---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-936
2005-09-26
---------------------------------------------------------------------
Product : Fedora Core 4
Name : ruby
Version : 1.8.3
Release : 1.fc4
Summary : An interpreter of object-oriented scripting language
Description :
Ruby is the interpreted scripting language for quick and easy
object-oriented programming. It has many features to process text
files and to do system management tasks (as in Perl). It is simple,
straight-forward, and extensible.
---------------------------------------------------------------------
* Mon Sep 26 2005 Akira TAGOH <tagoh(a)redhat.com> - 1.8.3-1.fc4
- New upstream release.
- Build-Requires xorg-x11-devel instead of XFree86-devel.
- ruby-multilib.patch: applied for only 64-bit archs.
- ruby-1.8.2-xmlrpc-CAN-2005-1992.patch: removed. it has already been in upstream.
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
4e626fdffced83cffcd5986cfd15b6ed SRPMS/ruby-1.8.3-1.fc4.src.rpm
bcf79824a5ebe8024b0b0580594e8951 ppc/ruby-1.8.3-1.fc4.ppc.rpm
2a6da173ddec2a1063461c0203f52952 ppc/ruby-libs-1.8.3-1.fc4.ppc.rpm
b1aa5b6d4aee96dd04d4c52295f50241 ppc/ruby-devel-1.8.3-1.fc4.ppc.rpm
f65346c131be9db07981046c39e27040 ppc/ruby-tcltk-1.8.3-1.fc4.ppc.rpm
b8d514f4a41fccae58c31cf0fbb444ed ppc/irb-1.8.3-1.fc4.ppc.rpm
a0c003dd30b34bf0c7b2a0ee69e381ad ppc/rdoc-1.8.3-1.fc4.ppc.rpm
ca8ca4501cbdca8aa5f1606aae285171 ppc/ruby-docs-1.8.3-1.fc4.ppc.rpm
04e2141036af40b58e64a731b7050e2e ppc/ruby-mode-1.8.3-1.fc4.ppc.rpm
bb753065890a7e9f5a11e3219a818d2d ppc/ri-1.8.3-1.fc4.ppc.rpm
c0728cd90899b39d2554cad34001fb4b ppc/debug/ruby-debuginfo-1.8.3-1.fc4.ppc.rpm
8b3b5f33c4a101cdf634b98f695f4bf4 ppc/ruby-libs-1.8.3-1.fc4.ppc64.rpm
6b6bf5dfffad308b7ebb3c9f85f33e6d x86_64/ruby-1.8.3-1.fc4.x86_64.rpm
9bb80db6011847f316c306b0bbb901b2 x86_64/ruby-libs-1.8.3-1.fc4.x86_64.rpm
d2f411fcd4fd7dd5083029b02eed31fe x86_64/ruby-devel-1.8.3-1.fc4.x86_64.rpm
3480600038cedb3707b2e3d55b16c3f1 x86_64/ruby-tcltk-1.8.3-1.fc4.x86_64.rpm
bca2e40157bb79fa4d00dccfaed48fbb x86_64/irb-1.8.3-1.fc4.x86_64.rpm
dd8a19f19feb81b079bb0faef36bccd3 x86_64/rdoc-1.8.3-1.fc4.x86_64.rpm
28c7621d866f9f9590a55d075d51ea3c x86_64/ruby-docs-1.8.3-1.fc4.x86_64.rpm
99990b23aa65a91386dd2b0a3228301e x86_64/ruby-mode-1.8.3-1.fc4.x86_64.rpm
b8e59d1e714bdd904cb88da29832448d x86_64/ri-1.8.3-1.fc4.x86_64.rpm
f9df406d68c01402bf66185181e75b60 x86_64/debug/ruby-debuginfo-1.8.3-1.fc4.x86_64.rpm
dc80874e60689c48ea04f87080236958 x86_64/ruby-libs-1.8.3-1.fc4.i386.rpm
6c8a70455a905f5175afdad5c8e1d950 i386/ruby-1.8.3-1.fc4.i386.rpm
dc80874e60689c48ea04f87080236958 i386/ruby-libs-1.8.3-1.fc4.i386.rpm
705dec9a6ae4bb208d63f6bc6bc7a16c i386/ruby-devel-1.8.3-1.fc4.i386.rpm
85fc1a080ed298cea9586a5fc4bfe5cb i386/ruby-tcltk-1.8.3-1.fc4.i386.rpm
a84cf48cfb7a84943e398501df7e1dd5 i386/irb-1.8.3-1.fc4.i386.rpm
8361625bd9bfe958eaf801f12381085b i386/rdoc-1.8.3-1.fc4.i386.rpm
443b8992777dff4ac642f36f63c1b180 i386/ruby-docs-1.8.3-1.fc4.i386.rpm
de2918b9054ac7c8154ddfb964d99c9d i386/ruby-mode-1.8.3-1.fc4.i386.rpm
e19352deace1a16b976143d6b01e3cf8 i386/ri-1.8.3-1.fc4.i386.rpm
aef19ecbc09d5545116d9e10bcfc34b0 i386/debug/ruby-debuginfo-1.8.3-1.fc4.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-921
2005-09-26
