May 2005
Fedora Legacy - Three Update Advisories: 1. Updated pam packages fix security issue [FLSA-2005:152771] - 2. Updated libtiff packages fix security issues [FLSA-2005:152815] - 3. Updated mozilla packages fix security issues [FLSA-2005:152883]
ID: 00422
Ref: 391/2005
Date: 19 May 2005:15:45:30
Version: 1
Title: Fedora Legacy - Three Update Advisories: 1. Updated pam packages fix security issue [FLSA-2005:152771] - 2. Updated libtiff packages fix security issues [FLSA-2005:152815] - 3. Updated mozilla packages fix security issues [FLSA-2005:152883]
Abstract:
Vendors affected: Fedora Legacy
Operating systems affected: Fedora Legacy
Applications affected: Fedora Legacy
Title
=====
Fedora Legacy - Three Update Advisories:
1. Updated pam packages fix security issue [FLSA-2005:152771]
2. Updated libtiff packages fix security issues [FLSA-2005:152815]
3. Updated mozilla packages fix security issues [FLSA-2005:152883]
Detail
======
Update advisory summaries:
1. These updates fix a potential security problem present in the pam_wheel
module. These updates correct a bug in the pam_lastlog module which
prevented it from properly manipulating the /var/log/lastlog entry for
users with very high user IDs.
2. There are a number of overflow bugs that affect libtiff.
3. A bug was found in the way Mozilla sets file permissions when installing
XPI packages. It is possible for an XPI package to install some files
world readable or writable, allowing a malicious local user to steal
information or execute arbitrary code
Update advisory content follows:
1.
- ---------------------------------------------------------------------
Fedora Legacy Update Advisory
Synopsis: Updated pam packages fix security issue
Advisory ID: FLSA:152771
Issue date: 2005-05-18
Product: Red Hat Linux
Keywords: Bugfix
CVE Names: CAN-2003-0388
- ---------------------------------------------------------------------
- ---------------------------------------------------------------------
1. Topic:
Updated pam packages that fix a security vulnerability are now
available.
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set an authentication policy without
having to recompile programs that handle authentication.
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
3. Problem description:
These updates fix a potential security problem present in the pam_wheel
module. These updates correct a bug in the pam_lastlog module which
prevented it from properly manipulating the /var/log/lastlog entry for
users with very high user IDs.
The pam_wheel module is used to restrict access to a particular service
based on group membership. If the pam_wheel module was used with the
"trust" option enabled, but without the "use_uid" option, any local user
would be able to spoof the username returned by getlogin(). The user
could therefore gain access to a superuser account without supplying a
password. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0388 to this issue.
When manipulating the entry in /var/log/lastlog, which corresponds to a
given user, the pam_lastlog module calculates the location of the entry
by multiplying the UID and the length of an entry in the file. On some
systems, the result of this calculation would mistakenly be truncated to
32 bits for users with sufficiently high UIDs.
All users of pam should upgrade to these updated packages, which resolve
these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which
are not installed but included in the list will not be updated. Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.
Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152771
6. RPMs required:
Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/pam-0.75-46.10.legacy.7x.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/pam-0.75-46.10.legacy.7x.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/pam-devel-0.75-46.10.legacy.7x.i386.rpm
Red Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/pam-0.75-62.10.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/pam-0.75-62.10.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/pam-devel-0.75-62.10.legacy.i386.rpm
7. Verification:
SHA1 sum Package Name
- ---------------------------------------------------------------------
bb7b9e1c63be2eb2064b46eacaf8d0ce68594d11
redhat/7.3/updates/i386/pam-0.75-46.10.legacy.7x.i386.rpm
9af62c26654ba14bde7bf6e3b59b9b4f62fd5d35
redhat/7.3/updates/i386/pam-devel-0.75-46.10.legacy.7x.i386.rpm
8f06c0d3a0cb5938206c4d2d20484f325ebcca42
redhat/7.3/updates/SRPMS/pam-0.75-46.10.legacy.7x.src.rpm
622eac1455b5ccb0cf75705cc0f42b3226f9cc31
redhat/9/updates/i386/pam-0.75-62.10.legacy.i386.rpm
18c330ff1ef063f21a3b3c8eb297d09bb004ee67
redhat/9/updates/i386/pam-devel-0.75-62.10.legacy.i386.rpm
8c10c919199f35e5ef785b57f35a8d300d3ea01e
redhat/9/updates/SRPMS/pam-0.75-62.10.legacy.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm --checksig -v
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:
sha1sum
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0388
9. Contact:
The Fedora Legacy security contact is . More
project details at http://www.fedoralegacy.org
- ---------------------------------------------------------------------
2.
- ---------------------------------------------------------------------
Fedora Legacy Update Advisory
Synopsis: Updated libtiff packages fix security issues
Advisory ID: FLSA:152815
Issue date: 2005-05-18
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CAN-2004-0803 CAN-2004-0804 CAN-2004-0886
CAN-2004-1308 CAN-2004-1183
- ---------------------------------------------------------------------
- ---------------------------------------------------------------------
1. Topic:
Updated libtiff packages that fix various buffer and integer overflows
are now available.
The libtiff package contains a library of functions for manipulating
TIFF (Tagged Image File Format) image format files.
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
3. Problem description:
During a source code audit, Chris Evans discovered a number of integer
overflow bugs that affect libtiff. An attacker who has the ability to
trick a user into opening a malicious TIFF file could cause the
application linked to libtiff to crash or possibly execute arbitrary
code. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CAN-2004-0886 and CAN-2004-0804 to these issues.
Additionally, a number of buffer overflow bugs that affect libtiff have
been found. An attacker who has the ability to trick a user into opening
a malicious TIFF file could cause the application linked to libtiff to
crash or possibly execute arbitrary code. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0803 to
this issue.
iDEFENSE has reported an integer overflow bug that affects libtiff. An
attacker who has the ability to trick a user into opening a malicious
TIFF file could cause the application linked to libtiff to crash or
possibly execute arbitrary code. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-1308 to
this issue.
Dmitry V. Levin reported another integer overflow in the tiffdump
utility. An atacker who has the ability to trick a user into opening a
malicious TIFF file with tiffdump could possibly execute arbitrary code.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-1183 to this issue.
All users are advised to upgrade to these updated packages, which
contain backported fixes for these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which
are not installed but included in the list will not be updated. Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.
Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152815
6. RPMs required:
Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/libtiff-3.5.7-2.2.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/libtiff-3.5.7-2.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/libtiff-devel-3.5.7-2.2.legacy.i386.rpm
Red Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/libtiff-3.5.7-11.2.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/libtiff-3.5.7-11.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/libtiff-devel-3.5.7-11.2.legacy.i386.rpm
Fedora Core 1:
SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/libtiff-3.5.7-14.2.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/libtiff-3.5.7-14.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/libtiff-devel-3.5.7-14.2.legacy.i386.rpm
7. Verification:
SHA1 sum Package Name
- ---------------------------------------------------------------------
524fd6c80901dbd665cfbf0b4ba1eea276a95cca
redhat/7.3/updates/i386/libtiff-3.5.7-2.2.legacy.i386.rpm
3ced2ba5eac07c60515a41d73dbfb0df36cfc962
redhat/7.3/updates/i386/libtiff-devel-3.5.7-2.2.legacy.i386.rpm
864581d2f1d76fcc5d0540173338a84a7a3ffe80
redhat/7.3/updates/SRPMS/libtiff-3.5.7-2.2.legacy.src.rpm
a17298a3be3e3d6f7fce2108ac226ff8ef26ee39
redhat/9/updates/i386/libtiff-3.5.7-11.2.legacy.i386.rpm
b35700b8e8ee819565998a033f484ebd7e837646
redhat/9/updates/i386/libtiff-devel-3.5.7-11.2.legacy.i386.rpm
2024a97a377a37851d3a4be92403eaad0a7b1be2
redhat/9/updates/SRPMS/libtiff-3.5.7-11.2.legacy.src.rpm
8dd2d8035eaf4b0e41cc7ac68536b752387a1cc8
fedora/1/updates/i386/libtiff-3.5.7-14.2.legacy.i386.rpm
4475fb4f26ab358d1c9bf8b6e8da060eace1a8dd
fedora/1/updates/i386/libtiff-devel-3.5.7-14.2.legacy.i386.rpm
f854a97125ca806b9a1c04c985f9939c6b6f7611
fedora/1/updates/SRPMS/libtiff-3.5.7-14.2.legacy.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm --checksig -v
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:
sha1sum
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1183
9. Contact:
The Fedora Legacy security contact is . More
project details at http://www.fedoralegacy.org
- ---------------------------------------------------------------------
3.
