[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fedora] Schwachstellen in devhelp - FEDORA-2006-1191
-----BEGIN PGP SIGNED MESSAGE-----
Liebe Kolleginnen und Kollegen,
soeben erreichte uns nachfolgendes Fedora Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.
Devhelp ist der Browser fuer ein API-Dokumentationssystem und verwendet
zu weiten Teilen denselben Code wie die Mozilla Produkte.
CVE-2006-5463 - Aenderung von Script Objekten in Mozilla waehrend der
Ausfuehrung
Aufgrund eines Fehler im Mozilla JavaScript Interpreter koennen Script
Objekte geaendert werden, waehrend sie schon ausgefuehrt werden. Ein
Angreifer kann diese Schwachstelle ueber das Netz dazu ausnutzen,
beliebigen JavaScript Code im Browser des Benutzers auszufuehren.
CVE-2006-5747 - Schwachstelle in Mozillas XML.prototype.hasOwnProperty()
Ein entfernter Angreifer kann eine Schwachstelle in der Mozilla
Funktion XML.prototype.hasOwnProperty() dazu ausnutzen, den Browser
zum Absturz zu bringen (Denial of Service) oder beliebigen Code mit
den Rechten des Benutzers auszufuehren.
CVE-2006-5748 - Schwachstelle in der Speicherverwaltung der Mozilla
JavaScript Engine
Aufgrund eines Fehlers der Mozilla JavaScript Engine koennen
Datenstrukturen der Speicherverwaltung ueberschrieben werden, wenn
fehlerhafte JavaScript Scripte verarbeitet werden. Ein Angreifer kann
diese Schwachstelle ueber das Netz dazu ausnutzen beliebigen Code mit
den Rechten des Benutzers auszufuehren oder den Browser zum Absturz zu
bringen (Denial of Service).
CVE-2006-5464 - Schwachstelle in der Mozilla Layout Engine
Aufgrund eines Fehlers der Mozilla Layout Engine koennen Angreifer
ueber das Netz dazu beliebigen Code mit den Rechten des Benutzers
auszuehren oder den Browser zum Absturz bringen (Denial of Service),
indem sie auf einem Webserver eine entsprechend aufgebaute HTML-Seite
zu Verfuegung stellen.
Betroffen sind die folgenden Software Pakete und Plattformen:
Paket devhelp
Fedora Core 6
Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.
Hersteller Advisory:
https://www.redhat.com/archives/fedora-package-announce/2006-November/msg00053.html
(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.
Mit freundlichen Gruessen,
Andreas Bunten, DFN-CERT
- --
Andreas Bunten (CSIRT), DFN-CERT Services GmbH
https://www.dfn-cert.de/, +49 40 808077-617
- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-1191
2006-11-08
- ---------------------------------------------------------------------
Product : Fedora Core 6
Name : devhelp
Version : 0.12
Release : 8.fc6
Summary : API document browser
Description :
An API document browser for GNOME 2.
- ---------------------------------------------------------------------
Update Information:
Mozilla Firefox is an open source Web browser.
Several flaws were found in the way Firefox processes
certain malformed Javascript code. A malicious web page
could cause the execution of Javascript code in such a way
that could cause Firefox to crash or execute arbitrary code
as the user running Firefox. (CVE-2006-5463, CVE-2006-5747,
CVE-2006-5748)
Several flaws were found in the way Firefox renders web
pages. A malicious web page could cause the browser to crash
or possibly execute arbitrary code as the user running
Firefox. (CVE-2006-5464)
Users of Firefox are advised to upgrade to these erratum
packages, which contain Firefox version 1.5.0.8 that
corrects these issues.
- ---------------------------------------------------------------------
* Tue Nov 7 2006 Christopher Aillon <caillon@xxxxxxxxxx> - 0.12.6-8
- - Rebuild against newer gecko
* Wed Oct 18 2006 Matthias Clasen <mclasen@xxxxxxxxxx> - 0.12.6-7
- - Fix scripts according to the packaging guidelines
- - Require pkgconfig in the -devel package
* Thu Oct 12 2006 Christopher Aillon <caillon@xxxxxxxxxx> - 0.12-6.fc6
- - Update requires to the virtual gecko version instead of a specific app
* Thu Sep 14 2006 Christopher Aillon <caillon@xxxxxxxxxx> - 0.12-5.fc6
- - Rebuild
* Mon Aug 14 2006 Matthias Clasen <mclasen@xxxxxxxxxx> - 0.12-4.fc6
- - Fix transparent headers
* Mon Aug 14 2006 Matthew Barnes <mbarnes@xxxxxxxxxx> - 0.12-3
- - Add missing Requires to devel package.