---------------------------------------------------------------------
Product : Fedora Core 4
Name : selinux-policy-targeted
Version : 1.27.1
Release : 2.2
Summary : SELinux targeted policy configuration
Description :
Security-enhanced Linux is a patch of the Linux® kernel and a number
of utilities with enhanced security functionality designed to add
mandatory access controls to Linux. The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These
architectural components provide general support for the enforcement
of many kinds of mandatory access control policies, including those
based on the concepts of Type Enforcement®, Role-based Access
Control, and Multi-level Security.
This package contains the SELinux example policy configuration along
with the Flask configuration information and the application
configuration files.
---------------------------------------------------------------------
* Fri Sep 23 2005 Dan Walsh <dwalsh(a)redhat.com> 1.27.1-2.2
- Put back in role sysadm_r unconfined_t;
* Mon Sep 19 2005 Dan Walsh <dwalsh(a)redhat.com> 1.27.1-2.1
- Update to match rawhide
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
ad9c7998c6a7e31322d7386fad096f75 SRPMS/selinux-policy-targeted-1.27.1-2.2.src.rpm
35c2178809215084757ceff810b5b8e8 x86_64/selinux-policy-targeted-1.27.1-2.2.noarch.rpm
08f2bb43b1dd1e134ad486a54b913999 x86_64/selinux-policy-targeted-sources-1.27.1-2.2.noarch.rpm
35c2178809215084757ceff810b5b8e8 i386/selinux-policy-targeted-1.27.1-2.2.noarch.rpm
08f2bb43b1dd1e134ad486a54b913999 i386/selinux-policy-targeted-sources-1.27.1-2.2.noarch.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-934
2005-09-26
---------------------------------------------------------------------
Product : Fedora Core 3
Name : epiphany
Version : 1.4.9
Release : 1
Summary : GNOME web browser based on the Mozilla rendering engine
Description :
epiphany is a simple GNOME web browser based on the Mozilla rendering
engine
---------------------------------------------------------------------
Update Information:
There were several security flaws found in the mozilla
package, which epiphany depends on. Users of epiphany are
advised to upgrade to this updated package which has been
rebuilt against a version of mozilla not vulnerable to these
flaws.
---------------------------------------------------------------------
* Fri Sep 23 2005 Christopher Aillon <caillon(a)redhat.com> 1.4.9-1
- Rebuild
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
32236225d99d32d64ea8f5dfd9e4b3c2 SRPMS/epiphany-1.4.9-1.src.rpm
6e6bb4f22a3fe0a299b6c0641e500303 x86_64/epiphany-1.4.9-1.x86_64.rpm
e374310ea30a84809dfdacc7c30669f5 x86_64/epiphany-devel-1.4.9-1.x86_64.rpm
0983eb0d4dc08e6db2041605046d342c x86_64/debug/epiphany-debuginfo-1.4.9-1.x86_64.rpm
7ef3906d97cc69493831e50802131b3f i386/epiphany-1.4.9-1.i386.rpm
38d442bf2bf276d82e951bd6280d26c2 i386/epiphany-devel-1.4.9-1.i386.rpm
eb9cf478507af7e157916b2d96a426eb i386/debug/epiphany-debuginfo-1.4.9-1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-933
2005-09-26
---------------------------------------------------------------------
Product : Fedora Core 3
Name : devhelp
Version : 0.9.2
Release : 2.3.6
Summary : API document browser
Description :
A API document browser for GNOME 2.