- ---------------------------------------------------------------------
Fedora Legacy Update Advisory
Synopsis: Updated mozilla packages fix security issues
Advisory ID: FLSA:152883
Issue date: 2005-05-18
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CAN-2004-0906 CAN-2004-1156 CAN-2004-1316
CAN-2004-1380 CAN-2004-1613 CAN-2005-0141
CAN-2005-0142 CAN-2005-0578 CAN-2005-0143
CAN-2005-0593 CAN-2005-0144 CAN-2005-0146
CAN-2005-0147 CAN-2005-0149 CAN-2005-0231
CAN-2005-0232 CAN-2005-0527 CAN-2005-0233
CAN-2005-0399 CAN-2005-0401 CAN-2005-0584
CAN-2005-0585 CAN-2005-0586 CAN-2005-0590
CAN-2005-0591 CAN-2005-0588 CAN-2005-0989
CAN-2005-1153 CAN-2005-1154 CAN-2005-1155
CAN-2005-1159 CAN-2005-1160 CAN-2005-1156
CAN-2005-1157
- ---------------------------------------------------------------------
- ---------------------------------------------------------------------
1. Topic:
Updated mozilla packages that fix various bugs are now available.
Mozilla is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor.
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386
3. Problem description:
A bug was found in the way Mozilla sets file permissions when installing
XPI packages. It is possible for an XPI package to install some files
world readable or writable, allowing a malicious local user to steal
information or execute arbitrary code. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0906 to
this issue.
A bug was found in the way Mozilla handles pop-up windows. It is
possible for a malicious website to control the content in an unrelated
site's pop-up window. (CAN-2004-1156)
iSEC Security Research has discovered a buffer overflow bug in the way
Mozilla handles NNTP URLs. If a user visits a malicious web page or is
convinced to click on a malicious link, it may be possible for an
attacker to execute arbitrary code on the victim's machine.
(CAN-2004-1316)
A bug was found in the way Mozilla displays dialog windows. It is
possible that a malicious web page which is being displayed in a
background tab could present the user with a dialog window appearing to
come from the active page. (CAN-2004-1380)
A bug was found in the way Mozilla handles certain start tags followed
by a NULL character. A malicious web page could cause Mozilla to crash
when viewed by a victim. (CAN-2004-1613)
A bug was found in the way Mozilla loads links in a new tab which are
middle clicked. A malicious web page could read local files or modify
privileged chrom settings. (CAN-2005-0141)
Several bugs were found with the way Mozilla handles temporary files. A
local user could view sensitive temporary information or delete
arbitrary files. (CAN-2005-0142 CAN-2005-0578)
Several bugs were found with the way Mozilla displays the secure site
icon. It is possible that a malicious website could display the secure
site icon along with incorrect certificate information. (CAN-2005-0143
CAN-2005-0593)
A bug was found in the way Mozilla displays the secure site icon. A
malicious web page can use a view-source URL targetted at a secure page,
while loading an insecure page, yet the secure site icon shows the
previous secure state. (CAN-2005-0144)
A bug was found in the way Mozilla handles synthetic middle click
events. It is possible for a malicious web page to steal the contents of
a victims clipboard. (CAN-2005-0146)
A bug was found in the way Mozilla responds to proxy auth requests. It
is possible for a malicious webserver to steal credentials from a
victims browser by issuing a 407 proxy authentication request.
