LWN.net Logo

Advertisement

ThinLinc Terminal Server

Advanced thin client solution for Linux, based on Open Source. Mix Windows and Linux applications on the same desktop.

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LK2008: The values of the Linux community

LWN.net Weekly Edition for October 9, 2008

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Fedora alert FEDORA-2007-2601 (seamonkey)



From:
    	      updates@fedoraproject.org


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora 7 Update: seamonkey-1.1.5-1.fc7


Date:
    	      Wed, 24 Oct 2007 00:02:38 -0700


Message-ID:
    	      <200710240702.l9O71xAR021099@bastion.fedora.phx.redhat.com>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-2601
2007-10-24 07:02:15.462544
--------------------------------------------------------------------------------

Name        : seamonkey
Product     : Fedora 7
Version     : 1.1.5
Release     : 1.fc7
URL         : http://www.mozilla.org/projects/seamonkey/
Summary     : Web browser, e-mail, news, IRC client, HTML editor
Description :
SeaMonkey is an all-in-one Internet application suite. It includes
a browser, mail/news client, IRC client, JavaScript debugger, and
a tool to inspect the DOM for web pages. It is derived from the
application formerly known as Mozilla Application Suite.

--------------------------------------------------------------------------------
Update Information:

SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and
HTML editor.

By leveraging browser flaws, users could be fooled into possibly surrendering sensitive information
(CVE-2007-1095, CVE-2007-3511, CVE-2007-3844, CVE-2007-5334).

Malformed web content could result in the execution of arbitrary commands (CVE-2007-5338,
CVE-2007-5339, CVE-2007-5340).

Digest Authentication requests can be used to conduct a response splitting attack (CVE-2007-2292).

The sftp protocol handler could be used to view the contents of arbitrary local files
(CVE-2007-5337).

Users of SeaMonkey are advised to upgrade to these erratum packages, which contain patches that
correct these issues.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 19 2007 Kai Engert <kengert@redhat.com> - 1.1.5-1
- SeaMonkey 1.1.5
* Fri Jul 27 2007 Martin Stransky <stransky@redhat.com> - 1.1.3-2
- added pango patches
* Fri Jul 20 2007 Kai Engert <kengert@redhat.com> - 1.1.3-1
- SeaMonkey 1.1.3
* Thu May 31 2007 Kai Engert <kengert@redhat.com> 1.1.2-1
- SeaMonkey 1.1.2
--------------------------------------------------------------------------------
References:

  [ 1 ] CVE-2007-1095
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
  [ 2 ] CVE-2007-3511
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
  [ 3 ] CVE-2007-3844
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
  [ 4 ] CVE-2007-5334
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
  [ 5 ] CVE-2007-5338
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
  [ 6 ] CVE-2007-5339
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
  [ 7 ] CVE-2007-5340
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
  [ 8 ] CVE-2007-2292
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
  [ 9 ] CVE-2007-5337
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
--------------------------------------------------------------------------------
Updated packages:

2aec1a2ee6e4a628ab5932f1fed1781953aad368 seamonkey-debuginfo-1.1.5-1.fc7.ppc64.rpm
8be245f88946492d9873adffc2df8ab3acd02e33 seamonkey-1.1.5-1.fc7.ppc64.rpm
789f959ecf34848f7d2756b46f2a3d6e2008bed4 seamonkey-1.1.5-1.fc7.i386.rpm
ddd04fe9329198119d37db71219c088ad2cb382d seamonkey-debuginfo-1.1.5-1.fc7.i386.rpm
c98e1da7e5dad9b7ffd5b3b63915cc47439de3e4 seamonkey-1.1.5-1.fc7.x86_64.rpm
7e7631a3d5552ff0dc35c8152e707184431c4d90 seamonkey-debuginfo-1.1.5-1.fc7.x86_64.rpm
aaa6c15a699117bc3461bbf7324e0d311ee90ee3 seamonkey-debuginfo-1.1.5-1.fc7.ppc.rpm
921a176932a048252b39202202a9bb78586dc4ce seamonkey-1.1.5-1.fc7.ppc.rpm
aedcef2d03fba3ce19d67a642228614f7430e2fc seamonkey-1.1.5-1.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update seamonkey' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds