Debian: New Mozilla Firefox packages fix denial of service

    Date01 Oct 2005
    CategoryDebian
    6375
    Posted ByJoe Shakespeare
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 837-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    October 2nd, 2005                       http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : mozilla-firefox
    Vulnerability  : buffer overflow
    Problem type   : remote
    Debian-specific: no
    CVE ID         : CAN-2005-2871
    Debian Bug     : 327452
    
    Tom Ferris discovered a bug in the IDN hostname handling of Mozilla
    Firefox, which is also present in the other browsers from the same
    family that allows remote attackers to cause a denial of service and
    possibly execute arbitrary code via a hostname with dashes.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 1.0.4-2sarge4.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 1.0.6-5.
    
    We recommend that you upgrade your mozilla-firefox package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4.dsc
          Size/MD5 checksum:     1001 8da49448d0292379ed213ed55b50f636
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4.diff.gz
          Size/MD5 checksum:   323756 9badf2bda14c11b86ab011d90ec281f6
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
          Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_alpha.deb
          Size/MD5 checksum: 11163256 741a6fe56dbd1c917f70ea4a83f5d4f5
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_alpha.deb
          Size/MD5 checksum:   166972 e694067de0f9e51eba3b71fed7192fad
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_alpha.deb
          Size/MD5 checksum:    58796 066536b71dd6ed961be9a17aa79f9ca1
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_amd64.deb
          Size/MD5 checksum:  9398022 6bc930760808bc9d9b61fb1f01bd860d
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_amd64.deb
          Size/MD5 checksum:   161704 b602c78f8f7ff6071d85639ead31b0d1
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_amd64.deb
          Size/MD5 checksum:    57272 d9f98cb3de4145f0866772bc599f5573
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_arm.deb
          Size/MD5 checksum:  8216838 391be886f3e02b83cbdf198fc9e64f43
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_arm.deb
          Size/MD5 checksum:   153148 e320c57a33a8d2f90db51e8ccd1fdcbf
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_arm.deb
          Size/MD5 checksum:    52626 f011883c695c1f62417810a7046bfb18
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_i386.deb
          Size/MD5 checksum:  8889628 c2dae022a03416af59f47a124ac04771
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_i386.deb
          Size/MD5 checksum:   156932 f3c968bdc962762016ab5ce7de6c3d49
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_i386.deb
          Size/MD5 checksum:    54188 9c2479ab8ebd935c40f52dc516d1ef9b
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_ia64.deb
          Size/MD5 checksum: 11617372 9e64ba01ab67c89e3496f658495e2d6b
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_ia64.deb
          Size/MD5 checksum:   167278 6c518d35da2f88bc1387391bc413af6e
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_ia64.deb
          Size/MD5 checksum:    61972 b413956fa64c1339729ca8c5fb069d0c
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_hppa.deb
          Size/MD5 checksum: 10266508 9985b2364613b496578d5aa58335f193
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_hppa.deb
          Size/MD5 checksum:   164684 8d34b3fb5b1d4085eb1905cf8f4b4169
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_hppa.deb
          Size/MD5 checksum:    57774 3c1f6134aa0bedd285693c272156dadf
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_m68k.deb
          Size/MD5 checksum:  8167076 9fbcdcc9c20c9c53bfe0c2e8867505ee
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_m68k.deb
          Size/MD5 checksum:   155844 5e17dab94ba264505d9e976b6cada360
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_m68k.deb
          Size/MD5 checksum:    53438 d65525a81b47a3ffb818044ff0f6c082
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_mips.deb
          Size/MD5 checksum:  9919764 dad3b9c7736be1a76182805decbe4226
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_mips.deb
          Size/MD5 checksum:   154698 ddcb26a6501acc4bfb01f84679c71df1
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_mips.deb
          Size/MD5 checksum:    54444 b05103132d75b1398fd4ac93210f8fa0
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_mipsel.deb
          Size/MD5 checksum:  9803612 9277b9d3635327414a54a0fa5bc43fab
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_mipsel.deb
          Size/MD5 checksum:   154254 9aae814cc1d5dc31ac24a4c573a3d54d
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_mipsel.deb
          Size/MD5 checksum:    54270 df2809a9996ea6eaf4d940420f22e654
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_powerpc.deb
          Size/MD5 checksum:  8561724 53cb5d60984f432cfb7ae7c1ee917a60
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_powerpc.deb
          Size/MD5 checksum:   155320 09439c02519d6082619a356c2e568649
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_powerpc.deb
          Size/MD5 checksum:    56564 71de49e9fe39bc3e0873d9ea09627edb
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_s390.deb
          Size/MD5 checksum:  9635928 4288345b4f7a1f65483220fe9e26615e
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_s390.deb
          Size/MD5 checksum:   162324 f7a9b952749be394d1743c0cc0442d78
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_s390.deb
          Size/MD5 checksum:    56758 eea32af660a5d5a5b63214c476fa8a29
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_sparc.deb
          Size/MD5 checksum:  8651566 2255aa4861022395d74e7ba0e7eeef0f
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_sparc.deb
          Size/MD5 checksum:   155558 b9110a9180419dc9437e5ab610176139
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_sparc.deb
          Size/MD5 checksum:    52998 658a72bc8e0a9d496ef9553da5676acb
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"13","type":"x","order":"1","pct":54.17,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":16.67,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"7","type":"x","order":"3","pct":29.17,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.