---------------------------------------------------------------------
Update Information:
There were several security flaws found in the mozilla
package, which devhelp depends on. Users of devhelp are
advised to upgrade to this updated package which has been
rebuilt against a version of mozilla not vulnerable to these
flaws.
---------------------------------------------------------------------
* Fri Sep 23 2005 Christopher Aillon <caillon(a)redhat.com> 0.9.2-2.3.6
- Rebuild
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
25e0cbd798a784e3eb50d26211068c4f SRPMS/devhelp-0.9.2-2.3.6.src.rpm
c0fff5a92df366d8a4d621081d30a0f5 x86_64/devhelp-0.9.2-2.3.6.x86_64.rpm
f8981d6d4a88ab3074b5f39fabf4a3ff x86_64/devhelp-devel-0.9.2-2.3.6.x86_64.rpm
cb679bd693de6751fa51c1db0e853b66 x86_64/debug/devhelp-debuginfo-0.9.2-2.3.6.x86_64.rpm
2887b24dc6e595db9027ce92fac499bf i386/devhelp-0.9.2-2.3.6.i386.rpm
2cf474e30dd1c01465688faab4c9c409 i386/devhelp-devel-0.9.2-2.3.6.i386.rpm
997ec5c53e2070140a3a82706b3a02fe i386/debug/devhelp-debuginfo-0.9.2-2.3.6.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-932
2005-09-26
---------------------------------------------------------------------
Product : Fedora Core 3
Name : mozilla
Version : 1.7.12
Release : 1.3.1
Summary : Web browser and mail reader
Description :
Mozilla is an open-source web browser, designed for standards
compliance, performance and portability.
---------------------------------------------------------------------
Update Information:
Updated mozilla packages that fix several security bugs are
now available for Fedora Core 3.
This update has been rated as having critical security
impact by the Fedora Security Response Team.
Mozilla is an open source Web browser, advanced email and
newsgroup client, IRC chat client, and HTML editor.
A bug was found in the way Mozilla processes XBM image
files. If a user views a specially crafted XBM file, it
becomes possible to execute arbitrary code as the user
running Mozilla. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2005-2701
to this issue.
A bug was found in the way Mozilla processes certain Unicode
sequences. It may be possible to execute arbitrary code as
the user running Mozilla, if the user views a specially
crafted Unicode sequence. (CAN-2005-2702)
A bug was found in the way Mozilla makes XMLHttp requests.
It is possible that a malicious web page could leverage this
flaw to exploit other proxy or server flaws from the
victim's machine. It is also possible that this flaw could
be leveraged to send XMLHttp requests to hosts other than
the originator; the default behavior of the browser is to
disallow this. (CAN-2005-2703)
A bug was found in the way Mozilla implemented its XBL
interface. It may be possible for a malicious web page to
create an XBL binding in a way that would allow arbitrary
JavaScript execution with chrome permissions. Please note
that in Mozilla 1.7.10 this issue is not directly
exploitable and would need to leverage other unknown
exploits. (CAN-2005-2704)
An integer overflow bug was found in Mozilla's JavaScript
engine. Under favorable conditions, it may be possible for a
malicious web page to execute arbitrary code as the user
running Mozilla. (CAN-2005-2705)
A bug was found in the way Mozilla displays about: pages. It
is possible for a malicious web page to open an about: page,
such as about:mozilla, in such a way that it becomes
possible to execute JavaScript with chrome privileges.
(CAN-2005-2706)
A bug was found in the way Mozilla opens new windows. It is
possible for a malicious web site to construct a new window
without any user interface components, such as the address
bar and the status bar. This window could then be used to
mislead the user for malicious purposes. (CAN-2005-2707)
Users of Mozilla are advised to upgrade to this updated
package that contains Mozilla version 1.7.12 and is not
vulnerable to these issues.
