| ||||||||||||||||
Ubuntu alert USN-354-1 (firefox)
=========================================================== Ubuntu Security Notice USN-354-1 October 02, 2006 firefox vulnerabilities CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812, CVE-2006-4253, CVE-2006-4340, CVE-2006-4565, CVE-2006-4566, CVE-2006-4567, CVE-2006-4568, CVE-2006-4569, CVE-2006-4571 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: firefox 1.5.dfsg+1.5.0.7-0ubuntu5.10.3 firefox-dom-inspector 1.5.dfsg+1.5.0.7-0ubuntu5.10.3 firefox-gnome-support 1.5.dfsg+1.5.0.7-0ubuntu5.10.3 devhelp 0.10-1ubuntu2.1 devhelp-common 0.10-1ubuntu2.1 epiphany-browser 1.8.2-0ubuntu1.1 epiphany-browser-dev 1.8.2-0ubuntu1.1 gnome-app-install 0+20051005.1 libdevhelp-1-0 0.10-1ubuntu2.1 libdevhelp-1-dev 0.10-1ubuntu2.1 mozilla-firefox-locale-af-za 1.5-ubuntu5.10-1 mozilla-firefox-locale-ast-es 1.5-ubuntu5.10-1 mozilla-firefox-locale-bg-bg 1.5-ubuntu5.10-1 mozilla-firefox-locale-cs-cz 1.5-ubuntu5.10-1 mozilla-firefox-locale-da-dk 1.5-ubuntu5.10-1 mozilla-firefox-locale-de 1.5-ubuntu5.10-1 mozilla-firefox-locale-de-de 1.5-ubuntu5.10-1 mozilla-firefox-locale-en-gb 1.5-ubuntu5.10-1 mozilla-firefox-locale-es 1.5-ubuntu5.10-1 mozilla-firefox-locale-es-ar 1.5-ubuntu5.10-1 mozilla-firefox-locale-es-es 1.5-ubuntu5.10-1 mozilla-firefox-locale-fi-fi 1.5-ubuntu5.10-1 mozilla-firefox-locale-fr 1.5-ubuntu5.10-1 mozilla-firefox-locale-fr-fr 1.5-ubuntu5.10-1 mozilla-firefox-locale-ga-ie 1.5-ubuntu5.10-1 mozilla-firefox-locale-gu-in 1.5-ubuntu5.10-1 mozilla-firefox-locale-he-il 1.5-ubuntu5.10-1 mozilla-firefox-locale-hu-hu 1.5-ubuntu5.10-1 mozilla-firefox-locale-mk-mk 1.5-ubuntu5.10-1 mozilla-firefox-locale-nl-nl 1.5-ubuntu5.10-1 mozilla-firefox-locale-pa-in 1.5-ubuntu5.10-1 mozilla-firefox-locale-pl 1.5-ubuntu5.10-1 mozilla-firefox-locale-pl-pl 1.5-ubuntu5.10-1 mozilla-firefox-locale-pt-br 1.5-ubuntu5.10-1 mozilla-firefox-locale-pt-pt 1.5-ubuntu5.10-1 mozilla-firefox-locale-ro-ro 1.5-ubuntu5.10-1 mozilla-firefox-locale-ru-ru 1.5-ubuntu5.10-1 mozilla-firefox-locale-sl-si 1.5-ubuntu5.10-1 mozilla-firefox-locale-sq-al 1.5-ubuntu5.10-1 mozilla-firefox-locale-sv 1.5-ubuntu5.10-1 mozilla-firefox-locale-sv-se 1.5-ubuntu5.10-1 mozilla-firefox-locale-tr-tr 1.5-ubuntu5.10-1 mozilla-firefox-locale-xh-za 1.5-ubuntu5.10-1 mozilla-firefox-locale-zh-cn 1.5-ubuntu5.10-1 mozilla-firefox-locale-zh-tw 1.5-ubuntu5.10-1 yelp 2.12.1-0ubuntu1.1 After a standard system upgrade you need to restart Firefox to effect the necessary changes. Since the 1.0.x series of Firefox is not supported any more, this update introduces the firefox 1.5 series into Ubuntu 5.10. Please check whether all your extensions still work as expected. Details follow: Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious URL. (CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3811, CVE-2006-3812, CVE-2006-4253, CVE-2006-4565, CVE-2006-4566, CVE-2006-4568, CVE-2006-4569 CVE-2006-4571) Cross-site scripting vulnerabilities were found in the XPCNativeWrapper() function and native DOM method handlers. A malicious web site could exploit these to modify the contents or steal confidential data (such as passwords) from other opened web pages. (CVE-2006-3802, CVE-2006-3810) A bug was found in the script handler for automatic proxy configuration. A malicious proxy could send scripts which could execute arbitrary code with the user's privileges. (CVE-2006-3808) The NSS library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge valid signatures without the need of the secret key. (CVE-2006-4340) Jon Oberheide reported a way how a remote attacker could trick users into downloading arbitrary extensions with circumventing the normal SSL certificate check. The attacker would have to be in a position to spoof the victim's DNS, causing them to connect to sites of the attacker's choosing rather than the sites intended by the victim. If they gained that control and the victim accepted the attacker's cert for the Mozilla update site, then the next update check could be hijacked and redirected to the attacker's site without detection. (CVE-2006-4567) Packages which embed or extend Firefox have been updated to work with the new version. Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 175367 a26d52d72d57fa4447cdc6c4d8120d9e http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 1056 b9d557cd0d8d2105dde2c669d958ac18 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 43116523 025ca9a48809d142dd4817e396157afa http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/dev... Size/MD5: 12508 2d1f8e2d37966901a16125834c48a5ae http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/dev... Size/MD5: 1674 50224ab103882c85e8584773f70d0b0b http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/dev... Size/MD5: 532744 79e71acb839ca504f37cccf2e520abe1 http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-br... Size/MD5: 13906 7351cceba02fb251087d19c9fada3539 http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-br... Size/MD5: 2223 f1784da472d75a158d5008b72db78c29 http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-br... Size/MD5: 4657374 2232bfd4090f9f9187c84bc46f785471 http://security.ubuntu.com/ubuntu/pool/main/g/gnome-app-i... Size/MD5: 616 5b63f100196cc122a0d14fb10128fe0a http://security.ubuntu.com/ubuntu/pool/main/g/gnome-app-i... Size/MD5: 2722120 c1b93c90799172e7939737b685849028 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-fir... Size/MD5: 17550 75aba6066f369b482725b6ecafe351b5 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-fir... Size/MD5: 1711 8643261713bcaededc638c59ddb5a639 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-fir... Size/MD5: 3834374 cbb9bc1c91c73b100a134ffef3527575 http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2... Size/MD5: 10203 52a694c6ae7dd1b2cf47d23fa405cb32 http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2... Size/MD5: 1716 a81a9690f6ae9313f143764f1577353e http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2... Size/MD5: 1126243 8e4a9cdacb146ee9094281a2a809de1b Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/f/firefox... Size/MD5: 49450 a96a7f73505926f9670b5db1507d8a63 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/moz... Size/MD5: 50340 822d93a2f02f32e0c4b05e6a0d18d251 http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/dev... Size/MD5: 42554 d3a1266307910c8d97cf0a61765f6be6 http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-br... Size/MD5: 155316 985cbd3ceba8913d1c6b658634f5515f http://security.ubuntu.com/ubuntu/pool/main/g/gnome-app-i... Size/MD5: 2363516 2951dc5a3fa5363484a2ded4e9d63525 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-fir... Size/MD5: 14920 3d8b3b0207b6dbbd50a18f44124be44d http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-fir... Size/MD5: 14922 ce395b5cb94745bccc6d339aeaa47af6 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla... Size/MD5: 177054 301d8b790f931e8fced7d729462b119f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-fir... Size/MD5: 167818 1130c3f572b0c3212e19db196869e6c1 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-fir... Size/MD5: 156822 16dd2084e870f2b103e31475bab8fbc2 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-fir... Size/MD5: 156254 ec05416b5cf4a1404834a91aa7780636 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla... Size/MD5: 14948 47a942dd614f3690468ace7dfce944a4 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-fir... Size/MD5: 153066 c6ef3d6a1796a7187064d8dd8efade2d http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-fir... Size/MD5: 160414 c2d04fa793a6c8537921825ad9d3fed3 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-fir... Size/MD5: 146512 7c879206052a84628f2cb1dba61225a2 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla... Size/MD5: 14962 45b0b022da96d82426e0379789e76115 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-fir... Size/MD5: 157538 dc7d6ba83a34dc635d5ba13a6e00fb85 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-fir... Size/MD5: 218898 08bac23bc1814781169971c79e340029 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla... Size/MD5: 14952 cc5d3ba9021d9c7935e88820c3b1cb22 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-fir... Size/MD5: 159686 6e7cfaad656bd78d391e87d3efdaf15c http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla... Size/MD5: 176464 071b3ed411c73bd2e4b3de929c59e17a http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-fir... Size/MD5: 159710 61f6d12b159c9769ec245cafd3a44416 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-fir... Size/MD5: 168628 ff688d627228681bd3578e4193ec85bc http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla... Size/MD5: 176372 b2d833c6ec5a6a7be6d65cbcd852d4d6 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-fir... Size/MD5: 166614 2ad5e24d1ab820968e352198acafe73b http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla... Size/MD5: 166320 4a3310c669c84b411c556de9be00c9ae