* Thu Aug 10 2006 Matthew Barnes <mbarnes@xxxxxxxxxx> - 0.12-2
- - Rebuild against firefox, again.
* Sat Jul 29 2006 Matthias Clasen <mclasen@xxxxxxxxxx> - 0.12-1
- - Update to 0.12
- - Rebuild against firefox
* Wed Jul 12 2006 Jesse Keating <jkeating@xxxxxxxxxx> - 0.11-4
- - rebuild
- - bump mozver
* Sun Feb 12 2006 Christopher Aillon <caillon@xxxxxxxxxx> - 0.11-2
- - Rebuild
* Tue Feb 7 2006 Jesse Keating <jkeating@xxxxxxxxxx> - 0.11-1.1
- - rebuilt for new gcc4.1 snapshot and glibc changes
* Sun Dec 18 2005 Ray Strode <rstrode@xxxxxxxxxx> - 0.11-1
- - Update to 0.11
* Fri Dec 9 2005 Jesse Keating <jkeating@xxxxxxxxxx>
- - rebuilt
* Tue Oct 18 2005 Christopher Aillon <caillon@xxxxxxxxxx> - 0.10-6
- - Build on ppc64
* Wed Aug 17 2005 Jeremy Katz <katzj@xxxxxxxxxx> - 0.10-5
- - fix the build
* Wed Aug 17 2005 Ray Strode <rstrode@xxxxxxxxxx> 0.10.0-4
- - rebuild
* Sun Jul 31 2005 Christopher Aillon <caillon@xxxxxxxxxx> 0.10.0-3
- - Rebuild against new mozilla
* Tue Jul 19 2005 Christopher Aillon <caillon@xxxxxxxxxx> 0.10.0-2
- - Rebuild against new mozilla
- - Add builds for ia64 s390 s390x
* Thu May 19 2005 Ray Strode <rstrode@xxxxxxxxxx> 0.10.0-1
- - Update to 0.10.0 (bug #157753)
* Fri May 13 2005 Christopher Aillon <caillon@xxxxxxxxxx> 0.9.3-7
- - Depend on mozilla 1.7.8
* Sat Apr 16 2005 Christopher Aillon <caillon@xxxxxxxxxx> 0.9.3-6
- - Depend on mozilla 1.7.7
* Thu Apr 14 2005 Ray Strode <rstrode@xxxxxxxxxx> 0.9.3-5
- - Don't crash on typeahead (bug #154398)
* Wed Mar 9 2005 Christopher Aillon <caillon@xxxxxxxxxx> 0.9.3-4
- - Depend on mozilla 1.7.6
* Sat Mar 5 2005 Christopher Aillon <caillon@xxxxxxxxxx> 0.9.3-3
- - Rebuild against GCC 4.0
* Sun Dec 19 2004 Christopher Aillon <caillon@xxxxxxxxxx> 0.9.3-2
- - Require mozilla 1.7.5
* Sun Dec 19 2004 Christopher Aillon <caillon@xxxxxxxxxx> 0.9.3-1
- - Update to 0.9.3
* Mon Oct 11 2004 Christopher Aillon <caillon@xxxxxxxxxx> 0.9.2-2
- - Rebuild to add ppc once again.
* Wed Sep 29 2004 Christopher Aillon <caillon@xxxxxxxxxx> 0.9.2-1
- - Update to 0.9.2
- - Remove accel patch; its upstreamed now.
* Sun Sep 26 2004 Christopher Blizzard <blizzard@xxxxxxxxxx> 0.9.1-6
- - Rebuild without explicit mozilla release
* Fri Sep 24 2004 Christopher Blizzard <blizzard@xxxxxxxxxx> 0.9.1-5
- - Rebuild with explicit Mozilla version requires
* Wed Sep 22 2004 Christopher Aillon <caillon@xxxxxxxxxx> 0.9.1-4
- - Rebuilt to pick up new mozilla changes
- - Drop ppc from the build since mozilla doesn't build there anymore.
* Wed Aug 25 2004 Christopher Aillon <caillon@xxxxxxxxxx> 0.9.1-3
- - Add Johan Svedberg's patch to add accelerators for back and forward
* Mon Aug 9 2004 Christopher Aillon <caillon@xxxxxxxxxx>
- - Rebuild
* Wed Aug 4 2004 Christopher Aillon <caillon@xxxxxxxxxx>
- - Update to 0.9.1
- - Remove ld-library patch. It is upstream now.
