc.rpm
xulrunner-debuginfo-1.9-1.el5.ppc64.rpm
xulrunner-devel-1.9-1.el5.ppc.rpm
xulrunner-devel-1.9-1.el5.ppc64.rpm
xulrunner-devel-unstable-1.9-1.el5.ppc.rpm
yelp-2.16.0-19.el5.ppc.rpm
yelp-debuginfo-2.16.0-19.el5.ppc.rpm
s390x:
devhelp-0.12-17.el5.s390.rpm
devhelp-0.12-17.el5.s390x.rpm
devhelp-debuginfo-0.12-17.el5.s390.rpm
devhelp-debuginfo-0.12-17.el5.s390x.rpm
devhelp-devel-0.12-17.el5.s390.rpm
devhelp-devel-0.12-17.el5.s390x.rpm
firefox-3.0-2.el5.s390.rpm
firefox-3.0-2.el5.s390x.rpm
firefox-debuginfo-3.0-2.el5.s390.rpm
firefox-debuginfo-3.0-2.el5.s390x.rpm
xulrunner-1.9-1.el5.s390.rpm
xulrunner-1.9-1.el5.s390x.rpm
xulrunner-debuginfo-1.9-1.el5.s390.rpm
xulrunner-debuginfo-1.9-1.el5.s390x.rpm
xulrunner-devel-1.9-1.el5.s390.rpm
xulrunner-devel-1.9-1.el5.s390x.rpm
xulrunner-devel-unstable-1.9-1.el5.s390x.rpm
yelp-2.16.0-19.el5.s390x.rpm
yelp-debuginfo-2.16.0-19.el5.s390x.rpm
x86_64:
devhelp-0.12-17.el5.i386.rpm
devhelp-0.12-17.el5.x86_64.rpm
devhelp-debuginfo-0.12-17.el5.i386.rpm
devhelp-debuginfo-0.12-17.el5.x86_64.rpm
devhelp-devel-0.12-17.el5.i386.rpm
devhelp-devel-0.12-17.el5.x86_64.rpm
firefox-3.0-2.el5.i386.rpm
firefox-3.0-2.el5.x86_64.rpm
firefox-debuginfo-3.0-2.el5.i386.rpm
firefox-debuginfo-3.0-2.el5.x86_64.rpm
xulrunner-1.9-1.el5.i386.rpm
xulrunner-1.9-1.el5.x86_64.rpm
xulrunner-debuginfo-1.9-1.el5.i386.rpm
xulrunner-debuginfo-1.9-1.el5.x86_64.rpm
xulrunner-devel-1.9-1.el5.i386.rpm
xulrunner-devel-1.9-1.el5.x86_64.rpm
xulrunner-devel-unstable-1.9-1.el5.x86_64.rpm
yelp-2.16.0-19.el5.x86_64.rpm
yelp-debuginfo-2.16.0-19.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
No comments:
Post a Comment