---------------------------------------------------------------------
* Thu Sep 22 2005 Christopher Aillon <caillon(a)redhat.com> 37:1.7.12-1.3.1
- Update to 1.7.12, containing fixes for:
CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704
CAN-2005-2705 CAN-2005-2706 CAN-2005-2707 CAN-2005-2968
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
63bd78810cf5b5536353633a747c30a2 SRPMS/mozilla-1.7.12-1.3.1.src.rpm
e284cf3bf15bbd75a034403803780f7b x86_64/mozilla-1.7.12-1.3.1.x86_64.rpm
03de6b7b8717b06cd340a4ef24e77968 x86_64/mozilla-nspr-1.7.12-1.3.1.x86_64.rpm
4f0845e48ac3dc090328f8ccc4d05223 x86_64/mozilla-nspr-devel-1.7.12-1.3.1.x86_64.rpm
7592b2aaa765de6b2663dd1e874c92b7 x86_64/mozilla-nss-1.7.12-1.3.1.x86_64.rpm
626844eb2fe11ea77d995774754f9031 x86_64/mozilla-nss-devel-1.7.12-1.3.1.x86_64.rpm
51836f29a3241931115639aafacdbada x86_64/mozilla-devel-1.7.12-1.3.1.x86_64.rpm
5977fc3d3e271f470cde62c3c65654aa x86_64/mozilla-mail-1.7.12-1.3.1.x86_64.rpm
6a8720bf69cd9d5de1e441fa78b11f7d x86_64/mozilla-chat-1.7.12-1.3.1.x86_64.rpm
726a24bc7f7d89f8ecf16425b82f46fc x86_64/mozilla-js-debugger-1.7.12-1.3.1.x86_64.rpm
8365d36d8a9a3ff32214d539ee6e2851 x86_64/mozilla-dom-inspector-1.7.12-1.3.1.x86_64.rpm
6a48abbf3dffac1559bd832727534848 x86_64/debug/mozilla-debuginfo-1.7.12-1.3.1.x86_64.rpm
4b13cf4c6680ffcacef3c32c7216835c x86_64/mozilla-nspr-1.7.12-1.3.1.i386.rpm
7a6d96394cb522bb87fddb8b1f1de2bc x86_64/mozilla-nss-1.7.12-1.3.1.i386.rpm
196301d969606f6b24539fe115b20c85 i386/mozilla-1.7.12-1.3.1.i386.rpm
4b13cf4c6680ffcacef3c32c7216835c i386/mozilla-nspr-1.7.12-1.3.1.i386.rpm
108c926ed91f44c61413323079682120 i386/mozilla-nspr-devel-1.7.12-1.3.1.i386.rpm
7a6d96394cb522bb87fddb8b1f1de2bc i386/mozilla-nss-1.7.12-1.3.1.i386.rpm
d5297a5613453214304e8f066a174736 i386/mozilla-nss-devel-1.7.12-1.3.1.i386.rpm
f6822735fb99eab4f77d5cf9e5310aaa i386/mozilla-devel-1.7.12-1.3.1.i386.rpm
f2b13215621464fd2d1121b3df958d7a i386/mozilla-mail-1.7.12-1.3.1.i386.rpm
045f61a21038fc15eb78ca700677e70d i386/mozilla-chat-1.7.12-1.3.1.i386.rpm
0d4d7b682ccffc4aa61c0468cb4e5096 i386/mozilla-js-debugger-1.7.12-1.3.1.i386.rpm
be245dfb92cb4b610f2349888fceefa4 i386/mozilla-dom-inspector-1.7.12-1.3.1.i386.rpm
f5d066e3bd2b12a561ec1f54399aef99 i386/debug/mozilla-debuginfo-1.7.12-1.3.1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-931
2005-09-26
---------------------------------------------------------------------
Product : Fedora Core 3
Name : firefox
Version : 1.0.7
Release : 1.1.fc3
Summary : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.
---------------------------------------------------------------------
Update Information:
An updated firefox package that fixes several security bugs
is now available for Fedora Core 3.
This update has been rated as having critical security
impact by the Fedora Security Response Team.
Mozilla Firefox is an open source Web browser.
A bug was found in the way Firefox processes XBM image
files. If a user views a specially crafted XBM file, it
becomes possible to execute arbitrary code as the user
running Firefox. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2005-2701
to this issue.
A bug was found in the way Firefox processes certain Unicode
sequences. It may be possible to execute arbitrary code as
the user running Firefox if the user views a specially
crafted Unicode sequence. (CAN-2005-2702)
A bug was found in the way Firefox makes XMLHttp requests.
It is possible that a malicious web page could leverage this
flaw to exploit other proxy or server flaws from the
victim's machine. It is also possible that this flaw could
be leveraged to send XMLHttp requests to hosts other than
the originator; the default behavior of the browser is to
disallow this. (CAN-2005-2703)
A bug was found in the way Firefox implemented its XBL
interface. It may be possible for a malicious web page to
create an XBL binding in such a way that would allow
arbitrary JavaScript execution with chrome permissions.
Please note that in Firefox 1.0.6 this issue is not directly
exploitable and will need to leverage other unknown
exploits. (CAN-2005-2704)
An integer overflow bug was found in Firefox's JavaScript
engine. Under favorable conditions, it may be possible for a
malicious web page to execute arbitrary code as the user
running Firefox. (CAN-2005-2705)
A bug was found in the way Firefox displays about: pages. It
is possible for a malicious web page to open an about: page,
such as about:mozilla, in such a way that it becomes
possible to execute JavaScript with chrome privileges.
(CAN-2005-2706)
A bug was found in the way Firefox opens new windows. It is
possible for a malicious web site to construct a new window
without any user interface components, such as the address
bar and the status bar. This window could then be used to
mislead the user for malicious purposes. (CAN-2005-2707)
A bug was found in the way Firefox processes URLs passed to
it on the command line. If a user passes a malformed URL to
Firefox, such as clicking on a link in an instant messaging
program, it is possible to execute arbitrary commands as the
user running Firefox. (CAN-2005-2968)
Users of Firefox are advised to upgrade to this updated
package that contains Firefox version 1.0.7 and is not
vulnerable to these issues.
---------------------------------------------------------------------
* Thu Sep 22 2005 Christopher Aillon <caillon(a)redhat.com> 0:1.0.7-1.1.fc3
- Update to 1.0.7, containing fixes for:
CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704
CAN-2005-2705 CAN-2005-2706 CAN-2005-2707 CAN-2005-2968
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
85c2728183b838e6c09ce4728a20f233 SRPMS/firefox-1.0.7-1.1.fc3.src.rpm
30343391ad2e1a36945bbed41becd72e x86_64/firefox-1.0.7-1.1.fc3.x86_64.rpm
ceabd83c7b403b674795b981c8e57506 x86_64/debug/firefox-debuginfo-1.0.7-1.1.fc3.x86_64.rpm
9836f31b20397c5d717b0a915456c362 i386/firefox-1.0.7-1.1.fc3.i386.rpm
3d9c472fc684a6285dd48781fab34281 i386/debug/firefox-debuginfo-1.0.7-1.1.fc3.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-930
2005-09-26
---------------------------------------------------------------------
Product : Fedora Core 4
Name : yelp
Version : 2.10.0
Release : 1.4.2
Summary : A system documentation reader from the Gnome project.
Description :
Yelp is the Gnome 2 help/documentation browser. It is designed
to help you browse all the documentation on your system in
one central tool.
---------------------------------------------------------------------
Update Information:
There were several security flaws found in the mozilla
package, which yelp depends on. Users of yelp are advised
to upgrade to this updated package which has been rebuilt
against a version of mozilla not vulnerable to these flaws.