(CAN-2005-0147)
A bug was found in the way Mozilla Mail handles cookies when loading
content over HTTP regardless of the user's preference. It is possible
that a particular user could be tracked through the use of malicious
mail messages which load content over HTTP. (CAN-2005-0149)
A bug was found in the Mozilla javascript security manager. If a user
drags a malicious link to a tab, the javascript security manager is
bypassed, which could result in remote code execution or information
disclosure. (CAN-2005-0231)
A bug was found in the way Mozilla allows plug-ins to load privileged
content into a frame. It is possible that a malicious webpage could
trick a user into clicking in certain places to modify configuration
settings or execute arbitrary code. (CAN-2005-0232 and CAN-2005-0527)
A flaw was found in the way Mozilla displays international domain names.
It is possible for an attacker to display a valid URL, tricking the user
into thinking they are viewing a legitimate webpage when they are not.
(CAN-2005-0233)
A buffer overflow bug was found in the way Mozilla processes GIF images.
It is possible for an attacker to create a specially crafted GIF image,
which when viewed by a victim will execute arbitrary code as the victim.
(CAN-2005-0399)
A bug was found in the way Mozilla processes XUL content. If a malicious
web page can trick a user into dragging an object, it is possible to
load malicious XUL content. (CAN-2005-0401)
Several bugs were found in the way Mozilla displays alert dialogs. It is
possible for a malicious webserver or website to trick a user into
thinking the dialog window is being generated from a trusted site.
(CAN-2005-0584 CAN-2005-0585 CAN-2005-0586 CAN-2005-0590 CAN-2005-0591)
A bug was found in the way Mozilla handles xsl:include and xsl:import
directives. It is possible for a malicious website to import XSLT
stylesheets from a domain behind a firewall, leaking information to an
attacker. (CAN-2005-0588)
A bug was found in the way Mozilla handles anonymous functions during
regular expression string replacement. It is possible for a malicious
web page to capture a random block of browser memory. (CAN-2005-0989)
A bug was found in the way Mozilla displays pop-up windows. If a user
choses to open a pop-up window whose URL is malicious javascript, the
script will be executed with elevated privileges. (CAN-2005-1153)
Several bugs were found in the Mozilla javascript engine. A malicious
web page could leverage these issues to execute javascript with elevated
privileges or steal sensitive information. (CAN-2005-1154 CAN-2005-1155
CAN-2005-1159 CAN-2005-1160)
A bug was found in the way Mozilla installed search plugins. If a user
chooses to install a search plugin from a malicious site, the new plugin
could silently overwrite an existing plugin. This could allow the
malicious plugin to execute arbitrary code and stealm sensitive
information. (CAN-2005-1156 CAN-2005-1157)
Users of Mozilla are advised to upgrade to this updated package which
contains Mozilla version 1.7.7 to correct these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which
are not installed but included in the list will not be updated. Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.
Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152883
6. RPMs required:
Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/mozilla-1.7.7-0.73.2.legacy.src.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/galeon-1.2.14-0.73.2.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-1.7.7-0.73.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-chat-1.7.7-0.73.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-devel-1.7.7-0.73.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-dom-inspector-1.7.7-0.73.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-js-debugger-1.7.7-0.73.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-mail-1.7.7-0.73.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr-1.7.7-0.73.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr-devel-1.7.7-0.73.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-1.7.7-0.73.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-devel-1.7.7-0.73.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/galeon-1.2.14-0.73.2.legacy.i386.rpm
Red Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/mozilla-1.7.7-0.90.1.legacy.src.rpm
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/galeon-1.2.14-0.90.2.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-1.7.7-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-chat-1.7.7-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-devel-1.7.7-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-dom-inspector-1.7.7-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-js-debugger-1.7.7-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-mail-1.7.7-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-1.7.7-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-devel-1.7.7-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-1.7.7-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-devel-1.7.7-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/galeon-1.2.14-0.90.2.legacy.i386.rpm
Fedora Core 1:
SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/mozilla-1.7.7-1.1.2.legacy.src.rpm
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/epiphany-1.0.8-1.fc1.2.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-1.7.7-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-chat-1.7.7-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-devel-1.7.7-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-dom-inspector-1.7.7-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-js-debugger-1.7.7-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-mail-1.7.7-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-1.7.7-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-devel-1.7.7-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-1.7.7-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-devel-1.7.7-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/epiphany-1.0.8-1.fc1.2.legacy.i386.rpm
Fedora Core 2:
SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/mozilla-1.7.7-1.2.2.legacy.src.rpm
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/epiphany-1.2.10-0.2.3.legacy.src.rpm