http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-fir... Size/MD5: 256734 8fd75e6450ea6c262259d3f5c97ed0d6 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla... Size/MD5: 14950 d9e41ad5ebd9fa22e4e6368ccdb84e56 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-fir... Size/MD5: 158306 2ebf181536dfc4fabf7264459d8168d9 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-fir... Size/MD5: 14918 cde145bb4308469314341fdce0df4150 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-fir... Size/MD5: 157404 74e2fda0bbddc1ae9494d971b8b94000 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-fir... Size/MD5: 184988 10a5c4a5bfbbb5564e512f307d3affd0 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-fir... Size/MD5: 159592 a12d61905553ac247cdd5cabfbea8266 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla... Size/MD5: 14920 3cf47efcf547af1eefcb9a37468d9264 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-fir... Size/MD5: 169870 60dd6cd5b9c870fc03bd89d8ad8ba68b http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla... Size/MD5: 14952 716f89f697d527336ddc754422b61f9e http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-fir... Size/MD5: 150822 e655fabf918cde4d5dbec858198dfc2b http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-fir... Size/MD5: 14924 5d0a3d18420c2dceb9943098b1cc5edb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-fir... Size/MD5: 150806 2bf7032ceccd2f2691d4210711ce533b http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-fir... Size/MD5: 141592 c4ab2103bcd210600bf2180b57e4c0a4 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 3151994 d6fbafaa57ddf56a5d2c15d0d0b7a54a http://security.ubuntu.com/ubuntu/pool/universe/f/firefox... Size/MD5: 216360 ada223fd220cc75f1cf061cd44294a1c http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 82664 be7890c0fa145f6a1e76e9abdbfd500f http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 10222068 bccb7d71de1abbe3036fe130d5f5d1a0 http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/dev... Size/MD5: 48324 ad3fbfef83d3cf097e377be6dd9e0f75 http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-br... Size/MD5: 2079044 4aee57db6320497c7739f70ef350f752 http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/lib... Size/MD5: 72862 1e41cee42bd67a3dbe0aaf4d9b1d8bae http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/lib... Size/MD5: 71654 6a79359848bfa3324b9619db75431060 http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2... Size/MD5: 229922 b1f9ca522767d93f64e59ada4fe01ec7 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 3152010 59a8bc4edc49fcd2ec6a0b905ae3b4fe http://security.ubuntu.com/ubuntu/pool/universe/f/firefox... Size/MD5: 209884 8ec25aa9f564f83747edc4998a54a7e1 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 75022 1e84dccc6587ae34f3f201c21d15e8b6 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 8644430 4c998b81cbdd13cff81cbf77c18edf9b http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/dev... Size/MD5: 48072 c032680500dc8c5d47ef50cf458c8bb0 http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-br... Size/MD5: 2036736 50122be5b65d5cbfe84a3f103be32100 http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/lib... Size/MD5: 69370 1b0c3dbdf68c4026c39e4a20cd32f4f1 http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/lib... Size/MD5: 65234 838439c919084ee33c3f36a82d51d0a9 http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2... Size/MD5: 220626 2b86b96b577e9c67b68aeb92a37e7ef1 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 3152066 ecbc956d8fdd0b70cda57dad123005af http://security.ubuntu.com/ubuntu/pool/universe/f/firefox... Size/MD5: 213294 e83df33479eb5a7c075394ad48c2686c http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 78272 3702fb290fc9a477f43b72372d9e9029 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 9826234 5bedd17d1e16eff3e1876798e675350f http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/dev... Size/MD5: 49832 84caef479729caf65c18e90bc3f023a1 http://security.ubuntu.com/ubuntu/pool/main/e/epiphany-br... Size/MD5: 2056216 e384f64d7861c356659504e4c440be81 http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/lib... Size/MD5: 70986 15343da493ea42d99fc5a9ac63e398f6 http://security.ubuntu.com/ubuntu/pool/main/d/devhelp/lib... Size/MD5: 72078 e55e86a842651dddefef98ab21ddb106 http://security.ubuntu.com/ubuntu/pool/main/y/yelp/yelp_2... Size/MD5: 225382 7f30ecd915d851c66791fbfddebb5c49 (Log in to post comments)
|
||||||||||||||||