---------------------------------------------------------------------
* Fri Sep 23 2005 Christopher Aillon <caillon(a)redhat.com> 2.10-1.4.2
- Rebuild
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
09582592aa56ac3570e5b941c43dfc3e SRPMS/yelp-2.10.0-1.4.2.src.rpm
9d778d62f3ba49dbf81cb4ddd0e95a12 ppc/yelp-2.10.0-1.4.2.ppc.rpm
065a07fe7307b98f0799cf571a884892 ppc/debug/yelp-debuginfo-2.10.0-1.4.2.ppc.rpm
51e3a4b828fb0d89039bb8d54f26eac5 x86_64/yelp-2.10.0-1.4.2.x86_64.rpm
71fb06c953fc9d084de373089b87c170 x86_64/debug/yelp-debuginfo-2.10.0-1.4.2.x86_64.rpm
2e6008f323bf9487fcac37889ceb66b2 i386/yelp-2.10.0-1.4.2.i386.rpm
718dc7cdeb2307631dfd90c7cd8b7dd2 i386/debug/yelp-debuginfo-2.10.0-1.4.2.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-929
2005-09-26
---------------------------------------------------------------------
Product : Fedora Core 4
Name : epiphany
Version : 1.6.5
Release : 2
Summary : GNOME web browser based on the Mozilla rendering engine
Description :
epiphany is a simple GNOME web browser based on the Mozilla rendering
engine
---------------------------------------------------------------------
Update Information:
There were several security flaws found in the mozilla
package, which epiphany depends on. Users of epiphany are
advised to upgrade to this updated package which has been
rebuilt against a version of mozilla not vulnerable to these
flaws.
---------------------------------------------------------------------
* Fri Sep 23 2005 Christopher Aillon <caillon(a)redhat.com> - 1.6.5-2
- Rebuild
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
987dd6e5e3ae9f87bc757c99c1519ba5 SRPMS/epiphany-1.6.5-2.src.rpm
5eebf43731e094d0ce5c0f59528155a2 ppc/epiphany-1.6.5-2.ppc.rpm
e8b6acdfd0ca79f29797be0acef2ac81 ppc/epiphany-devel-1.6.5-2.ppc.rpm
12249bfad81eab1e62906c6c0e086ce2 ppc/debug/epiphany-debuginfo-1.6.5-2.ppc.rpm
e43f45174c326a40d14c48fd656a2a8c x86_64/epiphany-1.6.5-2.x86_64.rpm
542897334dc7c600cf9984fae4878b67 x86_64/epiphany-devel-1.6.5-2.x86_64.rpm
6635d6362496ffdaab16e68706da0386 x86_64/debug/epiphany-debuginfo-1.6.5-2.x86_64.rpm
8999e83768c5f347c5723d6fecd2ca0f i386/epiphany-1.6.5-2.i386.rpm
d11777a161b440e626d8862b46c4efa7 i386/epiphany-devel-1.6.5-2.i386.rpm
85eade7b9cc4710c0472441afdf3255c i386/debug/epiphany-debuginfo-1.6.5-2.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-928
2005-09-26
---------------------------------------------------------------------
Product : Fedora Core 4
Name : devhelp
Version : 0.10
Release : 1.4.2
Summary : API document browser
Description :
A API document browser for GNOME 2.
---------------------------------------------------------------------
Update Information:
There were several security flaws found in the mozilla
package, which devhelp depends on. Users of devhelp are
advised to upgrade to this updated package which has been
rebuilt against a version of mozilla not vulnerable to these
flaws.
---------------------------------------------------------------------
* Fri Sep 23 2005 Christopher Aillon <caillon(a)redhat.com> 0.10-1.4.2
- Rebuild
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
fb4a86c6842691da1b9ebb25cf906f0a SRPMS/devhelp-0.10-1.4.2.src.rpm
cc9b66e03b088c1503da8b0c00779740 ppc/devhelp-0.10-1.4.2.ppc.rpm
026c779e5a15a71d7f75821d58537702 ppc/devhelp-devel-0.10-1.4.2.ppc.rpm
bd0deababf6fa8edc746b89987889298 ppc/debug/devhelp-debuginfo-0.10-1.4.2.ppc.rpm
426d4f3950a436fcdfa014906c42f157 x86_64/devhelp-0.10-1.4.2.x86_64.rpm
a3ecf635f8b85bcbe6fb182dc04cb1fd x86_64/devhelp-devel-0.10-1.4.2.x86_64.rpm
7c84b29a48ad8a538bf33b1be95a9041 x86_64/debug/devhelp-debuginfo-0.10-1.4.2.x86_64.rpm
642e7d0594fae35b32ef7ef752ea9c43 i386/devhelp-0.10-1.4.2.i386.rpm
388c777fb7577fbde24c48dba1017347 i386/devhelp-devel-0.10-1.4.2.i386.rpm
2ee406235aa1d67b5736a9a4cf8fb1cd i386/debug/devhelp-debuginfo-0.10-1.4.2.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-927
2005-09-26
---------------------------------------------------------------------
Product : Fedora Core 4
Name : mozilla
Version : 1.7.12
Release : 1.5.1
Summary : Web browser and mail reader
Description :
Mozilla is an open-source web browser, designed for standards
compliance, performance and portability.