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/devhelp-0.9.1-0.2.6.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-1.7.7-1.2.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-chat-1.7.7-1.2.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-devel-1.7.7-1.2.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-dom-inspector-1.7.7-1.2.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-js-debugger-1.7.7-1.2.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-mail-1.7.7-1.2.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nspr-1.7.7-1.2.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nspr-devel-1.7.7-1.2.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nss-1.7.7-1.2.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nss-devel-1.7.7-1.2.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/epiphany-1.2.10-0.2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/devhelp-0.9.1-0.2.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/devhelp-devel-0.9.1-0.2.6.legacy.i386.rpm
7. Verification:
SHA1 sum Package Name
- ---------------------------------------------------------------------
9acd3892e1ec3b272274ed250f630e316e72334c
redhat/7.3/updates/i386/mozilla-1.7.7-0.73.2.legacy.i386.rpm
bdf6c767bd8d8a1dc74138e8da7c1672b1934764
redhat/7.3/updates/i386/mozilla-chat-1.7.7-0.73.2.legacy.i386.rpm
7168b5bfcd5a090b62464f8b7d82d20bff365ba5
redhat/7.3/updates/i386/mozilla-devel-1.7.7-0.73.2.legacy.i386.rpm
6baa66d77ecbaf4aefcd99e42dbc81dee8b5533b
redhat/7.3/updates/i386/mozilla-dom-inspector-1.7.7-0.73.2.legacy.i386.rpm
c8fd69f3e6e3a63554382ec412208f74a48ba8fe
redhat/7.3/updates/i386/mozilla-js-debugger-1.7.7-0.73.2.legacy.i386.rpm
83a181ed9ecade3c9cb3cd3f64ac7cdd5add9057
redhat/7.3/updates/i386/mozilla-mail-1.7.7-0.73.2.legacy.i386.rpm
904dd59f1b4d5e4426232549848b83a9e407e2ba
redhat/7.3/updates/i386/mozilla-nspr-1.7.7-0.73.2.legacy.i386.rpm
3513150062f0d54dfa14f3d4fc320114b72a95ad
redhat/7.3/updates/i386/mozilla-nspr-devel-1.7.7-0.73.2.legacy.i386.rpm
f56ac87aae05c1530cfc49844f59410ac3db82d9
redhat/7.3/updates/i386/mozilla-nss-1.7.7-0.73.2.legacy.i386.rpm
d4a42d185260a6778133dc51beb0098b637306c5
redhat/7.3/updates/i386/mozilla-nss-devel-1.7.7-0.73.2.legacy.i386.rpm
8f731240e4c04d12861836a20ebd51faac33db54
redhat/7.3/updates/SRPMS/mozilla-1.7.7-0.73.2.legacy.src.rpm
265ca0a31dd9a66b3de6364b1a8e0bab108ebedc
redhat/7.3/updates/i386/galeon-1.2.14-0.73.2.legacy.i386.rpm
591f6a2ab89ae9b5995cc172017bc8d5b39f0236
redhat/7.3/updates/SRPMS/galeon-1.2.14-0.73.2.legacy.src.rpm
3d70328b95b7af8ebb4a808ed2c6d58f8d8d3f32
redhat/9/updates/i386/mozilla-1.7.7-0.90.1.legacy.i386.rpm
f0602f47ebb9e66a600749832bf68b63787bde35
redhat/9/updates/i386/mozilla-chat-1.7.7-0.90.1.legacy.i386.rpm
005590efef49bb5d39f665d61b335496ca18798d
redhat/9/updates/i386/mozilla-devel-1.7.7-0.90.1.legacy.i386.rpm
5a54884ce7108215746ac96668018bdbe2e70494
redhat/9/updates/i386/mozilla-dom-inspector-1.7.7-0.90.1.legacy.i386.rpm
5fd7e6f7145787da6926807ad22a8cddaa14b927
redhat/9/updates/i386/mozilla-js-debugger-1.7.7-0.90.1.legacy.i386.rpm
0ea4683b6d02b6605e7c515ee6c4717ee443eee3
redhat/9/updates/i386/mozilla-mail-1.7.7-0.90.1.legacy.i386.rpm
cd8c01029571274c79dc3b0b083a68f61f8276b4
redhat/9/updates/i386/mozilla-nspr-1.7.7-0.90.1.legacy.i386.rpm
c043f95965b668bc18adb9a58b8e0f332f295285
redhat/9/updates/i386/mozilla-nspr-devel-1.7.7-0.90.1.legacy.i386.rpm
1b9952e1ae88be813398d47c56ccdb1c6297defb
redhat/9/updates/i386/mozilla-nss-1.7.7-0.90.1.legacy.i386.rpm
0048ddbfbccca48c2e3a20d436a8eeaeaa5e7d27
redhat/9/updates/i386/mozilla-nss-devel-1.7.7-0.90.1.legacy.i386.rpm
3ef84161c6d31a0a022e30dccfa38c3e48bfc826
redhat/9/updates/SRPMS/mozilla-1.7.7-0.90.1.legacy.src.rpm
f34febaaa2e03ffc62097a8abf977cfa98bce03a
redhat/9/updates/i386/galeon-1.2.14-0.90.2.legacy.i386.rpm
72ddc204978e74630ef9cab1e17a80a6a2e06658
redhat/9/updates/SRPMS/galeon-1.2.14-0.90.2.legacy.src.rpm
