LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Serve your customers, not your servers, with VERIO Linux VPS. Full-access test-drive here.

Recent Features

LWN.net Weekly Edition for May 15, 2008

Distributed bug tracking

A Talk with Fedora Project Leader Paul Frields

LWN.net Weekly Edition for May 8, 2008

Blizzard tests the reach of copyright law

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Fedora alert FEDORA-2008-1435 (ruby-gnome2)



From:
    	      updates@fedoraproject.org


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora 7 Update: ruby-gnome2-0.16.0-21.fc7


Date:
    	      Tue, 12 Feb 2008 21:51:06 -0700


Message-ID:
    	      <200802130451.m1D4pIXK003989@bastion.fedora.phx.redhat.com>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-1435
2008-02-13 04:08:48
--------------------------------------------------------------------------------

Name        : ruby-gnome2
Product     : Fedora 7
Version     : 0.16.0
Release     : 21.fc7
URL         : http://ruby-gnome2.sourceforge.jp/
Summary     : Ruby binding of libgnome/libgnomeui-2.x
Description :
This is a set of bindings for the GNOME-2.x libraries for use from Ruby.

--------------------------------------------------------------------------------
Update Information:

Mozilla Firefox is an open source Web browser.    Several flaws were found in
the way Firefox processed certain malformed web content. A webpage containing
malicious content could cause Firefox to crash, or potentially execute arbitrary
code as the user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,
CVE-2008-0419)    Several flaws were found in the way Firefox displayed
malformed web content. A webpage containing specially-crafted content could
trick a user into surrendering sensitive information. (CVE-2008-0591,
CVE-2008-0593)    A flaw was found in the way Firefox stored password data. If a
user saves login information for a malicious website, it could be possible to
corrupt the password database, preventing the user from properly accessing saved
password data. (CVE-2008-0417)    A flaw was found in the way Firefox handles
certain chrome URLs. If a user has certain extensions installed, it could allow
a malicious website to steal sensitive session data. Note: this flaw does not
affect a default installation of Firefox. (CVE-2008-0418)    A flaw was found in
the way Firefox saves certain text files. If a website offers a file of type
"plain/text", rather than "text/plain", Firefox will not show future
"text/plain" content to the user in the browser, forcing them to save those
files locally to view the content. (CVE-2008-0592)    Users of firefox are
advised to upgrade to these updated packages, which contain updated packages to
resolve these issues.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb  8 2008 Christopher Aillon <caillon@redhat.com> 0.16.0-21
- Rebuild against newer gecko
* Sat Jan 26 2008 Allisson Azevedo <allisson@gmail.com> 0.16.0-20
- Fix libglade2 patch order
* Sat Jan 26 2008 Allisson Azevedo <allisson@gmail.com> 0.16.0-19
- Fix libglade2 Undefined method error (bugzilla #428781)
* Tue Dec  4 2007 Allisson Azevedo <allisson@gmail.com> 0.16.0-18
- Fix CVE-2007-6183, format string vulnerability (bugzilla #402871)
* Tue Nov 27 2007 Christopher Aillon <caillon@redhat.com> 0.16.0-17
- Rebuild against newer gecko
* Tue Nov 13 2007 Alex Lancaster <alexl@users.sourceforge.net> 0.16.0-16
- Fix my typo in BuildRequires
* Tue Nov 13 2007 Alex Lancaster <alexl@users.sourceforge.net> 0.16.0-15
- Rebuild against gecko-libs and gecko-devel (firefox 2.0.0.9).
* Thu Oct 25 2007 Allisson Azevedo <allisson@gmail.com> 0.16.0-14
- Rebuild against gecko-libs and gecko-devel
* Wed Oct 24 2007 Allisson Azevedo <allisson@gmail.com> 0.16.0-13
- Rebuild against new firefox
* Thu Sep 13 2007 Allisson Azevedo <allisson@gmail.com> 0.16.0-12
- Newpoppler.patch updated for poppler 0.6
* Sat Sep  8 2007 Allisson Azevedo <allisson@gmail.com> 0.16.0-11
- Rebuild against new poppler
- Changed license to LGPLv2+
* Thu Aug  9 2007 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> 0.16.0-10
- Adjust to GLib 2.14 API + typo fix in glib module
* Thu Aug  9 2007 Allisson Azevedo <allisson@gmail.com> 0.16.0-9
- Rebuild against new firefox
* Sat Aug  4 2007 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> 0.16.0-8
- Apply patch extracted from CVS to build glib gtk poppler
* Fri Jul 20 2007 Jesse Keating <jkeating@redhat.com> 0.16.0-7
- Rebuild against new firefox
* Thu May 31 2007 Allisson Azevedo <allisson@gmail.com> 0.16.0-6
- New gecko engine
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #431732 - CVE-2008-0412 Mozilla layout engine crashes
        https://bugzilla.redhat.com/show_bug.cgi?id=431732
  [ 2 ] Bug #431733 - CVE-2008-0413 Mozilla javascript engine crashes
        https://bugzilla.redhat.com/show_bug.cgi?id=431733
  [ 3 ] Bug #432040 - CVE-2008-0414 mozilla: multiple file input focus stealing vulnerabilities
        https://bugzilla.redhat.com/show_bug.cgi?id=432040
  [ 4 ] Bug #431739 - CVE-2008-0415 Mozilla arbitrary code execution
        https://bugzilla.redhat.com/show_bug.cgi?id=431739
  [ 5 ] Bug #431742 - CVE-2008-0417 Mozilla arbitrary code execution
        https://bugzilla.redhat.com/show_bug.cgi?id=431742
  [ 6 ] Bug #431748 - CVE-2008-0418 Mozilla chrome: directory traversal
        https://bugzilla.redhat.com/show_bug.cgi?id=431748
  [ 7 ] Bug #431749 - CVE-2008-0419 Mozilla arbitrary code execution
        https://bugzilla.redhat.com/show_bug.cgi?id=431749
  [ 8 ] Bug #431751 - CVE-2008-0591 Mozilla information disclosure flaw
        https://bugzilla.redhat.com/show_bug.cgi?id=431751
  [ 9 ] Bug #431752 - CVE-2008-0592 Mozilla text file mishandling
        https://bugzilla.redhat.com/show_bug.cgi?id=431752
  [ 10 ] Bug #431756 - CVE-2008-0593 Mozilla URL token stealing flaw
        https://bugzilla.redhat.com/show_bug.cgi?id=431756
  [ 11 ] Bug #432036 - CVE-2008-0594 mozilla: web forgery warning may not be displayed
        https://bugzilla.redhat.com/show_bug.cgi?id=432036
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update ruby-gnome2' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.