---------------------------------------------------------------------
Update Information:
Updated mozilla packages that fix several security bugs are
now available for Fedora Core 4.
This update has been rated as having critical security
impact by the Fedora Security Response Team.
Mozilla is an open source Web browser, advanced email and
newsgroup client, IRC chat client, and HTML editor.
A bug was found in the way Mozilla processes XBM image
files. If a user views a specially crafted XBM file, it
becomes possible to execute arbitrary code as the user
running Mozilla. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2005-2701
to this issue.
A bug was found in the way Mozilla processes certain Unicode
sequences. It may be possible to execute arbitrary code as
the user running Mozilla, if the user views a specially
crafted Unicode sequence. (CAN-2005-2702)
A bug was found in the way Mozilla makes XMLHttp requests.
It is possible that a malicious web page could leverage this
flaw to exploit other proxy or server flaws from the
victim's machine. It is also possible that this flaw could
be leveraged to send XMLHttp requests to hosts other than
the originator; the default behavior of the browser is to
disallow this. (CAN-2005-2703)
A bug was found in the way Mozilla implemented its XBL
interface. It may be possible for a malicious web page to
create an XBL binding in a way that would allow arbitrary
JavaScript execution with chrome permissions. Please note
that in Mozilla 1.7.10 this issue is not directly
exploitable and would need to leverage other unknown
exploits. (CAN-2005-2704)
An integer overflow bug was found in Mozilla's JavaScript
engine. Under favorable conditions, it may be possible for a
malicious web page to execute arbitrary code as the user
running Mozilla. (CAN-2005-2705)
A bug was found in the way Mozilla displays about: pages. It
is possible for a malicious web page to open an about: page,
such as about:mozilla, in such a way that it becomes
possible to execute JavaScript with chrome privileges.
(CAN-2005-2706)
A bug was found in the way Mozilla opens new windows. It is
possible for a malicious web site to construct a new window
without any user interface components, such as the address
bar and the status bar. This window could then be used to
mislead the user for malicious purposes. (CAN-2005-2707)
Users of Mozilla are advised to upgrade to this updated
package that contains Mozilla version 1.7.12 and is not
vulnerable to these issues.