57100cb971334d7af508b63786aa08605515ca1c
fedora/1/updates/i386/mozilla-1.7.7-1.1.2.legacy.i386.rpm
d46f3963c22c7dd5460e5dcb54fe48001b9f2bf0
fedora/1/updates/i386/mozilla-chat-1.7.7-1.1.2.legacy.i386.rpm
c1fb6304d59a2b40afb0f897068d4790f7188d58
fedora/1/updates/i386/mozilla-devel-1.7.7-1.1.2.legacy.i386.rpm
2e6e6c51cc5f2ec33ed9da3f3cba5b8894cc41c6
fedora/1/updates/i386/mozilla-dom-inspector-1.7.7-1.1.2.legacy.i386.rpm
c341b4c436e57743b14fb535117fd22b0cbec5d9
fedora/1/updates/i386/mozilla-js-debugger-1.7.7-1.1.2.legacy.i386.rpm
7132f5a85829789980a6d3e99dcb8b693c2ca2f5
fedora/1/updates/i386/mozilla-mail-1.7.7-1.1.2.legacy.i386.rpm
97fc2ebf5fac4a9db7515d6ce040f69800d4b76f
fedora/1/updates/i386/mozilla-nspr-1.7.7-1.1.2.legacy.i386.rpm
4fc55c563a2dab1acea189205a74a55a3193fd90
fedora/1/updates/i386/mozilla-nspr-devel-1.7.7-1.1.2.legacy.i386.rpm
013b70581b5719c09d31a3cd642c9508326ee785
fedora/1/updates/i386/mozilla-nss-1.7.7-1.1.2.legacy.i386.rpm
0b166a9b048615bed8963512f3c14d0fe2b55df3
fedora/1/updates/i386/mozilla-nss-devel-1.7.7-1.1.2.legacy.i386.rpm
78028c39bd74519585f30c5e9fb1811c17174ae6
fedora/1/updates/SRPMS/mozilla-1.7.7-1.1.2.legacy.src.rpm
288dc1525d58a9bfb547dae233217f8560f793da
fedora/1/updates/i386/epiphany-1.0.8-1.fc1.2.legacy.i386.rpm
6d7fc5695a4dc5dfda8061d6f15f5f49d9e0ca25
fedora/1/updates/SRPMS/epiphany-1.0.8-1.fc1.2.legacy.src.rpm
e30cf25bc4833e0b19464b80edc6a40a022d84ec
fedora/2/updates/i386/mozilla-1.7.7-1.2.2.legacy.i386.rpm
f6272d64f623060b3e3c312a51d9c4cf79517dbf
fedora/2/updates/i386/mozilla-chat-1.7.7-1.2.2.legacy.i386.rpm
3de604792b03c9be05094f93dfab05dc4025bf28
fedora/2/updates/i386/mozilla-devel-1.7.7-1.2.2.legacy.i386.rpm
be68ea6a7694e26583788619fd2983d79e7de2a0
fedora/2/updates/i386/mozilla-dom-inspector-1.7.7-1.2.2.legacy.i386.rpm
5fb0ec03a8477716720fa5717096f51b947b3fc7
fedora/2/updates/i386/mozilla-js-debugger-1.7.7-1.2.2.legacy.i386.rpm
eaad0dd9b651f50a95645a483874e388c8e8d6ff
fedora/2/updates/i386/mozilla-mail-1.7.7-1.2.2.legacy.i386.rpm
eab0bd24445c45116bb438c3ab039549aeaf9fff
fedora/2/updates/i386/mozilla-nspr-1.7.7-1.2.2.legacy.i386.rpm
230443db97ade4cd419149aac9be2647b9d8e1a9
fedora/2/updates/i386/mozilla-nspr-devel-1.7.7-1.2.2.legacy.i386.rpm
93d1521088d28943d1bb8a3f95b9fe33afbb6cce
fedora/2/updates/i386/mozilla-nss-1.7.7-1.2.2.legacy.i386.rpm
69f0872295fcc76410236cbdcfa68ad714fd1019
fedora/2/updates/i386/mozilla-nss-devel-1.7.7-1.2.2.legacy.i386.rpm
9ee87c561862efad6914604117ca1b77347ddce2
fedora/2/updates/SRPMS/mozilla-1.7.7-1.2.2.legacy.src.rpm
2a2d210670d354d8640266735d2ce15ca3a6c637
fedora/2/updates/i386/epiphany-1.2.10-0.2.3.legacy.i386.rpm
0b8dcb95ee3ac871fac5adda63cbe1ec62340540
fedora/2/updates/SRPMS/epiphany-1.2.10-0.2.3.legacy.src.rpm
50bab23717bd9e8f80c1f037d89fea75c240404a
fedora/2/updates/i386/devhelp-0.9.1-0.2.6.legacy.i386.rpm
19dd014eda39deb1bafdfa34c47a4e81bf9cf880
fedora/2/updates/i386/devhelp-devel-0.9.1-0.2.6.legacy.i386.rpm
1fa21cf570fa5a210594820c17eacfe764df8a52
fedora/2/updates/SRPMS/devhelp-0.9.1-0.2.6.legacy.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm --checksig -v
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:
sha1sum
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1316
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0399
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1157
9. Contact:
The Fedora Legacy security contact is . More
project details at http://www.fedoralegacy.org
- ---------------------------------------------------------------------