* Wed Jun 23 2004 Christopher Aillon <caillon@xxxxxxxxxx>
- - Update ExclusiveArch
* Tue Jun 22 2004 Christopher Aillon <caillon@xxxxxxxxxx>
- - rebuilt
* Tue Jun 15 2004 Elliot Lee <sopwith@xxxxxxxxxx>
- - rebuilt
* Wed Apr 21 2004 Colin Walters <walters@xxxxxxxxxx> 0.9-3
- - Update patch to avoid (unlikely) security issue noticed
by Jeremy Katz.
* Thu Apr 15 2004 Colin Walters <walters@xxxxxxxxxx> 0.9-2
- - Apply patch from George Karabin <gkarabin@xxxxxxxxx> to
export LD_LIBRARY_PATH (closes bug 120220).
* Fri Apr 2 2004 Mark McLoughlin <markmc@xxxxxxxxxx> 0.9-1
- - Update to 0.9
- - Install the schemas correctly
- - Package /usr/bin/devhelp-bin
- - Update requires/buildrequires
- - Only build on platforms where mozilla is available
* Tue Mar 2 2004 Elliot Lee <sopwith@xxxxxxxxxx>
- - rebuilt
* Thu Feb 26 2004 Alexander Larsson <alexl@xxxxxxxxxx> 0.8.1-1
- - update to 0.8.1
* Fri Feb 13 2004 Elliot Lee <sopwith@xxxxxxxxxx>
- - rebuilt
* Mon Dec 1 2003 Jonathan Blandford <jrb@xxxxxxxxxx> 0.7.0-1
- - new version
- - Remove .la and .a files.
* Wed Jul 30 2003 Jonathan Blandford <jrb@xxxxxxxxxx>
- - remove original devhelp desktop file.
* Wed Jun 4 2003 Elliot Lee <sopwith@xxxxxxxxxx>
- - rebuilt
* Sat May 24 2003 Florian La Roche <Florian.LaRoche@xxxxxxxxx>
- - add find_lang
- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
35a8c0da37db4e40f5897fd624298293312844b5 SRPMS/devhelp-0.12-8.fc6.src.rpm
35a8c0da37db4e40f5897fd624298293312844b5 noarch/devhelp-0.12-8.fc6.src.rpm
7fdea1e6e16b6127b7b29d8d1b7f972980308ca4 ppc/debug/devhelp-debuginfo-0.12-8.fc6.ppc.rpm
f973598584b5df55f2a16e270acc88ab07acd105 ppc/devhelp-0.12-8.fc6.ppc.rpm
8675be40793479e1011d1819bd5b318e3b0eb070 ppc/devhelp-devel-0.12-8.fc6.ppc.rpm
641a1bbdf1cec793a44bff37fd54d6ade88cc3d1 x86_64/debug/devhelp-debuginfo-0.12-8.fc6.x86_64.rpm
e8e0d33dce51cce6a366ae2b6fe250e31c34f139 x86_64/devhelp-0.12-8.fc6.x86_64.rpm
341111e3a4351cd526dedcc0f9920edbb9936145 x86_64/devhelp-devel-0.12-8.fc6.x86_64.rpm
37ba350293db315736c902c9946c4015b7b0d73b i386/debug/devhelp-debuginfo-0.12-8.fc6.i386.rpm
c1fa693ef3bf8dee646b053ec64b91e6093eced5 i386/devhelp-devel-0.12-8.fc6.i386.rpm
7be7dab8eaf2e18af7ee00db33fbcc41afea3acc i386/devhelp-0.12-8.fc6.i386.rpm
This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
- ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBRVHuLPBT2+ukQ5RFAQE+JAgAhnc4+8gZ53rA/GieeNjRu9mWx2fO8fRC
k0hzlPP348E2aMipYZYPfd2UUjRzBcEbJzOFPj2u5lqUqsdDRL76UET+qrPbQs7e
1qwh5PFcBhO054JhQRofnXzBaMT6mlFDugglD9UVlJ8LA1MT0ChqfM3UTv8oZ/nB
7D7JP3LJCRXwVDN5sAFgSbFCXuZl8nVE/hvMr70FOzsbu0BNj6fKIwYhygaoZepe
/BfX4cWxYagHznaOOyeIbH2tS3veah+lV7jQay8vSStAPjmBmF0/Ux8e85nFRzp5
egQ9AuSSYOpmtCxNiwPYNCjjUEmurtDw6SXdY6AfUiB7rehvgTe+Mg==
=zxFx
-----END PGP SIGNATURE-----