---------------------------------------------------------------------
* Thu Sep 22 2005 Christopher Aillon <caillon(a)redhat.com> 37:1.7.12-1.5.1
- Update to 1.7.12, containing fixes for:
CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704
CAN-2005-2705 CAN-2005-2706 CAN-2005-2707 CAN-2005-2968
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
15996667d8d7ff6f716f9a3b3fd73a46 SRPMS/mozilla-1.7.12-1.5.1.src.rpm
6e5d4465c6818212dc200884a6772efc ppc/mozilla-1.7.12-1.5.1.ppc.rpm
554fab19cd517dac6af547fc9f8a0cab ppc/mozilla-nspr-1.7.12-1.5.1.ppc.rpm
d96547c7855f990aea45008176c94151 ppc/mozilla-nspr-devel-1.7.12-1.5.1.ppc.rpm
eb943304ee62ad1c21323d48cffac07f ppc/mozilla-nss-1.7.12-1.5.1.ppc.rpm
388bf012368737e2e9abd8fdae61cd10 ppc/mozilla-nss-devel-1.7.12-1.5.1.ppc.rpm
73a56b8de2ed1ce21ce934d7b4fc0030 ppc/mozilla-devel-1.7.12-1.5.1.ppc.rpm
f0e2bb8447868c5310506cdf4e59f610 ppc/mozilla-mail-1.7.12-1.5.1.ppc.rpm
b6d8b972a810d6be63c9e49acb311a63 ppc/mozilla-chat-1.7.12-1.5.1.ppc.rpm
19bb5d74ed7f347b0bff67b9e2687426 ppc/mozilla-js-debugger-1.7.12-1.5.1.ppc.rpm
87dc66737ae9ff2d01f0900c02a34c92 ppc/mozilla-dom-inspector-1.7.12-1.5.1.ppc.rpm
af43d44627d556682f070afe5b0fcc88 ppc/debug/mozilla-debuginfo-1.7.12-1.5.1.ppc.rpm
7834b3634d54f4ab835c77e247a56b6f x86_64/mozilla-1.7.12-1.5.1.x86_64.rpm
06bf1c0ffd94de4dd3abe534f6c62448 x86_64/mozilla-nspr-1.7.12-1.5.1.x86_64.rpm
aaea1e31b0d1818d9165928c716f81d7 x86_64/mozilla-nspr-devel-1.7.12-1.5.1.x86_64.rpm
2986c7d17771826b0ce3802b2322cbef x86_64/mozilla-nss-1.7.12-1.5.1.x86_64.rpm
fd477dad54c6b764730db8255854d8c4 x86_64/mozilla-nss-devel-1.7.12-1.5.1.x86_64.rpm
fba077cce640223cab879d41e5916c99 x86_64/mozilla-devel-1.7.12-1.5.1.x86_64.rpm
5f8e89073c0fb61e9cfe1f36789a3933 x86_64/mozilla-mail-1.7.12-1.5.1.x86_64.rpm
99932f0cd7bc71c5300f7b83021e8bc5 x86_64/mozilla-chat-1.7.12-1.5.1.x86_64.rpm
891fff494775baeef27bd3137684eeec x86_64/mozilla-js-debugger-1.7.12-1.5.1.x86_64.rpm
ac1e58cffbe7b5cb163c056da0a0f282 x86_64/mozilla-dom-inspector-1.7.12-1.5.1.x86_64.rpm
7e0ea761ff2e9caea8c42b082c13f604 x86_64/debug/mozilla-debuginfo-1.7.12-1.5.1.x86_64.rpm
47c89bff509e46e4b54041aac04f2137 x86_64/mozilla-nspr-1.7.12-1.5.1.i386.rpm
ae517ab122351d6ada9e9289b1c1ef3d x86_64/mozilla-nss-1.7.12-1.5.1.i386.rpm
9b9ca33577a785f0e36ed2092ed97555 i386/mozilla-1.7.12-1.5.1.i386.rpm
47c89bff509e46e4b54041aac04f2137 i386/mozilla-nspr-1.7.12-1.5.1.i386.rpm
9c409c087a06ccec4ba0b404ca2e1b1d i386/mozilla-nspr-devel-1.7.12-1.5.1.i386.rpm
ae517ab122351d6ada9e9289b1c1ef3d i386/mozilla-nss-1.7.12-1.5.1.i386.rpm
d74dd6b014102d3a6f9e0fafae217edf i386/mozilla-nss-devel-1.7.12-1.5.1.i386.rpm
4b3cacd4a3c274c008d55aae107d108a i386/mozilla-devel-1.7.12-1.5.1.i386.rpm
b24a2919fafa1f4e314e5a26ef65280f i386/mozilla-mail-1.7.12-1.5.1.i386.rpm
86ac5ce35a97c750eeb38764553a7653 i386/mozilla-chat-1.7.12-1.5.1.i386.rpm
74b1fd6aea19fd037e5ccec3c94c70c7 i386/mozilla-js-debugger-1.7.12-1.5.1.i386.rpm
30d339600011964baec08ce5d895f42d i386/mozilla-dom-inspector-1.7.12-1.5.1.i386.rpm
d7c08369f13113f9195097969107549e i386/debug/mozilla-debuginfo-1.7.12-1.5.1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------